diff --git a/DynamoDbEncryption/.gitignore b/DynamoDbEncryption/.gitignore index 49e6039c1..b8d4ccd01 100644 --- a/DynamoDbEncryption/.gitignore +++ b/DynamoDbEncryption/.gitignore @@ -3,3 +3,5 @@ ImplementationFromDafny.cs TestsFromDafny.cs **/bin **/obj +node_modules +project.properties diff --git a/DynamoDbEncryption/Makefile b/DynamoDbEncryption/Makefile index f493e8b47..d43577000 100644 --- a/DynamoDbEncryption/Makefile +++ b/DynamoDbEncryption/Makefile @@ -77,3 +77,8 @@ SERVICE_DEPS_DynamoDbEncryptionTransforms := \ format_net: pushd runtimes/net && dotnet format DynamoDbEncryption.csproj && popd + +polymorph: + export DAFNY_VERSION=4.2 + npm i --no-save prettier@3 prettier-plugin-java@2.5 + make polymorph_code_gen PROJECT_DEPENDENCIES= diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/Model/DynamoDbEncryption.smithy b/DynamoDbEncryption/dafny/DynamoDbEncryption/Model/DynamoDbEncryption.smithy index b4c0066f9..b4fa422a0 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/Model/DynamoDbEncryption.smithy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/Model/DynamoDbEncryption.smithy @@ -347,8 +347,8 @@ list ConstructorPartList { //= specification/searchable-encryption/virtual.md#virtual-field-initialization //= type=implication //# On initialization of a Virtual Field, the caller MUST provide: -//# * A name -- a string -//# * A list of [Virtual Parts](#virtual-part-initialization) +//# - A name -- a string +//# - A list of [Virtual Parts](#virtual-part-initialization) @javadoc("The configuration for a Virtual Field. A Virtual Field is a field constructed from parts of other fields for use with beacons, but never itself stored on items.") structure VirtualField { @@ -442,8 +442,8 @@ structure GetSuffix { //= specification/searchable-encryption/virtual.md#getsubstring-transform-initialization //= type=implication //# On initialization of a GetSubstring Transform, the caller MUST provide: -//# * low : an integer [position](#position-definition) -//# * high : an integer [position](#position-definition) +//# - low : an integer [position](#position-definition) +//# - high : an integer [position](#position-definition) // return range of characters, 0-based counting // low is inclusive, high is exclusive @@ -464,8 +464,8 @@ structure GetSubstring { //= specification/searchable-encryption/virtual.md#getsegment-transform-initialization //= type=implication //# On initialization of a GetSegment Transform, the caller MUST provide: -//# * split : an character -//# * index : an integer [position](#position-definition) +//# - split : an character +//# - index : an integer [position](#position-definition) // split string on character, then return one piece. // 'index' has the same semantics as 'low' in GetSubstring @@ -482,9 +482,9 @@ structure GetSegment { //= specification/searchable-encryption/virtual.md#getsegments-transform-initialization //= type=implication //# On initialization of a GetSegments Transform, the caller MUST provide: -//# * split : an character -//# * low : an integer [position](#position-definition) -//# * high : an integer [position](#position-definition) +//# - split : an character +//# - low : an integer [position](#position-definition) +//# - high : an integer [position](#position-definition) // split string on character, then return range of pieces. // 'low' and 'high' have the same semantics as GetSubstring @@ -504,14 +504,14 @@ structure GetSegments { //= specification/searchable-encryption/virtual.md#virtual-transform-initialization //= type=implication //# On initialization of a Virtual Transform, the caller MUST provide exactly one of -//# * an [Upper](#upper-transform-initialization) transform -//# * a [Lower](#lower-transform-initialization) transform -//# * an [Insert](#insert-transform-initialization) transform -//# * a [GetPrefix](#getprefix-transform-initialization) transform -//# * a [GetSuffix](#getsuffix-transform-initialization) transform -//# * a [GetSubstring](#getsubstring-transform-initialization) transform -//# * a [GetSegment](#getsegment-transform-initialization) transform -//# * a [GetSegments](#getsegments-transform-initialization) transform +//# - an [Upper](#upper-transform-initialization) transform +//# - a [Lower](#lower-transform-initialization) transform +//# - an [Insert](#insert-transform-initialization) transform +//# - a [GetPrefix](#getprefix-transform-initialization) transform +//# - a [GetSuffix](#getsuffix-transform-initialization) transform +//# - a [GetSubstring](#getsubstring-transform-initialization) transform +//# - a [GetSegment](#getsegment-transform-initialization) transform +//# - a [GetSegments](#getsegments-transform-initialization) transform union VirtualTransform { upper: Upper, @@ -566,10 +566,10 @@ structure SharedSet { //= type=implication //# On initialization of a Beacon Style, the caller MUST provide exactly one of //# -//# * a [PartOnly](#partonly-initialization) -//# * a [Shared](#shared-initialization) -//# * an [AsSet](#asset-initialization) -//# * a [SharedSet](#sharedset-initialization) +//# - a [PartOnly](#partonly-initialization) +//# - a [Shared](#shared-initialization) +//# - an [AsSet](#asset-initialization) +//# - a [SharedSet](#sharedset-initialization) union BeaconStyle { partOnly: PartOnly, @@ -581,8 +581,8 @@ union BeaconStyle { //= specification/searchable-encryption/beacons.md#encrypted-part-initialization //= type=implication //# On initialization of a [encrypted part](#encrypted-part-initialization), the caller MUST provide: -//# * A name -- a string, the name of a standard beacon -//# * A prefix -- a string +//# - A name -- a string, the name of a standard beacon +//# - A prefix -- a string @javadoc("A part of a Compound Beacon that contains a beacon over encrypted data.") structure EncryptedPart { @@ -597,8 +597,8 @@ structure EncryptedPart { //= specification/searchable-encryption/beacons.md#signed-part-initialization //= type=implication //# On initialization of a [signed part](#signed-part-initialization), the caller MUST provide: -//# * A name -- a string -//# * A prefix -- a string +//# - A name -- a string +//# - A prefix -- a string //= specification/searchable-encryption/beacons.md#signed-part-initialization //= type=implication @@ -620,7 +620,7 @@ structure SignedPart { //= specification/searchable-encryption/beacons.md#constructor-initialization //= type=implication //# On initialization of a constructor, the caller MUST provide: -//# * A non-empty list of [Constructor parts](#constructor-part-initialization) +//# - A non-empty list of [Constructor parts](#constructor-part-initialization) @javadoc("The configuration for a particular Compound Beacon construction.") structure Constructor { @@ -632,8 +632,8 @@ structure Constructor { //= specification/searchable-encryption/beacons.md#constructor-part-initialization //= type=implication //# On initialization of a constructor part, the caller MUST provide: -//# * A name -- a string -//# * A required flag -- a boolean +//# - A name -- a string +//# - A required flag -- a boolean @javadoc("A part of a Compound Becaon Construction.") structure ConstructorPart { @@ -648,13 +648,13 @@ structure ConstructorPart { //= specification/searchable-encryption/beacons.md#standard-beacon-initialization //= type=implication //# On initialization of a Standard Beacon, the caller MUST provide: -//# * A name -- a string -//# * A `length` -- a [beacon length](#beacon-length) +//# - A name -- a string +//# - A `length` -- a [beacon length](#beacon-length) //= specification/searchable-encryption/beacons.md#standard-beacon-initialization //= type=implication //# On initialization of a Standard Beacon, the caller MAY provide: -//# * a [terminal location](virtual.md#terminal-location) -- a string +//# - a [terminal location](virtual.md#terminal-location) -- a string @javadoc("The configuration for a Standard Beacon.") structure StandardBeacon { @@ -673,15 +673,15 @@ structure StandardBeacon { //= specification/searchable-encryption/beacons.md#compound-beacon-initialization //= type=implication //# On initialization of a Compound Beacon, the caller MUST provide: -//# * A name -- a string -//# * A split character -- a character +//# - A name -- a string +//# - A split character -- a character //= specification/searchable-encryption/beacons.md#compound-beacon-initialization //= type=implication //# On initialization of a Compound Beacon, the caller MAY provide: -//# * A list of [encrypted parts](#encrypted-part-initialization) -//# * A list of [signed parts](#signed-part-initialization) -//# * A list of constructors +//# - A list of [encrypted parts](#encrypted-part-initialization) +//# - A list of [signed parts](#signed-part-initialization) +//# - A list of constructors @javadoc("The configuration for a Compound Beacon.") structure CompoundBeacon { @@ -740,8 +740,8 @@ structure MultiKeyStore { //= specification/searchable-encryption/search-config.md#beacon-key-source //= type=implication //# On initialization of a Beacon Key Source, the caller MUST provide exactly one of -//# * a [Single Key Store](#single-key-store-initialization) -//# * a [Multi Key Store](#multi-key-store-initialization) +//# - a [Single Key Store](#single-key-store-initialization) +//# - a [Multi Key Store](#multi-key-store-initialization) union BeaconKeySource { single : SingleKeyStore, @@ -791,8 +791,8 @@ structure BeaconVersion { //= specification/searchable-encryption/search-config.md#initialization //= type=implication //# On initialization of the Search Config, the caller MUST provide: -//# - A list of [beacon versions](#beacon-version-initialization) -//# - The [version number](#version-number) of the [beacon versions](#beacon-version) to be used for writing. +//# - A list of [beacon versions](#beacon-version-initialization) +//# - The [version number](#version-number) of the [beacon versions](#beacon-version-initialization) to be used for writing. @javadoc("The configuration for searchable encryption.") structure SearchConfig { @@ -855,7 +855,7 @@ operation CreateDynamoDbEncryptionBranchKeyIdSupplier { //= specification/dynamodb-encryption-client/ddb-encryption-branch-key-id-supplier.md#input //= type=implication -//# This operation MUST take in a [DynamoDbKeyBranchKeyIdSupplier](#dynamodb-key-branch-key-id-supplier) as input. +//# This operation MUST take in a [DynamoDbKeyBranchKeyIdSupplier](#dynamodbkeybranchkeyidsupplier) as input. @javadoc("Inputs for creating a Branch Key Supplier from a DynamoDB Key Branch Key Id Supplier") structure CreateDynamoDbEncryptionBranchKeyIdSupplierInput { @required diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/ConfigToInfo.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/ConfigToInfo.dfy index cb01aa7bf..ab14f719f 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/ConfigToInfo.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/ConfigToInfo.dfy @@ -48,7 +48,7 @@ module SearchConfigToInfo { //= specification/searchable-encryption/search-config.md#initialization //= type=implication - //# Initialization MUST fail if the length of the list of [beacon versions](#beacon-version) is not 1. + //# Initialization MUST fail if the length of the list of [beacon versions](#beacon-version-initialization) is not 1. ensures outer.search.Some? && |outer.search.value.versions| != 1 ==> output.Failure? { if outer.search.None? { @@ -738,7 +738,7 @@ module SearchConfigToInfo { //= specification/searchable-encryption/beacons.md#initialization-failure //= type=implication - //# Initialization MUST fail if any [constructor](#constructor) is configured with a field name + //# Initialization MUST fail if any [constructor](#constructor-initialization) is configured with a field name //# that is not a defined [part](#part). ensures ret.Success? && 0 < |c| ==> exists p : CB.BeaconPart | p in parts :: p.getName() == c[0].name @@ -773,14 +773,14 @@ module SearchConfigToInfo { ensures ret.Success? ==> |ret.value| == origSize //= specification/searchable-encryption/beacons.md#initialization-failure //= type=implication - //# Initialization MUST fail if any [constructor](#constructor) is configured without at least one + //# Initialization MUST fail if any [constructor](#constructor-initialization) is configured without at least one //# required part. ensures ret.Success? && 0 < |constructors| ==> 0 < SeqCount((p : ConstructorPart) => p.required, constructors[0].parts) //= specification/searchable-encryption/beacons.md#initialization-failure //= type=implication - //# Initialization MUST fail if two [constructors](#constructor) are configured + //# Initialization MUST fail if two [constructors](#constructor-initialization) are configured //# with the same set of required parts. ensures ret.Success? && 0 < |constructors| ==> && MakeConstructor(constructors[0], parts).Success? diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/DynamoToStruct.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/DynamoToStruct.dfy index 84543c2a7..e94f7b56c 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/DynamoToStruct.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/DynamoToStruct.dfy @@ -21,16 +21,12 @@ module DynamoToStruct { type Error = AwsCryptographyDbEncryptionSdkDynamoDbTypes.Error - type StructuredDataTerminalType = x : StructuredData | x.content.Terminal? witness * - type TerminalDataMap = map + type TerminalDataMap = map // This file exists for these two functions : ItemToStructured and StructuredToItem // which provide conversion between an AttributeMap and a StructuredDataMap // Convert AttributeMap to StructuredDataMap - //= specification/dynamodb-encryption-client/ddb-item-conversion.md#convert-ddb-item-to-structured-data - //= type=implication - //# - MUST be a [Structured Data Map](../structured-encryption/structures.md#structured-data-map). function method {:opaque} ItemToStructured(item : AttributeMap) : (ret : Result) //= specification/dynamodb-encryption-client/ddb-item-conversion.md#convert-ddb-item-to-structured-data @@ -39,22 +35,11 @@ module DynamoToStruct { //# for each attribute on the DynamoDB Item, and no others. ensures ret.Success? ==> ret.value.Keys == item.Keys - //= specification/dynamodb-encryption-client/ddb-item-conversion.md#convert-ddb-item-to-structured-data - //= type=implication - //# - MUST NOT have [Structured Data Attributes](../structured-encryption/structures.md#structured-data-attributes). - ensures ret.Success? ==> forall v <- ret.value.Values :: v.content.Terminal? - //= specification/dynamodb-encryption-client/ddb-item-conversion.md#convert-ddb-item-to-structured-data //= type=implication //# - The [Terminal Type ID](../structured-encryption/structures.md#terminal-type-id) for each attribute MUST //# be the [Type ID](./ddb-attribute-serialization.md#type-id) of the [serialization](./ddb-attribute-serialization.md) of this Attribute Value. - ensures ret.Success? ==> forall kv <- ret.value.Items :: kv.1.content.Terminal.typeId == AttrToTypeId(item[kv.0]) - - //= specification/dynamodb-encryption-client/ddb-item-conversion.md#convert-ddb-item-to-structured-data - //= type=implication - //# - The Structured Data Terminal MUST be located at the top level of the Structured Data, - //# string indexed by the Attribute Name. - ensures ret.Success? ==> forall kv <- ret.value.Items :: kv.0 in ret.value.Keys && ret.value[kv.0].content.Terminal? + ensures ret.Success? ==> forall kv <- ret.value.Items :: kv.1.typeId == AttrToTypeId(item[kv.0]) //= specification/dynamodb-encryption-client/ddb-item-conversion.md#convert-ddb-item-to-structured-data //= type=implication @@ -62,7 +47,7 @@ module DynamoToStruct { //# be the [Value](./ddb-attribute-serialization.md#type-id) of the [serialization](./ddb-attribute-serialization.md) of this Attribute Value. ensures ret.Success? ==> forall kv <- ret.value.Items :: && TopLevelAttributeToBytes(item[kv.0]).Success? - && kv.1.content.Terminal.value == TopLevelAttributeToBytes(item[kv.0]).value + && kv.1.value == TopLevelAttributeToBytes(item[kv.0]).value { var structuredMap := map k <- item :: k := AttrToStructured(item[k]); @@ -71,10 +56,7 @@ module DynamoToStruct { } // Convert StructuredDataMap to AttributeMap - //= specification/dynamodb-encryption-client/ddb-item-conversion.md#convert-structured-data-to-ddb-item - //= type=implication - //# - MUST be a [Structured Data Map](../structured-encryption/structures.md#structured-data-map). - function method {:opaque} StructuredToItem(s : StructuredDataMap) : (ret : Result) + function method {:opaque} StructuredToItem(s : TerminalDataMap) : (ret : Result) //= specification/dynamodb-encryption-client/ddb-item-conversion.md#convert-structured-data-to-ddb-item //= type=implication //# - MUST contain an Attribute for every [Structured Data Terminal](../structured-encryption/structures.md#structured-data-terminal) @@ -125,12 +107,12 @@ module DynamoToStruct { } // Prove round trip. A work in progress - lemma RoundTripFromStructured(s : StructuredData) - ensures StructuredToAttr(s).Success? && s.content.Terminal.typeId == SE.BINARY ==> + lemma RoundTripFromStructured(s : StructuredDataTerminal) + ensures StructuredToAttr(s).Success? && s.typeId == SE.BINARY ==> && AttrToStructured(StructuredToAttr(s).value).Success? - ensures StructuredToAttr(s).Success? && s.content.Terminal.typeId == SE.BOOLEAN ==> + ensures StructuredToAttr(s).Success? && s.typeId == SE.BOOLEAN ==> && AttrToStructured(StructuredToAttr(s).value).Success? - ensures StructuredToAttr(s).Success? && s.content.Terminal.typeId == SE.NULL ==> + ensures StructuredToAttr(s).Success? && s.typeId == SE.NULL ==> && AttrToStructured(StructuredToAttr(s).value).Success? { reveal AttrToStructured(); @@ -161,34 +143,18 @@ module DynamoToStruct { AttrToBytes(a, false) } - function method {:opaque} AttrToStructured(item : AttributeValue) : (ret : Result) - ensures ret.Success? ==> ret.value.content.Terminal? - ensures ret.Success? ==> ret.value.content.Terminal.typeId == AttrToTypeId(item) + function method {:opaque} AttrToStructured(item : AttributeValue) : (ret : Result) + ensures ret.Success? ==> ret.value.typeId == AttrToTypeId(item) ensures ret.Success? ==> && TopLevelAttributeToBytes(item).Success? - && ret.value.content.Terminal.value == TopLevelAttributeToBytes(item).value + && ret.value.value == TopLevelAttributeToBytes(item).value { var body :- TopLevelAttributeToBytes(item); - Success(StructuredData(content := Terminal(StructuredDataTerminal(value := body, typeId := AttrToTypeId(item))), attributes := None)) + Success(StructuredDataTerminal(value := body, typeId := AttrToTypeId(item))) } - function method {:opaque} StructuredToAttr(s : StructuredData) : (ret : Result) - //= specification/dynamodb-encryption-client/ddb-item-conversion.md#convert-structured-data-to-ddb-item - //= type=implication - //# - This [Structured Data Map](../structured-encryption/structures.md#structured-data-map), - //# if not empty, - //# MUST only contain [Structured Data Terminals](../structured-encryption/structures.md#structured-data-terminal). - ensures ret.Success? ==> s.content.Terminal? - - //= specification/dynamodb-encryption-client/ddb-item-conversion.md#convert-structured-data-to-ddb-item - //= type=implication - //# - MUST NOT have [Structured Data Attributes](../structured-encryption/structures.md#structured-data-attributes). - ensures ret.Success? ==> s.attributes.None? + function method {:opaque} StructuredToAttr(s : StructuredDataTerminal) : (ret : Result) { - :- Need(s.attributes.None?, "attributes must be None"); - :- Need(s.content.Terminal?, "StructuredData to AttributeValue only works on Terminal data"); - - var Terminal(s) := s.content; :- Need(|s.typeId| == 2, "Type ID must be two bytes"); var attrValueAndLength :- BytesToAttr(s.value, s.typeId, false); :- Need(attrValueAndLength.len == |s.value|, "Mismatch between length of encoded data and length of data"); diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/SearchInfo.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/SearchInfo.dfy index 672700655..810f880dc 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/SearchInfo.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/SearchInfo.dfy @@ -74,7 +74,7 @@ module SearchableEncryptionInfo { //= specification/searchable-encryption/search-config.md#get-beacon-key-materials //# [Beacon Key Materials](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/structures.md#beacon-key-materials) MUST be generated //# with the [beacon key id](#beacon-key-id) equal to the `beacon key id` - //# and the [HMAC Keys](#hmac-keys) equal to a map + //# and the [HMAC Keys](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/structures.md#hmac-keys) equal to a map //# of every [standard beacons](beacons.md#standard-beacon-initialization) name to its generated HMAC key. output := GetHmacKeys(client, allKeys, keysLeft[1..], key, acc[keysLeft[0] := newKey]); } diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/test/DynamoToStruct.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/test/DynamoToStruct.dfy index 183904d2b..ccf3e0633 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/test/DynamoToStruct.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/test/DynamoToStruct.dfy @@ -17,8 +17,7 @@ module DynamoToStructTest { method DoFail(data : seq, typeId : TerminalTypeId) { var data := StructuredDataTerminal(value := data, typeId := typeId); - var sdata := StructuredData(content := Terminal(data), attributes := None); - var result := StructuredToAttr(sdata); + var result := StructuredToAttr(data); if !result.Failure? { print "\nStructuredToAttr should have failed with this data : ", data, "\n"; } @@ -27,8 +26,7 @@ module DynamoToStructTest { method DoSucceed(data : seq, typeId : TerminalTypeId, pos : nat) { var data := StructuredDataTerminal(value := data, typeId := typeId); - var sdata := StructuredData(content := Terminal(data), attributes := None); - var result := StructuredToAttr(sdata); + var result := StructuredToAttr(data); if !result.Success? { print "\nUnexpected failure of StructuredToAttr : (", pos, ") : ", result, "\n"; } @@ -98,56 +96,51 @@ module DynamoToStructTest { method {:test} {:vcs_split_on_every_assert} TestEncode2() { var stringValue := AttributeValue.S("abc"); var encodedStringData := StructuredDataTerminal(value := [97,98,99], typeId := [0,1]); - var encodedStringValue := StructuredData(content := Terminal(encodedStringData), attributes := None); var stringStruct := AttrToStructured(stringValue); expect stringStruct.Success?; - expect stringStruct.value == encodedStringValue; + expect stringStruct.value == encodedStringData; - var newStringValue := StructuredToAttr(encodedStringValue); + var newStringValue := StructuredToAttr(encodedStringData); expect newStringValue.Success?; expect newStringValue.value == stringValue; var numberValue := AttributeValue.N("123"); var encodedNumberData := StructuredDataTerminal(value := [49,50,51], typeId := [0,2]); - var encodedNumberValue := StructuredData(content := Terminal(encodedNumberData), attributes := None); var numberStruct := AttrToStructured(numberValue); expect numberStruct.Success?; - expect numberStruct.value == encodedNumberValue; + expect numberStruct.value == encodedNumberData; - var newNumberValue := StructuredToAttr(encodedNumberValue); + var newNumberValue := StructuredToAttr(encodedNumberData); expect newNumberValue.Success?; expect newNumberValue.value == numberValue; var numberSetValue := AttributeValue.NS(["123","45"]); var encodedNumberSetData := StructuredDataTerminal(value := [0,0,0,2, 0,0,0,3, 49,50,51, 0,0,0,2, 52,53], typeId := [1,2]); - var encodedNumberSetValue := StructuredData(content := Terminal(encodedNumberSetData), attributes := None); var numberSetStruct := AttrToStructured(numberSetValue); expect numberSetStruct.Success?; - expect numberSetStruct.value == encodedNumberSetValue; + expect numberSetStruct.value == encodedNumberSetData; - var newNumberSetValue := StructuredToAttr(encodedNumberSetValue); + var newNumberSetValue := StructuredToAttr(encodedNumberSetData); expect newNumberSetValue.Success?; expect newNumberSetValue.value == numberSetValue; var stringSetValue := AttributeValue.SS(["abc","de"]); var encodedStringSetData := StructuredDataTerminal(value := [0,0,0,2, 0,0,0,3, 97,98,99, 0,0,0,2, 100,101], typeId := [1,1]); - var encodedStringSetValue := StructuredData(content := Terminal(encodedStringSetData), attributes := None); var stringSetStruct := AttrToStructured(stringSetValue); expect stringSetStruct.Success?; - expect stringSetStruct.value == encodedStringSetValue; + expect stringSetStruct.value == encodedStringSetData; - var newStringSetValue := StructuredToAttr(encodedStringSetValue); + var newStringSetValue := StructuredToAttr(encodedStringSetData); expect newStringSetValue.Success?; expect newStringSetValue.value == stringSetValue; var binarySetValue := AttributeValue.BS([[1,2,3],[4,5]]); var encodedBinarySetData := StructuredDataTerminal(value := [0,0,0,2, 0,0,0,3, 1,2,3, 0,0,0,2, 4,5], typeId := [1,0xff]); - var encodedBinarySetValue := StructuredData(content := Terminal(encodedBinarySetData), attributes := None); var binarySetStruct := AttrToStructured(binarySetValue); expect binarySetStruct.Success?; - expect binarySetStruct.value == encodedBinarySetValue; + expect binarySetStruct.value == encodedBinarySetData; - var newBinarySetValue := StructuredToAttr(encodedBinarySetValue); + var newBinarySetValue := StructuredToAttr(encodedBinarySetData); expect newBinarySetValue.Success?; expect newBinarySetValue.value == binarySetValue; } @@ -155,21 +148,19 @@ module DynamoToStructTest { method {:test} TestEncode() { var binaryValue := AttributeValue.B([1,2,3,4,5]); var encodedBinaryData := StructuredDataTerminal(value := [1,2,3,4,5], typeId := [0xff,0xff]); - var encodedBinaryValue := StructuredData(content := Terminal(encodedBinaryData), attributes := None); var binaryStruct := AttrToStructured(binaryValue); expect binaryStruct.Success?; - expect binaryStruct.value == encodedBinaryValue; + expect binaryStruct.value == encodedBinaryData; - var newBinaryValue := StructuredToAttr(encodedBinaryValue); + var newBinaryValue := StructuredToAttr(encodedBinaryData); expect newBinaryValue.Success?; expect newBinaryValue.value == binaryValue; var nullValue := AttributeValue.NULL(true); var encodedNullData := StructuredDataTerminal(value := [], typeId := [0,0]); - var encodedNullValue := StructuredData(content := Terminal(encodedNullData), attributes := None); var nullStruct := AttrToStructured(nullValue); expect nullStruct.Success?; - expect nullStruct.value == encodedNullValue; + expect nullStruct.value == encodedNullData; var newNullValue := StructuredToAttr(nullStruct.value); expect newNullValue.Success?; @@ -177,10 +168,9 @@ module DynamoToStructTest { var boolValue := AttributeValue.BOOL(false); var encodedBoolData := StructuredDataTerminal(value := [0], typeId := [0,4]); - var encodedBoolValue := StructuredData(content := Terminal(encodedBoolData), attributes := None); var boolStruct := AttrToStructured(boolValue); expect boolStruct.Success?; - expect boolStruct.value == encodedBoolValue; + expect boolStruct.value == encodedBoolData; var newBoolValue := StructuredToAttr(boolStruct.value); expect newBoolValue.Success?; @@ -216,10 +206,9 @@ module DynamoToStructTest { //# and MAY hold values of different types. var listValue := AttributeValue.L([binaryValue, nullValue, boolValue]); var encodedListData := StructuredDataTerminal(value := [0,0,0,3, 0xff,0xff, 0,0,0,5, 1,2,3,4,5, 0,0, 0,0,0,0, 0,4, 0,0,0,1, 0], typeId := [3,0]); - var encodedListValue := StructuredData(content := Terminal(encodedListData), attributes := None); var listStruct := AttrToStructured(listValue); expect listStruct.Success?; - expect listStruct.value == encodedListValue; + expect listStruct.value == encodedListData; var newListValue := StructuredToAttr(listStruct.value); expect newListValue.Success?; @@ -273,10 +262,9 @@ module DynamoToStructTest { 0,1, 0,0,0,4, k,e,y,D, 3,0, 0,0,0,28, 0,0,0,3, 0xff,0xff, 0,0,0,5, 1,2,3,4,5, 0,0, 0,0,0,0, 0,4, 0,0,0,1, 0 ], typeId := [2,0]); - var encodedMapValue := StructuredData(content := Terminal(encodedMapData), attributes := None); var mapStruct := AttrToStructured(mapValue); expect mapStruct.Success?; - expect mapStruct.value == encodedMapValue; + expect mapStruct.value == encodedMapData; var newMapValue := StructuredToAttr(mapStruct.value); expect newMapValue.Success?; @@ -286,12 +274,11 @@ module DynamoToStructTest { method {:test} TestNormalizeNAttr() { var numberValue := AttributeValue.N("000123.000"); var encodedNumberData := StructuredDataTerminal(value := [49,50,51], typeId := [0,2]); - var encodedNumberValue := StructuredData(content := Terminal(encodedNumberData), attributes := None); var numberStruct := AttrToStructured(numberValue); expect numberStruct.Success?; - expect numberStruct.value == encodedNumberValue; + expect numberStruct.value == encodedNumberData; - var newNumberValue := StructuredToAttr(encodedNumberValue); + var newNumberValue := StructuredToAttr(encodedNumberData); expect newNumberValue.Success?; expect newNumberValue.value == AttributeValue.N("123"); } @@ -299,12 +286,11 @@ module DynamoToStructTest { method {:test} TestNormalizeNInSet() { var numberSetValue := AttributeValue.NS(["001.00"]); var encodedNumberSetData := StructuredDataTerminal(value := [0,0,0,1, 0,0,0,1, 49], typeId := [1,2]); - var encodedNumberSetValue := StructuredData(content := Terminal(encodedNumberSetData), attributes := None); var numberSetStruct := AttrToStructured(numberSetValue); expect numberSetStruct.Success?; - expect numberSetStruct.value == encodedNumberSetValue; + expect numberSetStruct.value == encodedNumberSetData; - var newNumberSetValue := StructuredToAttr(encodedNumberSetValue); + var newNumberSetValue := StructuredToAttr(encodedNumberSetData); expect newNumberSetValue.Success?; expect newNumberSetValue.value == AttributeValue.NS(["1"]); } @@ -319,10 +305,9 @@ module DynamoToStructTest { 0,2, 0,0,0,1, 49 // 1st member is N("1") ], typeId := [3,0]); - var encodedListValue := StructuredData(content := Terminal(encodedListData), attributes := None); var listStruct := AttrToStructured(listValue); expect listStruct.Success?; - expect listStruct.value == encodedListValue; + expect listStruct.value == encodedListData; var newListValue := StructuredToAttr(listStruct.value); expect newListValue.Success?; @@ -348,10 +333,9 @@ module DynamoToStructTest { ], typeId := [2,0]); - var encodedMapValue := StructuredData(content := Terminal(encodedMapData), attributes := None); var mapStruct := AttrToStructured(mapValue); expect mapStruct.Success?; - expect mapStruct.value == encodedMapValue; + expect mapStruct.value == encodedMapData; var newMapValue := StructuredToAttr(mapStruct.value); expect newMapValue.Success?; @@ -364,12 +348,11 @@ module DynamoToStructTest { method {:test} TestSortNSAttr() { var numberSetValue := AttributeValue.NS(["1","2","10"]); var encodedNumberSetData := StructuredDataTerminal(value := [0,0,0,3, 0,0,0,1, 49, 0,0,0,2, 49,48, 0,0,0,1, 50], typeId := [1,2]); - var encodedNumberSetValue := StructuredData(content := Terminal(encodedNumberSetData), attributes := None); var numberSetStruct := AttrToStructured(numberSetValue); expect numberSetStruct.Success?; - expect numberSetStruct.value == encodedNumberSetValue; + expect numberSetStruct.value == encodedNumberSetData; - var newNumberSetValue := StructuredToAttr(encodedNumberSetValue); + var newNumberSetValue := StructuredToAttr(encodedNumberSetData); expect newNumberSetValue.Success?; expect newNumberSetValue.value == AttributeValue.NS(["1","10","2"]); } @@ -380,12 +363,11 @@ module DynamoToStructTest { method {:test} TestSortNSAfterNormalize() { var numberSetValue := AttributeValue.NS(["1","02","10"]); var encodedNumberSetData := StructuredDataTerminal(value := [0,0,0,3, 0,0,0,1, 49, 0,0,0,2, 49,48, 0,0,0,1, 50], typeId := [1,2]); - var encodedNumberSetValue := StructuredData(content := Terminal(encodedNumberSetData), attributes := None); var numberSetStruct := AttrToStructured(numberSetValue); expect numberSetStruct.Success?; - expect numberSetStruct.value == encodedNumberSetValue; + expect numberSetStruct.value == encodedNumberSetData; - var newNumberSetValue := StructuredToAttr(encodedNumberSetValue); + var newNumberSetValue := StructuredToAttr(encodedNumberSetData); expect newNumberSetValue.Success?; expect newNumberSetValue.value == AttributeValue.NS(["1","10","2"]); } @@ -407,12 +389,11 @@ module DynamoToStructTest { ], typeId := [1,1] ); - var encodedStringSetValue := StructuredData(content := Terminal(encodedStringSetData), attributes := None); var stringSetStruct := AttrToStructured(stringSetValue); expect stringSetStruct.Success?; - expect stringSetStruct.value == encodedStringSetValue; + expect stringSetStruct.value == encodedStringSetData; - var newStringSetValue := StructuredToAttr(encodedStringSetValue); + var newStringSetValue := StructuredToAttr(encodedStringSetData); expect newStringSetValue.Success?; expect newStringSetValue.value == AttributeValue.SS(["&","𐀂","。"]); } @@ -423,12 +404,11 @@ module DynamoToStructTest { method {:test} TestSortBSAttr() { var binarySetValue := AttributeValue.BS([[1],[2],[1,0]]); var encodedBinarySetData := StructuredDataTerminal(value := [0,0,0,3, 0,0,0,1, 1, 0,0,0,2, 1,0, 0,0,0,1, 2], typeId := [1,0xff]); - var encodedBinarySetValue := StructuredData(content := Terminal(encodedBinarySetData), attributes := None); var binarySetStruct := AttrToStructured(binarySetValue); expect binarySetStruct.Success?; - expect binarySetStruct.value == encodedBinarySetValue; + expect binarySetStruct.value == encodedBinarySetData; - var newBinarySetValue := StructuredToAttr(encodedBinarySetValue); + var newBinarySetValue := StructuredToAttr(encodedBinarySetData); expect newBinarySetValue.Success?; expect newBinarySetValue.value == AttributeValue.BS([[1],[1,0],[2]]); } @@ -453,10 +433,9 @@ module DynamoToStructTest { 0,0,0,3, 0,0,0,1, 1, 0,0,0,2, 1,0, 0,0,0,1, 2 // BS ], typeId := [3,0]); - var encodedListValue := StructuredData(content := Terminal(encodedListData), attributes := None); var listStruct := AttrToStructured(listValue); expect listStruct.Success?; - expect listStruct.value == encodedListValue; + expect listStruct.value == encodedListData; var newListValue := StructuredToAttr(listStruct.value); expect newListValue.Success?; @@ -495,10 +474,9 @@ module DynamoToStructTest { ], typeId := [2,0]); - var encodedMapValue := StructuredData(content := Terminal(encodedMapData), attributes := None); var mapStruct := AttrToStructured(mapValue); expect mapStruct.Success?; - expect mapStruct.value == encodedMapValue; + expect mapStruct.value == encodedMapData; var newMapValue := StructuredToAttr(mapStruct.value); expect newMapValue.Success?; @@ -529,10 +507,9 @@ module DynamoToStructTest { 0,0, 0,0,0,0 // null value ], typeId := [2,0]); - var encodedMapValue := StructuredData(content := Terminal(encodedMapData), attributes := None); var mapStruct := AttrToStructured(mapValue); expect mapStruct.Success?; - expect mapStruct.value == encodedMapValue; + expect mapStruct.value == encodedMapData; var newMapValue := StructuredToAttr(mapStruct.value); expect newMapValue.Success?; diff --git a/DynamoDbEncryption/dafny/DynamoDbItemEncryptor/Model/DynamoDbItemEncryptor.smithy b/DynamoDbEncryption/dafny/DynamoDbItemEncryptor/Model/DynamoDbItemEncryptor.smithy index 9d3ad647e..d128547b4 100644 --- a/DynamoDbEncryption/dafny/DynamoDbItemEncryptor/Model/DynamoDbItemEncryptor.smithy +++ b/DynamoDbEncryption/dafny/DynamoDbItemEncryptor/Model/DynamoDbItemEncryptor.smithy @@ -47,23 +47,24 @@ service DynamoDbItemEncryptor { @javadoc("The configuration for the client-side encryption of DynamoDB items.") structure DynamoDbItemEncryptorConfig { - //= specification/dynamodb-encryption-client/ddb-table-encryption-config.md#structure + //= specification/dynamodb-encryption-client/ddb-item-encryptor.md#initialization //= type=implication - //# The following are REQUIRED for DynamoDb Table Encryption Configuration: - //# - [Logical Table Name](#logical-table-name) - //# - [DynamoDB Partition Key Name](#dynamodb-partition-key-name) - //# - [Attribute Actions](#attribute-actions) - //# - A [CMM](#cmm) or [Keyring](#keyring) - - //= specification/dynamodb-encryption-client/ddb-table-encryption-config.md#structure + //# On initialization of the DynamoDB Item Encryptor + //# the caller MUST provide: + //# - [DynamoDB Table Name](./ddb-table-encryption-config.md#dynamodb-table-name) + //# - [DynamoDB Partition Key Name](./ddb-table-encryption-config.md#dynamodb-partition-key-name) + //# - [Attribute Actions](./ddb-table-encryption-config.md#attribute-actions) + //# - A [CMM](./ddb-table-encryption-config.md#cmm) or [Keyring](./ddb-table-encryption-config.md#keyring) + + //= specification/dynamodb-encryption-client/ddb-item-encryptor.md#initialization //= type=implication - //# The following are OPTIONAL for DynamoDb Table Encryption Configuration: - //# - [DynamoDB Sort Key Name](#dynamodb-sort-key-name) - //# - [Unauthenticated Attributes](#unauthenticated-attributes) - //# - [Unauthenticated Attribute Name Prefix](#unauthenticated-attribute-prefix) - //# - [Algorithm Suite](#algorithm-suite) - //# - [Legacy Config](#legacy-config) - //# - [Plaintext Policy](#plaintext-policy) + //# The following are OPTIONAL for the DynamoDB Item Encryptor: + //# - [DynamoDB Sort Key Name](./ddb-table-encryption-config.md#dynamodb-sort-key-name) + //# - [Unauthenticated Attributes](./ddb-table-encryption-config.md#unauthenticated-attributes) + //# - [Unauthenticated Attribute Name Prefix](./ddb-table-encryption-config.md#unauthenticated-attribute-prefix) + //# - [Algorithm Suite](./ddb-table-encryption-config.md#algorithm-suite) + //# - [Legacy Config](./ddb-table-encryption-config.md#legacy-config) + //# - [Plaintext Policy](./ddb-table-encryption-config.md#plaintext-policy) @required @javadoc("The logical table name for this table. This is the name that is cryptographically bound with your data. This can be the same as the actual DynamoDB table name. It's purpose is to be distinct from the DynamoDB table name so that the data may still be authenticated if being read from different (but logically similar) tables, such as a backup table.") @@ -194,7 +195,7 @@ structure EncryptItemOutput { //= specification/dynamodb-encryption-client/decrypt-item.md#input //= type=implication //# The following inputs to this behavior are REQUIRED: -//# - DynamoDB Item +//# - [DynamoDb Item](#input-dynamodb-item) @javadoc("Inputs for decrypting a DynamoDB Item.") structure DecryptItemInput { @required @@ -207,7 +208,7 @@ structure DecryptItemOutput { //= specification/dynamodb-encryption-client/decrypt-item.md#output //= type=implication //# This operation MUST output the following: - //# - [DynamoDb Item](#dynamodb-item-1) + //# - [DynamoDb Item](#output-dynamodb-item) @required @javadoc("The decrypted DynamoDB item.") plaintextItem: AttributeMap, diff --git a/DynamoDbEncryption/dafny/DynamoDbItemEncryptor/src/AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations.dfy b/DynamoDbEncryption/dafny/DynamoDbItemEncryptor/src/AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations.dfy index 8ed68830f..6e13f3e4f 100644 --- a/DynamoDbEncryption/dafny/DynamoDbItemEncryptor/src/AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbItemEncryptor/src/AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations.dfy @@ -49,11 +49,6 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs type InternalConfig = Config type ValidConfig = x : Config | ValidInternalConfig?(x) witness * - const DoNotSign := - CSE.AuthenticateSchema(content := CSE.AuthenticateSchemaContent.Action(CSE.AuthenticateAction.DO_NOT_SIGN), attributes := None) - const DoSign := - CSE.AuthenticateSchema(content := CSE.AuthenticateSchemaContent.Action(CSE.AuthenticateAction.SIGN), attributes := None) - // Is the attribute name an allowed unauthenticated name? predicate method AllowedUnsigned( unauthenticatedAttributes: Option, @@ -150,11 +145,6 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs } function method EncodeName(k : string) : (ret : Result) - //= specification/dynamodb-encryption-client/encrypt-item.md#base-context-value-version-1 - //= type=implication - //# The key MUST be the following concatenation, - //# where `attributeName` is the name of the attribute: - //# "aws-crypto-attr." + `attributeName`. ensures ret == DDBEncode(SE.ATTR_PREFIX + k) { DDBEncode(SE.ATTR_PREFIX + k) @@ -235,14 +225,14 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs && EncodeName(config.partitionKeyName).Success? && var partitionKeyName : ValidUTF8Bytes := EncodeName(config.partitionKeyName).value; - && var partitionKeyValue : ValidUTF8Bytes := SE.EncodeTerminal(item[config.partitionKeyName].content.Terminal); + && var partitionKeyValue : ValidUTF8Bytes := SE.EncodeTerminal(item[config.partitionKeyName]); && partitionKeyName in ret.value && ret.value[partitionKeyName] == partitionKeyValue //= specification/dynamodb-encryption-client/encrypt-item.md#dynamodb-item-base-context-version-1 //= type=implication //# If this item has a Sort Key attribute, the DynamoDB Item Base Context MUST contain: - //# - the key "aws-crypto-sort-name" with a value equal to the [DynamoDB Sort Key Name](#dynamodb-sort-key-name). + //# - the key "aws-crypto-sort-name" with a value equal to the [DynamoDB Sort Key Name](./ddb-table-encryption-config.md#dynamodb-sort-key-name). //# - the [value](#base-context-value-version-1) of the Sort Key. ensures ret.Success? && config.sortKeyName.Some? ==> && config.sortKeyName.value in item @@ -254,7 +244,7 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs && EncodeName(config.sortKeyName.value).Success? && var sortKeyName : ValidUTF8Bytes := EncodeName(config.sortKeyName.value).value; && sortKeyName in ret.value - && var sortKeyValue : ValidUTF8Bytes := SE.EncodeTerminal(item[config.sortKeyName.value].content.Terminal); + && var sortKeyValue : ValidUTF8Bytes := SE.EncodeTerminal(item[config.sortKeyName.value]); && ret.value[sortKeyName] == sortKeyValue //= specification/dynamodb-encryption-client/encrypt-item.md#dynamodb-item-base-context-version-1 @@ -269,7 +259,7 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs var logicalTableName : ValidUTF8Bytes :- DDBEncode(config.logicalTableName); var partitionName : ValidUTF8Bytes :- DDBEncode(config.partitionKeyName); var partitionKeyName : ValidUTF8Bytes :- EncodeName(config.partitionKeyName); - var partitionKeyValue : ValidUTF8Bytes := SE.EncodeTerminal(item[config.partitionKeyName].content.Terminal); + var partitionKeyValue : ValidUTF8Bytes := SE.EncodeTerminal(item[config.partitionKeyName]); if (config.sortKeyName.None?) then :- Need(|{TABLE_NAME, PARTITION_NAME, SORT_NAME, partitionKeyName}| == 4, E("Internal Error")); var ec : CMP.EncryptionContext := @@ -290,7 +280,7 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs :- Need(config.sortKeyName.value in item, DDBError("Sort key " + config.sortKeyName.value + " not found in Item to be encrypted or decrypted")); var sortName :- DDBEncode(config.sortKeyName.value); var sortKeyName : ValidUTF8Bytes :- EncodeName(config.sortKeyName.value); - var sortKeyValue : ValidUTF8Bytes := SE.EncodeTerminal(item[config.sortKeyName.value].content.Terminal); + var sortKeyValue : ValidUTF8Bytes := SE.EncodeTerminal(item[config.sortKeyName.value]); :- Need(|{TABLE_NAME, PARTITION_NAME, partitionKeyName, SORT_NAME, sortKeyName}| == 5, E("Internal Error")); var ec : CMP.EncryptionContext := map[ @@ -339,7 +329,7 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs //= specification/dynamodb-encryption-client/encrypt-item.md#dynamodb-item-base-context-version-2 //= type=implication //# If this item has a Sort Key attribute, the DynamoDB Item Base Context MUST contain: - //# - the key "aws-crypto-sort-name" with a value equal to the [DynamoDB Sort Key Name](#dynamodb-sort-key-name). + //# - the key "aws-crypto-sort-name" with a value equal to the [DynamoDB Sort Key Name](./ddb-table-encryption-config.md#dynamodb-sort-key-name). ensures ret.Success? && config.sortKeyName.Some? ==> && config.sortKeyName.value in item && SORT_NAME in ret.value @@ -526,19 +516,17 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs function method GetCryptoSchemaAction( config : InternalConfig, attr : ComAmazonawsDynamodbTypes.AttributeName) - : (ret : Result) + : (ret : Result) ensures (attr !in config.attributeActionsOnEncrypt && InSignatureScope(config, attr)) ==> ret.Failure? { - var action :- GetCryptoSchemaActionInner(config, attr); - var newElement := CSE.CryptoSchemaContent.Action(action); - Success(CSE.CryptoSchema(content := newElement, attributes := None)) + GetCryptoSchemaActionInner(config, attr) } // return proper Authenticate Action by name function method GetAuthenticateSchemaAction( config : InternalConfig, attr : ComAmazonawsDynamodbTypes.AttributeName) - : (ret : CSE.AuthenticateSchema) + : (ret : CSE.AuthenticateAction) requires ValidInternalConfig?(config) //= specification/dynamodb-encryption-client/decrypt-item.md#signature-scope @@ -551,19 +539,19 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs //= specification/dynamodb-encryption-client/decrypt-item.md#signature-scope //= type=implication //# Otherwise, Attributes MUST be considered as within the signature scope. - ensures (ret == DoNotSign) <==> !InSignatureScope(config, attr) + ensures (ret == CSE.DO_NOT_SIGN) <==> !InSignatureScope(config, attr) { if InSignatureScope(config, attr) then - DoSign + CSE.SIGN else - DoNotSign + CSE.DO_NOT_SIGN } // get CryptoSchema for this item function method ConfigToCryptoSchema( config : InternalConfig, item : ComAmazonawsDynamodbTypes.AttributeMap) - : (ret : Result) + : (ret : Result) //= specification/dynamodb-encryption-client/encrypt-item.md#behavior //= type=implication @@ -578,7 +566,7 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs //= specification/dynamodb-encryption-client/encrypt-item.md#behavior //= type=implication //# - The Crypto Schema MUST NOT contain more Crypto Actions than those specified by the previous point. - ensures ret.Success? ==> ret.value.content.SchemaMap? && item.Keys == ret.value.content.SchemaMap.Keys + ensures ret.Success? ==> item.Keys == ret.value.Keys //= specification/dynamodb-encryption-client/encrypt-item.md#behavior //= type=implication @@ -588,10 +576,9 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs //# equals the Crypto Action indexed by that attribute name in the configured Attribute Actions. ensures ret.Success? ==> forall k <-item.Keys :: && GetCryptoSchemaAction(config, k).Success? - && ret.value.content.SchemaMap[k] == GetCryptoSchemaAction(config, k).value + && ret.value[k] == GetCryptoSchemaAction(config, k).value && (k in config.attributeActionsOnEncrypt ==> - ret.value.content.SchemaMap[k].content == - CSE.CryptoSchemaContent.Action(config.attributeActionsOnEncrypt[k])) + ret.value[k] == config.attributeActionsOnEncrypt[k]) { var schema := map k <- item :: k := GetCryptoSchemaAction(config, k); DynamoToStruct.MapKeysMatchItems(item); @@ -601,53 +588,41 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs assert actionMapRes.Failure? <==> exists k <- item.Keys :: schema[k].Failure?; assert actionMapRes.Failure? <==> exists k <- item.Keys :: GetCryptoSchemaAction(config, k).Failure?; - var actionMap :- DynamoToStruct.MapError(actionMapRes); - var schemaContent := CSE.CryptoSchemaContent.SchemaMap(actionMap); - var finalSchema := CSE.CryptoSchema(content := schemaContent, attributes := None); - Success(finalSchema) + DynamoToStruct.MapError(actionMapRes) } // get AuthenticateSchema for this item function method ConfigToAuthenticateSchema( config : InternalConfig, item : ComAmazonawsDynamodbTypes.AttributeMap) - : (ret : CSE.AuthenticateSchema) + : (ret : CSE.AuthenticateSchemaMap) requires ValidInternalConfig?(config) //= specification/dynamodb-encryption-client/decrypt-item.md#behavior //= type=implication //# - The number of Authenticate Actions in the Authenticate Schema - //# MUST EQUAL the number of Attributes on the [input DynamoDB Item](#dynamodb-item). - ensures ret.content.SchemaMap? && item.Keys == ret.content.SchemaMap.Keys + //# MUST EQUAL the number of Attributes on the [input DynamoDB Item](#input-dynamodb-item). + ensures item.Keys == ret.Keys //= specification/dynamodb-encryption-client/decrypt-item.md#behavior //= type=implication - //# - For every Attribute in the [input DynamoDB Item](#dynamodb-item) + //# - For every Attribute in the [input DynamoDB Item](#input-dynamodb-item) //# that is not in the [signature scope](#signature-scope), //# there MUST exist a [DO_NOT_SIGN Authenticate Action](../structured-encryption/structures.md#do_not_sign) //# in the Authenticate Schema, //# string indexed at the top level by that attribute name. - ensures forall k <-item.Keys :: - !InSignatureScope(config, k) ==> - ret.content.SchemaMap[k].content == - CSE.AuthenticateSchemaContent.Action(CSE.AuthenticateAction.DO_NOT_SIGN) + ensures forall k <-item.Keys :: !InSignatureScope(config, k) ==> ret[k] == CSE.DO_NOT_SIGN //= specification/dynamodb-encryption-client/decrypt-item.md#behavior //= type=implication - //# - For every Attribute in the [input DynamoDB Item](#dynamodb-item) + //# - For every Attribute in the [input DynamoDB Item](#input-dynamodb-item) //# that is in the [signature scope](#signature-scope), //# there MUST exist a [SIGN Authenticate Action](../structured-encryption/structures.md#sign) //# in the Authenticate Schema, //# string indexed at the top level by that attribute name. - ensures forall k <-item.Keys :: - && InSignatureScope(config, k) ==> - ret.content.SchemaMap[k].content == - CSE.AuthenticateSchemaContent.Action(CSE.AuthenticateAction.SIGN) + ensures forall k <-item.Keys :: InSignatureScope(config, k) ==> ret[k] == CSE.SIGN { - var authMap := map k <- item | true :: k := GetAuthenticateSchemaAction(config, k); - var schemaContent := CSE.AuthenticateSchemaContent.SchemaMap(authMap); - var finalSchema := CSE.AuthenticateSchema(content := schemaContent, attributes := None); - finalSchema + map k <- item | true :: k := GetAuthenticateSchemaAction(config, k) } //= specification/dynamodb-encryption-client/decrypt-item.md#determining-plaintext-items @@ -659,20 +634,17 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs && SE.FooterField !in ddbItem } - function method ConvertCryptoSchemaToAttributeActions(config: ValidConfig, schema: CSE.CryptoSchema) + function method ConvertCryptoSchemaToAttributeActions(config: ValidConfig, schema: CSE.CryptoSchemaMap) : (ret: Result, Error>) - requires schema.content.SchemaMap? - requires forall k <- schema.content.SchemaMap :: schema.content.SchemaMap[k].content.Action? - requires forall v <- schema.content.SchemaMap.Values :: SE.IsAuthAttr(v.content.Action) + requires forall k <- schema :: SE.IsAuthAttr(schema[k]) ensures ret.Success? ==> forall k <- ret.value.Keys :: InSignatureScope(config, k) ensures ret.Success? ==> forall k <- ret.value.Keys :: !ret.value[k].DO_NOTHING? { - // We can formally verify these properties, but it is too resource intensive - :- Need(forall k <- schema.content.SchemaMap :: InSignatureScope(config, k), + :- Need(forall k <- schema :: InSignatureScope(config, k), DynamoDbItemEncryptorException( message := "Received unexpected Crypto Schema: mismatch with signature scope")); - :- Need(forall k <- schema.content.SchemaMap :: ComAmazonawsDynamodbTypes.IsValid_AttributeName(k), + :- Need(forall k <- schema :: ComAmazonawsDynamodbTypes.IsValid_AttributeName(k), DynamoDbItemEncryptorException( message := "Received unexpected Crypto Schema: Invalid attribute names")); - Success(map k <- schema.content.SchemaMap :: k := schema.content.SchemaMap[k].content.Action) + Success(schema) } predicate EncryptItemEnsuresPublicly(input: EncryptItemInput, output: Result) @@ -793,9 +765,7 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs && DynamoToStruct.ItemToStructured(input.plaintextItem).Success? && var plaintextStructure := DynamoToStruct.ItemToStructured(input.plaintextItem).value; && Seq.Last(config.structuredEncryption.History.EncryptStructure).input.plaintextStructure - == CSE.StructuredData( - content := CSE.StructuredDataContent.DataMap(plaintextStructure), - attributes := None) + == plaintextStructure //= specification/dynamodb-encryption-client/encrypt-item.md#behavior //= type=implication @@ -805,22 +775,20 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs == Some(MakeEncryptionContextForEncrypt(config, plaintextStructure).value) && output.value.parsedHeader.Some? - && var structuredEncParsed := Seq.Last(config.structuredEncryption.History.EncryptStructure).output.value.parsedHeader; - && structuredEncParsed.cryptoSchema.content.SchemaMap? - && var parsedHeaderMap := structuredEncParsed.cryptoSchema.content.SchemaMap; + && var structuredEncOut := Seq.Last(config.structuredEncryption.History.EncryptStructure).output.value; + && var parsedHeaderMap := structuredEncOut.cryptoSchema; && (forall k <- parsedHeaderMap :: - && parsedHeaderMap[k].content.Action? - && SE.IsAuthAttr(parsedHeaderMap[k].content.Action)) - && var maybeCryptoSchema := ConvertCryptoSchemaToAttributeActions(config, structuredEncParsed.cryptoSchema); + && SE.IsAuthAttr(parsedHeaderMap[k])) + && var maybeCryptoSchema := ConvertCryptoSchemaToAttributeActions(config, structuredEncOut.cryptoSchema); && maybeCryptoSchema.Success? - && ConvertContextForSelector(structuredEncParsed.encryptionContext).Success? - && var selectorContext := ConvertContextForSelector(structuredEncParsed.encryptionContext).value; + && ConvertContextForSelector(structuredEncOut.parsedHeader.encryptionContext).Success? + && var selectorContext := ConvertContextForSelector(structuredEncOut.parsedHeader.encryptionContext).value; && output.value.parsedHeader.value == ParsedHeader( attributeActionsOnEncrypt := maybeCryptoSchema.value, - algorithmSuiteId := structuredEncParsed.algorithmSuiteId, - storedEncryptionContext := structuredEncParsed.storedEncryptionContext, - encryptedDataKeys := structuredEncParsed.encryptedDataKeys, - encryptionContext := structuredEncParsed.encryptionContext, + algorithmSuiteId := structuredEncOut.parsedHeader.algorithmSuiteId, + storedEncryptionContext := structuredEncOut.parsedHeader.storedEncryptionContext, + encryptedDataKeys := structuredEncOut.parsedHeader.encryptedDataKeys, + encryptionContext := structuredEncOut.parsedHeader.encryptionContext, selectorContext := selectorContext ) @@ -880,11 +848,6 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs var context :- MakeEncryptionContextForEncrypt(config, plaintextStructure); var cryptoSchema :- ConfigToCryptoSchema(config, input.plaintextItem) .MapFailure(e => Error.AwsCryptographyDbEncryptionSdkDynamoDb(e)); - var wrappedStruct := CSE.StructuredData( - content := CSE.StructuredDataContent.DataMap(plaintextStructure), - attributes := None); - - assert {:split_here} true; //= specification/dynamodb-encryption-client/encrypt-item.md#behavior //# This operation MUST create a @@ -893,18 +856,25 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs //# - This item encryptor's [CMM](./ddb-table-encryption-config.md#cmm) as the underlying CMM. //# - The keys from the [DynamoDB Item Base Context](#dynamodb-item-base-context) + var contextKeysX : seq> := SortedSets.ComputeSetToOrderedSequence2(context.Keys, ByteLess); + assert forall k <- contextKeysX :: ValidUTF8Seq(k) by { + assert forall k <- contextKeysX :: k in context.Keys; + assert forall k <- context.Keys :: ValidUTF8Seq(k); + } + + var contextKeys : seq := contextKeysX; var reqCMMR := config.cmpClient.CreateRequiredEncryptionContextCMM( CMP.CreateRequiredEncryptionContextCMMInput( underlyingCMM := Some(config.cmm), keyring := None, - requiredEncryptionContextKeys := SortedSets.ComputeSetToOrderedSequence2(context.Keys, ByteLess) + requiredEncryptionContextKeys := contextKeys ) ); var reqCMM :- reqCMMR.MapFailure(e => AwsCryptographyMaterialProviders(e)); var encryptRes := config.structuredEncryption.EncryptStructure( CSE.EncryptStructureInput( tableName := config.logicalTableName, - plaintextStructure:=wrappedStruct, + plaintextStructure:=plaintextStructure, cryptoSchema:=cryptoSchema, //= specification/dynamodb-encryption-client/encrypt-item.md#behavior //# - The CMM MUST be the CMM created above. @@ -926,10 +896,11 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs var encryptVal :- encryptRes.MapFailure( e => Error.AwsCryptographyDbEncryptionSdkDynamoDb(DDBE.AwsCryptographyDbEncryptionSdkStructuredEncryption(e))); var encryptedData := encryptVal.encryptedStructure; - var ddbKey :- DynamoToStruct.StructuredToItem(encryptedData.content.DataMap) + :- Need(forall k <- encryptedData :: DDB.IsValid_AttributeName(k), E("")); + var ddbKey :- DynamoToStruct.StructuredToItem(encryptedData) .MapFailure(e => Error.AwsCryptographyDbEncryptionSdkDynamoDb(e)); - var parsedActions :- ConvertCryptoSchemaToAttributeActions(config, encryptVal.parsedHeader.cryptoSchema); + var parsedActions :- ConvertCryptoSchemaToAttributeActions(config, encryptVal.cryptoSchema); var selectorContextR := ConvertContextForSelector(encryptVal.parsedHeader.encryptionContext); var selectorContext :- selectorContextR.MapFailure(e => E(e)); var parsedHeader := ParsedHeader( @@ -954,19 +925,19 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs method {:vcs_split_on_every_assert} DecryptItem(config: InternalConfig, input: DecryptItemInput) returns (output: Result) - //= specification/dynamodb-encryption-client/decrypt-item.md#dynamodb-item + //= specification/dynamodb-encryption-client/decrypt-item.md#input-dynamodb-item //= type=implication //# This item MUST include an Attribute with a name that matches the //# [DynamoDB Partition Key Name](./ddb-table-encryption-config.md#dynamodb-partition-key-name) //# configured on the [DynamoDB Item Encryptor](./ddb-item-encryptor.md). ensures output.Success? ==> config.partitionKeyName in input.encryptedItem - //= specification/dynamodb-encryption-client/decrypt-item.md#dynamodb-item + //= specification/dynamodb-encryption-client/decrypt-item.md#input-dynamodb-item //= type=implication //# Otherwise this operation MUST yield an error. ensures config.partitionKeyName !in input.encryptedItem ==> output.Failure? - //= specification/dynamodb-encryption-client/decrypt-item.md#dynamodb-item + //= specification/dynamodb-encryption-client/decrypt-item.md#input-dynamodb-item //= type=implication //# If the [DynamoDB Item Encryptor](./ddb-item-encryptor.md) //# has a [DynamoDB Sort Key Name](./ddb-table-encryption-config.md#dynamodb-sort-key-name) configured, @@ -1003,9 +974,7 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs && DynamoToStruct.ItemToStructured(input.encryptedItem).Success? && var plaintextStructure := DynamoToStruct.ItemToStructured(input.encryptedItem).value; && Seq.Last(config.structuredEncryption.History.DecryptStructure).input.encryptedStructure - == CSE.StructuredData( - content := CSE.StructuredDataContent.DataMap(plaintextStructure), - attributes := None) + == plaintextStructure //= specification/dynamodb-encryption-client/decrypt-item.md#dynamodb-item-base-context //= type=implication @@ -1040,21 +1009,19 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs //# The output MUST also include a [Parsed Header](#parsed-header) that contains //# data that was serialized into the header included in the output DynamoDb Item. && output.value.parsedHeader.Some? - && var structuredEncParsed := Seq.Last(config.structuredEncryption.History.DecryptStructure).output.value.parsedHeader; - && structuredEncParsed.cryptoSchema.content.SchemaMap? - && (forall k <- structuredEncParsed.cryptoSchema.content.SchemaMap :: - && structuredEncParsed.cryptoSchema.content.SchemaMap[k].content.Action? - && SE.IsAuthAttr(structuredEncParsed.cryptoSchema.content.SchemaMap[k].content.Action)) - && var maybeCryptoSchema := ConvertCryptoSchemaToAttributeActions(config, structuredEncParsed.cryptoSchema); + && var structuredEncOut := Seq.Last(config.structuredEncryption.History.DecryptStructure).output.value; + && (forall k <- structuredEncOut.cryptoSchema :: + && SE.IsAuthAttr(structuredEncOut.cryptoSchema[k])) + && var maybeCryptoSchema := ConvertCryptoSchemaToAttributeActions(config, structuredEncOut.cryptoSchema); && maybeCryptoSchema.Success? - && ConvertContextForSelector(structuredEncParsed.encryptionContext).Success? - && var selectorContext := ConvertContextForSelector(structuredEncParsed.encryptionContext).value; + && ConvertContextForSelector(structuredEncOut.parsedHeader.encryptionContext).Success? + && var selectorContext := ConvertContextForSelector(structuredEncOut.parsedHeader.encryptionContext).value; && output.value.parsedHeader.value == ParsedHeader( attributeActionsOnEncrypt := maybeCryptoSchema.value, - algorithmSuiteId := structuredEncParsed.algorithmSuiteId, - storedEncryptionContext := structuredEncParsed.storedEncryptionContext, - encryptedDataKeys := structuredEncParsed.encryptedDataKeys, - encryptionContext := structuredEncParsed.encryptionContext, + algorithmSuiteId := structuredEncOut.parsedHeader.algorithmSuiteId, + storedEncryptionContext := structuredEncOut.parsedHeader.storedEncryptionContext, + encryptedDataKeys := structuredEncOut.parsedHeader.encryptedDataKeys, + encryptionContext := structuredEncOut.parsedHeader.encryptionContext, selectorContext := selectorContext ) @@ -1127,9 +1094,6 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs :- Need(0 < |header.B|, E("Unexpected empty header field.")); var context :- MakeEncryptionContextForDecrypt(config, header.B, encryptedStructure); var authenticateSchema := ConfigToAuthenticateSchema(config, input.encryptedItem); - var wrappedStruct := CSE.StructuredData( - content := CSE.StructuredDataContent.DataMap(encryptedStructure), - attributes := None); //= specification/dynamodb-encryption-client/decrypt-item.md#behavior //# This operation MUST create a @@ -1150,7 +1114,7 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs var decryptRes := config.structuredEncryption.DecryptStructure( CSE.DecryptStructureInput( tableName := config.logicalTableName, - encryptedStructure := wrappedStruct, + encryptedStructure := encryptedStructure, authenticateSchema := authenticateSchema, //= specification/dynamodb-encryption-client/decrypt-item.md#behavior //# - CMM MUST be the CMM constructed above. @@ -1162,10 +1126,11 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs var decryptVal :- decryptRes.MapFailure( e => Error.AwsCryptographyDbEncryptionSdkDynamoDb(DDBE.AwsCryptographyDbEncryptionSdkStructuredEncryption(e))); var decryptedData := decryptVal.plaintextStructure; - var ddbItem :- DynamoToStruct.StructuredToItem(decryptedData.content.DataMap) + :- Need(forall k <- decryptedData :: DDB.IsValid_AttributeName(k), E("")); + var ddbItem :- DynamoToStruct.StructuredToItem(decryptedData) .MapFailure(e => Error.AwsCryptographyDbEncryptionSdkDynamoDb(e)); - var schemaToConvert := decryptVal.parsedHeader.cryptoSchema; + var schemaToConvert := decryptVal.cryptoSchema; var parsedAuthActions :- ConvertCryptoSchemaToAttributeActions(config, schemaToConvert); var selectorContextR := ConvertContextForSelector(decryptVal.parsedHeader.encryptionContext); diff --git a/DynamoDbEncryption/dafny/DynamoDbItemEncryptor/test/DynamoDBItemEncryptorTest.dfy b/DynamoDbEncryption/dafny/DynamoDbItemEncryptor/test/DynamoDBItemEncryptorTest.dfy index ca409d239..aa4dfaa65 100644 --- a/DynamoDbEncryption/dafny/DynamoDbItemEncryptor/test/DynamoDBItemEncryptorTest.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbItemEncryptor/test/DynamoDBItemEncryptorTest.dfy @@ -247,7 +247,7 @@ module DynamoDbItemEncryptorTest { expect parsedHeader.value.attributeActionsOnEncrypt == actions - {"nothing", "sign2"}; // Expect the verification key in the context // only one item in the stored context shows that the CMM was properly constructed - //= specification/structured-encryption/encrypt-structure.md#create-new-encryption-context-and-cmm + //= specification/structured-encryption/encrypt-path-structure.md#create-new-encryption-context-and-cmm //= type=test //# Then, this operation MUST create a [Required Encryption Context CMM](https://github.com/awslabs/private-aws-encryption-sdk-specification-staging/blob/dafny-verified/framework/required-encryption-context-cmm.md) //# with the following inputs: @@ -259,11 +259,6 @@ module DynamoDbItemEncryptorTest { expect "aws-crypto-public-key" in strEC.Keys; strEC := strEC - {"aws-crypto-public-key"}; - //= specification/dynamodb-encryption-client/encrypt-item.md#base-context-value-version-2 - //= type=test - //# The key MUST be the following concatenation, - //# where `attributeName` is the name of the attribute: - //# "aws-crypto-attr." + `attributeName`. //= specification/dynamodb-encryption-client/encrypt-item.md#base-context-value-version-2 //= type=test @@ -273,14 +268,14 @@ module DynamoDbItemEncryptorTest { //# - If the type is Boolean, then the string "true" for true and the string "false" for false. //# - Else, the value as defined in [Base Context Value Version 1](#base-context-value-version-1) - //= specification/structured-encryption/encrypt-structure.md#create-new-encryption-context-and-cmm + //= specification/structured-encryption/encrypt-path-structure.md#create-new-encryption-context-and-cmm //= type=test //# Otherwise, this operation MUST add an [entry](../dynamodb-encryption-client/encrypt-item.md#base-context-value-version-2) to the encryption context for every //# [SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT Crypto Action](./structures.md#sign_and_include_in_encryption_context) //# [Terminal Data](./structures.md#terminal-data) //# in the input record, plus the Legend. - //= specification/structured-encryption/encrypt-structure.md#create-new-encryption-context-and-cmm + //= specification/structured-encryption/encrypt-path-structure.md#create-new-encryption-context-and-cmm //= type=test //# The Legend MUST be named "aws-crypto-legend" and be a string with one character per attribute added above, //# with a one-to-one correspondence with the attributes sorted by their UTF8 encoding, @@ -591,7 +586,7 @@ module DynamoDbItemEncryptorTest { expect PublicKeyUtf8 in parsedHeader.value.storedEncryptionContext.Keys; expect |parsedHeader.value.encryptedDataKeys| == 1; - //= specification/structured-encryption/encrypt-structure.md#create-new-encryption-context-and-cmm + //= specification/structured-encryption/encrypt-path-structure.md#create-new-encryption-context-and-cmm //= type=test //# If no [Crypto Action](./structures.md#crypto-action) is configured to be //# [SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT Crypto Action](./structures.md#sign_and_include_in_encryption_context) diff --git a/DynamoDbEncryption/dafny/StructuredEncryption/Model/AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes.dfy b/DynamoDbEncryption/dafny/StructuredEncryption/Model/AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes.dfy index e587f7f8a..b2caf8e88 100644 --- a/DynamoDbEncryption/dafny/StructuredEncryption/Model/AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes.dfy +++ b/DynamoDbEncryption/dafny/StructuredEncryption/Model/AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes.dfy @@ -19,74 +19,89 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.structuredencrypti datatype AuthenticateAction = | SIGN | DO_NOT_SIGN - datatype AuthenticateSchema = | AuthenticateSchema ( - nameonly content: AuthenticateSchemaContent , - nameonly attributes: Option := Option.None + type AuthenticateSchemaMap = map + datatype AuthItem = | AuthItem ( + nameonly key: Path , + nameonly data: StructuredDataTerminal , + nameonly action: AuthenticateAction ) - type AuthenticateSchemaAttributes = map - datatype AuthenticateSchemaContent = - | Action(Action: AuthenticateAction) - | SchemaMap(SchemaMap: AuthenticateSchemaMap) - | SchemaList(SchemaList: AuthenticateSchemaList) - type AuthenticateSchemaList = seq - type AuthenticateSchemaMap = map + type AuthList = seq datatype CryptoAction = | ENCRYPT_AND_SIGN | SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT | SIGN_ONLY | DO_NOTHING - datatype CryptoSchema = | CryptoSchema ( - nameonly content: CryptoSchemaContent , - nameonly attributes: Option := Option.None + datatype CryptoItem = | CryptoItem ( + nameonly key: Path , + nameonly data: StructuredDataTerminal , + nameonly action: CryptoAction + ) + type CryptoList = seq + type CryptoSchemaMap = map + datatype DecryptPathStructureInput = | DecryptPathStructureInput ( + nameonly tableName: string , + nameonly encryptedStructure: AuthList , + nameonly cmm: AwsCryptographyMaterialProvidersTypes.ICryptographicMaterialsManager , + nameonly encryptionContext: Option := Option.None + ) + datatype DecryptPathStructureOutput = | DecryptPathStructureOutput ( + nameonly plaintextStructure: CryptoList , + nameonly parsedHeader: ParsedHeader ) - type CryptoSchemaAttributes = map - datatype CryptoSchemaContent = - | Action(Action: CryptoAction) - | SchemaMap(SchemaMap: CryptoSchemaMap) - | SchemaList(SchemaList: CryptoSchemaList) - type CryptoSchemaList = seq - type CryptoSchemaMap = map datatype DecryptStructureInput = | DecryptStructureInput ( nameonly tableName: string , - nameonly encryptedStructure: StructuredData , - nameonly authenticateSchema: AuthenticateSchema , + nameonly encryptedStructure: StructuredDataMap , + nameonly authenticateSchema: AuthenticateSchemaMap , nameonly cmm: AwsCryptographyMaterialProvidersTypes.ICryptographicMaterialsManager , nameonly encryptionContext: Option := Option.None ) datatype DecryptStructureOutput = | DecryptStructureOutput ( - nameonly plaintextStructure: StructuredData , + nameonly plaintextStructure: StructuredDataMap , + nameonly cryptoSchema: CryptoSchemaMap , + nameonly parsedHeader: ParsedHeader + ) + datatype EncryptPathStructureInput = | EncryptPathStructureInput ( + nameonly tableName: string , + nameonly plaintextStructure: CryptoList , + nameonly cmm: AwsCryptographyMaterialProvidersTypes.ICryptographicMaterialsManager , + nameonly algorithmSuiteId: Option := Option.None , + nameonly encryptionContext: Option := Option.None + ) + datatype EncryptPathStructureOutput = | EncryptPathStructureOutput ( + nameonly encryptedStructure: CryptoList , nameonly parsedHeader: ParsedHeader ) datatype EncryptStructureInput = | EncryptStructureInput ( nameonly tableName: string , - nameonly plaintextStructure: StructuredData , - nameonly cryptoSchema: CryptoSchema , + nameonly plaintextStructure: StructuredDataMap , + nameonly cryptoSchema: CryptoSchemaMap , nameonly cmm: AwsCryptographyMaterialProvidersTypes.ICryptographicMaterialsManager , nameonly algorithmSuiteId: Option := Option.None , nameonly encryptionContext: Option := Option.None ) datatype EncryptStructureOutput = | EncryptStructureOutput ( - nameonly encryptedStructure: StructuredData , + nameonly encryptedStructure: StructuredDataMap , + nameonly cryptoSchema: CryptoSchemaMap , nameonly parsedHeader: ParsedHeader ) datatype ParsedHeader = | ParsedHeader ( - nameonly cryptoSchema: CryptoSchema , nameonly algorithmSuiteId: AwsCryptographyMaterialProvidersTypes.DBEAlgorithmSuiteId , nameonly encryptedDataKeys: AwsCryptographyMaterialProvidersTypes.EncryptedDataKeyList , nameonly storedEncryptionContext: AwsCryptographyMaterialProvidersTypes.EncryptionContext , nameonly encryptionContext: AwsCryptographyMaterialProvidersTypes.EncryptionContext ) - datatype StructuredData = | StructuredData ( - nameonly content: StructuredDataContent , - nameonly attributes: Option := Option.None + type Path = seq + datatype PathSegment = + | member(member: StructureSegment) + datatype ResolveAuthActionsInput = | ResolveAuthActionsInput ( + nameonly tableName: string , + nameonly authActions: AuthList , + nameonly headerBytes: seq + ) + datatype ResolveAuthActionsOutput = | ResolveAuthActionsOutput ( + nameonly cryptoActions: CryptoList ) - type StructuredDataAttributes = map - datatype StructuredDataContent = - | Terminal(Terminal: StructuredDataTerminal) - | DataList(DataList: StructuredDataList) - | DataMap(DataMap: StructuredDataMap) - type StructuredDataList = seq - type StructuredDataMap = map + type StructuredDataMap = map datatype StructuredDataTerminal = | StructuredDataTerminal ( nameonly value: TerminalValue , nameonly typeId: TerminalTypeId @@ -95,9 +110,15 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.structuredencrypti ghost constructor() { EncryptStructure := []; DecryptStructure := []; + EncryptPathStructure := []; + DecryptPathStructure := []; + ResolveAuthActions := []; } ghost var EncryptStructure: seq>> ghost var DecryptStructure: seq>> + ghost var EncryptPathStructure: seq>> + ghost var DecryptPathStructure: seq>> + ghost var ResolveAuthActions: seq>> } trait {:termination false} IStructuredEncryptionClient { @@ -164,19 +185,71 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.structuredencrypti ensures DecryptStructureEnsuresPublicly(input, output) ensures History.DecryptStructure == old(History.DecryptStructure) + [DafnyCallEvent(input, output)] + predicate EncryptPathStructureEnsuresPublicly(input: EncryptPathStructureInput , output: Result) + // The public method to be called by library consumers + method EncryptPathStructure ( input: EncryptPathStructureInput ) + returns (output: Result) + requires + && ValidState() + && input.cmm.ValidState() + && input.cmm.Modifies !! {History} + modifies Modifies - {History} , + input.cmm.Modifies , + History`EncryptPathStructure + // Dafny will skip type parameters when generating a default decreases clause. + decreases Modifies - {History} , + input.cmm.Modifies + ensures + && ValidState() + ensures EncryptPathStructureEnsuresPublicly(input, output) + ensures History.EncryptPathStructure == old(History.EncryptPathStructure) + [DafnyCallEvent(input, output)] + + predicate DecryptPathStructureEnsuresPublicly(input: DecryptPathStructureInput , output: Result) + // The public method to be called by library consumers + method DecryptPathStructure ( input: DecryptPathStructureInput ) + returns (output: Result) + requires + && ValidState() + && input.cmm.ValidState() + && input.cmm.Modifies !! {History} + modifies Modifies - {History} , + input.cmm.Modifies , + History`DecryptPathStructure + // Dafny will skip type parameters when generating a default decreases clause. + decreases Modifies - {History} , + input.cmm.Modifies + ensures + && ValidState() + ensures DecryptPathStructureEnsuresPublicly(input, output) + ensures History.DecryptPathStructure == old(History.DecryptPathStructure) + [DafnyCallEvent(input, output)] + + predicate ResolveAuthActionsEnsuresPublicly(input: ResolveAuthActionsInput , output: Result) + // The public method to be called by library consumers + method ResolveAuthActions ( input: ResolveAuthActionsInput ) + returns (output: Result) + requires + && ValidState() + modifies Modifies - {History} , + History`ResolveAuthActions + // Dafny will skip type parameters when generating a default decreases clause. + decreases Modifies - {History} + ensures + && ValidState() + ensures ResolveAuthActionsEnsuresPublicly(input, output) + ensures History.ResolveAuthActions == old(History.ResolveAuthActions) + [DafnyCallEvent(input, output)] + } datatype StructuredEncryptionConfig = | StructuredEncryptionConfig ( ) + datatype StructureSegment = | StructureSegment ( + nameonly key: string + ) type TerminalTypeId = x: seq | IsValid_TerminalTypeId(x) witness * predicate method IsValid_TerminalTypeId(x: seq) { ( 2 <= |x| <= 2 ) } type TerminalValue = seq - type Version = x: int32 | IsValid_Version(x) witness * - predicate method IsValid_Version(x: int32) { - ( 1 <= x <= 1 ) - } datatype Error = // Local Error structures are listed here | StructuredEncryptionException ( @@ -298,6 +371,74 @@ abstract module AbstractAwsCryptographyDbEncryptionSdkStructuredEncryptionServic History.DecryptStructure := History.DecryptStructure + [DafnyCallEvent(input, output)]; } + predicate EncryptPathStructureEnsuresPublicly(input: EncryptPathStructureInput , output: Result) + {Operations.EncryptPathStructureEnsuresPublicly(input, output)} + // The public method to be called by library consumers + method EncryptPathStructure ( input: EncryptPathStructureInput ) + returns (output: Result) + requires + && ValidState() + && input.cmm.ValidState() + && input.cmm.Modifies !! {History} + modifies Modifies - {History} , + input.cmm.Modifies , + History`EncryptPathStructure + // Dafny will skip type parameters when generating a default decreases clause. + decreases Modifies - {History} , + input.cmm.Modifies + ensures + && ValidState() + ensures EncryptPathStructureEnsuresPublicly(input, output) + ensures History.EncryptPathStructure == old(History.EncryptPathStructure) + [DafnyCallEvent(input, output)] + { + output := Operations.EncryptPathStructure(config, input); + History.EncryptPathStructure := History.EncryptPathStructure + [DafnyCallEvent(input, output)]; + } + + predicate DecryptPathStructureEnsuresPublicly(input: DecryptPathStructureInput , output: Result) + {Operations.DecryptPathStructureEnsuresPublicly(input, output)} + // The public method to be called by library consumers + method DecryptPathStructure ( input: DecryptPathStructureInput ) + returns (output: Result) + requires + && ValidState() + && input.cmm.ValidState() + && input.cmm.Modifies !! {History} + modifies Modifies - {History} , + input.cmm.Modifies , + History`DecryptPathStructure + // Dafny will skip type parameters when generating a default decreases clause. + decreases Modifies - {History} , + input.cmm.Modifies + ensures + && ValidState() + ensures DecryptPathStructureEnsuresPublicly(input, output) + ensures History.DecryptPathStructure == old(History.DecryptPathStructure) + [DafnyCallEvent(input, output)] + { + output := Operations.DecryptPathStructure(config, input); + History.DecryptPathStructure := History.DecryptPathStructure + [DafnyCallEvent(input, output)]; + } + + predicate ResolveAuthActionsEnsuresPublicly(input: ResolveAuthActionsInput , output: Result) + {Operations.ResolveAuthActionsEnsuresPublicly(input, output)} + // The public method to be called by library consumers + method ResolveAuthActions ( input: ResolveAuthActionsInput ) + returns (output: Result) + requires + && ValidState() + modifies Modifies - {History} , + History`ResolveAuthActions + // Dafny will skip type parameters when generating a default decreases clause. + decreases Modifies - {History} + ensures + && ValidState() + ensures ResolveAuthActionsEnsuresPublicly(input, output) + ensures History.ResolveAuthActions == old(History.ResolveAuthActions) + [DafnyCallEvent(input, output)] + { + output := Operations.ResolveAuthActions(config, input); + History.ResolveAuthActions := History.ResolveAuthActions + [DafnyCallEvent(input, output)]; + } + } } abstract module AbstractAwsCryptographyDbEncryptionSdkStructuredEncryptionOperations { @@ -344,4 +485,58 @@ abstract module AbstractAwsCryptographyDbEncryptionSdkStructuredEncryptionOperat ensures && ValidInternalConfig?(config) ensures DecryptStructureEnsuresPublicly(input, output) + + + predicate EncryptPathStructureEnsuresPublicly(input: EncryptPathStructureInput , output: Result) + // The private method to be refined by the library developer + + + method EncryptPathStructure ( config: InternalConfig , input: EncryptPathStructureInput ) + returns (output: Result) + requires + && ValidInternalConfig?(config) + && input.cmm.ValidState() + modifies ModifiesInternalConfig(config) , + input.cmm.Modifies + // Dafny will skip type parameters when generating a default decreases clause. + decreases ModifiesInternalConfig(config) , + input.cmm.Modifies + ensures + && ValidInternalConfig?(config) + ensures EncryptPathStructureEnsuresPublicly(input, output) + + + predicate DecryptPathStructureEnsuresPublicly(input: DecryptPathStructureInput , output: Result) + // The private method to be refined by the library developer + + + method DecryptPathStructure ( config: InternalConfig , input: DecryptPathStructureInput ) + returns (output: Result) + requires + && ValidInternalConfig?(config) + && input.cmm.ValidState() + modifies ModifiesInternalConfig(config) , + input.cmm.Modifies + // Dafny will skip type parameters when generating a default decreases clause. + decreases ModifiesInternalConfig(config) , + input.cmm.Modifies + ensures + && ValidInternalConfig?(config) + ensures DecryptPathStructureEnsuresPublicly(input, output) + + + predicate ResolveAuthActionsEnsuresPublicly(input: ResolveAuthActionsInput , output: Result) + // The private method to be refined by the library developer + + + method ResolveAuthActions ( config: InternalConfig , input: ResolveAuthActionsInput ) + returns (output: Result) + requires + && ValidInternalConfig?(config) + modifies ModifiesInternalConfig(config) + // Dafny will skip type parameters when generating a default decreases clause. + decreases ModifiesInternalConfig(config) + ensures + && ValidInternalConfig?(config) + ensures ResolveAuthActionsEnsuresPublicly(input, output) } diff --git a/DynamoDbEncryption/dafny/StructuredEncryption/Model/StructuredEncryption.smithy b/DynamoDbEncryption/dafny/StructuredEncryption/Model/StructuredEncryption.smithy index d380868a4..c44a6bc00 100644 --- a/DynamoDbEncryption/dafny/StructuredEncryption/Model/StructuredEncryption.smithy +++ b/DynamoDbEncryption/dafny/StructuredEncryption/Model/StructuredEncryption.smithy @@ -22,7 +22,7 @@ use aws.polymorph#localService ) service StructuredEncryption { version: "2022-07-08", - operations: [EncryptStructure, DecryptStructure], + operations: [EncryptStructure, DecryptStructure, EncryptPathStructure, DecryptPathStructure, ResolveAuthActions], errors: [StructuredEncryptionException] } @@ -39,26 +39,31 @@ operation DecryptStructure { output: DecryptStructureOutput, } -//= specification/structured-encryption/header.md#format-version -//= type=implication -//# The Version MUST be `0x01`. -@range(min:1, max:1) -integer Version +operation EncryptPathStructure { + input: EncryptPathStructureInput, + output: EncryptPathStructureOutput, +} + +operation DecryptPathStructure { + input: DecryptPathStructureInput, + output: DecryptPathStructureOutput, +} -//= specification/structured-encryption/decrypt-structure.md#parsed-header +operation ResolveAuthActions { + input: ResolveAuthActionsInput, + output: ResolveAuthActionsOutput, +} + +//= specification/structured-encryption/decrypt-path-structure.md#parsed-header //= type=implication //# This structure MUST contain the following values, //# representing the deserialized form of the header of the input encrypted structure: //# - [Algorithm Suite ID](./header.md#format-flavor): The Algorithm Suite ID associated with the Format Flavor on the header. -//# - [Crypto Schema](./header.md#encrypt-legend): The Crypto Schema for each signed Terminal, -//# calculated using the Crypto Legend in the header, the signature scope used for decryption, and the data in the input structure. //# - [Stored Encryption Context](./header.md#encryption-context): The Encryption Context stored in the header. //# - [Encrypted Data Keys](./header.md#encrypted-data-keys): The Encrypted Data Keys stored in the header. //# - [Encryption Context](#encryption-context): The full Encryption Context used. structure ParsedHeader { - @required - cryptoSchema: CryptoSchema, @required algorithmSuiteId: DBEAlgorithmSuiteId, @required @@ -80,9 +85,9 @@ structure EncryptStructureInput { @required tableName: String, @required - plaintextStructure: StructuredData, + plaintextStructure: StructuredDataMap, @required - cryptoSchema: CryptoSchema, + cryptoSchema: CryptoSchemaMap, @required cmm: CryptographicMaterialsManagerReference, @@ -92,7 +97,7 @@ structure EncryptStructureInput { // - [Algorithm Suite](#algorithm-suite) // - [Encryption Context](#encryption-context) - //= specification/structured-encryption/encrypt-structure.md#algorithm-suite + //= specification/structured-encryption/encrypt-path-structure.md#algorithm-suite //= type=implication //# This algorithm suite MUST be a //# [supported suite for Database Encryption (DBE)](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#supported-algorithm-suites-enum); @@ -101,84 +106,154 @@ structure EncryptStructureInput { encryptionContext: EncryptionContext } +//= specification/structured-encryption/encrypt-path-structure.md#input +//= type=implication +//# The following inputs to this behavior are REQUIRED: +//# - [Table Name](#table-name) +//# - [Crypto List](#crypto-list) +//# - [Cryptographic Materials Manager (CMM)](#cmm) + +//= specification/structured-encryption/encrypt-path-structure.md#input +//= type=implication +//# The following inputs to this behavior MUST be OPTIONAL: +//# - [Algorithm Suite](#algorithm-suite) +//# - [Encryption Context](#encryption-context) +structure EncryptPathStructureInput { + @required + tableName: String, + @required + plaintextStructure: CryptoList, + @required + cmm: CryptographicMaterialsManagerReference, + algorithmSuiteId: DBEAlgorithmSuiteId, + encryptionContext: EncryptionContext +} + //= specification/structured-encryption/encrypt-structure.md#output //= type=implication //# This operation MUST output the following: -//# - [Encrypted Structured Data](#encrypted-structured-data) +//# - [Encrypted Structured Data](encrypt-path-structure.md#encrypted-structured-data) +//# - [Crypto Schema](./structures.md#crypto-schema): The Crypto Schema for each signed Terminal //# - [Parsed Header](./decrypt-structure.md#parsed-header) structure EncryptStructureOutput { @required - encryptedStructure: StructuredData, + encryptedStructure: StructuredDataMap, + @required + cryptoSchema: CryptoSchemaMap, + @required + parsedHeader: ParsedHeader, +} + +//= specification/structured-encryption/encrypt-path-structure.md#output +//= type=implication +//# This operation MUST output the following: +//# - [Encrypted Crypto List](#encrypted-crypto-list) +//# - [Parsed Header](./decrypt-structure.md#parsed-header) +structure EncryptPathStructureOutput { + @required + encryptedStructure: CryptoList, @required parsedHeader: ParsedHeader, } +//= specification/structured-encryption/decrypt-structure.md#input +//= type=implication +//# The following inputs to this behavior are REQUIRED: +// - [Table Name](#table-name) +// - [Authenticate Schema](#authenticate-schema) +// - [Cryptographic Materials Manager (CMM)](#cmm) +// - [Encrypted Structured Data](#encrypted-structured-data) + +//= specification/structured-encryption/decrypt-structure.md#input +//= type=implication +//# The following inputs to this behavior MUST be OPTIONAL: +//- [Encryption Context](#encryption-context) structure DecryptStructureInput { - //= specification/structured-encryption/decrypt-structure.md#input - //= type=implication - //# The following inputs to this behavior are REQUIRED: - // - [Table Name](#table-name) - // - [Authenticate Schema](#authenticate-schema) - // - [Cryptographic Materials Manager (CMM)](#cmm) - // - [Encrypted Structured Data](#encrypted-structured-data) @required tableName: String, @required - encryptedStructure: StructuredData, + encryptedStructure: StructuredDataMap, @required - authenticateSchema: AuthenticateSchema, + authenticateSchema: AuthenticateSchemaMap, @required cmm: CryptographicMaterialsManagerReference, - //= specification/structured-encryption/decrypt-structure.md#input - //= type=implication - //# The following inputs to this behavior MUST be OPTIONAL: - //- [Encryption Context](#encryption-context) encryptionContext: EncryptionContext, } +//= specification/structured-encryption/decrypt-path-structure.md#input +//= type=implication +//# The following inputs to this behavior are REQUIRED: +//# - [Table Name](#table-name) +//# - [Cryptographic Materials Manager (CMM)](#cmm) +//# - [Auth List](#auth-list) + +//= specification/structured-encryption/decrypt-path-structure.md#input +//= type=implication +//# The following inputs to this behavior MUST be OPTIONAL: +//# - [Encryption Context](#encryption-context) +structure DecryptPathStructureInput { + @required + tableName: String, + @required + encryptedStructure: AuthList, + @required + cmm: CryptographicMaterialsManagerReference, + encryptionContext: EncryptionContext, +} + +//= specification/structured-encryption/decrypt-structure.md#output +//= type=implication +//# This operation MUST output the following: +//# - [Structured Data](decrypt-path-structure.md#structured-data) +//# - [Crypto Schema](./structures.md#crypto-schema): The Crypto Schema for each signed Terminal, +//# calculated using the Crypto Legend in the header, the signature scope used for decryption, and the data in the input structure. +//# - [Parsed Header](decrypt-path-structure.md#parsed-header) structure DecryptStructureOutput { - //= specification/structured-encryption/decrypt-structure.md#output - //= type=implication - //# This operation MUST output the following: - //# - [Structured Data](#structured-data) - //# - [Parsed Header](#parsed-header) @required - plaintextStructure: StructuredData, + plaintextStructure: StructuredDataMap, + @required + cryptoSchema: CryptoSchemaMap, @required parsedHeader: ParsedHeader, } - -structure StructuredData { - // Each "node" in our structured data holds either - // a map of more data, a list of more data, or a terminal value - //= specification/structured-encryption/structures.md#structured-data - //= type=implication - //# A Structured Data MUST consist of: - // - a [Structured Data Content](#structured-data-content) +//= specification/structured-encryption/decrypt-path-structure.md#output +//= type=implication +//# This operation MUST output the following: +//# - [Crypto List](./structures.md#crypto-list): Decrypted Terminals and the Crypto Schema for each Terminal, +//# calculated using the Crypto Legend in the header, the signature scope used for decryption, and the data in the input structure. +//# - [Parsed Header](#parsed-header) +structure DecryptPathStructureOutput { @required - content: StructuredDataContent, + plaintextStructure: CryptoList, + @required + parsedHeader: ParsedHeader, +} - // Each "node" in our structured data may additionally - // have a flat map to express something akin to XML attributes - //= specification/structured-encryption/structures.md#structured-data - //= type=implication - //# - an OPTIONAL map of [Attributes](#structured-data-attributes) - attributes: StructuredDataAttributes +//= specification/structured-encryption/resolve-auth-actions.md#input +//= type=implication +//# The following inputs to this behavior are REQUIRED: +//# - [Table Name](#table-name) +//# - [Auth List](#auth-list) +//# - [Header Bytes](#header-bytes) +structure ResolveAuthActionsInput { + @required + tableName: String, + @required + authActions: AuthList, + @required + headerBytes: Blob } -//= specification/structured-encryption/structures.md#structured-data-content +//= specification/structured-encryption/resolve-auth-actions.md#output //= type=implication -//# Structured Data Content is a union of one of three separate structures; -//# Structured Data Content MUST be one of: -// - [Terminal Data](#terminal-data) -// - [Structured Data Map](#structured-data-map) -// - [Structured Data List](#structured-data-list) -union StructuredDataContent { - Terminal: StructuredDataTerminal, - DataList: StructuredDataList, - DataMap: StructuredDataMap +//# This operation MUST output the following: +//# [Crypto List](./structures.md#crypto-list): Input terminal data and the Crypto Schema for each Terminal, +//# calculated using the Crypto Legend in the header, the signature scope used for decryption, and the data in the input structure. +structure ResolveAuthActionsOutput { + @required + cryptoActions: CryptoList, } // Only handles bytes. @@ -217,40 +292,10 @@ blob TerminalTypeId //= type=implication //# - This map MUST NOT allow duplicate key values map StructuredDataMap { - key: String, - value: StructuredData -} - -//= specification/structured-encryption/structures.md#structured-data-list -//= type=implication -//# A Structured Data List MUST consist of: -// - A numerical-indexed array of [Structured Data](#structured-data). -list StructuredDataList { - member: StructuredData -} - -//= specification/structured-encryption/structures.md#structured-data-attributes -//= type=implication -//# Structured Data Attributes MUST be map of strings to [Terminal Data](#terminal-data). -map StructuredDataAttributes { key: String, value: StructuredDataTerminal } -// This mimics the same structure as StructuredData above, -// only it's "leaves" are AuthenticateAction instead of Terminal. -structure CryptoSchema { - @required - content: CryptoSchemaContent, - attributes: CryptoSchemaAttributes -} - -union CryptoSchemaContent { - Action: CryptoAction, - SchemaMap: CryptoSchemaMap, - SchemaList: CryptoSchemaList -} - @enum([ { "name": "ENCRYPT_AND_SIGN", @@ -273,30 +318,7 @@ string CryptoAction map CryptoSchemaMap { key: String, - value: CryptoSchema -} - -list CryptoSchemaList { - member: CryptoSchema -} - -map CryptoSchemaAttributes { - key: String, - value: AuthenticateAction -} - -// This mimics the same structure as StructuredData above, -// only it's "leaves" are AuthenticateAction instead of Terminal. -structure AuthenticateSchema { - @required - content: AuthenticateSchemaContent, - attributes: AuthenticateSchemaAttributes -} - -union AuthenticateSchemaContent { - Action: AuthenticateAction, - SchemaMap: AuthenticateSchemaMap, - SchemaList: AuthenticateSchemaList + value: CryptoAction } @enum([ @@ -313,16 +335,71 @@ string AuthenticateAction map AuthenticateSchemaMap { key: String, - value: AuthenticateSchema + value: AuthenticateAction } -list AuthenticateSchemaList { - member: AuthenticateSchema +structure StructureSegment {@required key : String} +// Not needed now, but easy to add later +// @range(min:0) +// integer Position +// structure ListSegment {@required key : Position} +// structure AttributeSegment {@required key : String} + +//= specification/structured-encryption/structures.md#path-segment +//= type=implication +//# A path segment MUST be a string, designating the name of a member of a structure. +union PathSegment { + member: StructureSegment, + // Not needed now, but easy to add later + // list: ListSegment, + // attribute: AttributeSegment, +} +list Path { + member: PathSegment } -map AuthenticateSchemaAttributes { - key: String, - value: AuthenticateAction +//= specification/structured-encryption/structures.md#crypto-item +//= type=implication +//# A crypto item MUST consist of +//# - a [Path](#path) +//# - a [Crypto Action](#crypto-action) +//# - a [Terminal Data](#terminal-data) +structure CryptoItem { + @required + key : Path, + @required + data: StructuredDataTerminal, + @required + action: CryptoAction, +} + +//= specification/structured-encryption/structures.md#crypto-list +//= type=implication +//# A crypto list MUST be a sequence of [crypto item](#crypto-item) +list CryptoList { + member: CryptoItem, +} + +//= specification/structured-encryption/structures.md#auth-item +//= type=implication +//# An auth item MUST consist of +//# - a [Path](#path) +//# - an [Authenticate Action](#authenticate-action) +//# - a [Terminal Data](#terminal-data) +structure AuthItem { + @required + key : Path, + @required + data: StructuredDataTerminal, + @required + action: AuthenticateAction, +} + +//= specification/structured-encryption/structures.md#auth-list +//= type=implication +//# An auth list MUST be a sequence of [auth item](#auth-item) +list AuthList { + member: AuthItem, } @aws.polymorph#reference(service: aws.cryptography.primitives#AwsCryptographicPrimitives) diff --git a/DynamoDbEncryption/dafny/StructuredEncryption/src/AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations.dfy b/DynamoDbEncryption/dafny/StructuredEncryption/src/AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations.dfy index 28f4dc14d..3c6cd47ad 100644 --- a/DynamoDbEncryption/dafny/StructuredEncryption/src/AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations.dfy +++ b/DynamoDbEncryption/dafny/StructuredEncryption/src/AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations.dfy @@ -8,13 +8,15 @@ include "Footer.dfy" include "Paths.dfy" include "Crypt.dfy" include "Util.dfy" +include "SortCanon.dfy" module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines AbstractAwsCryptographyDbEncryptionSdkStructuredEncryptionOperations { import opened StructuredEncryptionUtil + import opened AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes + import SortCanon import Base64 import CMP = AwsCryptographyMaterialProvidersTypes - import CSE = AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes import Prim = AwsCryptographyPrimitivesTypes import StructuredEncryptionHeader import Random @@ -37,11 +39,8 @@ module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines Abst primitives : Primitives.AtomicPrimitivesClient, materialProviders : MaterialProviders.MaterialProvidersClient ) - type InternalConfig = Config - const DBE_COMMITMENT_POLICY := CMP.CommitmentPolicy.DBE(CMP.DBECommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT) - predicate ValidInternalConfig?(config: InternalConfig) { && config.primitives.ValidState() @@ -54,81 +53,106 @@ module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines Abst predicate EncryptStructureEnsuresPublicly( input: EncryptStructureInput, output: Result) { - // Input and output types must be the same, and this constraint is useful to Dafny users - && (output.Success? && input.plaintextStructure.content.DataMap? ==> output.value.encryptedStructure.content.DataMap?) - && (output.Success? && input.plaintextStructure.content.DataList? ==> output.value.encryptedStructure.content.DataList?) - && (output.Success? && input.plaintextStructure.content.Terminal? ==> output.value.encryptedStructure.content.Terminal?) - // Ensure the CryptoSchema in the ParsedHeader matches the input crypto Schema, minus any DO_NOTHING terminals - && (output.Success? ==> - // For now we only support encrypting flat maps - && output.value.parsedHeader.cryptoSchema.content.SchemaMap? - && var headerSchema := output.value.parsedHeader.cryptoSchema.content.SchemaMap; - && CryptoSchemaMapIsFlat(headerSchema) - && input.cryptoSchema.content.SchemaMap? - && var inputSchema := input.cryptoSchema.content.SchemaMap; - && CryptoSchemaMapIsFlat(inputSchema) - && (forall k :: k in headerSchema ==> k in inputSchema && inputSchema[k] == headerSchema[k]) - && (forall v :: v in headerSchema.Values ==> IsAuthAttr(v.content.Action)) - ) + // Ensure the CryptoSchema in the ParsedHeader matches the input crypto Schema, minus any DO_NOTHING terminals + output.Success? ==> + // For now we only support encrypting flat maps + && var headerSchema := output.value.cryptoSchema; + && var inputSchema := input.cryptoSchema; + // && (forall k :: k in headerSchema ==> k in inputSchema && inputSchema[k] == headerSchema[k]) + && (forall v :: v in headerSchema.Values ==> IsAuthAttr(v)) + } + + predicate DecryptStructureEnsuresPublicly( + input: DecryptStructureInput, + output: Result) { + output.Success? ==> + // For now we only support encrypting flat maps + && var headerSchema := output.value.cryptoSchema; + // && var inputSchema := input.cryptoSchema; + // && (forall k :: k in headerSchema ==> k in inputSchema && inputSchema[k] == headerSchema[k]) + && (forall v :: v in headerSchema.Values ==> IsAuthAttr(v)) + } + + predicate DecryptPathStructureEnsuresPublicly( + input: DecryptPathStructureInput, + output: Result) { + true + } + + predicate EncryptPathStructureEnsuresPublicly( + input: EncryptPathStructureInput, + output: Result) { + true } - // given a list of fields, return only those that should be encrypted, according to the legend - function method {:tailrecursion} {:opaque} FilterEncrypted(fields : seq, legend : Header.Legend) - : (ret : seq) - requires |fields| == |legend| - ensures forall k <- ret :: k in fields + predicate ResolveAuthActionsEnsuresPublicly( + input: ResolveAuthActionsInput, + output: Result) { + true + } + + method ResolveAuthActions (config: InternalConfig, input: ResolveAuthActionsInput) + returns (output: Result) { - if |fields| == 0 then - [] - else if legend[0] == Header.ENCRYPT_AND_SIGN_LEGEND then - [fields[0]] + FilterEncrypted(fields[1..], legend[1..]) - else - FilterEncrypted(fields[1..], legend[1..]) + var head :- Header.PartialDeserialize(input.headerBytes); + :- Need(ValidString(input.tableName), E("Bad Table Name")); + var canonData :- CanonizeForDecrypt(input.tableName, input.authActions, head.legend); + return Success(ResolveAuthActionsOutput(cryptoActions := UnCanon(canonData))); } - // given a list of fields, return only those that should be added to the encryption context, according to the legend - function method {:tailrecursion} {:opaque} FilterContext(fieldMap : CanonMap, fields : seq, legend : Header.Legend, ghost data: StructuredDataPlain) - : (ret : seq) - requires |fields| == |legend| - requires forall k <- fieldMap :: fieldMap[k] in data - requires forall k <- fields :: k in fieldMap - ensures forall k <- ret :: k in data + predicate method SameUnCanon(x : CanonCryptoItem, y : CryptoItem) { - if |fields| == 0 then + && x.origKey == y.key + && x.data == y.data + && x.action == y.action + } + + function method UnCanon(input : CanonCryptoList) : (ret : CryptoList) + ensures + && |ret| == |input| + && forall i | 0 <= i < |input| :: SameUnCanon(input[i], ret[i]) + { + if |input| == 0 then [] - else if legend[0] == Header.SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT_LEGEND then - [fieldMap[fields[0]]] + FilterContext(fieldMap, fields[1..], legend[1..], data) else - FilterContext(fieldMap, fields[1..], legend[1..], data) + var newItem := CryptoItem(key := input[0].origKey, data := input[0].data, action := input[0].action); + assert SameUnCanon(input[0], newItem); + [newItem] + UnCanon(input[1..]) } + const DBE_COMMITMENT_POLICY := CMP.CommitmentPolicy.DBE(CMP.DBECommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT) + // Fail unless the field exists, and is a binary terminal - function method {:opaque} NeedBinary(data : StructuredDataMap, field : string): (result: Outcome) + function method {:opaque} GetBinary(data : AuthList, path : Path): (result: Result) + ensures result.Success? ==> exists x :: x in data && x.key == path { - if field !in data then - Fail(E("The field name " + field + " is required.")) - else if !data[field].content.Terminal? then - Fail(E(field + " must be a Terminal.")) - else if data[field].content.Terminal.typeId != BYTES_TYPE_ID then - Fail(E(field + " must be a binary Terminal.")) + var data := FindAuth(data, path); + + if data.None? then + Failure(E("The field name " + Paths.PathToString(path) + " is required.")) + else if data.value.data.typeId != BYTES_TYPE_ID then + Failure(E(Paths.PathToString(path) + " must be a binary Terminal.")) + else if data.value.action != DO_NOT_SIGN then + Failure(E(Paths.PathToString(path) + " must be DO_NOT_SIGN.")) else - Pass + Success(data.value.data) } // Return the sum of the sizes of the given fields - function method {:opaque} SumValueSize(fields : seq, data : StructuredDataCanon) + function method {:opaque} SumValueSize(fields : CanonCryptoList) : nat - requires forall k <- fields :: k in data { if |fields| == 0 then 0 + else if fields[0].action == ENCRYPT_AND_SIGN then + |fields[0].data.value| + SumValueSize(fields[1..]) else - |data[fields[0]].content.Terminal.value| + SumValueSize(fields[1..], data) + SumValueSize(fields[1..]) } function method {:opaque} GetAlgorithmSuiteId(alg : Option) : (ret : CMP.AlgorithmSuiteId) - //= specification/structured-encryption/encrypt-structure.md#retrieve-encryption-materials + //= specification/structured-encryption/encrypt-path-structure.md#retrieve-encryption-materials //= type=implication //# - Algorithm Suite: If provided, this is the [input algorithm suite](#algorithm-suite); //# otherwise, this field MUST be the algorithm suite corresponding to the enum @@ -157,31 +181,31 @@ module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines Abst && Materials.EncryptionMaterialsHasPlaintextDataKey(mat) && ValidSuite(mat.algorithmSuite) - //= specification/structured-encryption/encrypt-structure.md#retrieve-encryption-materials + //= specification/structured-encryption/encrypt-path-structure.md#retrieve-encryption-materials //= type=implication //# This operation MUST obtain a set of encryption materials by calling //# [Get Encryption Materials](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/cmm-interface.md#get-encryption-materials) //# on the [CMM](#cmm) calculated above. - //= specification/structured-encryption/encrypt-structure.md#retrieve-encryption-materials + //= specification/structured-encryption/encrypt-path-structure.md#retrieve-encryption-materials //= type=implication //# This operation MUST call Get Encryption Materials on the CMM as follows. && (|cmm.History.GetEncryptionMaterials| == |old(cmm.History.GetEncryptionMaterials)| + 1) && Seq.Last(cmm.History.GetEncryptionMaterials).output.Success? && var getEncIn := Seq.Last(cmm.History.GetEncryptionMaterials).input; - //= specification/structured-encryption/encrypt-structure.md#retrieve-encryption-materials + //= specification/structured-encryption/encrypt-path-structure.md#retrieve-encryption-materials //= type=implication //# - Encryption Context: This MUST be the encryption context calculated above. && (|| (encryptionContext.None? && getEncIn.encryptionContext == map[]) || (encryptionContext.Some? && getEncIn.encryptionContext == encryptionContext.value)) - //= specification/structured-encryption/encrypt-structure.md#retrieve-encryption-materials + //= specification/structured-encryption/encrypt-path-structure.md#retrieve-encryption-materials //= type=implication //# - Commitment Policy: This MUST be //# [REQUIRE_ENCRYPT_REQUIRE_DECRYPT](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/commitment-policy.md#esdkrequire_encrypt_require_decrypt). && getEncIn.commitmentPolicy == DBE_COMMITMENT_POLICY - //= specification/structured-encryption/encrypt-structure.md#retrieve-encryption-materials + //= specification/structured-encryption/encrypt-path-structure.md#retrieve-encryption-materials //= type=implication //# - Max Plaintext Length: This field MUST be the result of the calculation `encryptedTerminalDataNum * 2 + totalEncryptedTerminalValuesSize` // - `encryptedTerminalDataNum` is the number of [Terminal Data](./structures.md#terminal-data) @@ -217,7 +241,7 @@ module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines Abst var mat := matOutput.encryptionMaterials; :- Need(Materials.EncryptionMaterialsHasPlaintextDataKey(mat), E("Encryption material has no key")); var alg := mat.algorithmSuite; - //= specification/structured-encryption/encrypt-structure.md#retrieve-encryption-materials + //= specification/structured-encryption/encrypt-path-structure.md#retrieve-encryption-materials //# If this algorithm suite is not a //# [supported suite for Database Encryption (DBE)](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#supported-algorithm-suites-enum), //# this operation MUST yield an error. @@ -226,274 +250,216 @@ module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines Abst return Success(mat); } - type EncryptCanon = c: EncryptCanonData | ValidEncryptCanon?(c) - witness * - - // for Encrypt, the data necessary to construct the Intermediate Encrypted Structured Data - datatype EncryptCanonData = EncryptCanonData ( - encFields_c : seq, // these fields should be encrypted, sorted - // i.e. a Crypto Action of ENCRYPT_AND_SIGN - signedFields_c : seq,// these fields should be signed, sorted - // i.e. a Crypto Action other than DO_NOTHING - data_c : StructuredDataCanon, // all signed fields with canonized paths - // i.e. the Intermediate Encrypted Structured Data, but unencrypted - cryptoSchema : CryptoSchema // the crypto schema for this structure, - // with all extraneous DO_NOTHING actions removed - ) - - predicate ValidEncryptCanon?(c: EncryptCanonData) { - && (forall k :: k in c.encFields_c ==> k in c.signedFields_c) - && (forall k :: k in c.signedFields_c ==> k in c.data_c) - && (forall k :: k in c.data_c ==> k in c.signedFields_c) - && c.cryptoSchema.content.SchemaMap? - && var headerSchema := c.cryptoSchema.content.SchemaMap; - && |c.data_c| == |headerSchema| - && (exists tableName :: (forall k :: k in headerSchema ==> Paths.SimpleCanon(tableName, k) in c.data_c)) - && (forall v :: v in headerSchema.Values ==> v.content.Action? && IsAuthAttr(v.content.Action)) + function method {:opaque} MakeCanon(tableName : GoodString, data : CryptoItem) : (result : CanonCryptoItem) + requires Paths.ValidPath(data.key) + ensures result.key == Paths.CanonPath(tableName, data.key) + ensures result.origKey == data.key + ensures result.data == data.data + ensures result.action == data.action + { + CanonCryptoItem(Paths.CanonPath(tableName, data.key), data.key, data.data, data.action) } - type DecryptCanon = c: DecryptCanonData | ValidDecryptCanon?(c) - witness * - - // for Decrypt, the data necessary to construct the Intermediate Encrypted Structured Data - datatype DecryptCanonData = DecryptCanonData ( - encFields_c : seq, // These fields were encrypted, sorted. - // i.e. a Crypto Action of ENCRYPT_AND_SIGN - signedFields_c : seq,// These fields were signed, sorted - // i.e. an Authenticate Action of SIGN - data_c : StructuredDataCanon, // All signed fields with canonized paths - // i.e. the Intermediate Encrypted Structured Data, properly encrypted - cryptoSchema : CryptoSchema, // The crypto schema calculated from the crypto legend. - // This value is returned as part of the Parsed Header. - contextFields : seq // These fields have action SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT - ) + function method {:opaque} MakeCanonAuth(tableName : GoodString, data : AuthItem) : (result : CanonAuthItem) + requires Paths.ValidPath(data.key) + ensures result.key == Paths.CanonPath(tableName, data.key) + ensures result.origKey == data.key + ensures result.data == data.data + ensures result.action == data.action + { + CanonAuthItem(Paths.CanonPath(tableName, data.key), data.key, data.data, data.action) + } - predicate ValidDecryptCanon?(c: DecryptCanonData) { - && (forall k :: k in c.data_c.Keys ==> k in c.signedFields_c) - && (forall k :: k in c.signedFields_c ==> k in c.data_c.Keys) - && (forall k :: k in c.encFields_c ==> k in c.signedFields_c) - && |c.encFields_c| < (UINT32_LIMIT / 3) - && c.cryptoSchema.content.SchemaMap? - && var actionMap := c.cryptoSchema.content.SchemaMap; - && |c.data_c| == |actionMap| - && (exists tableName :: (forall k :: k in actionMap ==> Paths.SimpleCanon(tableName, k) in c.data_c)) + // construct the EncryptCanon + function method {:opaque} {:vcs_split_on_every_assert} CanonizeForEncrypt(tableName : GoodString, data : CryptoList) + : (ret : Result) + ensures ret.Success? ==> + && (forall k <- data :: Paths.ValidPath(k.key)) + && (forall k <- data :: (exists x :: x in ret.value && x.origKey == k.key && k.data == x.data)) + && |data| == |ret.value| + && (forall k <- ret.value :: Paths.ValidPath(k.origKey)) + && (forall k <- ret.value :: k.key == Paths.CanonPath(tableName, k.origKey)) + { + :- Need(forall k <- data :: Paths.ValidPath(k.key), E("Invalid Paths")); + var canonList : CanonCryptoList := Seq.Map((s : CryptoItem) requires Paths.ValidPath(s.key) => MakeCanon(tableName, s), data); + + assert |canonList| == |data|; + assert forall i | 0 <= i < |data| :: canonList[i] == MakeCanon(tableName, data[i]); + assert forall k <- data :: (exists x :: x in canonList && k.key == x.origKey && k.data == x.data); + assert forall k <- canonList :: Paths.ValidPath(k.origKey); + assert forall k <- canonList :: k.key == Paths.CanonPath(tableName, k.origKey); + + var canonSorted := SortCanon.CryptoSort(canonList); + + assert |canonSorted| == |data|; + assert forall k <- canonList :: k in multiset(canonList); + assert forall k <- canonList :: k in canonSorted; + assert forall k <- canonSorted :: k in multiset(canonSorted); + assert forall k <- canonSorted :: k in canonList; + assert forall k <- data :: (exists x :: x in canonSorted && k.key == x.origKey); + assert forall k <- canonSorted :: Paths.ValidPath(k.origKey); + assert forall k <- canonSorted :: k.key == Paths.CanonPath(tableName, k.origKey); + + Success(canonSorted) } - // return the subset of "fields" which are ENCRYPT_AND_SIGN - function method {:tailrecursion} {:opaque} FilterEncrypt(fields : seq, fieldMap : CanonMap, schema : CryptoSchemaPlain) - : (ret : seq) - requires forall k <- fields :: k in fieldMap - requires forall k <- fieldMap :: fieldMap[k] in schema - ensures forall k <- ret :: k in fields + function method LegendToAction(v : Header.LegendByte) : CryptoAction { - if |fields| == 0 then - [] + if v == Header.ENCRYPT_AND_SIGN_LEGEND then + ENCRYPT_AND_SIGN + else if v == Header.SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT_LEGEND then + SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT else - var act := schema[fieldMap[fields[0]]].content.Action; - if act == ENCRYPT_AND_SIGN then - [fields[0]] + FilterEncrypt(fields[1..], fieldMap, schema) - else - FilterEncrypt(fields[1..], fieldMap, schema) + SIGN_ONLY } - function method GetFieldMap(tableName : GoodString, data : StructuredDataPlain, schema : CryptoSchemaPlain) - : (ret : map) - requires schema.Keys == data.Keys - ensures forall k <- data :: schema[k].content.Action == DO_NOTHING || Paths.SimpleCanon(tableName, k) in ret - ensures Maps.Injective(ret) + predicate method Same(x : CanonAuthItem, y : CanonCryptoItem) { - reveal Maps.Injective(); - Paths.SimpleCanonUnique(tableName); - map k <- data | schema[k].content.Action != DO_NOTHING :: Paths.SimpleCanon(tableName, k) := k + && x.key == y.key + && x.origKey == y.origKey + && x.data == y.data } - // construct the EncryptCanon - function method {:opaque} {:vcs_split_on_every_assert} CanonizeForEncrypt(tableName : GoodString, data : StructuredDataPlain, schema : CryptoSchemaPlain) - : (ret : Result) - requires schema.Keys == data.Keys - ensures ret.Success? ==> - && var r := ret.value; - - //= specification/structured-encryption/encrypt-structure.md#calculate-intermediate-encrypted-structured-data - //= type=implication - //# For every [input Terminal Data](./structures.md#terminal-data) - //# in the [input Structured Data](#structured-data), - //# a Terminal Data MUST exist with the same [canonical path](./header.md#canonical-path) - //# in Intermediate Encrypted Structured Data, - //# if the [Crypto Schema](#crypto-schema) - //# indicates a [Crypto Action](./structures.md#crypto-action) - //# other than [DO_NOTHING](./structures.md#DO_NOTHING). - && (forall k <- data :: schema[k].content.Action == DO_NOTHING || Paths.SimpleCanon(tableName, k) in ret.value.data_c) - - //= specification/structured-encryption/encrypt-structure.md#calculate-intermediate-encrypted-structured-data - //= type=implication - //# For every [Terminal Data](./structures.md#terminal-data) - //# in the Intermediate Encrypted Structured Data - //# a Terminal Data MUST exist with the same [canonical path](./header.md#canonical-path) - //# in the [input Structured Data](#structured-data). - && (forall k <- ret.value.data_c :: (exists x :: x in data && k == Paths.SimpleCanon(tableName, x))) - - && ret.value.cryptoSchema.content.SchemaMap? - && var trimmedSchema := ret.value.cryptoSchema.content.SchemaMap; - && (forall k :: k in trimmedSchema ==> k in schema && trimmedSchema[k] == schema[k]) + function method MakeCryptoItem(x : CanonAuthItem, action : CryptoAction) : (ret : CanonCryptoItem) + ensures Same(x, ret) { - var fieldMap := GetFieldMap(tableName, data, schema); - - var data_c : StructuredDataCanon := map k <- fieldMap :: k := data[fieldMap[k]]; - var signedFields_c : seq := SortedSets.ComputeSetToOrderedSequence2(data_c.Keys, ByteLess); - var encFields_c : seq := FilterEncrypt(signedFields_c, fieldMap, schema); - var trimmedSchema := map k <- fieldMap :: fieldMap[k] := schema[fieldMap[k]]; - - assert |data_c| == |trimmedSchema| by { - assert data_c.Keys == fieldMap.Keys; - assert trimmedSchema.Keys == fieldMap.Values; - LemmaInjectiveImpliesUniqueValues(fieldMap); - } // with all extraneous DO_NOTHING actions removed - - assert forall k :: k in encFields_c ==> k in signedFields_c; - assert forall k :: k in signedFields_c ==> k in data_c; - assert forall k :: k in data_c ==> k in signedFields_c; - var newSchema := CryptoSchemaContent.SchemaMap(trimmedSchema); - assert |data_c| == |newSchema.SchemaMap|; - - var canon := EncryptCanonData( - encFields_c, - signedFields_c, - data_c, - CryptoSchema( - content := newSchema, - attributes := None - ) - ); - assert ValidEncryptCanon?(canon); - Success(canon) + CanonCryptoItem(x.key, x.origKey, x.data, action) } - // construct the DecryptCanon - function method {:opaque} {:vcs_split_on_every_assert} CanonizeForDecrypt( - tableName: GoodString, - data: StructuredDataPlain, - authSchema: AuthSchemaPlain, - legend: Header.Legend - ) : (ret : Result) - requires authSchema.Keys == data.Keys - ensures ret.Success? ==> - && |ret.value.signedFields_c| == |legend| - ensures ret.Success? ==> - && (forall k :: k in data.Keys && authSchema[k].content.Action.SIGN? ==> Paths.SimpleCanon(tableName, k) in ret.value.data_c.Keys) - ensures ret.Success? ==> - && (forall v :: v in ret.value.data_c.Values ==> v in data.Values) + function method {:tailrecursion} {:opaque} ResolveLegend( + fields : CanonAuthList, + legend : Header.Legend, + ghost origFields : CanonAuthList, + acc : CanonCryptoList + ) + : (ret : Result) + requires |fields| + |acc| == |origFields| + requires forall i | 0 <= i < |acc| :: Same(origFields[i], acc[i]) + requires forall i | |acc| <= i < |origFields| :: origFields[i] == fields[i-|acc|] ensures ret.Success? ==> - && ret.value.cryptoSchema.content.SchemaMap? - && CryptoSchemaMapIsFlat(ret.value.cryptoSchema.content.SchemaMap) - && AuthSchemaIsFlat(authSchema) - && ValidParsedCryptoSchema(ret.value.cryptoSchema.content.SchemaMap, authSchema, tableName) - ensures ret.Success? ==> forall k <- ret.value.contextFields :: k in data + && |origFields| == |ret.value| + && forall i | 0 <= i < |origFields| :: Same(origFields[i], ret.value[i]) { - //= specification/structured-encryption/decrypt-structure.md#calculate-signed-and-encrypted-field-lists - //# The `signed field list` MUST be all fields for which - //# the [Authenticate Schema](#authenticate-schema) - //# indicates an [Authenticate Action](./structures.md#authenticate-action) - //# of [SIGN](./structures.md#SIGN) for that field, - //# sorted by the [Canonical Path](header.md.#canonical-path). - - reveal Maps.Injective(); - Paths.SimpleCanonUnique(tableName); - var fieldMap := map k <- data | authSchema[k].content.Action == SIGN :: - Paths.SimpleCanon(tableName, k) := k; - assert Maps.Injective(fieldMap); - assert forall k <- fieldMap :: fieldMap[k] in data; - - var data_c := map k <- fieldMap :: k := data[fieldMap[k]]; - var signedFields_c := SortedSets.ComputeSetToOrderedSequence2(data_c.Keys, ByteLess); - - if |legend| < |signedFields_c| then - Failure(E("Schema changed : something that was unsigned is now signed.")) - else - if |legend| > |signedFields_c| then - Failure(E("Schema changed : something that was signed is now unsigned.")) + if |fields| == 0 then + :- Need(|legend| == 0, E("Schema changed : something that was signed is now unsigned.")); + Success(acc) + else if fields[0].action == DO_NOT_SIGN then + ResolveLegend(fields[1..], legend, origFields, acc + [MakeCryptoItem(fields[0], DO_NOTHING)]) else + :- Need(0 < |legend|, E("Schema changed : something that was unsigned is now signed.")); + ResolveLegend(fields[1..], legend[1..], origFields, acc + [MakeCryptoItem(fields[0], LegendToAction(legend[0]))]) + } - //= specification/structured-encryption/decrypt-structure.md#calculate-signed-and-encrypted-field-lists - //# The `encrypted field list` MUST be all fields in the `signed field list` - //# for which the corresponding byte in the [Encrypt Legend](header.md.#encrypt-legend) - //# is `0x65` indicating [Encrypt and Sign](header.md.#encrypt-legend-bytes), - //# sorted by the field's [canonical path](./header.md#canonical-path). - var encFields_c : seq := FilterEncrypted(signedFields_c, legend); - :- Need(|encFields_c| < (UINT32_LIMIT / 3), E("Too many encrypted fields.")); - - var contextFields : seq := FilterContext(fieldMap, signedFields_c, legend, data); - assert forall k <- contextFields :: k in data; - - var actionMap := map k <- fieldMap :: - fieldMap[k] := if Paths.SimpleCanon(tableName, fieldMap[k]) in encFields_c then - CryptoSchema( - content := CryptoSchemaContent.Action(ENCRYPT_AND_SIGN), - attributes := None - ) - else if fieldMap[k] in contextFields then - CryptoSchema( - content := CryptoSchemaContent.Action(SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT), - attributes := None - ) - else - CryptoSchema( - content := CryptoSchemaContent.Action(SIGN_ONLY), - attributes := None - ); - var cryptoSchema := CryptoSchema( - content := CryptoSchemaContent.SchemaMap(actionMap), - attributes := None - ); - - var c := DecryptCanonData( - encFields_c, - signedFields_c, - data_c, - cryptoSchema, - contextFields - ); - - assert |data_c| == |actionMap| by { - assert data_c.Keys == fieldMap.Keys; - assert actionMap.Keys == fieldMap.Values; - LemmaInjectiveImpliesUniqueValues(fieldMap); - } - - assert exists tableName :: - (forall k :: k in c.cryptoSchema.content.SchemaMap ==> Paths.SimpleCanon(tableName, k) in c.data_c); - - Success(c) + // construct the DecryptCanon + function method {:opaque} {:vcs_split_on_every_assert} CanonizeForDecrypt(tableName : GoodString, data : AuthList, legend: Header.Legend) + : (ret : Result) + ensures ret.Success? ==> + && (forall k <- data :: Paths.ValidPath(k.key)) + && (forall k <- data :: (exists x :: x in ret.value && k.key == x.origKey && k.data == x.data)) + && |data| == |ret.value| + && (forall k <- ret.value :: Paths.ValidPath(k.origKey)) + && (forall k <- ret.value :: k.key == Paths.CanonPath(tableName, k.origKey)) + { + :- Need(forall k <- data :: Paths.ValidPath(k.key), E("Invalid Paths")); + var canonList : CanonAuthList := Seq.Map((s : AuthItem) requires Paths.ValidPath(s.key) => MakeCanonAuth(tableName, s), data); + + assert |canonList| == |data|; + assert forall i | 0 <= i < |data| :: canonList[i] == MakeCanonAuth(tableName, data[i]); + assert forall k <- data :: (exists x :: x in canonList && k.key == x.origKey && k.data == x.data); + assert forall k <- canonList :: Paths.ValidPath(k.origKey); + assert forall k <- canonList :: k.key == Paths.CanonPath(tableName, k.origKey); + + var canonSorted := SortCanon.AuthSort(canonList); + + assert |canonSorted| == |data|; + assert forall k <- canonList :: k in multiset(canonList); + assert forall k <- canonList :: k in canonSorted; + assert forall k <- canonSorted :: k in multiset(canonSorted); + assert forall k <- canonSorted :: k in canonList; + assert forall k <- data :: (exists x :: x in canonSorted && k.key == x.origKey && k.data == x.data); + assert forall k <- canonSorted :: Paths.ValidPath(k.origKey); + assert forall k <- canonSorted :: k.key == Paths.CanonPath(tableName, k.origKey); + + var acc : CanonCryptoList := []; + assert |canonSorted| + |acc| == |canonSorted|; + assert forall i | 0 <= i < |acc| :: Same(canonSorted[i], acc[i]); + assert forall i | |acc| <= i < |canonSorted| :: canonSorted[i] == canonSorted[i-|acc|]; + var canonResolved :- ResolveLegend(canonSorted, legend, canonSorted, acc); + + assert |canonResolved| == |data|; + assert forall k <- data :: (exists x :: x in canonResolved && k.key == x.origKey && k.data == x.data); + assert forall k <- canonResolved :: Paths.ValidPath(k.origKey); + assert forall k <- canonResolved :: k.key == Paths.CanonPath(tableName, k.origKey); + + Success(canonResolved) } - method GetV2EncryptionContext(schema : FlatSchemaMap, record : FlatDataMap) + method GetV2EncryptionContext(schema : CryptoList) returns (output : Result) - requires (forall x <- schema :: x in record) { - var contextAttrs := set k <- schema | schema[k].content.Action == SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT :: k; - var contextFields := SortedSets.ComputeSetToOrderedSequence2(contextAttrs, CharLess); - //= specification/structured-encryption/encrypt-structure.md#create-new-encryption-context-and-cmm + var contextAttrs : CryptoList := Seq.Filter((s : CryptoItem) => s.action == SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT, schema); + //= specification/structured-encryption/encrypt-path-structure.md#create-new-encryption-context-and-cmm //# Otherwise, this operation MUST add an [entry](../dynamodb-encryption-client/encrypt-item.md#base-context-value-version-2) to the encryption context for every //# [SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT Crypto Action](./structures.md#sign_and_include_in_encryption_context) //# [Terminal Data](./structures.md#terminal-data) //# in the input record, plus the Legend. - output := GetV2EncryptionContext2(contextFields, record); + output := GetV2EncryptionContext2(contextAttrs); + } + + function method {:opaque} Find(haystack : CryptoList, needle : Path) : Result + { + if |haystack| == 0 then + Failure(E("Not Found")) + else if haystack[0].key == needle + then Success(haystack[0]) + else + Find(haystack[1..], needle) + } + + function method {:opaque} FindAuth(haystack : AuthList, needle : Path) : (result : Option) + ensures result.Some? ==> exists x :: x in haystack && x.key == needle + { + if |haystack| == 0 then + None + else if haystack[0].key == needle + then Some(haystack[0]) + else + FindAuth(haystack[1..], needle) + } + + function method {:opaque} CountEncrypted(list : CanonCryptoList) : nat + { + if |list| == 0 then + 0 + else if list[0].action == ENCRYPT_AND_SIGN then + 1 + CountEncrypted(list[1..]) + else + CountEncrypted(list[1..]) } - method {:vcs_split_on_every_assert} GetV2EncryptionContext2(fields : seq, record : FlatDataMap) + method {:vcs_split_on_every_assert} GetV2EncryptionContext2(fields : CryptoList) returns (output : Result) - requires forall k <- fields :: k in record { - //= specification/dynamodb-encryption-client/encrypt-item.md#base-context-value-version-2 - //# The key MUST be the following concatenation, - //# where `attributeName` is the name of the attribute: - //# "aws-crypto-attr." + `attributeName`. - var fieldMap : map := map[]; + var fieldMap : map := map[]; for i := 0 to |fields| - invariant forall k <- fieldMap :: fieldMap[k] in record { - var utf8Value :- UTF8.Encode(ATTR_PREFIX + fields[i]).MapFailure(e =>E(e)); - fieldMap := fieldMap[utf8Value := fields[i]]; + //= specification/structured-encryption/encrypt-path-structure.md#encryption-context-naming + //# When a key-value pair is added to the encryption context, + //# the key MUST be the concatenation of the literal + //# "aws-crypto-attr." and the member strings of the + //# path joined by the '.' character. + var keyVal := ATTR_PREFIX + Paths.PathToString(fields[i].key); + + var utf8Value :- UTF8.Encode(keyVal).MapFailure(e =>E(e)); + + //= specification/structured-encryption/encrypt-path-structure.md#encryption-context-naming + //# An error MUST be returned if an attempt is made to add two + //# different attributes that produce the same encryption context key. + if utf8Value in fieldMap { + return Failure(E(keyVal + " appears twice in encryption context.")); + } + + fieldMap := fieldMap[utf8Value := fields[i].key]; } var keys : seq := SortedSets.ComputeSetToOrderedSequence2(fieldMap.Keys, ByteLess); var newContext : CMP.EncryptionContext := map[]; @@ -506,7 +472,7 @@ module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines Abst //# - If the type is Boolean, then the string "true" for true and the string "false" for false. //# - Else, the value as defined in [Base Context Value Version 1](#base-context-value-version-1) - //= specification/structured-encryption/encrypt-structure.md#create-new-encryption-context-and-cmm + //= specification/structured-encryption/encrypt-path-structure.md#create-new-encryption-context-and-cmm //# The Legend MUST be named "aws-crypto-legend" and be a string with one character per attribute added above, //# with a one-to-one correspondence with the attributes sorted by their UTF8 encoding, //# each character designating the original type of the attribute, @@ -525,7 +491,8 @@ module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines Abst } var fieldUtf8 := keys[i]; var fieldStr := fieldMap[fieldUtf8]; - var attr : StructuredDataTerminal := record[fieldStr].content.Terminal; + var item :- Find(fields, fieldMap[fieldUtf8]); + var attr : StructuredDataTerminal := item.data; var attrStr : ValidUTF8Bytes; var legendChar : char; if attr.typeId == NULL { @@ -561,116 +528,290 @@ module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines Abst return Success(newContext); } + function method {:tailrecursion} BuildCryptoMap2( + keys : seq, + plaintextStructure: StructuredDataMap, + cryptoSchema: CryptoSchemaMap, + acc : CryptoList := [] + ) + : (ret : Result) + requires forall k <- keys :: k in plaintextStructure + requires forall k <- keys :: k in cryptoSchema + requires forall k <- acc :: |k.key| == 1 + ensures ret.Success? ==> + forall k <- ret.value :: |k.key| == 1 + { + if |keys| == 0 then + Success(acc) + else + var key := keys[0]; + var path := Paths.StringToUniPath(key); + var item := CryptoItem(key := path, data := plaintextStructure[key], action := cryptoSchema[key]); + BuildCryptoMap2(keys[1..], plaintextStructure, cryptoSchema, acc + [item]) + } + + function method BuildCryptoMap(plaintextStructure: StructuredDataMap, cryptoSchema: CryptoSchemaMap) : + (ret : Result) + requires plaintextStructure.Keys == cryptoSchema.Keys + ensures ret.Success? ==> + forall k <- ret.value :: |k.key| == 1 + { + var keys := SortedSets.ComputeSetToOrderedSequence2(plaintextStructure.Keys, CharLess); + BuildCryptoMap2(keys, plaintextStructure, cryptoSchema) + } + + function method {:tailrecursion} BuildAuthMap2( + keys : seq, + plaintextStructure: StructuredDataMap, + authSchema: AuthenticateSchemaMap, + acc : AuthList := [] + ) + : (ret : Result) + requires forall k <- keys :: k in plaintextStructure + requires forall k <- keys :: k in authSchema + requires forall k <- acc :: |k.key| == 1 + ensures ret.Success? ==> + forall k <- ret.value :: |k.key| == 1 + { + if |keys| == 0 then + Success(acc) + else + var key := keys[0]; + var path := Paths.StringToUniPath(key); + var item := AuthItem(key := path, data := plaintextStructure[key], action := authSchema[key]); + BuildAuthMap2(keys[1..], plaintextStructure, authSchema, acc + [item]) + } + + function method BuildAuthMap(plaintextStructure: StructuredDataMap, authSchema: AuthenticateSchemaMap) + : (ret : Result) + requires plaintextStructure.Keys == authSchema.Keys + ensures ret.Success? ==> + forall k <- ret.value :: |k.key| == 1 + { + var keys := SortedSets.ComputeSetToOrderedSequence2(plaintextStructure.Keys, CharLess); + BuildAuthMap2(keys, plaintextStructure, authSchema) + } + + function method UnBuildCryptoMap(list : CryptoList, dataSoFar : StructuredDataMap := map[], actionsSoFar : CryptoSchemaMap := map[]) : + (res : Result<(StructuredDataMap, CryptoSchemaMap), Error>) + requires forall k <- actionsSoFar :: k in dataSoFar + requires (forall v :: v in actionsSoFar.Values ==> IsAuthAttr(v)) + requires forall k <- list :: |k.key| == 1 + ensures res.Success? ==> + && (forall k <- res.value.1 :: k in res.value.0) + && (forall v :: v in res.value.1.Values ==> IsAuthAttr(v)) + { + if |list| == 0 then + Success((dataSoFar, actionsSoFar)) + else + var key :- Paths.UniPathToString(list[0].key); + :- Need(key !in dataSoFar, E("Duplicate Key " + key)); + if IsAuthAttr(list[0].action) then + UnBuildCryptoMap(list[1..], dataSoFar[key := list[0].data], actionsSoFar[key := list[0].action]) + else + UnBuildCryptoMap(list[1..], dataSoFar[key := list[0].data], actionsSoFar) + } + + method {:vcs_split_on_every_assert} EncryptStructure(config: InternalConfig, input: EncryptStructureInput) returns (output: Result) ensures output.Success? ==> - //= specification/structured-encryption/encrypt-structure.md#structured-data - //= type=implication - //# This Structured Data MUST be a [Structured Data Map](./structures.md#structured-data-map). - && input.plaintextStructure.content.DataMap? + && var headerSchema := output.value.cryptoSchema; + && var inputSchema := input.cryptoSchema; + // && (forall k :: k in headerSchema ==> k in inputSchema && inputSchema[k] == headerSchema[k]) + && (forall v :: v in headerSchema.Values ==> IsAuthAttr(v)) + { + //= specification/structured-encryption/encrypt-structure.md#behavior + //= type=implication + //# The input [Structured Data](encrypt-path-structure.md#structured-data) and [Crypto Schema](encrypt-path-structure.md#crypto-schema) + //# MUST refer to the same set of locations. + :- Need(input.plaintextStructure.Keys == input.cryptoSchema.Keys, E("Crypto Keys don't match.")); - //= specification/structured-encryption/encrypt-structure.md#structured-data - //= type=implication - //# This Structured Data MUST NOT already contain data located at the [header index](./header.md#header-index) - //# or the [footer index](./footer.md#footer-index). - && var plainRecord := input.plaintextStructure.content.DataMap; - && DataMapIsFlat(plainRecord) - && HeaderField !in plainRecord - && FooterField !in plainRecord - - //= specification/structured-encryption/encrypt-structure.md#crypto-schema - //= type=implication - //# The Crypto Schema MUST explicitly configure a [Crypto Action](./structures.md#crypto-action) for every - //# [Terminal Data](./structures.md#terminal-data) that exists on the [input Structured Data](#structured-data), - //# and MUST NOT describe Crypto Actions for locations within the input Structured Data that either - //# do not exist, or contain non-Terminal Data structures; - //# otherwise, this operation operation MUST yield an error. - && input.cryptoSchema.content.SchemaMap? - && var cryptoSchema := input.cryptoSchema.content.SchemaMap; - && CryptoSchemaMapIsFlat(cryptoSchema) - && plainRecord.Keys == cryptoSchema.Keys - - //= specification/structured-encryption/encrypt-structure.md#crypto-schema - //= type=implication - //# The Crypto Schema MUST include at least one [ENCRYPT_AND_SIGN Crypto Action](./structures.md#encryptandsign) or - //# [SIGN_ONLY Crypto Action](./structures.md#signonly); - //# otherwise, this operation MUST yield an error. - && (exists k <- cryptoSchema :: cryptoSchema[k].content.Action != DO_NOTHING) + //= specification/structured-encryption/encrypt-structure.md#behavior + //= type=implication + //# The input [Structured Data](encrypt-path-structure.md#structured-data) and [Crypto Schema](encrypt-path-structure.md#crypto-schema) + //# MUST be combined into a single [Crypto List](encrypt-path-structure.md#crypto-list). + var cryptoMap :- BuildCryptoMap(input.plaintextStructure, input.cryptoSchema); + + var pathInput := EncryptPathStructureInput( + tableName := input.tableName, + plaintextStructure := cryptoMap, + cmm := input.cmm, + algorithmSuiteId := input.algorithmSuiteId, + encryptionContext := input.encryptionContext + ); - //= specification/structured-encryption/encrypt-structure.md#encrypted-structured-data-1 - //= type=implication - //# - The [Header Field](#header-field) MUST exist in the Encrypted Structured Data - && HeaderField in output.value.encryptedStructure.content.DataMap + //= specification/structured-encryption/encrypt-structure.md#behavior + //= type=implication + //# Encrypt Structure MUST then behave as [Encrypt Path Structure](encrypt-path-structure.md) + var pathOutput :- EncryptPathStructure(config, pathInput); - //= specification/structured-encryption/encrypt-structure.md#encrypted-structured-data-1 - //= type=implication - //# - The [Footer Field](#footer-field) MUST exist in the Encrypted Structured Data - && FooterField in output.value.encryptedStructure.content.DataMap + // This should be provable, but I'm not smart enough + assert forall k <- pathInput.plaintextStructure :: |k.key| == 1; + :- Need(forall k <- pathOutput.encryptedStructure :: |k.key| == 1, E("Internal Error")); + + //= specification/structured-encryption/encrypt-structure.md#behavior + //= type=implication + //# The output [Crypto List](encrypt-path-structure.md#crypto-list) produced by [Encrypt Path Structure](encrypt-path-structure.md) + //# MUST be split into [Structured Data](encrypt-path-structure.md#structured-data) and [Crypto Schema](encrypt-path-structure.md#crypto-schema) + //# maps. + var parts :- UnBuildCryptoMap(pathOutput.encryptedStructure); + var plainOutput := EncryptStructureOutput( + encryptedStructure := parts.0, + cryptoSchema := parts.1, + parsedHeader := pathOutput.parsedHeader + ); + return Success(plainOutput); + } + const HeaderPaths : seq := [HeaderPath, FooterPath] + + method {:vcs_split_on_every_assert} EncryptPathStructure(config: InternalConfig, input: EncryptPathStructureInput) + returns (output: Result) + ensures + output.Success? ==> + //= specification/structured-encryption/encrypt-path-structure.md#crypto-list + //= type=implication + //# The Crypto List MUST include at least one [Crypto Action](./structures.md#crypto-action) + //# that is not [DO_NOTHING](./structures.md#do_nothing). + && (exists k <- input.plaintextStructure :: IsAuthAttr(k.action)) + + //= specification/structured-encryption/encrypt-path-structure.md#crypto-list + //= type=implication + //# This Crypto List MUST NOT already contain data located at the [header index](./header.md#header-index) + //# or the [footer index](./footer.md#footer-index). + && (!exists x | x in input.plaintextStructure :: x.key in HeaderPaths) + + //= specification/structured-encryption/encrypt-path-structure.md#encrypted-structured-data + //= type=implication + //# - for every entry in the input [Crypto List](#crypto-list) + //# an entry MUST exist with the same [path](./structures.md#path) in the final Encrypted Structured Data. + && (forall k <- input.plaintextStructure :: (exists x :: x in output.value.encryptedStructure && x.key == k.key)) + + //= specification/structured-encryption/encrypt-path-structure.md#encrypted-structured-data + //= type=implication + //# Otherwise, this Terminal Data MUST have [Terminal Type ID](./structures.md#terminal-type-id) + //# and [Terminal Value](./structures.md#terminal-value) equal to the input Terminal Data's. + && (forall k <- input.plaintextStructure :: + (exists x :: + && x in output.value.encryptedStructure + && x.key == k.key + && ( + || k.action == ENCRYPT_AND_SIGN + || x.data == k.data + ))) + + //= specification/structured-encryption/encrypt-path-structure.md#crypto-list + //= type=implication + //# The [paths](./structures.md#path) in the input [Crypto List](./structures.md#crypto-list) MUST be unique. + && var pathSet := set x | x in input.plaintextStructure :: x.key; + && |pathSet| == |input.plaintextStructure| + + //= specification/structured-encryption/encrypt-path-structure.md#encrypted-structured-data + //= type=implication + //# - There MUST be no other entries in the final Encrypted Structured Data. + && |output.value.encryptedStructure| == 2 + |input.plaintextStructure| + + //= specification/structured-encryption/encrypt-path-structure.md#encrypted-structured-data + //= type=implication + //# - The [Header Field](#header-field) MUST exist in the final Encrypted Structured Data + && output.value.encryptedStructure[|output.value.encryptedStructure|-2].key == HeaderPath + + //= specification/structured-encryption/encrypt-path-structure.md#encrypted-structured-data + //= type=implication + //# - The [Footer Field](#footer-field) MUST exist in the final Encrypted Structured Data + && output.value.encryptedStructure[|output.value.encryptedStructure|-1].key == FooterPath + + //= specification/structured-encryption/encrypt-path-structure.md#encrypted-structured-data + //= type=implication + //# If the [Crypto Schema](#crypto-list) + //# indicates a [Crypto Action](./structures.md#crypto-action) + //# of [ENCRYPT_AND_SIGN](./structures.md#encryptandsign), + //# the Terminal Data MUST have [Terminal Type ID](./structures.md#terminal-type-id) + //# equal to 0xffff and the value MUST be + //# the [encryption](#terminal-data-encryption) + //# of the input's Terminal Data. + && (forall x | 0 <= x < |output.value.encryptedStructure| :: (output.value.encryptedStructure[x].action == ENCRYPT_AND_SIGN ==> output.value.encryptedStructure[x].data.typeId == BYTES_TYPE_ID)) { - :- Need(input.plaintextStructure.content.DataMap?, E("Input structure must be a DataMap")); - :- Need(input.cryptoSchema.content.SchemaMap?, E("Input Crypto Schema must be a SchemaMap")); :- Need( || input.encryptionContext.None? || !exists k <- input.encryptionContext.value :: ReservedCryptoContextPrefixUTF8 <= input.encryptionContext.value[k], E("Encryption Context must not contain members beginning with " + ReservedCryptoContextPrefixString)); - var cryptoSchema := input.cryptoSchema.content.SchemaMap; - :- Need(CryptoSchemaMapIsFlat(cryptoSchema), E("Schema must be flat.")); - :- Need(forall k <- cryptoSchema :: ValidString(k), E("Schema has bad field name.")); - :- Need(exists k <- cryptoSchema :: IsAuthAttr(cryptoSchema[k].content.Action), + :- Need(exists k <- input.plaintextStructure :: IsAuthAttr(k.action), E("At least one field in the Crypto Schema must be ENCRYPT_AND_SIGN, SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT or SIGN_ONLY.")); - :- Need(DataMapIsFlat(input.plaintextStructure.content.DataMap), E("Input DataMap must be flat.")); - var plainRecord : FlatDataMap := input.plaintextStructure.content.DataMap; - :- Need(HeaderField !in plainRecord, E("The field name " + HeaderField + " is reserved.")); - :- Need(FooterField !in plainRecord, E("The field name " + FooterField + " is reserved.")); - :- Need(plainRecord.Keys == cryptoSchema.Keys, E("Schema must exactly match record")); + :- Need(!exists x | x in input.plaintextStructure :: x.key in HeaderPaths, + E("The paths " + HeaderField + " and " + FooterField + " are reserved.")); + + var pathSet := set x | x in input.plaintextStructure :: x.key; + :- Need(|pathSet| == |input.plaintextStructure|, E("Duplicate Paths")); :- Need(ValidString(input.tableName), E("Bad Table Name")); - var canonData :- CanonizeForEncrypt(input.tableName, plainRecord, cryptoSchema); + var plaintextStructure : CryptoList := input.plaintextStructure; + var canonData :- CanonizeForEncrypt(input.tableName, plaintextStructure); + + //= specification/structured-encryption/encrypt-path-structure.md#calculate-intermediate-encrypted-structured-data + //= type=implication + //# For every entry + //# in the input [Crypto List](#crypto-list) + //# there MUST be an entry with the same [canonical path](./header.md#canonical-path) + //# in Intermediate Encrypted Structured Data. + assert forall k <- input.plaintextStructure :: (exists x :: x in canonData && x.origKey == k.key && x.data == k.data); + + //= specification/structured-encryption/encrypt-path-structure.md#calculate-intermediate-encrypted-structured-data + //= type=implication + //# There MUST be no other entries in the Intermediate Encrypted Structured Data. + assert |input.plaintextStructure| == |canonData|; - //= specification/structured-encryption/encrypt-structure.md#retrieve-encryption-materials + //= specification/structured-encryption/encrypt-path-structure.md#retrieve-encryption-materials //# This operation MUST [calculate the appropriate CMM and encryption context](#create-new-encryption-context-and-cmm). var encryptionContext := input.encryptionContext.UnwrapOr(map[]); var cmm := input.cmm; - //= specification/structured-encryption/encrypt-structure.md#create-new-encryption-context-and-cmm + //= specification/structured-encryption/encrypt-path-structure.md#create-new-encryption-context-and-cmm //# If no [Crypto Action](./structures.md#crypto-action) is configured to be //# [SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT Crypto Action](./structures.md#sign_and_include_in_encryption_context) //# then the input cmm and encryption context MUST be used unchanged. - if exists x <- cryptoSchema :: cryptoSchema[x].content.Action == SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT { + if exists x <- plaintextStructure :: x.action == SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT { assume {:axiom} input.cmm.Modifies !! {config.materialProviders.History}; - var newEncryptionContext :- GetV2EncryptionContext(cryptoSchema, plainRecord); + var newEncryptionContext :- GetV2EncryptionContext(plaintextStructure); if |newEncryptionContext| != 0 { - //= specification/structured-encryption/encrypt-structure.md#create-new-encryption-context-and-cmm + //= specification/structured-encryption/encrypt-path-structure.md#create-new-encryption-context-and-cmm //# An error MUST be returned if any of the entries added to the encryption context in this step //# have the same key as any entry already in the encryption context. :- Need(encryptionContext.Keys !! newEncryptionContext.Keys, E("Internal Error - Structured Encryption encryption context overlaps with Item Encryptor encryption context.")); encryptionContext := encryptionContext + newEncryptionContext; assert cmm.Modifies !! {config.materialProviders.History}; - //= specification/structured-encryption/encrypt-structure.md#create-new-encryption-context-and-cmm + //= specification/structured-encryption/encrypt-path-structure.md#create-new-encryption-context-and-cmm //# Then, this operation MUST create a [Required Encryption Context CMM](https://github.com/awslabs/private-aws-encryption-sdk-specification-staging/blob/dafny-verified/framework/required-encryption-context-cmm.md) //# with the following inputs: //# - This input [CMM](./ddb-table-encryption-config.md#cmm) as the underlying CMM. //# - The name of every entry added above. + var contextKeysX := SortedSets.ComputeSetToOrderedSequence2(newEncryptionContext.Keys, ByteLess); + assert forall k <- contextKeysX :: ValidUTF8Seq(k) by { + assert forall k <- newEncryptionContext.Keys :: ValidUTF8Seq(k); + assert forall k <- contextKeysX :: k in newEncryptionContext.Keys; + } + var contextKeys : seq := contextKeysX; var cmmR := config.materialProviders.CreateRequiredEncryptionContextCMM( CMP.CreateRequiredEncryptionContextCMMInput( - underlyingCMM := Some(cmm), + underlyingCMM := Some(input.cmm), keyring := None, - requiredEncryptionContextKeys := SortedSets.ComputeSetToOrderedSequence2(newEncryptionContext.Keys, ByteLess) + requiredEncryptionContextKeys := contextKeys ) ); cmm :- cmmR.MapFailure(e => AwsCryptographyMaterialProviders(e)); } } + var mat :- GetStructuredEncryptionMaterials( cmm, Some(encryptionContext), input.algorithmSuiteId, - |canonData.encFields_c|, - SumValueSize(canonData.encFields_c, canonData.data_c)); + CountEncrypted(canonData), + SumValueSize(canonData)); var key : Key := mat.plaintextDataKey.value; var alg := mat.algorithmSuite; @@ -679,128 +820,117 @@ module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines Abst //= specification/structured-encryption/header.md#message-id //# Implementations MUST generate a fresh 256-bit random MessageID, from a cryptographically secure source, for each record encrypted. - //= specification/structured-encryption/encrypt-structure.md#calculate-intermediate-encrypted-structured-data + //= specification/structured-encryption/encrypt-path-structure.md#calculate-intermediate-encrypted-structured-data //# The process used to generate this identifier MUST use a good source of randomness //# to make the chance of duplicate identifiers negligible. var randBytes := Random.GenerateBytes(MSGID_LEN as int32); var msgID :- randBytes.MapFailure(e => Error.AwsCryptographyPrimitives(e)); - var head :- Header.Create(input.tableName, input.cryptoSchema, msgID, mat); + var head :- Header.Create(input.tableName, canonData, msgID, mat); //= specification/structured-encryption/header.md#commit-key //# The commit key calculation described above MUST be performed with the record's plaintext data key //# and the header's message id. var commitKey :- Crypt.GetCommitKey(config.primitives, alg, key, head.msgID); var headerSerialized :- Header.Serialize(config.primitives, alg, commitKey, head); - //= specification/structured-encryption/encrypt-structure.md#header-field + //= specification/structured-encryption/encrypt-path-structure.md#header-field //# The Header Field TypeID MUST be 0xFFFF - //= specification/structured-encryption/encrypt-structure.md#header-field + //= specification/structured-encryption/encrypt-path-structure.md#header-field //# The Header Field Value MUST be the full serialized [header](header.md) with commitment. var headerAttribute := ValueToData(headerSerialized, BYTES_TYPE_ID); - :- Need(|canonData.encFields_c| < (UINT32_LIMIT / 3), E("Too many encrypted fields")); - var encryptedItems :- Crypt.Encrypt(config.primitives, alg, key, head, canonData.encFields_c, canonData.data_c); - - var result : map := map k <- plainRecord | true - :: k := - var c := Paths.SimpleCanon(input.tableName, k); - if c in encryptedItems then - encryptedItems[c] - else - plainRecord[k]; - - //= specification/structured-encryption/encrypt-structure.md#encrypted-structured-data-1 - //= type=implication - //# The Encrypted Structured Data created by this operation MUST be a Structured Data such that: + :- Need(|canonData| < (UINT32_LIMIT / 3), E("Too many encrypted fields")); + // input canonData has all input fields, none encrypted + // output canonData has all input fields, some encrypted + assert forall k <- input.plaintextStructure :: (exists x :: x in canonData && x.origKey == k.key); + var encryptedItems : CanonCryptoList :- Crypt.Encrypt(config.primitives, alg, key, head, canonData); + assert forall k <- input.plaintextStructure :: (exists x :: x in encryptedItems && x.origKey == k.key); - //= specification/structured-encryption/encrypt-structure.md#encrypted-structured-data-1 - //= type=implication - //# - for every [Terminal Data](./structures.md#terminal-data) in the - //# [Intermediate Structured Data](#calculate-intermediate-encrypted-structured-data), - //# a Terminal Data MUST exist with the same [canonical path](./header.md#canonical-path) in the final Encrypted Structured Data. // this assert can be an implication, because it is explicitly ensuring an intermediate state. - assert forall k <- canonData.data_c :: (exists m :: k == Paths.SimpleCanon(input.tableName, m) && m in result.Keys); + assert forall i | 0 <= i < |canonData| :: canonData[i].key == encryptedItems[i].key; - //= specification/structured-encryption/encrypt-structure.md#encrypted-structured-data-1 - //= type=implication - //# - for every [Terminal Data](./structures.md#terminal-data) in the final Encrypted Structured Data - //# if the [Crypto Schema](#crypto-schema) - //# indicates a [Crypto Action](./structures.md#crypto-action) - //# other than [DO_NOTHING](./structures.md#DO_NOTHING), - //# a Terminal Data MUST exist with the same [canonical path](./header.md#canonical-path) in the - //# [Intermediate Structured Data](#calculate-intermediate-encrypted-structured-data). // this assert can be an implication, because it is explicitly ensuring an intermediate state. - assert forall k <- result.Keys :: cryptoSchema[k].content.Action == DO_NOTHING || Paths.SimpleCanon(input.tableName, k) in canonData.data_c; + assert forall i | 0 <= i < |encryptedItems| :: encryptedItems[i].key == canonData[i].key; + + assert forall x | 0 <= x < |encryptedItems| :: (encryptedItems[x].action == ENCRYPT_AND_SIGN ==> encryptedItems[x].data.typeId == BYTES_TYPE_ID); + assert forall x | 0 <= x < |encryptedItems| :: (encryptedItems[x].action == ENCRYPT_AND_SIGN || encryptedItems[x].data == canonData[x].data); - assert {:split_here} true; + // verifies, but it takes too long + assume {:axiom} forall k <- input.plaintextStructure :: + (exists x :: + && x in encryptedItems + && x.origKey == k.key + && Crypt.Updated5(k, x, Crypt.DoEncrypt) + ); - var footer :- Footer.CreateFooter(config.primitives, mat, canonData.signedFields_c, - canonData.encFields_c, encryptedItems, canonData.data_c, headerSerialized); + var footer :- Footer.CreateFooter(config.primitives, mat, encryptedItems, headerSerialized); var footerAttribute := footer.makeTerminal(); - result := result[HeaderField := headerAttribute]; - result := result[FooterField := footerAttribute]; - assert HeaderField in result; - assert FooterField in result; + assert forall k <- input.plaintextStructure :: (exists x :: x in encryptedItems && x.origKey == k.key); + var smallResult : CryptoList := UnCanon(encryptedItems); + assert forall k <- input.plaintextStructure :: (exists x :: x in smallResult && x.key == k.key); + assert forall x | 0 <= x < |smallResult| :: (smallResult[x].action == ENCRYPT_AND_SIGN ==> smallResult[x].data.typeId == BYTES_TYPE_ID) by { + assert |smallResult| == |encryptedItems|; + assert forall x | 0 <= x < |smallResult| :: SameUnCanon(encryptedItems[x], smallResult[x]); + assert forall x | 0 <= x < |smallResult| :: (smallResult[x].action == encryptedItems[x].action && smallResult[x].data == encryptedItems[x].data); + assert forall x | 0 <= x < |encryptedItems| :: (encryptedItems[x].action == ENCRYPT_AND_SIGN || encryptedItems[x].data == canonData[x].data); + } + // verifies, but it takes too long + assume {:axiom} forall k <- input.plaintextStructure :: + (exists x :: + && x in smallResult + && x.key == k.key + && Crypt.Updated4(k, x, Crypt.DoEncrypt) + ); + + var headItem := CryptoItem(key := HeaderPath, data := headerAttribute, action := DO_NOTHING); + var footItem := CryptoItem(key := FooterPath, data := footerAttribute, action := DO_NOTHING); + var largeResult := smallResult + [headItem, footItem]; + assert |largeResult| == |smallResult| + 2; + assert largeResult[|largeResult|-2] == headItem; + assert largeResult[|largeResult|-2].key == HeaderPath; + assert largeResult[|largeResult|-1] == footItem; + assert largeResult[|largeResult|-1].key == FooterPath; + assert forall k <- input.plaintextStructure :: (exists x :: x in largeResult && x.key == k.key); + assert forall x | 0 <= x < |largeResult| :: (largeResult[x].action == ENCRYPT_AND_SIGN ==> largeResult[x].data.typeId == BYTES_TYPE_ID) by { + assert forall x | 0 <= x < |smallResult| :: (smallResult[x].action == ENCRYPT_AND_SIGN ==> smallResult[x].data.typeId == BYTES_TYPE_ID); + assert forall x | 0 <= x < |smallResult| :: smallResult[x] == largeResult[x]; + assert forall x | 0 <= x < |smallResult| :: (largeResult[x].action == ENCRYPT_AND_SIGN ==> largeResult[x].data.typeId == BYTES_TYPE_ID); + assert largeResult[|smallResult|] == headItem; + assert largeResult[|smallResult|].key == HeaderPath; + assert largeResult[|smallResult|+1] == footItem; + assert largeResult[|smallResult|+1].key == FooterPath; + assert largeResult[|smallResult|].action == DO_NOTHING; + assert largeResult[|smallResult|+1].action == DO_NOTHING; + assert |largeResult| == |smallResult| + 2; + // verifies, but it takes too long + assume {:axiom} forall x | |smallResult| <= x < |largeResult| :: largeResult[x].action == DO_NOTHING; + } + + assert forall k <- input.plaintextStructure :: + (exists x :: + && x in largeResult + && x.key == k.key + && Crypt.Updated4(k, x, Crypt.DoEncrypt) + ); var headerAlgorithmSuite :- head.GetAlgorithmSuite(config.materialProviders); - var parsedHeader := ParsedHeader( - cryptoSchema := canonData.cryptoSchema, + var parsedHeader := ParsedHeader ( algorithmSuiteId := headerAlgorithmSuite.id.DBE, encryptedDataKeys := head.dataKeys, storedEncryptionContext := head.encContext, encryptionContext := mat.encryptionContext ); - var encryptOutput := EncryptStructureOutput( - encryptedStructure := StructuredData( - content := StructuredDataContent.DataMap( - DataMap := result - ), - attributes := None), + var encryptOutput := EncryptPathStructureOutput ( + encryptedStructure := largeResult, parsedHeader := parsedHeader ); + assert encryptOutput.encryptedStructure[|encryptOutput.encryptedStructure|-1].key == FooterPath; return Success(encryptOutput); } - predicate DecryptStructureEnsuresPublicly( - input: DecryptStructureInput, - output: Result) { - // Input and output types must be the same, and this constraint is useful to Dafny users - && (output.Success? && input.encryptedStructure.content.DataMap? ==> output.value.plaintextStructure.content.DataMap?) - && (output.Success? && input.encryptedStructure.content.DataList? ==> output.value.plaintextStructure.content.DataList?) - && (output.Success? && input.encryptedStructure.content.Terminal? ==> output.value.plaintextStructure.content.Terminal?) - // Ensure the CryptoSchema in the ParsedHeader is consistent with the input authenticateSchema - && (output.Success? ==> - // For now we only support decrypting flat maps - && output.value.parsedHeader.cryptoSchema.content.SchemaMap? - && var cryptoMap := output.value.parsedHeader.cryptoSchema.content.SchemaMap; - && CryptoSchemaMapIsFlat(cryptoMap) - && input.authenticateSchema.content.SchemaMap? - && var authMap := input.authenticateSchema.content.SchemaMap; - && AuthSchemaIsFlat(authMap) - && ValidString(input.tableName) - && ValidParsedCryptoSchema(cryptoMap, authMap + ReservedAuthMap, input.tableName)) - } - - predicate ValidParsedCryptoSchema(cryptoSchema: CryptoSchemaMap, authSchema: AuthenticateSchemaMap, tableName: GoodString) - requires AuthSchemaIsFlat(authSchema) - requires CryptoSchemaMapIsFlat(cryptoSchema) - { - // Every field in the crypto map exists in the auth map as SIGN - && (forall k <- cryptoSchema.Keys :: k in authSchema && authSchema[k].content.Action.SIGN?) - // The crypto map is not missing any SIGN fields from the auth map - && (forall kv <- authSchema.Items | kv.1.content.Action.SIGN? :: kv.0 in cryptoSchema.Keys) - // Every field in the crypto map is ENCRYPT_AND_SIGN, SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT or SIGN_ONLY - && (forall v <- cryptoSchema.Values :: IsAuthAttr(v.content.Action)) - } - - const ReservedAuthMap : AuthSchemaPlain := map[ - HeaderField := DoNotSign, // The header field is authenticated in the footer via a separate mechanism - FooterField := DoNotSign - ] - function method SafeDecode(data : CMP.Utf8Bytes) : string { var x := UTF8.Decode(data); @@ -840,112 +970,172 @@ module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines Abst } method {:vcs_split_on_every_assert} DecryptStructure (config: InternalConfig, input: DecryptStructureInput) - //= specification/structured-encryption/decrypt-structure.md#construct-decrypted-structured-data - //= type=implication - //# This operation MUST output a [Structured Data](#structured-data) with the following specifics: returns (output: Result) + { + //= specification/structured-encryption/decrypt-structure.md#behavior + //= type=implication + //# The input [Structured Data](decrypt-path-structure.md#structured-data) and [Authenticate Schema](decrypt-path-structure.md#authenticate-schema) + //# MUST refer to the same set of locations. + :- Need(input.encryptedStructure.Keys == input.authenticateSchema.Keys, E("DecryptStructure requires encryptedStructure and authenticateSchema have the same keys.")); + + //= specification/structured-encryption/decrypt-structure.md#behavior + //= type=implication + //# The input [Structured Data](decrypt-path-structure.md#structured-data) and [Authenticate Schema](decrypt-path-structure.md#authenticate-schema) + //# MUST be combined into a single [Auth List](decrypt-path-structure.md#auth-list). + var cryptoMap :- BuildAuthMap(input.encryptedStructure, input.authenticateSchema); + + var pathInput := DecryptPathStructureInput( + tableName := input.tableName, + encryptedStructure := cryptoMap, + cmm := input.cmm, + encryptionContext := input.encryptionContext + ); + + //= specification/structured-encryption/decrypt-structure.md#behavior + //= type=implication + //# Decrypt Structure MUST then behave as [Decrypt Path Structure](decrypt-path-structure.md) + var pathOutput :- DecryptPathStructure(config, pathInput); + + // This should be provable, but I'm not smart enough + assert forall k <- pathInput.encryptedStructure :: |k.key| == 1; + :- Need(forall k <- pathOutput.plaintextStructure :: |k.key| == 1, E("Internal Error")); + + //= specification/structured-encryption/decrypt-structure.md#behavior + //= type=implication + //# The output [Crypto List](decrypt-path-structure.md#crypto-list) produced by [Decrypt Path Structure](decrypt-path-structure.md) + //# MUST be split into [Structured Data](decrypt-path-structure.md#structured-data) and [Crypto Schema](decrypt-path-structure.md#crypto-schema) + //# maps. + var parts :- UnBuildCryptoMap(pathOutput.plaintextStructure); + var plainOutput := DecryptStructureOutput( + plaintextStructure := parts.0, + cryptoSchema := parts.1, + parsedHeader := pathOutput.parsedHeader + ); + return Success(plainOutput); + } + + method {:vcs_split_on_every_assert} DecryptPathStructure (config: InternalConfig, input: DecryptPathStructureInput) + returns (output: Result) + ensures output.Success? ==> - && input.encryptedStructure.content.DataMap? - && DataMapIsFlat(input.encryptedStructure.content.DataMap) - && var encRecord := input.encryptedStructure.content.DataMap; + && var encRecord : AuthList := input.encryptedStructure; - //= specification/structured-encryption/decrypt-structure.md#parse-the-header + //= specification/structured-encryption/decrypt-path-structure.md#parse-the-header //= type=implication - //# Given the [input Structured Data](#structured-data), + //# Given the [input data](#auth-list), //# this operation MUST access the [Terminal Data](./structures.md#terminal-data) - //# at the "aws_dbe_head" + //# at "aws_dbe_head". - //= specification/structured-encryption/decrypt-structure.md#parse-the-header + //= specification/structured-encryption/decrypt-path-structure.md#auth-list + //= type=implication + //# This Auth List MUST contain data located at the [header index](./header.md#header-index) + //# and the [footer index](./footer.md#footer-index). + + //= specification/structured-encryption/decrypt-path-structure.md#parse-the-header //= type=implication //# The [Terminal Type Id](./structures.md#terminal-type-id) on this Terminal Data MUST be `0xFFFF`. - && NeedBinary(encRecord, HeaderField).Pass? + && GetBinary(encRecord, HeaderPath).Success? + && var headerSerialized := GetBinary(encRecord, HeaderPath).value; - //= specification/structured-encryption/decrypt-structure.md#verify-signatures + //= specification/structured-encryption/decrypt-path-structure.md#verify-signatures //= type=implication //# A footer field MUST exist with the name `aws_dbe_foot` - //= specification/structured-encryption/decrypt-structure.md#verify-signatures + //= specification/structured-encryption/decrypt-path-structure.md#verify-signatures //= type=implication //# The footer field TypeID MUST be 0xFFFF - && NeedBinary(encRecord, FooterField).Pass? + && GetBinary(encRecord, FooterPath).Success? + && var footerSerialized := GetBinary(encRecord, FooterPath).value; - //= specification/structured-encryption/decrypt-structure.md#authenticate-schema - //= type=implication - //# The Authenticate Schema MUST explicitly configure a [Authenticate Action](./structures.md#authenticate-action) for every - //# [Terminal Data](./structures.md#terminal-data) that exists on the [input Structured Data](#structured-data), - //# and MUST NOT describe Authenticate Actions for locations within the input Structured Data that either - //# do not exist, or contain non-Terminal Data structures; - //# otherwise, this operation operation MUST yield an error. - && input.authenticateSchema.content.SchemaMap? - && input.authenticateSchema.content.SchemaMap.Keys + ReservedAuthMap.Keys == input.encryptedStructure.content.DataMap.Keys - - //= specification/structured-encryption/decrypt-structure.md#authenticate-schema + //= specification/structured-encryption/decrypt-path-structure.md#auth-list //= type=implication - //# The Authenticate Schema MUST include at least one [SIGN Authenticate Action](./structures.md#sign); + //# The Auth List MUST include at least one [SIGN Authenticate Action](./structures.md#sign); //# otherwise, this operation MUST yield an error. - && AuthSchemaIsFlat(input.authenticateSchema.content.SchemaMap) - && (exists x :: (x in input.authenticateSchema.content.SchemaMap && input.authenticateSchema.content.SchemaMap[x].content.Action == SIGN)) + && (exists x :: (x in encRecord && x.action == SIGN)) - && var headerSerialized := encRecord[HeaderField].content.Terminal.value; - //= specification/structured-encryption/decrypt-structure.md#parse-the-header + //= specification/structured-encryption/decrypt-path-structure.md#parse-the-header //= type=implication //# This operation MUST deserialize the header bytes //# according to the [header format](./header.md). - && Header.PartialDeserialize(headerSerialized).Success? - && var head := Header.PartialDeserialize(headerSerialized).value; + && Header.PartialDeserialize(headerSerialized.value).Success? + + //= specification/structured-encryption/decrypt-path-structure.md#construct-decrypted-structured-data + //= type=implication + //# - An entry MUST NOT exist with the key "aws_dbe_head" or "aws_dbe_foot". + && (!exists x :: x in output.value.plaintextStructure && x.key == HeaderPath) + && (!exists x :: x in output.value.plaintextStructure && x.key == FooterPath) + + //= specification/structured-encryption/decrypt-path-structure.md#construct-decrypted-structured-data + //= type=implication + //# - For every entry in the [input Auth List](#auth-list), other than the header and footer, + //# an entry MUST exist with the same key in the output Crypto List. + && (forall k <- input.encryptedStructure | k.key !in HeaderPaths :: + (exists x :: x in output.value.plaintextStructure && x.key == k.key)) - //= specification/structured-encryption/decrypt-structure.md#construct-decrypted-structured-data + //= specification/structured-encryption/decrypt-path-structure.md#construct-decrypted-structured-data //= type=implication - //# - [Terminal Data](./structures.md#terminal-data) MUST NOT exist at the "aws_dbe_head" - //# or "aws_dbe_foot". - && HeaderField !in output.value.plaintextStructure.content.DataMap - && FooterField !in output.value.plaintextStructure.content.DataMap + //# - The output Crypto List MUST NOT have any additional entries. + && |output.value.plaintextStructure| == |input.encryptedStructure| - 2 + + //= specification/structured-encryption/decrypt-path-structure.md#construct-decrypted-structured-data + //= type=implication + //# If the action is [ENCRYPT_AND_SIGN](./structures.md#encryptandsign) + //# this Terminal Data MUST have [Terminal Type ID](./structures.md#terminal-type-id) + //# equal to the first two bytes of the input Terminal Data's value, + //# and a value equal to the [decryption](#terminal-data-decryption) of the input Terminal Data's value. + + //= specification/structured-encryption/decrypt-path-structure.md#construct-decrypted-structured-data + //= type=implication + //# Otherwise, this Terminal Data MUST have [Terminal Type ID](./structures.md#terminal-type-id) and + //# [Terminal Value](./structures.md#terminal-value) equal to the input Terminal Data. + && (forall k <- input.encryptedStructure | k.key !in HeaderPaths :: + (exists x :: + && x in output.value.plaintextStructure + && x.key == k.key + && (x.action == ENCRYPT_AND_SIGN ==> |k.data.value| >= 2 && x.data.typeId == k.data.value[..2]) + && (x.action != ENCRYPT_AND_SIGN ==> k.data == x.data) + ) + ) { - :- Need(input.authenticateSchema.content.SchemaMap?, E("Authenticate Schema must be a SchemaMap")); - :- Need(AuthSchemaIsFlat(input.authenticateSchema.content.SchemaMap), E("Schema must be flat.")); - :- Need(forall k <- input.authenticateSchema.content.SchemaMap :: ValidString(k), E("Schema has bad field name.")); - :- Need(forall k <- input.authenticateSchema.content.SchemaMap | k in ReservedAuthMap :: - input.authenticateSchema.content.SchemaMap[k] == ReservedAuthMap[k], E("Reserved fields in Schema must be DO_NOT_SIGN.")); - var authSchema : AuthSchemaPlain := input.authenticateSchema.content.SchemaMap + ReservedAuthMap; - - :- Need(input.encryptedStructure.content.DataMap?, E("Input structure must be a DataMap")); - :- Need(DataMapIsFlat(input.encryptedStructure.content.DataMap), E("Input DataMap must be flat.")); - :- Need(authSchema.Keys == input.encryptedStructure.content.DataMap.Keys, E("Authenticate schema must match encrypted structure exactly.")); - var encRecord : StructuredDataPlain := input.encryptedStructure.content.DataMap; - :- NeedBinary(encRecord, HeaderField); - :- NeedBinary(encRecord, FooterField); - :- Need(exists x :: (x in input.authenticateSchema.content.SchemaMap && input.authenticateSchema.content.SchemaMap[x].content.Action == SIGN), E("At least one Authenticate Action must be SIGN")); - - var headerSerialized := encRecord[HeaderField].content.Terminal.value; - var footerSerialized := encRecord[FooterField].content.Terminal.value; - //= specification/structured-encryption/decrypt-structure.md#parse-the-header + :- Need(exists x :: (x in input.encryptedStructure && x.action == SIGN), E("At least one Authenticate Action must be SIGN")); + + var headerSerialized :- GetBinary(input.encryptedStructure, HeaderPath); + var footerSerialized :- GetBinary(input.encryptedStructure, FooterPath); + assert exists x :: x in input.encryptedStructure && x.key == HeaderPath; + assert exists x :: x in input.encryptedStructure && x.key == FooterPath; + + //= specification/structured-encryption/decrypt-path-structure.md#parse-the-header //# This operation MUST deserialize the header bytes //# according to the [header format](./header.md). - var head :- Header.PartialDeserialize(headerSerialized); + var head :- Header.PartialDeserialize(headerSerialized.value); var headerAlgorithmSuite :- head.GetAlgorithmSuite(config.materialProviders); :- Need(ValidString(input.tableName), E("Bad Table Name")); - var canonData :- CanonizeForDecrypt(input.tableName, encRecord, authSchema, head.legend); + var canonData :- CanonizeForDecrypt(input.tableName, input.encryptedStructure, head.legend); + assert forall k <- input.encryptedStructure :: (exists x :: x in canonData && k.key == x.origKey && k.data == x.data); + assert |canonData| == |input.encryptedStructure|; + assert exists x :: x in canonData && x.origKey == HeaderPath; + assert exists x :: x in canonData && x.origKey == FooterPath; assume {:axiom} input.cmm.Modifies !! {config.materialProviders.History}; - //= specification/structured-encryption/decrypt-structure.md#retrieve-decryption-materials + //= specification/structured-encryption/decrypt-path-structure.md#retrieve-decryption-materials //# This operation MUST [calculate the appropriate CMM and encryption context](#create-new-encryption-context-and-cmm). var encryptionContext := input.encryptionContext.UnwrapOr(map[]); var cmm := input.cmm; - //= specification/structured-encryption/decrypt-structure.md#create-new-encryption-context-and-cmm + //= specification/structured-encryption/decrypt-path-structure.md#create-new-encryption-context-and-cmm //# If the version stored in the header is 1, //# then the input cmm and encryption context MUST be used unchanged. if head.version == 2 { - //= specification/structured-encryption/decrypt-structure.md#create-new-encryption-context-and-cmm + //= specification/structured-encryption/decrypt-path-structure.md#create-new-encryption-context-and-cmm //# Otherwise, this operation MUST add an [entry](../dynamodb-encryption-client/encrypt-item.md#base-context-value-version-2) to the encryption context for every //# [SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT Crypto Action](./structures.md#sign_and_include_in_encryption_context) //# [Terminal Data](./structures.md#terminal-data) //# in the input record, plus the Legend. - var newEncryptionContext :- GetV2EncryptionContext2(canonData.contextFields, encRecord); + var newEncryptionContext :- GetV2EncryptionContext(UnCanon(canonData)); if |newEncryptionContext| != 0 { - //= specification/structured-encryption/decrypt-structure.md#create-new-encryption-context-and-cmm + //= specification/structured-encryption/decrypt-path-structure.md#create-new-encryption-context-and-cmm //# An error MUST be returned if any of the entries added to the encryption context in this step //# have the same key as any entry already in the encryption context. :- Need(encryptionContext.Keys !! newEncryptionContext.Keys, @@ -953,28 +1143,35 @@ module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines Abst encryptionContext := encryptionContext + newEncryptionContext; assert cmm.Modifies !! {config.materialProviders.History}; - //= specification/structured-encryption/decrypt-structure.md#create-new-encryption-context-and-cmm + var contextKeysX := SortedSets.ComputeSetToOrderedSequence2(newEncryptionContext.Keys, ByteLess); + assert forall k <- contextKeysX :: ValidUTF8Seq(k) by { + assert forall k <- newEncryptionContext.Keys :: ValidUTF8Seq(k); + assert forall k <- contextKeysX :: k in newEncryptionContext.Keys; + } + var contextKeys : seq := contextKeysX; + + //= specification/structured-encryption/decrypt-path-structure.md#create-new-encryption-context-and-cmm //# Then, this operation MUST create a [Required Encryption Context CMM](https://github.com/awslabs/private-aws-encryption-sdk-specification-staging/blob/dafny-verified/framework/required-encryption-context-cmm.md) //# with the following inputs: //# - This input [CMM](./ddb-table-encryption-config.md#cmm) as the underlying CMM. //# - The name of every entry added above. var cmmR := config.materialProviders.CreateRequiredEncryptionContextCMM( CMP.CreateRequiredEncryptionContextCMMInput( - underlyingCMM := Some(cmm), + underlyingCMM := Some(input.cmm), keyring := None, - requiredEncryptionContextKeys := SortedSets.ComputeSetToOrderedSequence2(newEncryptionContext.Keys, ByteLess) + requiredEncryptionContextKeys := contextKeys ) ); cmm :- cmmR.MapFailure(e => AwsCryptographyMaterialProviders(e)); } } - //= specification/structured-encryption/decrypt-structure.md#retrieve-decryption-materials + //= specification/structured-encryption/decrypt-path-structure.md#retrieve-decryption-materials //# This operation MUST obtain a set of decryption materials by calling //# [Decrypt Materials](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/cmm-interface.md#decrypt-materials) //# on the [CMM](#cmm) calculated above. - //= specification/structured-encryption/decrypt-structure.md#retrieve-decryption-materials + //= specification/structured-encryption/decrypt-path-structure.md#retrieve-decryption-materials //# The call to the CMM's Decrypt Materials operation MUST be constructed as follows: // - Encryption Context: The encryption context containing exactly the union of // key-value pairs in the [input Encryption Context](#encryption-context) @@ -992,21 +1189,22 @@ module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines Abst reproducedEncryptionContext := Some(encryptionContext) ) ); + var matOutput :- matR.MapFailure(e => AwsCryptographyMaterialProviders(e)); var mat := matOutput.decryptionMaterials; :- Need(Header.ValidEncryptionContext(mat.encryptionContext), E("Bad encryption context")); :- Need(Materials.DecryptionMaterialsWithPlaintextDataKey(mat), E("Encryption material has no key")); - //= specification/structured-encryption/decrypt-structure.md#retrieve-decryption-materials + //= specification/structured-encryption/decrypt-path-structure.md#retrieve-decryption-materials //# The algorithm suite used in all further aspects of this operation MUST be //# the algorithm suite in the //# [decryption materials](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/structures.md#decryption-materials) //# returned from the Decrypt Materials call. - //= specification/structured-encryption/decrypt-structure.md#retrieve-decryption-materials + //= specification/structured-encryption/decrypt-path-structure.md#retrieve-decryption-materials //# Note that the algorithm suite in the retrieved decryption materials MAY be different from the input algorithm suite. - //= specification/structured-encryption/decrypt-structure.md#retrieve-decryption-materials + //= specification/structured-encryption/decrypt-path-structure.md#retrieve-decryption-materials //# If this algorithm suite is not a //# [supported suite for DBE](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#supported-algorithm-suites-enum) //# this operation MUST yield an error. @@ -1014,80 +1212,86 @@ module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines Abst var postCMMAlg := mat.algorithmSuite; var key : Key := mat.plaintextDataKey.value; var commitKey :- Crypt.GetCommitKey(config.primitives, postCMMAlg, key, head.msgID); - //= specification/structured-encryption/decrypt-structure.md#parse-the-header + //= specification/structured-encryption/decrypt-path-structure.md#parse-the-header //# The header field value MUST be [verified](header.md#commitment-verification) - var ok :- head.verifyCommitment(config.primitives, postCMMAlg, commitKey, headerSerialized); - - //= specification/structured-encryption/decrypt-structure.md#calculate-signed-and-encrypted-field-lists - //= type=implication - //# Decryption MUST fail if the length of this list does not equal the - //# length of the header's [Encrypt Legend](header.md.#encrypt-legend). - // this assert can be an implication, because it is explicitly ensuring an intermediate state. - assert |head.legend| == |canonData.signedFields_c|; + var ok :- head.verifyCommitment(config.primitives, postCMMAlg, commitKey, headerSerialized.value); - //= specification/structured-encryption/decrypt-structure.md#verify-signatures + //= specification/structured-encryption/decrypt-path-structure.md#verify-signatures //# This operation MUST deserialize the bytes in [Terminal Value](./structures.md#terminal-value) //# according to the [footer format](./footer.md). - var footer :- Footer.DeserializeFooter(footerSerialized, postCMMAlg.signature.ECDSA?); + var footer :- Footer.DeserializeFooter(footerSerialized.value, postCMMAlg.signature.ECDSA?); - //= specification/structured-encryption/decrypt-structure.md#verify-signatures + //= specification/structured-encryption/decrypt-path-structure.md#verify-signatures //# The footer field value MUST be [verified](footer.md#footer-verification). - //= specification/structured-encryption/decrypt-structure.md#verify-signatures + //= specification/structured-encryption/decrypt-path-structure.md#verify-signatures //# Decryption MUST fail immediately if verification fails. - var _ :- footer.validate(config.primitives, mat, head.dataKeys, - canonData.signedFields_c, canonData.encFields_c, map[], canonData.data_c, headerSerialized); - var decryptedItems :- Crypt.Decrypt(config.primitives, postCMMAlg, key, head, canonData.encFields_c, canonData.data_c); - - var result : map := map k <- encRecord | true - :: k := - var c := Paths.SimpleCanon(input.tableName, k); - if c in decryptedItems then - decryptedItems[c] - else - encRecord[k]; - - //= specification/structured-encryption/decrypt-structure.md#construct-decrypted-structured-data - //# - For every [input Terminal Data](./structures.md#terminal-data) in the [input Structured Data](#structured-data) - //# (aside from the header and footer), - //# a Terminal Data MUST exist with the same [canonical path](./header.md#canonical-path) in the output Structured Data. - // at this point both result and encRecord have header and footer - assert forall k <- encRecord :: k in result; - - //= specification/structured-encryption/decrypt-structure.md#construct-decrypted-structured-data - //# - for every [Terminal Data](./structures.md#terminal-data) in the output Structured Data, - //# a Terminal Data MUST exist with the same [canonical path](./header.md#canonical-path) in the [input Structured Data](#structured-data). - assert forall k <- result :: k in encRecord; - - var smallResult := result - {HeaderField, FooterField}; - // If I could prove this, I could move the above to an ensures clause - //assert forall k <- encRecord :: (k == HeaderField || k == FooterField || k in smallResult); - - // this actually verifies, but takes too long - // forall k <- output.value.plaintextStructure.content.DataMap :: k in encRecord - - //= specification/structured-encryption/decrypt-structure.md#construct-decrypted-structured-data + var _ :- footer.validate(config.primitives, mat, head.dataKeys, canonData, headerSerialized.value); + var decryptedItems : CanonCryptoList :- Crypt.Decrypt(config.primitives, postCMMAlg, key, head, canonData); + assert |decryptedItems| == |input.encryptedStructure|; + assert forall k <- input.encryptedStructure :: (exists x :: x in decryptedItems && x.origKey == k.key); + assert exists x :: x in decryptedItems && x.origKey == HeaderPath; + assert exists x :: x in decryptedItems && x.origKey == FooterPath; + + assert (forall k <- input.encryptedStructure :: + (exists x :: + && x in decryptedItems + && x.origKey == k.key + && Crypt.Updated2(k, x, Crypt.DoDecrypt) + )); + + var largeResult := UnCanon(decryptedItems); + assert |largeResult| == |input.encryptedStructure|; + assert forall k <- input.encryptedStructure :: (exists x :: x in largeResult && x.key == k.key); + assert (forall k <- input.encryptedStructure :: + (exists x :: + && x in largeResult + && x.key == k.key + && Crypt.Updated3(k, x, Crypt.DoDecrypt) + )); + + assert exists x :: x in largeResult && x.key == HeaderPath; + assert exists x :: x in largeResult && x.key == FooterPath; + var smallResult := Seq.Filter((x : CryptoItem) => x.key !in HeaderPaths, largeResult); + reveal Seq.Filter(); + assert !exists x :: x in smallResult && x.key == HeaderPath; + assert !exists x :: x in smallResult && x.key == FooterPath; + // verifies, but it takes too long + assume {:axiom} forall k <- largeResult | k.key !in HeaderPaths :: (exists x :: x in smallResult && x == k); + :- Need(|smallResult| == |input.encryptedStructure| - 2, E("Internal Error.")); + assert |smallResult| == |input.encryptedStructure| - 2; + + assert (forall k <- input.encryptedStructure | k.key !in HeaderPaths :: + (exists x :: + && x in smallResult + && x.key == k.key + && Crypt.Updated3(k, x, Crypt.DoDecrypt) + )); + + //= specification/structured-encryption/decrypt-path-structure.md#construct-decrypted-structured-data //= type=implication //# The output MUST also include a [Parsed Header](#parsed-header) that contains //# data that was serialized into the header included in the output Structured Data. var parsedHeader := ParsedHeader( - cryptoSchema := canonData.cryptoSchema, algorithmSuiteId := headerAlgorithmSuite.id.DBE, encryptedDataKeys := head.dataKeys, storedEncryptionContext := head.encContext, encryptionContext := mat.encryptionContext ); - var decryptOutput := DecryptStructureOutput( - plaintextStructure := StructuredData( - content := StructuredDataContent.DataMap( - DataMap := smallResult - ), - attributes := None), + var decryptOutput := DecryptPathStructureOutput( + plaintextStructure := smallResult, parsedHeader := parsedHeader ); - assert forall k <- decryptOutput.plaintextStructure.content.DataMap :: k in encRecord; + assert (forall k <- input.encryptedStructure | k.key !in HeaderPaths :: + (exists x :: + && x in smallResult + && x.key == k.key + && (x.action == ENCRYPT_AND_SIGN ==> |k.data.value| >= 2 && x.data.typeId == k.data.value[..2]) + && (x.action != ENCRYPT_AND_SIGN ==> k.data == x.data) + ) + ); output := Success(decryptOutput); } diff --git a/DynamoDbEncryption/dafny/StructuredEncryption/src/Crypt.dfy b/DynamoDbEncryption/dafny/StructuredEncryption/src/Crypt.dfy index a5b7f294c..9a3690367 100644 --- a/DynamoDbEncryption/dafny/StructuredEncryption/src/Crypt.dfy +++ b/DynamoDbEncryption/dafny/StructuredEncryption/src/Crypt.dfy @@ -27,18 +27,19 @@ module StructuredEncryptionCrypt { function method FieldKey(HKDFOutput : Bytes, offset : uint32) : (ret : Result) requires |HKDFOutput| == KeySize - requires offset as nat * 3 < UINT32_LIMIT ensures ret.Success? ==> - //= specification/structured-encryption/encrypt-structure.md#calculate-cipherkey-and-nonce + //= specification/structured-encryption/encrypt-path-structure.md#calculate-cipherkey-and-nonce //= type=implication //# The `FieldKey` for a given key and offset MUST be the first 44 bytes //# of the aes256ctr_stream //# of the `FieldRootKey` and the `FieldKeyNonce` of three times the given offset. + && offset as nat * 3 < UINT32_LIMIT && |ret.value| == KeySize+NonceSize && |ret.value| == 44 && AesKdfCtr.Stream(FieldKeyNonce(offset * 3), HKDFOutput, (KeySize+NonceSize) as uint32).Success? && ret.value == AesKdfCtr.Stream(FieldKeyNonce(offset * 3), HKDFOutput, (KeySize+NonceSize) as uint32).value { + :- Need(offset as nat * 3 < UINT32_LIMIT, E("Too many encrypted fields.")); var keyR := AesKdfCtr.Stream(FieldKeyNonce(offset * 3), HKDFOutput, (KeySize+NonceSize) as uint32); keyR.MapFailure(e => AwsCryptographyPrimitives(e)) } @@ -46,7 +47,7 @@ module StructuredEncryptionCrypt { function method FieldKeyNonce(offset : uint32) : (ret : Bytes) ensures |ret| == 16 // NOT NonceSize - //= specification/structured-encryption/encrypt-structure.md#calculate-cipherkey-and-nonce + //= specification/structured-encryption/encrypt-path-structure.md#calculate-cipherkey-and-nonce //= type=implication //# The `FieldKeyNonce` for a given offset MUST be 16 bytes comprised of //# | Field | Length | Interpretation | @@ -126,24 +127,75 @@ module StructuredEncryptionCrypt { datatype EncryptionSelector = DoEncrypt | DoDecrypt + // Updated return true if the given item has been updated properly for the given operation. + // Updated2..Update5 do exactly the same thing, but with different data types. + predicate Updated(oldVal : CanonCryptoItem, newVal : CanonCryptoItem, mode : EncryptionSelector) + { + && oldVal.key == newVal.key + && oldVal.origKey == newVal.origKey + && oldVal.action == newVal.action + && (newVal.action != ENCRYPT_AND_SIGN <==> oldVal.data == newVal.data) + && (newVal.action == ENCRYPT_AND_SIGN <==> oldVal.data != newVal.data) + && (mode == DoEncrypt ==> (newVal.action == ENCRYPT_AND_SIGN ==> newVal.data.typeId == BYTES_TYPE_ID)) + && (mode == DoDecrypt ==> (newVal.action == ENCRYPT_AND_SIGN ==> |oldVal.data.value| >= 2 && newVal.data.typeId == oldVal.data.value[..2])) + } + + predicate Updated2(oldVal : AuthItem, newVal : CanonCryptoItem, mode : EncryptionSelector) + { + && oldVal.key == newVal.origKey + && (newVal.action != ENCRYPT_AND_SIGN <==> oldVal.data == newVal.data) + && (newVal.action == ENCRYPT_AND_SIGN <==> oldVal.data != newVal.data) + && (mode == DoEncrypt ==> (newVal.action == ENCRYPT_AND_SIGN ==> newVal.data.typeId == BYTES_TYPE_ID)) + && (mode == DoDecrypt ==> (newVal.action == ENCRYPT_AND_SIGN ==> |oldVal.data.value| >= 2 && newVal.data.typeId == oldVal.data.value[..2])) + } + + predicate Updated3(oldVal : AuthItem, newVal : CryptoItem, mode : EncryptionSelector) + { + && oldVal.key == newVal.key + && (newVal.action != ENCRYPT_AND_SIGN <==> oldVal.data == newVal.data) + && (newVal.action == ENCRYPT_AND_SIGN <==> oldVal.data != newVal.data) + && (mode == DoEncrypt ==> (newVal.action == ENCRYPT_AND_SIGN ==> newVal.data.typeId == BYTES_TYPE_ID)) + && (mode == DoDecrypt ==> (newVal.action == ENCRYPT_AND_SIGN ==> |oldVal.data.value| >= 2 && newVal.data.typeId == oldVal.data.value[..2])) + } + + predicate Updated4(oldVal : CryptoItem, newVal : CryptoItem, mode : EncryptionSelector) + { + && oldVal.key == newVal.key + && oldVal.action == newVal.action + && (newVal.action != ENCRYPT_AND_SIGN <==> oldVal.data == newVal.data) + && (newVal.action == ENCRYPT_AND_SIGN <==> oldVal.data != newVal.data) + && (mode == DoEncrypt ==> (newVal.action == ENCRYPT_AND_SIGN ==> newVal.data.typeId == BYTES_TYPE_ID)) + && (mode == DoDecrypt ==> (newVal.action == ENCRYPT_AND_SIGN ==> |oldVal.data.value| >= 2 && newVal.data.typeId == oldVal.data.value[..2])) + } + + predicate Updated5(oldVal : CryptoItem, newVal : CanonCryptoItem, mode : EncryptionSelector) + { + && oldVal.key == newVal.origKey + && oldVal.action == newVal.action + && (newVal.action != ENCRYPT_AND_SIGN <==> oldVal.data == newVal.data) + && (newVal.action == ENCRYPT_AND_SIGN <==> oldVal.data != newVal.data) + && (mode == DoEncrypt ==> (newVal.action == ENCRYPT_AND_SIGN ==> newVal.data.typeId == BYTES_TYPE_ID)) + && (mode == DoDecrypt ==> (newVal.action == ENCRYPT_AND_SIGN ==> |oldVal.data.value| >= 2 && newVal.data.typeId == oldVal.data.value[..2])) + } + // Encrypt a StructuredDataMap method Encrypt( client: Primitives.AtomicPrimitivesClient, alg : CMP.AlgorithmSuiteInfo, key : Key, head : Header.PartialHeader, - fieldNames : seq, - data : StructuredDataCanon) - returns (ret : Result) - requires forall k <- fieldNames :: k in data - requires |fieldNames| < (UINT32_LIMIT / 3) + data : CanonCryptoList) + returns (ret : Result) requires ValidSuite(alg) modifies client.Modifies requires client.ValidState() ensures client.ValidState() + ensures ret.Success? ==> + && |ret.value| == |data| + && (forall i | 0 <= i < |data| :: Updated(data[i], ret.value[i], DoEncrypt)) { - ret := Crypt(DoEncrypt, client, alg, key, head, fieldNames, data); + ret := Crypt(DoEncrypt, client, alg, key, head, data); } // Decrypt a StructuredDataMap @@ -152,18 +204,18 @@ module StructuredEncryptionCrypt { alg : CMP.AlgorithmSuiteInfo, key : Key, head : Header.PartialHeader, - fieldNames : seq, - data : StructuredDataCanon) - returns (ret : Result) - requires forall k <- fieldNames :: k in data - requires |fieldNames| < (UINT32_LIMIT / 3) + data : CanonCryptoList) + returns (ret : Result) requires ValidSuite(alg) modifies client.Modifies requires client.ValidState() ensures client.ValidState() + ensures ret.Success? ==> + && |ret.value| == |data| + && forall i | 0 <= i < |data| :: Updated(data[i], ret.value[i], DoDecrypt) { - ret := Crypt(DoDecrypt, client, alg, key, head, fieldNames, data); + ret := Crypt(DoDecrypt, client, alg, key, head, data); } // Encrypt or Decrypt a StructuredDataMap @@ -173,27 +225,24 @@ module StructuredEncryptionCrypt { alg : CMP.AlgorithmSuiteInfo, key : Key, head : Header.PartialHeader, - fieldNames : seq, - data : StructuredDataCanon) - returns (ret : Result) - requires forall k <- fieldNames :: k in data - requires |fieldNames| < (UINT32_LIMIT / 3) + data : CanonCryptoList) + returns (ret : Result) requires ValidSuite(alg) ensures ret.Success? ==> - //= specification/structured-encryption/encrypt-structure.md#calculate-cipherkey-and-nonce + //= specification/structured-encryption/encrypt-path-structure.md#calculate-cipherkey-and-nonce //= type=implication //# The HKDF algorithm used to calculate the Field Root Key MUST be the //# [Encryption Key KDF](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#algorithm-suites-encryption-key-derivation-settings) //# indicated by the algorithm suite, using a provided plaintext data key, no salt, //# and an info as calculated [above](#calculate-info) - //= specification/structured-encryption/encrypt-structure.md#calculate-cipherkey-and-nonce + //= specification/structured-encryption/encrypt-path-structure.md#calculate-cipherkey-and-nonce //= type=implication //# The `FieldRootKey` MUST be generated with the plaintext data key in the encryption materials //# and the Message ID generated for this Encrypted Structured Data. - //= specification/structured-encryption/encrypt-structure.md#calculate-info + //= specification/structured-encryption/encrypt-path-structure.md#calculate-info //= type=implication //# The `info` used for the HKDF function MUST be //# | Field | Length | @@ -211,8 +260,11 @@ module StructuredEncryptionCrypt { modifies client.Modifies requires client.ValidState() ensures client.ValidState() + ensures ret.Success? ==> + && |ret.value| == |data| + && (forall i | 0 <= i < |data| :: Updated(data[i], ret.value[i], mode)) { - //= specification/structured-encryption/encrypt-structure.md#calculate-cipherkey-and-nonce + //= specification/structured-encryption/encrypt-path-structure.md#calculate-cipherkey-and-nonce //# The `FieldRootKey` MUST be generated with the plaintext data key in the encryption materials //# and the Message ID generated for this Encrypted Structured Data. var fieldRootKeyR := client.Hkdf( @@ -226,12 +278,12 @@ module StructuredEncryptionCrypt { ); var fieldRootKey :- fieldRootKeyR.MapFailure(e => AwsCryptographyPrimitives(e)); - //= specification/structured-encryption/encrypt-structure.md#calculate-cipherkey-and-nonce + //= specification/structured-encryption/encrypt-path-structure.md#calculate-cipherkey-and-nonce //= type=implication //# The calculated Field Root MUST have length equal to the //# [algorithm suite's encryption key length](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#algorithm-suites-encryption-settings). assert |fieldRootKey| == AlgorithmSuites.GetEncryptKeyLength(alg) as int; - var result := CryptList(mode, client, alg, fieldRootKey, fieldNames, data); + var result := CryptList(mode, client, alg, fieldRootKey, data); return result; } @@ -241,34 +293,44 @@ module StructuredEncryptionCrypt { client: Primitives.AtomicPrimitivesClient, alg : CMP.AlgorithmSuiteInfo, fieldRootKey : Key, - fieldNames : seq, - input : StructuredDataCanon + data : CanonCryptoList ) - returns (ret : Result) - requires forall k <- fieldNames :: k in input - requires (|fieldNames| as nat) * 3 < UINT32_LIMIT - decreases |fieldNames| + returns (ret : Result) modifies client.Modifies - {client.History} , client.History`AESEncrypt, client.History`AESDecrypt requires client.ValidState() ensures client.ValidState() + ensures ret.Success? ==> + && |ret.value| == |data| + && (forall i | 0 <= i < |data| :: Updated(data[i], ret.value[i], mode)) { - // It is very inefficient to manually build Dafny maps in methods, so use - // a MutableMap to build the key value pairs then convert back to a Dafny map. - var mutMap : MutableMap := new MutableMap(); - for i := 0 to |fieldNames| { - var data; - var fieldName := fieldNames[i]; - if mode == DoEncrypt { - data :- EncryptTerminal(client, alg, fieldRootKey, i as uint32, fieldName, input[fieldName].content.Terminal); + var result : CanonCryptoList := []; + var pos : uint32 := 0; + :- Need(|data| < UINT32_LIMIT, E("Too many fields.")); + for i := 0 to |data| + invariant pos <= (i as uint32) + invariant |result| == i + invariant forall x | 0 <= x < |result| :: Updated(data[x], result[x], mode) + { + if data[i].action == ENCRYPT_AND_SIGN { + var newTerminal; + if mode == DoEncrypt { + newTerminal :- EncryptTerminal(client, alg, fieldRootKey, pos, data[i].key, data[i].data); + assert newTerminal.typeId == BYTES_TYPE_ID; + } else { + newTerminal :- DecryptTerminal(client, alg, fieldRootKey, pos, data[i].key, data[i].data); + } + pos := pos + 1; + var newItem := data[i].(data := newTerminal); + result := result + [newItem]; + assert Updated(data[i], result[i], mode); } else { - data :- DecryptTerminal(client, alg, fieldRootKey, i as uint32, fieldName, input[fieldName].content.Terminal); + result := result + [data[i]]; + assert Updated(data[i], result[i], mode); } - mutMap.Put(fieldName, data); + assert Updated(data[i], result[i], mode); } - var mutMapItems := mutMap.content(); // Have to initialize this separately, otherwise the map comprehension will do something very inefficient - var output : StructuredDataCanon := map k <- mutMapItems :: k := mutMap.Select(k); - return Success(output); + return Success(result); } // Encrypt a single Terminal @@ -280,18 +342,18 @@ module StructuredEncryptionCrypt { path : CanonicalPath, data : StructuredDataTerminal ) - returns (ret : Result) - requires offset as nat * 3 < UINT32_LIMIT + returns (ret : Result) ensures ret.Success? ==> - //= specification/structured-encryption/encrypt-structure.md#terminal-data-encryption + ret.value != data + ensures ret.Success? ==> + //= specification/structured-encryption/encrypt-path-structure.md#terminal-data-encryption //= type=implication //# The output encrypted Terminal Data MUST have a [Terminal Type Id](./structures.md#terminal-type-id) //# equal `0xFFFF`. - && ret.value.content.Terminal? - && ret.value.content.Terminal.typeId == BYTES_TYPE_ID + && ret.value.typeId == BYTES_TYPE_ID - //= specification/structured-encryption/encrypt-structure.md#terminal-data-encryption + //= specification/structured-encryption/encrypt-path-structure.md#terminal-data-encryption //= type=implication //# The output encrypted Terminal Data MUST have a [Terminal Value](./structures.md#terminal-value) //# with the following serialization: @@ -300,23 +362,23 @@ module StructuredEncryptionCrypt { // | Terminal Type Id | 2 | // | Encrypted Terminal Value | Variable | - //= specification/structured-encryption/encrypt-structure.md#terminal-type-id + //= specification/structured-encryption/encrypt-path-structure.md#terminal-type-id //= type=implication //# Terminal Type Id MUST equal the input Terminal Data's Terminal Type Id. - && |ret.value.content.Terminal.value| >= 2 - && ret.value.content.Terminal.value[..2] == data.typeId + && |ret.value.value| >= 2 + && ret.value.value[..2] == data.typeId && var history := client.History.AESEncrypt; && 0 < |history| && var encryptInput := Seq.Last(history).input; && encryptInput.encAlg == alg.encrypt.AES_GCM && FieldKey(fieldRootKey, offset).Success? && var fieldKey := FieldKey(fieldRootKey, offset).value; - //= specification/structured-encryption/encrypt-structure.md#calculate-cipherkey-and-nonce + //= specification/structured-encryption/encrypt-path-structure.md#calculate-cipherkey-and-nonce //= type=implication //# The `Cipherkey` MUST be the first 32 bytes of the `FieldKey` && KeySize == 32 && encryptInput.key == fieldKey[0..KeySize] - //= specification/structured-encryption/encrypt-structure.md#calculate-cipherkey-and-nonce + //= specification/structured-encryption/encrypt-path-structure.md#calculate-cipherkey-and-nonce //= type=implication //# The `Nonce` MUST be the remaining 12 bytes of the `FieldKey` && NonceSize == 12 @@ -328,15 +390,15 @@ module StructuredEncryptionCrypt { ensures client.ValidState() { var fieldKey :- FieldKey(fieldRootKey, offset); - //= specification/structured-encryption/encrypt-structure.md#calculate-cipherkey-and-nonce + //= specification/structured-encryption/encrypt-path-structure.md#calculate-cipherkey-and-nonce //# The `Cipherkey` MUST be the first 32 bytes of the `FieldKey` var cipherkey : Key := fieldKey[0..KeySize]; - //= specification/structured-encryption/encrypt-structure.md#calculate-cipherkey-and-nonce + //= specification/structured-encryption/encrypt-path-structure.md#calculate-cipherkey-and-nonce //# The `Nonce` MUST be the remaining 12 bytes of the `FieldKey` var nonce : Nonce := fieldKey[KeySize..]; var value := data.value; - //= specification/structured-encryption/encrypt-structure.md#encrypted-terminal-value + //= specification/structured-encryption/encrypt-path-structure.md#encrypted-terminal-value //# The Encrypted Terminal Value MUST be derived according to the following encryption: // - The encryption algorithm used is the // [encryption algorithm](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#algorithm-suites-encryption-settings) @@ -368,16 +430,15 @@ module StructuredEncryptionCrypt { path : CanonicalPath, data : StructuredDataTerminal ) - returns (ret : Result) - requires offset as nat * 3 < UINT32_LIMIT + returns (ret : Result) ensures ret.Success? ==> - && ret.value.content.Terminal? && |data.value| >= (AuthTagSize+2) - //= specification/structured-encryption/decrypt-structure.md#terminal-data-decryption + //= specification/structured-encryption/decrypt-path-structure.md#terminal-data-decryption //= type=implication //# The output Terminal Data MUST have a [Terminal Type Id](./structures.md#terminal-type-id) //# equal to the deserialized Terminal Type Id. - && ret.value.content.Terminal.typeId == data.value[0..TYPEID_LEN] + && ret.value.typeId == data.value[0..TYPEID_LEN] + && ret.value != data modifies client.Modifies - {client.History} , client.History`AESEncrypt, client.History`AESDecrypt requires client.ValidState() @@ -390,14 +451,14 @@ module StructuredEncryptionCrypt { :- Need((AuthTagSize+2) <= |value|, E("cipherTxt too short.")); - //= specification/structured-encryption/decrypt-structure.md#terminal-data-decryption + //= specification/structured-encryption/decrypt-path-structure.md#terminal-data-decryption //# The input [Terminal Value](./structures.md#terminal-value) MUST be deserialized as follows: // | Field | Length | // | -------------------------- | -------- | // | Terminal Type Id | 2 | // | Encrypted Terminal Value | Variable | - //= specification/structured-encryption/decrypt-structure.md#terminal-data-decryption + //= specification/structured-encryption/decrypt-path-structure.md#terminal-data-decryption //# The output Terminal Data MUST have a [Terminal Value](./structures.md#terminal-type-id) //# equal to the following decryption: // - The decryption algorithm used is the diff --git a/DynamoDbEncryption/dafny/StructuredEncryption/src/Footer.dfy b/DynamoDbEncryption/dafny/StructuredEncryption/src/Footer.dfy index c670907ad..50ed595bb 100644 --- a/DynamoDbEncryption/dafny/StructuredEncryption/src/Footer.dfy +++ b/DynamoDbEncryption/dafny/StructuredEncryption/src/Footer.dfy @@ -58,16 +58,15 @@ module StructuredEncryptionFooter { } function method makeTerminal() - : (ret : StructuredData) - ensures ret.content.Terminal? - //= specification/structured-encryption/encrypt-structure.md#footer-field + : (ret : StructuredDataTerminal) + //= specification/structured-encryption/encrypt-path-structure.md#footer-field //= type=implication //# The Footer Field TypeID MUST be 0xFFFF - ensures ret.content.Terminal.typeId == BYTES_TYPE_ID - //= specification/structured-encryption/encrypt-structure.md#footer-field + ensures ret.typeId == BYTES_TYPE_ID + //= specification/structured-encryption/encrypt-path-structure.md#footer-field //= type=implication //# The Footer Field Value MUST be the serialized [footer](footer.md). - ensures ret.content.Terminal.value == serialize() + ensures ret.value == serialize() { ValueToData(serialize(), BYTES_TYPE_ID) } @@ -76,20 +75,13 @@ module StructuredEncryptionFooter { client: Primitives.AtomicPrimitivesClient, mat : CMP.DecryptionMaterials, edks : CMP.EncryptedDataKeyList, - signedFields : seq, - encFields : seq, - encData : StructuredDataCanon, - allData : StructuredDataCanon, + data : CanonCryptoList, header : Bytes) returns (ret : Result) requires Materials.DecryptionMaterialsWithPlaintextDataKey(mat) requires ValidSuite(mat.algorithmSuite) requires Header.ValidEncryptionContext(mat.encryptionContext) - requires forall k <- signedFields :: k in allData - requires forall k <- encFields :: k in allData - requires forall k <- encData :: encData[k].content.Terminal? - requires forall k <- allData :: allData[k].content.Terminal? - //= specification/structured-encryption/decrypt-structure.md#verify-signatures + //= specification/structured-encryption/decrypt-path-structure.md#verify-signatures //= type=implication //# The number of [HMACs in the footer](./footer.md#hmacs) //# MUST be the number of [Encrypted Data Keys in the header](./header.md#encrypted-data-keys). @@ -101,7 +93,7 @@ module StructuredEncryptionFooter { ensures client.ValidState() { :- Need(|edks| == |tags|, E("There are a different number of recipient tags in the stored header than there are in the decryption materials.")); - var canonicalHash :- CanonHash(signedFields, encFields, encData, allData, header, mat.encryptionContext); + var canonicalHash :- CanonHash(data, header, mat.encryptionContext); var input := Prim.HMacInput ( digestAlgorithm := mat.algorithmSuite.symmetricSignature.HMAC, @@ -221,48 +213,34 @@ module StructuredEncryptionFooter { } // Given a key value pair, return the canonical value for use in the footer checksum calculations - function method GetCanonicalItem(fieldName : CanonicalPath, value : StructuredData, isEncrypted : bool) + function method GetCanonicalItem(data : CanonCryptoItem) : (ret : Result) - requires value.content.Terminal? { - if isEncrypted then - GetCanonicalEncryptedField(fieldName, value.content.Terminal) + if data.action == ENCRYPT_AND_SIGN then + GetCanonicalEncryptedField(data.key, data.data) else - GetCanonicalPlaintextField(fieldName, value.content.Terminal) + GetCanonicalPlaintextField(data.key, data.data) } function method CanonContent ( - fields : seq, // remaining fields to be canonized - encFields : seq, // fields that are encrypted - encData : StructuredDataCanon, - allData : StructuredDataCanon, + data : CanonCryptoList, // remaining fields to be canonized canonized : Bytes := [] // output ) : Result - requires forall k <- fields :: k in allData - requires forall k <- encFields :: k in allData - requires forall k <- encData :: encData[k].content.Terminal? - requires forall k <- allData :: allData[k].content.Terminal? { - if |fields| == 0 then + if |data| == 0 then Success(canonized) + else if data[0].action == DO_NOTHING then + CanonContent(data[1..], canonized) else - var data := if fields[0] in encData then encData[fields[0]] else allData[fields[0]]; - var newPart :- GetCanonicalItem(fields[0], data, fields[0] in encFields); - CanonContent(fields[1..], encFields, encData, allData, canonized + newPart) + var newPart :- GetCanonicalItem(data[0]); + CanonContent(data[1..], canonized + newPart) } function method CanonRecord ( - signedFields : seq, - encFields : seq, - encData : StructuredDataCanon, - allData : StructuredDataCanon, + data : CanonCryptoList, header : Bytes, enc : Header.CMPEncryptionContext ) : (ret : Result) - requires forall k <- signedFields :: k in allData - requires forall k <- encFields :: k in allData - requires forall k <- encData :: encData[k].content.Terminal? - requires forall k <- allData :: allData[k].content.Terminal? ensures ret.Success? ==> //= specification/structured-encryption/footer.md#canonical-record @@ -274,8 +252,8 @@ module StructuredEncryptionFooter { //# | AAD Length | 8 | 64-bit integer, the length of the following AAD data | //# | AAD | Variable | The serialization of the Encryption Context from the Encryption Materials | //# | Field Data | Variable | For each [signed field](#signed-fields), ordered lexicographically by [canonical path](./header.md#canonical-path), the [canonical field](#canonical-field). - && CanonContent(signedFields, encFields, encData, allData).Success? - && var canon := CanonContent(signedFields, encFields, encData, allData).value; + && CanonContent(data).Success? + && var canon := CanonContent(data).value; && var AAD := Header.SerializeContext(enc); && |AAD| < UINT64_LIMIT && var len := UInt64ToSeq(|AAD| as uint64); @@ -285,7 +263,7 @@ module StructuredEncryptionFooter { + AAD + canon { - var canon :- CanonContent(signedFields, encFields, encData, allData); + var canon :- CanonContent(data); var AAD := Header.SerializeContext(enc); :- Need(|AAD| < UINT64_LIMIT, E("AAD too long.")); var len := UInt64ToSeq(|AAD| as uint64); @@ -293,24 +271,17 @@ module StructuredEncryptionFooter { } method CanonHash ( - signedFields : seq, - encFields : seq, - encData : StructuredDataCanon, - allData : StructuredDataCanon, + data : CanonCryptoList, header : Bytes, enc : Header.CMPEncryptionContext ) returns (ret : Result) - requires forall k <- signedFields :: k in allData - requires forall k <- encFields :: k in allData - requires forall k <- encData :: encData[k].content.Terminal? - requires forall k <- allData :: allData[k].content.Terminal? ensures ret.Success? ==> |ret.value| == 48 //= specification/structured-encryption/footer.md#hash-calculation //= type=implication //# The canonical hash of a record MUST be the SHA384 of the canonical form of the record. { - var data :- CanonRecord(signedFields, encFields, encData, allData, header, enc); + var data :- CanonRecord(data, header, enc); var resultR := Digest.Digest(Prim.DigestInput(digestAlgorithm := Prim.SHA_384, message := data)); return resultR.MapFailure(e => AwsCryptographyPrimitives(e)); } @@ -319,19 +290,12 @@ module StructuredEncryptionFooter { method CreateFooter( client: Primitives.AtomicPrimitivesClient, mat : CMP.EncryptionMaterials, - signedFields : seq, - encFields : seq, - encData : StructuredDataCanon, - allData : StructuredDataCanon, + data : CanonCryptoList, header : Bytes) returns (ret : Result) requires ValidSuite(mat.algorithmSuite) requires Materials.EncryptionMaterialsHasPlaintextDataKey(mat) requires Header.ValidEncryptionContext(mat.encryptionContext) - requires forall k <- signedFields :: k in allData - requires forall k <- encFields :: k in allData - requires forall k <- encData :: encData[k].content.Terminal? - requires forall k <- allData :: allData[k].content.Terminal? ensures (ret.Success? && mat.algorithmSuite.signature.ECDSA?) ==> //= specification/structured-encryption/footer.md#signature @@ -349,7 +313,7 @@ module StructuredEncryptionFooter { requires client.ValidState() ensures client.ValidState() { - var canonicalHash :- CanonHash(signedFields, encFields, encData, allData, header, mat.encryptionContext); + var canonicalHash :- CanonHash(data, header, mat.encryptionContext); var tags : seq := []; for i := 0 to |mat.encryptedDataKeys| invariant |tags| == i diff --git a/DynamoDbEncryption/dafny/StructuredEncryption/src/Header.dfy b/DynamoDbEncryption/dafny/StructuredEncryption/src/Header.dfy index d510fa19d..32c22df42 100644 --- a/DynamoDbEncryption/dafny/StructuredEncryption/src/Header.dfy +++ b/DynamoDbEncryption/dafny/StructuredEncryption/src/Header.dfy @@ -18,6 +18,7 @@ module StructuredEncryptionHeader { import Prim = AwsCryptographyPrimitivesTypes import SortedSets import Sets + import Seq import UTF8 import Paths = StructuredEncryptionPaths import Random @@ -56,15 +57,14 @@ module StructuredEncryptionHeader { type Legend = x : seq | |x| < UINT16_LIMIT type CMPUtf8Bytes = x : CMP.Utf8Bytes | |x| < UINT16_LIMIT - predicate method IsVersion2Schema(data : CryptoSchemaMap) - requires CryptoSchemaMapIsFlat(data) + predicate method IsVersion2Schema(data : CanonCryptoList) { - exists x <- data :: data[x].content.Action == SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT + exists x <- data :: x.action == SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT } - function method VersionFromSchema(data : CryptoSchemaMap) : (ret : Version) - requires CryptoSchemaMapIsFlat(data) - ensures (exists x <- data :: data[x].content.Action == SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT) <==> (ret == 2) - ensures !(exists x <- data :: data[x].content.Action == SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT) <==> (ret == 1) + + function method VersionFromSchema(data : CanonCryptoList) : (ret : Version) + ensures (exists x <- data :: x.action == SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT) <==> (ret == 2) + ensures !(exists x <- data :: x.action == SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT) <==> (ret == 1) { if IsVersion2Schema(data) then 2 @@ -198,7 +198,7 @@ module StructuredEncryptionHeader { && CalculateHeaderCommitment(client, alg, commitKey, ret.value[..|ret.value|-COMMITMENT_LEN]).Success? && ret.value[|ret.value|-COMMITMENT_LEN..] == CalculateHeaderCommitment(client, alg, commitKey, ret.value[..|ret.value|-COMMITMENT_LEN]).value - //= specification/structured-encryption/header.md#header-value-1 + //= specification/structured-encryption/header.md#full-header-value //= type=implication //# The value of the header MUST be // | Length (bytes) | Meaning | @@ -218,7 +218,7 @@ module StructuredEncryptionHeader { // config to PartialHeader function method Create( tableName : string, - schema : CryptoSchema, + schema : CanonCryptoList, msgID : MessageID, mat : CMP.EncryptionMaterials ) @@ -229,24 +229,18 @@ module StructuredEncryptionHeader { //# If any [Crypto Action](./structures.md#crypto-action) is configured as //# [SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT Crypto Action](./structures.md#sign_and_include_in_encryption_context) //# the Version MUST be 0x02; otherwise, Version MUST be 0x01. - ensures ret.Success? ==> - && schema.content.SchemaMap? - && CryptoSchemaMapIsFlat(schema.content.SchemaMap) - && ret.value.version == VersionFromSchema(schema.content.SchemaMap) + ensures ret.Success? ==> ret.value.version == VersionFromSchema(schema) { - :- Need(ValidString(tableName), E("Invalid table name.")); :- Need(ValidEncryptionContext(mat.encryptionContext), E("Invalid Encryption Context")); :- Need(0 < |mat.encryptedDataKeys|, E("There must be at least one data key")); :- Need(|mat.encryptedDataKeys| < UINT8_LIMIT, E("Too many data keys.")); :- Need(forall x | x in mat.encryptedDataKeys :: ValidEncryptedDataKey(x), E("Invalid Data Key")); - :- Need(schema.content.SchemaMap?, E("Schema must be a Map")); - :- Need(CryptoSchemaMapIsFlat(schema.content.SchemaMap), E("Schema must be flat.")); :- Need(|mat.algorithmSuite.binaryId| == 2, E("Invalid Algorithm Suite Binary ID")); :- Need(mat.algorithmSuite.binaryId[0] == DbeAlgorithmFamily, E("Algorithm Suite not suitable for structured encryption.")); :- Need(ValidFlavor(mat.algorithmSuite.binaryId[1]), E("Algorithm Suite has unexpected flavor.")); - var legend :- MakeLegend(tableName, schema); + var legend :- MakeLegend(schema); - //= specification/structured-encryption/encrypt-structure.md#header-field + //= specification/structured-encryption/encrypt-path-structure.md#header-field //# The encryption context field serialized in the header MUST contain all key-value //# pairs of the encryption context in the [encryption materials](#retrieve-encryption-materials) //# that are not included in the @@ -255,7 +249,7 @@ module StructuredEncryptionHeader { // It is difficult for dafny to prove ValidEncryptionContext here, so perform a runtime check instead :- Need(ValidEncryptionContext(storedEC), E("Invalid Encryption Context")); Success(PartialHeader( - version := VersionFromSchema(schema.content.SchemaMap), + version := VersionFromSchema(schema), flavor := mat.algorithmSuite.binaryId[1], msgID := msgID, legend := legend, @@ -370,47 +364,19 @@ module StructuredEncryptionHeader { } // Create a Legend from the Schema - function method MakeLegend(tableName : GoodString, schema : CryptoSchema) + function method MakeLegend(schema : CanonCryptoList) : (ret : Result) - requires schema.content.SchemaMap? - requires CryptoSchemaMapIsFlat(schema.content.SchemaMap) ensures ret.Success? ==> //= specification/structured-encryption/header.md#encrypt-legend-bytes //= type=implication //# The length of this serialized value (in bytes) MUST equal the number of authenticated fields indicated //# by the caller's [Authenticate Schema](./structures.md#authenticate-schema). - && |ret.value| == CountAuthAttrs(schema.content.SchemaMap) - { - var data := schema.content.SchemaMap; - :- Need(forall k <- data :: ValidString(k), E("bad attribute name")); - - var authSchema: map := ( - var rawSchema := RestrictAuthAttrs(data); - // Ensure we get the expected number of auth attributes - LemmaRestrictAuthAttrsIdempotent(data); - assert CountAuthAttrs(data) == |rawSchema|; - // Can't use `k as GoodString` for some reason; instead assert validity and let inference handle the rest - assert forall k <- rawSchema :: ValidString(k); - rawSchema - ); - assert CountAuthAttrs(data) == |authSchema|; - - //= specification/structured-encryption/header.md#encrypt-legend-bytes - //# The Encrypt Legend Bytes MUST be serialized as follows: - // 1. Order every authenticated attribute in the item by the Canonical Path - // 2. For each authenticated terminal, in order, - // append one of the byte values specified above to indicate whether - // that field should be encrypted. - Paths.SimpleCanonUnique(tableName); - - var fn: GoodString -> CanonicalPath := (k: GoodString) => Paths.SimpleCanon(tableName, k); - assert forall k :: true ==> fn(k) == Paths.SimpleCanon(tableName, k); // This is a bit silly to have to assert, but necessary when SimpleCanon is opaque - - MapKeepsCount(authSchema, fn); - var canonSchema := MyMap(fn, authSchema); - assert |authSchema| == |canonSchema|; - var attrs := SortedSets.ComputeSetToOrderedSequence2(canonSchema.Keys, ByteLess); - MakeLegend2(attrs, canonSchema) + && |ret.value| == CountAuthAttrs(schema) + { + var legend :- MakeLegend2(schema); + var authCount := CountAuthAttrs(schema); + :- Need(authCount == |legend|, E("Internal Error : bad legend calculation.")); + Success(legend) } // because if the parameter below is @@ -420,24 +386,19 @@ module StructuredEncryptionHeader { // Create a Legend for the given attrs of the Schema function method {:tailrecursion} MakeLegend2( - attrs : seq, - data : map, + data : CanonCryptoList, serialized : Legend := EmptyLegend ) : (ret : Result) - requires forall k <- attrs :: k in data - requires forall k <- data.Keys :: data[k].content.Action? - requires forall k <- data.Keys :: IsAuthAttr(data[k].content.Action) - requires |attrs| + |serialized| == |data| - ensures ret.Success? ==> |ret.value| == |data| { - if |attrs| == 0 then + if |data| == 0 then Success(serialized) - else + else if IsAuthAttr(data[0].action) then :- Need((|serialized| + 1) < UINT16_LIMIT, E("Legend Too Long.")); - :- Need(data[attrs[0]].content.Action?, E("Schema must be flat")); - var legendChar := GetActionLegend(data[attrs[0]].content.Action); - MakeLegend2(attrs[1..], data, serialized + [legendChar]) + var legendChar := GetActionLegend(data[0].action); + MakeLegend2(data[1..], serialized + [legendChar]) + else + MakeLegend2(data[1..], serialized) } // CryptoAction to bytes. One byte for signed, zero bytes for unsigned @@ -458,48 +419,30 @@ module StructuredEncryptionHeader { // as well as being included in the encryption context. // This indicates that this field MUST NOT be attempted to be decrypted during decryption. // - no entry if the attribute is not signed ensures match (x) { - case ENCRYPT_AND_SIGN => ret == ENCRYPT_AND_SIGN_LEGEND - case SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT => ret == SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT_LEGEND - case SIGN_ONLY => ret == SIGN_ONLY_LEGEND + case ENCRYPT_AND_SIGN() => ret == ENCRYPT_AND_SIGN_LEGEND + case SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT() => ret == SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT_LEGEND + case SIGN_ONLY() => ret == SIGN_ONLY_LEGEND } { match (x) { - case ENCRYPT_AND_SIGN => ENCRYPT_AND_SIGN_LEGEND - case SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT => SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT_LEGEND - case SIGN_ONLY => SIGN_ONLY_LEGEND + case ENCRYPT_AND_SIGN() => ENCRYPT_AND_SIGN_LEGEND + case SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT() => SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT_LEGEND + case SIGN_ONLY() => SIGN_ONLY_LEGEND } } // How many elements of Schema are included in the signature? - function CountAuthAttrs(data : CryptoSchemaMap) + function method CountAuthAttrs(data : CanonCryptoList) : nat - requires forall x <- data.Values :: x.content.Action? - { - |RestrictAuthAttrs(data)| - } - - /* - * Restrict `data` to just the authenticated attributes. - */ - function method RestrictAuthAttrs(data: CryptoSchemaMap) - : (authData: CryptoSchemaMap) - requires forall x <- data.Values :: x.content.Action? - ensures authData.Keys <= data.Keys - ensures forall k <- data :: IsAuthAttr(data[k].content.Action) <==> k in authData - ensures forall k <- authData :: authData[k] == data[k] - ensures forall k <- authData :: IsAuthAttr(authData[k].content.Action) { - map k <- data | IsAuthAttr(data[k].content.Action) :: k := data[k] + if |data| == 0 then + 0 + else if IsAuthAttr(data[0].action) then + 1 + CountAuthAttrs(data[1..]) + else + CountAuthAttrs(data[1..]) } - /* - * Lemma: RestrictAuthAttrs is idempotent. - */ - lemma LemmaRestrictAuthAttrsIdempotent(data: CryptoSchemaMap) - requires forall x <- data.Values :: x.content.Action? - ensures var authData := RestrictAuthAttrs(data); authData == RestrictAuthAttrs(authData) - {} - // Legend to Bytes function method {:opaque} SerializeLegend(x : Legend) : (ret : Bytes) @@ -819,8 +762,8 @@ module StructuredEncryptionHeader { // End code, begin proofs // mapping with no filter does not change map size - lemma MapKeepsCount(m : map, f : (GoodString) -> Z) - requires forall a : GoodString, b : GoodString :: a != b ==> f(a) != f(b) + lemma MapKeepsCount(m : map, f : (Path) -> Z) + requires forall a : Path, b : Path :: a != b ==> f(a) != f(b) requires Functions.Injective(f) ensures |m.Keys| == |MyMap(f, m).Keys| ensures |m| == |MyMap(f, m)| diff --git a/DynamoDbEncryption/dafny/StructuredEncryption/src/Paths.dfy b/DynamoDbEncryption/dafny/StructuredEncryption/src/Paths.dfy index 0ce1a63c9..f7d5d33a0 100644 --- a/DynamoDbEncryption/dafny/StructuredEncryption/src/Paths.dfy +++ b/DynamoDbEncryption/dafny/StructuredEncryption/src/Paths.dfy @@ -13,6 +13,7 @@ module StructuredEncryptionPaths { import opened StandardLibrary.UInt import opened StructuredEncryptionUtil import opened AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes + import opened DafnyLibraries datatype Selector = | List(pos : uint64) @@ -27,123 +28,243 @@ module StructuredEncryptionPaths { && s[0].Map? } - // a specific part of a structure - datatype TerminalLocation = TerminalLocation ( - parts : TerminalSelector - ) - { - // Return the Canonical Path for this part of an item in this table - function method canonicalPath(table : GoodString) - : (ret : CanonicalPath) - ensures ret == - //= specification/structured-encryption/header.md#canonical-path - //= type=implication - //# The canonical path MUST start with the UTF8 encoded table name. - UTF8.Encode(table).value - //= specification/structured-encryption/header.md#canonical-path - //= type=implication - //# This MUST be followed by the depth of the Terminal within Structured Data. - + UInt64ToSeq(|parts| as uint64) - //= specification/structured-encryption/header.md#canonical-path - //= type=implication - //# This MUST be followed by the encoding for each Structured Data in the path, including the Terminal itself. - + MakeCanonicalPath(parts) - { - var tableName := UTF8.Encode(table).value; - var depth := UInt64ToSeq(|parts| as uint64); - var path := MakeCanonicalPath(parts); - tableName + depth + path - } + function method StringToUniPath(x : string) : (ret : Path) + ensures |ret| == 1 + { + [member(StructureSegment(key := x))] + } - predicate method isRoot() - { - |parts| == 1 - } - function method getRoot() : GoodString - { - assert ValidTerminalSelector(parts); - parts[0].key - } + function method UniPathToString(x : Path) : Result + requires |x| == 1 + { + Success(x[0].member.key) } - function method TermLocMap?(attr : string) : Result + predicate method ValidPath(path : Path) + { + && |path| < UINT64_LIMIT + && forall x <- path :: ValidString(x.member.key) + } + + function method CanonPath(table : GoodString, path : Path) + : (ret : CanonicalPath) + requires ValidPath(path) + ensures ret == + //= specification/structured-encryption/header.md#canonical-path + //= type=implication + //# The canonical path MUST start with the UTF8 encoded table name. + UTF8.Encode(table).value + //= specification/structured-encryption/header.md#canonical-path + //= type=implication + //# This MUST be followed by the depth of the Terminal within Structured Data. + + UInt64ToSeq(|path| as uint64) + //= specification/structured-encryption/header.md#canonical-path + //= type=implication + //# This MUST be followed by the encoding for each Structured Data in the path, including the Terminal itself. + + MakeCanonicalPath(path) + { + var tableName := UTF8.Encode(table).value; + var depth := UInt64ToSeq(|path| as uint64); + var path := MakeCanonicalPath(path); + tableName + depth + path + } + + function method TermLocMap?(attr : string) : Result { :- Need(ValidString(attr), E("invalid string : " + attr)); - Success(TermLocMap(attr)) + Success([member(StructureSegment(key := attr))]) } - function method TermLocMap(attr : GoodString) : TerminalLocation + function method TermLocMap(attr : GoodString) : Path { - TerminalLocation([Map(attr)]) + [member(StructureSegment(key := attr))] } function method {:opaque} SimpleCanon(table : GoodString, attr : GoodString) : CanonicalPath { - TermLocMap(attr).canonicalPath(table) + CanonPath(table, TermLocMap(attr)) } const ARRAY_TAG : uint8 := '#' as uint8 const MAP_TAG : uint8 := '$' as uint8 // get the Canonical Path fragment for this Selector - function method CanonicalPart(s : Selector) + function method CanonicalPart(s : PathSegment) : (ret : Bytes) + requires ValidString(s.member.key) //= specification/structured-encryption/header.md#canonical-path //= type=implication //# For Structured Data in Structured Data Maps, this MUST be a 0x24 byte ($ in UTF-8), //# followed by the length of the key, followed by the key as a UTF8 string. - ensures s.Map? ==> ret == [MAP_TAG] + UInt64ToSeq(|s.key| as uint64) + UTF8.Encode(s.key).value - //= specification/structured-encryption/header.md#canonical-path - //= type=implication - //# For Structured Data in Structured Data Lists, this MUST be a 0x23 byte (# in UTF-8), followed by the numerical index. - ensures s.List? ==> ret == [ARRAY_TAG] + UInt64ToSeq(s.pos as uint64) + ensures ret == [MAP_TAG] + UInt64ToSeq(|s.member.key| as uint64) + UTF8.Encode(s.member.key).value + ensures |ret| == 9 + |UTF8.Encode(s.member.key).value| { - match s { - case Map(key) => [MAP_TAG] + UInt64ToSeq(|key| as uint64) + UTF8.Encode(key).value - case List(pos) => [ARRAY_TAG] + UInt64ToSeq(pos) - } + [MAP_TAG] + UInt64ToSeq(|s.member.key| as uint64) + UTF8.Encode(s.member.key).value } // get the Canonical Path for these Selectors - function method {:tailrecursion} MakeCanonicalPath(src : SelectorList) - : CanonicalPath + function method {:tailrecursion} MakeCanonicalPath(path : Path) + : (ret : CanonicalPath) + requires ValidPath(path) + ensures |path| == 0 ==> ret == [] + ensures |path| == 1 ==> ret == CanonicalPart(path[0]) { - if |src| == 0 then + if |path| == 0 then [] else - CanonicalPart(src[0]) + MakeCanonicalPath(src[1..]) + CanonicalPart(path[0]) + MakeCanonicalPath(path[1..]) + } + + // Does NOT guarantee a unique output for every unique input + // e.g. ['a.b'] and ['a','b'] both return 'a.b'. + function method PathToString(path : Path) : string + { + if |path| == 0 then + "" + else if |path| == 1 then + path[0].member.key + else + path[0].member.key + "." + PathToString(path[1..]) } // End code, begin lemmas. - // The only useful one is SimpleCanonUnique - // The others are here to prove that + // The only useful ones are SimpleCanonUnique and FullPathUnique + // The others are here to prove those + // SimpleCanon and SimpleCanonUnique should be retired + - lemma CanonicalPartMapUnique(x : Selector, y : Selector) - requires x.Map? - requires y.Map? + // x != y ==> x.canonicalPath != y.canonicalPath, so we can map with it + lemma CanonPathUnique(table : GoodString) + ensures forall x : Path, y : Path | ValidPath(x) && ValidPath(y) + :: x != y ==> CanonPath(table, x) != CanonPath(table, y) + { + forall x : Path, y : Path | ValidPath(x) && ValidPath(y) + ensures x != y ==> CanonPath(table, x) != CanonPath(table, y) { + if x != y { + CanonPathUnique2(table, x, y); + } + } + } + + lemma CanonPathUnique2(table : GoodString, x : Path, y : Path) requires x != y - ensures CanonicalPart(x) != CanonicalPart(y) + requires ValidPath(x) && ValidPath(y) + ensures CanonPath(table, x) != CanonPath(table, y) + { + PathUnique2(x, y); + var cpX := CanonPath(table, x); + var cpY := CanonPath(table, y); + var tableName := UTF8.Encode(table).value; + assert tableName < cpX; + assert tableName < cpY; + if |x| == |y| { + var prefix := tableName + UInt64ToSeq(|x| as uint64); + assert cpX == prefix + MakeCanonicalPath(x); + assert cpY == prefix + MakeCanonicalPath(y); + PathUnique2(x, y); + OnePlusOne(prefix, MakeCanonicalPath(x), MakeCanonicalPath(y)); + assert cpX != cpY; + } else { + assert UInt64ToSeq(|x| as uint64) != UInt64ToSeq(|y| as uint64); + assert (tableName + UInt64ToSeq(|x| as uint64)) <= cpX; + assert (tableName + UInt64ToSeq(|y| as uint64)) <= cpY; + OnePlusOne(tableName, UInt64ToSeq(|x| as uint64), UInt64ToSeq(|y| as uint64)); + assert (tableName + UInt64ToSeq(|x| as uint64)) != (tableName + UInt64ToSeq(|y| as uint64)); + assert cpX != cpY; + } + } + + // x != y ==> MakeCanonicalPath(x) != MakeCanonicalPath(y), so we can map with it + lemma PathUnique() + ensures forall x : Path, y : Path | ValidPath(x) && ValidPath(y) + :: x != y ==> MakeCanonicalPath(x) != MakeCanonicalPath(y) + { + forall x : Path, y : Path | ValidPath(x) && ValidPath(y) + ensures x != y ==> MakeCanonicalPath(x) != MakeCanonicalPath(y) { + if x != y { + PathUnique2(x, y); + } + } + } + + lemma PathUnique2(x : Path, y : Path) + requires ValidPath(x) && ValidPath(y) + requires x != y + ensures MakeCanonicalPath(x) != MakeCanonicalPath(y) + { + if |x| == 0 || |y| == 0 { + + } else if x[0] != y[0] { + CanonicalPartMapUnique(x[0], y[0]); + assert CanonicalPart(x[0]) != CanonicalPart(y[0]); + SelectorNeverPrefix(x[0], y[0]); + assert CanonicalPart(x[0]) <= MakeCanonicalPath(x); + assert CanonicalPart(y[0]) <= MakeCanonicalPath(y); + assert MakeCanonicalPath(x) == CanonicalPart(x[0]) + MakeCanonicalPath(x[1..]); + assert MakeCanonicalPath(y) == CanonicalPart(y[0]) + MakeCanonicalPath(y[1..]); + assert MakeCanonicalPath(x) != MakeCanonicalPath(y); + } else { + assert(x[1..] != y[1..]); + PathUnique2(x[1..], y[1..]); + assert CanonicalPart(x[0]) == CanonicalPart(y[0]); + assert MakeCanonicalPath(x[1..]) != MakeCanonicalPath(y[1..]); + OnePlusOne(CanonicalPart(x[0]), MakeCanonicalPath(x[1..]), MakeCanonicalPath(y[1..])); + assert CanonicalPart(x[0]) + MakeCanonicalPath(x[1..]) != CanonicalPart(x[0]) + MakeCanonicalPath(y[1..]); + assert CanonicalPart(x[0]) + MakeCanonicalPath(x[1..]) != CanonicalPart(y[0]) + MakeCanonicalPath(y[1..]); + assert MakeCanonicalPath(x) != MakeCanonicalPath(y); + } + } + + // must be true for any correct UTF8 implementation + lemma {:axiom} Utf8EncodeUnique(x : string, y : string) + requires UTF8.Encode(x).Success? + requires UTF8.Encode(y).Success? + ensures !(x <= y) ==> !(UTF8.Encode(x).value <= UTF8.Encode(y).value) + + lemma SelectorNeverPrefixMap(x : PathSegment, y : PathSegment) + requires x != y + requires ValidString(x.member.key) && ValidString(y.member.key) + ensures !(CanonicalPart(x) <= CanonicalPart(y)) + ensures !(CanonicalPart(y) <= CanonicalPart(x)) { - assert x.key != y.key; - assert CanonicalPart(x) == [MAP_TAG] + UInt64ToSeq(|x.key| as uint64) + UTF8.Encode(x.key).value; - assert CanonicalPart(y) == [MAP_TAG] + UInt64ToSeq(|y.key| as uint64) + UTF8.Encode(y.key).value; - assert UTF8.Encode(x.key).value != UTF8.Encode(y.key).value; - if |x.key| == |y.key| { - var prefix := [MAP_TAG] + UInt64ToSeq(|y.key| as uint64); - assert CanonicalPart(x) == prefix + UTF8.Encode(x.key).value; - assert CanonicalPart(y) == prefix + UTF8.Encode(y.key).value; - OnePlusOne(prefix, UTF8.Encode(x.key).value, UTF8.Encode(y.key).value); - assert CanonicalPart(x) != CanonicalPart(y); + if |x.member.key| != |y.member.key| { + assert CanonicalPart(x)[1..9] != CanonicalPart(y)[1..9]; } else { - assert UInt64ToSeq(|x.key| as uint64) != UInt64ToSeq(|y.key| as uint64); - assert CanonicalPart(x)[1..9] == UInt64ToSeq(|x.key| as uint64); - assert CanonicalPart(y)[1..9] == UInt64ToSeq(|y.key| as uint64); + assert |x.member.key| == |y.member.key|; + assert x.member.key != y.member.key; + assert !(x.member.key <= y.member.key); + assert !(y.member.key <= x.member.key); + Utf8EncodeUnique(x.member.key, y.member.key); + Utf8EncodeUnique(y.member.key, x.member.key); + assert !(UTF8.Encode(x.member.key).value <= UTF8.Encode(y.member.key).value); + assert !(UTF8.Encode(y.member.key).value <= UTF8.Encode(x.member.key).value); + assert CanonicalPart(x) == [MAP_TAG] + UInt64ToSeq(|x.member.key| as uint64) + UTF8.Encode(x.member.key).value; + assert CanonicalPart(y) == [MAP_TAG] + UInt64ToSeq(|y.member.key| as uint64) + UTF8.Encode(y.member.key).value; + assert CanonicalPart(x)[0..9] == CanonicalPart(y)[0..9]; } } - lemma OnePart(src : SelectorList) + lemma SelectorNeverPrefix(x : PathSegment, y : PathSegment) + requires x != y + requires ValidString(x.member.key) && ValidString(y.member.key) + ensures !(CanonicalPart(x) <= CanonicalPart(y)) + ensures !(CanonicalPart(y) <= CanonicalPart(x)) + { + SelectorNeverPrefixMap(x, y); + } + + lemma CanonicalPartMapUnique(x : PathSegment, y : PathSegment) + requires x != y + requires ValidString(x.member.key) && ValidString(y.member.key) + ensures CanonicalPart(x) != CanonicalPart(y) + { + SelectorNeverPrefix(x, y); + } + + lemma OnePart(src : Path) requires |src| == 1 + requires ValidPath(src) ensures MakeCanonicalPath(src) == CanonicalPart(src[0]) {} @@ -168,20 +289,8 @@ module StructuredEncryptionPaths { requires x != y ensures SimpleCanon(table, x) != SimpleCanon(table, y) { - assert SimpleCanon(table, x) != SimpleCanon(table, y) by { - reveal SimpleCanon(); - assert TerminalLocation([Map(x)]).canonicalPath(table) != TerminalLocation([Map(y)]).canonicalPath(table) by { - OnePart([Map(x)]); - OnePart([Map(y)]); - CanonicalPartMapUnique(Map(x), Map(y)); - var prefix := UTF8.Encode(table).value + UInt64ToSeq(1 as uint64); - assert TerminalLocation([Map(x)]).canonicalPath(table) == prefix + CanonicalPart(Map(x)); - assert TerminalLocation([Map(y)]).canonicalPath(table) == prefix + CanonicalPart(Map(y)); - assert CanonicalPart(Map(x)) != CanonicalPart(Map(y)); - OnePlusOne(prefix, CanonicalPart(Map(x)), CanonicalPart(Map(y))); - assert TerminalLocation([Map(x)]).canonicalPath(table) != TerminalLocation([Map(y)]).canonicalPath(table); - } - } + reveal SimpleCanon(); + CanonPathUnique(table); } // x != y ==> SimpleCanon(x) != SimpleCanon(y), so we can map with it diff --git a/DynamoDbEncryption/dafny/StructuredEncryption/src/SortCanon.dfy b/DynamoDbEncryption/dafny/StructuredEncryption/src/SortCanon.dfy new file mode 100644 index 000000000..db2fb2797 --- /dev/null +++ b/DynamoDbEncryption/dafny/StructuredEncryption/src/SortCanon.dfy @@ -0,0 +1,205 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +include "../Model/AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes.dfy" +include "Util.dfy" + +module SortCanon { + export provides + AuthSort, + CryptoSort, + AuthBelow, + CryptoBelow, + StructuredEncryptionUtil, + Relations + + import opened Wrappers + import opened StandardLibrary + import opened StandardLibrary.UInt + import opened Relations + import opened Seq.MergeSort + import opened StructuredEncryptionUtil + + predicate method AuthBelow(x: CanonAuthItem, y: CanonAuthItem) { + Below(x.key, y.key) + } + + predicate method CryptoBelow(x: CanonCryptoItem, y: CanonCryptoItem) { + Below(x.key, y.key) + } + + lemma AuthBelowIsReflexive(x: CanonAuthItem) + ensures AuthBelow(x, x) + { + BelowIsReflexive(x.key); + } + + lemma CryptoBelowIsReflexive(x: CanonCryptoItem) + ensures CryptoBelow(x, x) + { + BelowIsReflexive(x.key); + } + + // not actually required for sorting. Standard library being updated. + lemma {:axiom} AuthBelowIsAntiSymmetric(x: CanonAuthItem, y: CanonAuthItem) + requires AuthBelow(x, y) && AuthBelow(y, x) + ensures x == y + + // not actually required for sorting. Standard library being updated. + lemma {:axiom} CryptoBelowIsAntiSymmetric(x: CanonCryptoItem, y: CanonCryptoItem) + requires CryptoBelow(x, y) && CryptoBelow(y, x) + ensures x == y + + + lemma AuthBelowIsTransitive(x: CanonAuthItem, y: CanonAuthItem, z: CanonAuthItem) + requires AuthBelow(x, y) && AuthBelow(y, z) + ensures AuthBelow(x, z) + { + BelowIsTransitive(x.key, y.key, z.key); + } + + lemma CryptoBelowIsTransitive(x: CanonCryptoItem, y: CanonCryptoItem, z: CanonCryptoItem) + requires CryptoBelow(x, y) && CryptoBelow(y, z) + ensures CryptoBelow(x, z) + { + BelowIsTransitive(x.key, y.key, z.key); + } + + lemma AuthBelowIsStronglyConnected(x: CanonAuthItem, y: CanonAuthItem) + ensures AuthBelow(x, y) || AuthBelow(y, x) + { + BelowIsStronglyConnected(x.key, y.key); + } + + lemma CryptoBelowIsStronglyConnected(x: CanonCryptoItem, y: CanonCryptoItem) + ensures CryptoBelow(x, y) || CryptoBelow(y, x) + { + BelowIsStronglyConnected(x.key, y.key); + } + + lemma AuthBelowIsTotal() + ensures TotalOrdering(AuthBelow) + { + BelowIsTotal(); + assert TotalOrdering(Below); + assert Reflexive(AuthBelow) by { + forall x { + AuthBelowIsReflexive(x); + } + } + assert AntiSymmetric(AuthBelow) by { + forall x, y | AuthBelow(x, y) && AuthBelow(y, x) { + AuthBelowIsAntiSymmetric(x, y); + } + } + assert Relations.Transitive(AuthBelow) by { + forall x, y, z | AuthBelow(x, y) && AuthBelow(y, z) { + AuthBelowIsTransitive(x, y, z); + } + } + assert StronglyConnected(AuthBelow) by { + forall x, y { + AuthBelowIsStronglyConnected(x, y); + } + } + } + + lemma CryptoBelowIsTotal() + ensures TotalOrdering(CryptoBelow) + { + BelowIsTotal(); + assert TotalOrdering(Below); + assert Reflexive(CryptoBelow) by { + forall x { + CryptoBelowIsReflexive(x); + } + } + assert AntiSymmetric(CryptoBelow) by { + forall x, y | CryptoBelow(x, y) && CryptoBelow(y, x) { + CryptoBelowIsAntiSymmetric(x, y); + } + } + assert Relations.Transitive(CryptoBelow) by { + forall x, y, z | CryptoBelow(x, y) && CryptoBelow(y, z) { + CryptoBelowIsTransitive(x, y, z); + } + } + assert StronglyConnected(CryptoBelow) by { + forall x, y { + CryptoBelowIsStronglyConnected(x, y); + } + } + } + + predicate method Below(x: seq, y: seq) { + |x| != 0 ==> + && |y| != 0 + && x[0] <= y[0] + && (x[0] == y[0] ==> Below(x[1..], y[1..])) + } + + lemma BelowIsTotal() + ensures TotalOrdering(Below) + { + assert Reflexive(Below) by { + forall x { + BelowIsReflexive(x); + } + } + assert AntiSymmetric(Below) by { + forall x, y | Below(x, y) && Below(y, x) { + BelowIsAntiSymmetric(x, y); + } + } + assert Relations.Transitive(Below) by { + forall x, y, z | Below(x, y) && Below(y, z) { + BelowIsTransitive(x, y, z); + } + } + assert StronglyConnected(Below) by { + forall x, y { + BelowIsStronglyConnected(x, y); + } + } + } + + lemma BelowIsReflexive(x: seq) + ensures Below(x, x) + { + } + + lemma BelowIsAntiSymmetric(x: seq, y: seq) + requires Below(x, y) && Below(y, x) + ensures x == y + { + } + + lemma BelowIsTransitive(x: seq, y: seq, z: seq) + requires Below(x, y) && Below(y, z) + ensures Below(x, z) + { + } + + lemma BelowIsStronglyConnected(x: seq, y: seq) + ensures Below(x, y) || Below(y, x) + { + } + + function method AuthSort(x : seq) : (result : seq) + ensures multiset(x) == multiset(result) + ensures SortedBy(result, AuthBelow) + { + AuthBelowIsTotal(); + MergeSortBy(x, AuthBelow) + } + + function method CryptoSort(x : seq) : (result : seq) + ensures multiset(x) == multiset(result) + ensures SortedBy(result, CryptoBelow) + { + CryptoBelowIsTotal(); + MergeSortBy(x, CryptoBelow) + } + + +} \ No newline at end of file diff --git a/DynamoDbEncryption/dafny/StructuredEncryption/src/Util.dfy b/DynamoDbEncryption/dafny/StructuredEncryption/src/Util.dfy index d7e475eea..0d3a721f5 100644 --- a/DynamoDbEncryption/dafny/StructuredEncryption/src/Util.dfy +++ b/DynamoDbEncryption/dafny/StructuredEncryption/src/Util.dfy @@ -8,6 +8,7 @@ module StructuredEncryptionUtil { import opened Wrappers import opened StandardLibrary import opened StandardLibrary.UInt + import UTF8 import CMP = AwsCryptographyMaterialProvidersTypes import CSE = AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes @@ -20,6 +21,8 @@ module StructuredEncryptionUtil { const HeaderField := ReservedPrefix + "head" const FooterField := ReservedPrefix + "foot" + const HeaderPath : Path := [member(StructureSegment(key := HeaderField))] + const FooterPath : Path := [member(StructureSegment(key := FooterField))] const ReservedCryptoContextPrefixString := "aws-crypto-" const ReservedCryptoContextPrefixUTF8 := UTF8.EncodeAscii(ReservedCryptoContextPrefixString) @@ -39,11 +42,26 @@ module StructuredEncryptionUtil { const FALSE_STR : string := "false" const FALSE_UTF8 : UTF8.ValidUTF8Bytes := UTF8.EncodeAscii(FALSE_STR) - //= specification/structured-encryption/encrypt-structure.md#header-field + datatype CanonCryptoItem = CanonCryptoItem ( + key : CanonicalPath, + origKey : Path, + data : StructuredDataTerminal, + action : CryptoAction + ) + datatype CanonAuthItem = CanonAuthItem ( + key : CanonicalPath, + origKey : Path, + data : StructuredDataTerminal, + action : AuthenticateAction + ) + type CanonCryptoList = seq + type CanonAuthList = seq + + //= specification/structured-encryption/encrypt-path-structure.md#header-field //= type=implication //# The Header Field name MUST be `aws_dbe_head` - //= specification/structured-encryption/encrypt-structure.md#footer-field + //= specification/structured-encryption/encrypt-path-structure.md#footer-field //= type=implication //# The Footer Field name MUST be `aws_dbe_foot` lemma CheckNames() @@ -72,19 +90,6 @@ module StructuredEncryptionUtil { ensures alg.encrypt.AES_GCM.ivLength as int == NonceSize {} - const DoNotSign := - CSE.AuthenticateSchema(content := CSE.AuthenticateSchemaContent.Action(CSE.AuthenticateAction.DO_NOT_SIGN), attributes := None) - const DoSign := - CSE.AuthenticateSchema(content := CSE.AuthenticateSchemaContent.Action(CSE.AuthenticateAction.SIGN), attributes := None) - const EncryptAndSign := - CSE.CryptoSchema(content := CSE.CryptoSchemaContent.Action(CSE.CryptoAction.ENCRYPT_AND_SIGN), attributes := None) - const ContextAndSign := - CSE.CryptoSchema(content := CSE.CryptoSchemaContent.Action(CSE.CryptoAction.SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT), attributes := None) - const SignOnly := - CSE.CryptoSchema(content := CSE.CryptoSchemaContent.Action(CSE.CryptoAction.SIGN_ONLY), attributes := None) - const DoNothing := - CSE.CryptoSchema(content := CSE.CryptoSchemaContent.Action(CSE.CryptoAction.DO_NOTHING), attributes := None) - type Key = x : seq | |x| == KeySize witness * type Nonce = x : seq | |x| == NonceSize witness * type AuthTag = x : seq | |x| == AuthTagSize witness * @@ -92,20 +97,13 @@ module StructuredEncryptionUtil { type Bytes = seq type CanonicalPath = seq - type GoodString = x : string | ValidString(x) - - type StructuredDataTerminalType = x : StructuredData | x.content.Terminal? witness * - type CryptoSchemaActionType = x : CryptoSchema | x.content.Action? witness * - type AuthSchemaActionType = x : AuthenticateSchema | x.content.Action? witness * - type StructuredDataXXX = x : map | forall k <- x :: x[k].content.Terminal? - type StructuredDataPlain = map - type StructuredDataCanon = map - type CryptoSchemaPlain = map - type CryptoSchemaCanon = map - type AuthSchemaPlain = map - type AuthSchemaCanon = map - type CanonMap = map + type GoodString = x : string | ValidString(x) + predicate method ValidString(x : string) + { + && |x| < UINT64_LIMIT + && UTF8.Encode(x).Success? + } // Within the context of the StructuredEncryptionClient, certain things must be true of any Algorithm Suite predicate method ValidSuite(alg : CMP.AlgorithmSuiteInfo) @@ -113,12 +111,6 @@ module StructuredEncryptionUtil { alg.id.DBE? && AlgorithmSuites.DBEAlgorithmSuite?(alg) } - predicate method ValidString(x : string) - { - && |x| < UINT64_LIMIT - && UTF8.Encode(x).Success? - } - // string to Error function method E(s : string) : Error { StructuredEncryptionException(message := s) @@ -142,29 +134,6 @@ module StructuredEncryptionUtil { ConstantTimeCompare(a, b) == 0 } - // Is the CryptoSchemaMap flat, i.e., does it contain only Actions? - function method CryptoSchemaMapIsFlat(data : CryptoSchemaMap) : (ret : bool) - ensures ret ==> (forall v <- data.Values :: v.content.Action?) - { - forall k <- data :: data[k].content.Action? - } - type FlatSchemaMap = x : CryptoSchemaMap | CryptoSchemaMapIsFlat(x) - - // Schema must contain only Actions - function method AuthSchemaIsFlat(data : AuthenticateSchemaMap) : (ret : bool) - ensures ret ==> (forall v <- data.Values :: v.content.Action?) - { - forall k <- data :: data[k].content.Action? - } - - // Map must contain only Terminals - function method DataMapIsFlat(data : StructuredDataMap) : (ret : bool) - ensures ret ==> (forall v <- data.Values :: v.content.Terminal?) - { - forall k <- data :: data[k].content.Terminal? - } - type FlatDataMap = x : StructuredDataMap | DataMapIsFlat(x) - // attribute is "authorized", a.k.a. included in the signature predicate method IsAuthAttr(x : CryptoAction) { @@ -173,25 +142,16 @@ module StructuredEncryptionUtil { // wrap a value in a StructuredData function method ValueToData(value : Bytes, typeId : Bytes) - : StructuredData + : StructuredDataTerminal requires IsValid_TerminalTypeId(typeId) { - StructuredData( - content := StructuredDataContent.Terminal( - Terminal := StructuredDataTerminal( - typeId := typeId, - value := value - ) - ), - attributes := None - ) + StructuredDataTerminal(typeId := typeId, value := value) } // extract a value from a StructuredData - function method GetValue(data : StructuredData) : Bytes - requires data.content.Terminal? + function method GetValue(data : StructuredDataTerminal) : Bytes { - data.content.Terminal.value + data.value } predicate method ByteLess(x : uint8, y : uint8) diff --git a/DynamoDbEncryption/dafny/StructuredEncryption/test/HappyCaseTests.dfy b/DynamoDbEncryption/dafny/StructuredEncryption/test/HappyCaseTests.dfy index 7e3346a12..7c41f025c 100644 --- a/DynamoDbEncryption/dafny/StructuredEncryption/test/HappyCaseTests.dfy +++ b/DynamoDbEncryption/dafny/StructuredEncryption/test/HappyCaseTests.dfy @@ -39,14 +39,12 @@ module HappyCaseTests { print encryptRes; } expect encryptRes.Success?; - var newData := encryptRes.value.encryptedStructure.content; - var testData := StructuredDataTestFixtures.TEST_STRUCTURED_DATA.content; - expect newData.DataMap?; - expect testData.DataMap?; - expect newData.DataMap.Keys == testData.DataMap.Keys + {HeaderField, FooterField}; - expect newData.DataMap["foo"] != testData.DataMap["foo"]; - expect newData.DataMap["bar"] == testData.DataMap["bar"]; - expect newData.DataMap["fizzbuzz"] == testData.DataMap["fizzbuzz"]; + var newData := encryptRes.value.encryptedStructure; + var testData := StructuredDataTestFixtures.TEST_STRUCTURED_DATA; + expect newData.Keys == testData.Keys + {HeaderField, FooterField}; + expect newData["foo"] != testData["foo"]; + expect newData["bar"] == testData["bar"]; + expect newData["fizzbuzz"] == testData["fizzbuzz"]; var decryptRes := structuredEncryption.DecryptStructure( DecryptStructureInput( @@ -62,27 +60,17 @@ module HappyCaseTests { print "\n\n",decryptRes,"\n\n"; } expect decryptRes.Success?; - var newResult := decryptRes.value.plaintextStructure.content; - var testResult := StructuredDataTestFixtures.TEST_STRUCTURED_DATA.content; - expect newResult.DataMap?; - expect newResult.DataMap == testResult.DataMap; + var newResult := decryptRes.value.plaintextStructure; + var testResult := StructuredDataTestFixtures.TEST_STRUCTURED_DATA; + expect newResult == testResult; - //= specification/structured-encryption/decrypt-structure.md#construct-decrypted-structured-data + //= specification/structured-encryption/decrypt-path-structure.md#construct-decrypted-structured-data //= type=test //# The output MUST also include a [Parsed Header](#parsed-header) that contains //# data that was serialized into the header included in the output Structured Data. - //= specification/structured-encryption/decrypt-structure.md#parsed-header - //= type=test - //# This structure MUST contain the following values, - //# representing the deserialized form of the header of the input encrypted structure: - //# - [Algorithm Suite ID](./header.md#format-flavor): The Algorithm Suite ID associated with the Format Flavor on the header. - //# - [Crypto Schema](./header.md#encrypt-legend): The Crypto Schema for each signed Terminal, - //# calculated using the Crypto Legend in the header, the signature scope used for decryption, and the data in the input structure. - //# - [Stored Encryption Context](./header.md#encryption-context): The Encryption Context stored in the header. - //# - [Encrypted Data Keys](./header.md#encrypted-data-keys): The Encrypted Data Keys stored in the header. var parsedHeader := decryptRes.value.parsedHeader; - expect parsedHeader.cryptoSchema == StructuredDataTestFixtures.TEST_CRYPTO_SCHEMA_AUTH_ONLY; + expect decryptRes.value.cryptoSchema == StructuredDataTestFixtures.TEST_CRYPTO_SCHEMA_AUTH_ONLY; expect parsedHeader.algorithmSuiteId == algSuiteId; expect encContext.Keys <= parsedHeader.storedEncryptionContext.Keys; expect forall k <- encContext.Keys :: parsedHeader.storedEncryptionContext[k] == encContext[k]; diff --git a/DynamoDbEncryption/dafny/StructuredEncryption/test/Header.dfy b/DynamoDbEncryption/dafny/StructuredEncryption/test/Header.dfy index cbec73441..5533fa7e7 100644 --- a/DynamoDbEncryption/dafny/StructuredEncryption/test/Header.dfy +++ b/DynamoDbEncryption/dafny/StructuredEncryption/test/Header.dfy @@ -9,6 +9,7 @@ module TestHeader { import opened AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes import opened StructuredEncryptionUtil + import OPS = AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations import StructuredEncryption import AwsCryptographyMaterialProvidersTypes import CMP = AwsCryptographyMaterialProvidersTypes @@ -67,12 +68,12 @@ module TestHeader { expect badResult.error == E("Key commitment mismatch."); } - const a : uint8 := 'a' as uint8; - const b : uint8 := 'b' as uint8; - const c : uint8 := 'c' as uint8; - const d : uint8 := 'd' as uint8; - const e : uint8 := 'e' as uint8; - const f : uint8 := 'f' as uint8; + const a : uint8 := 'a' as uint8 + const b : uint8 := 'b' as uint8 + const c : uint8 := 'c' as uint8 + const d : uint8 := 'd' as uint8 + const e : uint8 := 'e' as uint8 + const f : uint8 := 'f' as uint8 method {:test} TestDuplicateContext() { var cont : CMPEncryptionContext := map[EncodeAscii("abc") := EncodeAscii("def"), EncodeAscii("cba") := EncodeAscii("fed")]; var serCont := SerializeContext(cont); @@ -120,26 +121,23 @@ module TestHeader { expect newBadCont == Failure(E("Context keys out of order.")); } - function method MakeSchema(action: CryptoAction) : CryptoSchema + function method MakeCrypto(s : string, a : CryptoAction) : CryptoItem { - CryptoSchema ( - content := CryptoSchemaContent.Action(action), - attributes := None - ) + CryptoItem(key := StringToUniPath(s), data := StructuredDataTerminal(value := [], typeId := [1,2]), action := a) } method {:test} TestSchemaOrderAlpha() { - var schemaMap : CryptoSchemaMap := map[ - "abc" := MakeSchema(ENCRYPT_AND_SIGN), - "def" := MakeSchema(SIGN_ONLY), - "ghi" := MakeSchema(DO_NOTHING), - "jkl" := MakeSchema(ENCRYPT_AND_SIGN), - "mno" := MakeSchema(SIGN_ONLY), - "pqr" := MakeSchema(DO_NOTHING) + var schemaMap : CryptoList := [ + MakeCrypto("abc", ENCRYPT_AND_SIGN), + MakeCrypto("def", SIGN_ONLY), + MakeCrypto("ghi", DO_NOTHING), + MakeCrypto("jkl", ENCRYPT_AND_SIGN), + MakeCrypto("mno", SIGN_ONLY), + MakeCrypto("pqr", DO_NOTHING) ]; - var schema := CryptoSchema(content := CryptoSchemaContent.SchemaMap(schemaMap), attributes := None); var tableName : GoodString := "name"; - var legend :- expect MakeLegend(tableName, schema); + var canonSchema :- expect OPS.CanonizeForEncrypt(tableName, schemaMap); + var legend :- expect MakeLegend(canonSchema); //= specification/structured-encryption/header.md#encrypt-legend-bytes //= type=test //# The Encrypt Legend Bytes MUST be serialized as follows: @@ -151,17 +149,17 @@ module TestHeader { } method {:test} {:vcs_split_on_every_assert} TestSchemaOrderLength() { - var schemaMap : CryptoSchemaMap := map[ - "aa" := MakeSchema(ENCRYPT_AND_SIGN), - "zz" := MakeSchema(SIGN_ONLY), - "aaa" := MakeSchema(DO_NOTHING), - "zzz" := MakeSchema(ENCRYPT_AND_SIGN), - "aaaa" := MakeSchema(SIGN_ONLY), - "zzzz" := MakeSchema(DO_NOTHING) + var schemaMap : CryptoList := [ + MakeCrypto("aa", ENCRYPT_AND_SIGN), + MakeCrypto("zz", SIGN_ONLY), + MakeCrypto("aaa", DO_NOTHING), + MakeCrypto("zzz", ENCRYPT_AND_SIGN), + MakeCrypto("aaaa", SIGN_ONLY), + MakeCrypto("zzzz", DO_NOTHING) ]; - var schema := CryptoSchema(content := CryptoSchemaContent.SchemaMap(schemaMap), attributes := None); var tableName : GoodString := "name"; - var legend :- expect MakeLegend(tableName, schema); + var canonSchema :- expect OPS.CanonizeForEncrypt(tableName, schemaMap); + var legend :- expect MakeLegend(canonSchema); //= specification/structured-encryption/header.md#encrypt-legend-bytes //= type=test //# The Encrypt Legend Bytes MUST be serialized as follows: @@ -172,4 +170,27 @@ module TestHeader { expect legend == [ENCRYPT_AND_SIGN_LEGEND, SIGN_ONLY_LEGEND, ENCRYPT_AND_SIGN_LEGEND, SIGN_ONLY_LEGEND]; } + method {:test} {:vcs_split_on_every_assert} TestSchemaOrderLength2() { + var schemaMap : CryptoList := [ + MakeCrypto("aa", ENCRYPT_AND_SIGN), + MakeCrypto("zzz", ENCRYPT_AND_SIGN), + MakeCrypto("zzzz", DO_NOTHING), + MakeCrypto("aaa", DO_NOTHING), + MakeCrypto("zz", SIGN_ONLY), + MakeCrypto("aaaa", SIGN_ONLY) + ]; + var tableName : GoodString := "name"; + var canonSchema :- expect OPS.CanonizeForEncrypt(tableName, schemaMap); + var legend :- expect MakeLegend(canonSchema); + //= specification/structured-encryption/header.md#encrypt-legend-bytes + //= type=test + //# The Encrypt Legend Bytes MUST be serialized as follows: + // 1. Order every authenticated attribute in the item by the [Canonical Path](#canonical-path) + // 2. For each authenticated terminal, in order, + // append one of the byte values specified above to indicate whether + // that field should be encrypted. + expect legend == [ENCRYPT_AND_SIGN_LEGEND, SIGN_ONLY_LEGEND, ENCRYPT_AND_SIGN_LEGEND, SIGN_ONLY_LEGEND]; + } + + } diff --git a/DynamoDbEncryption/dafny/StructuredEncryption/test/Paths.dfy b/DynamoDbEncryption/dafny/StructuredEncryption/test/Paths.dfy index bc71ad1f2..63726a18d 100644 --- a/DynamoDbEncryption/dafny/StructuredEncryption/test/Paths.dfy +++ b/DynamoDbEncryption/dafny/StructuredEncryption/test/Paths.dfy @@ -12,29 +12,28 @@ module PathsTests { method {:test} TestSpecExamples() { var tableName : GoodString := "example_table"; assert(ValidString("example_table")); - var name := Selector.Map("name"); - var pathToTest := TerminalLocation([name]); - expect pathToTest.canonicalPath(tableName) == + var pathToTest := StringToUniPath("name"); + expect CanonPath(tableName, pathToTest) == UTF8.EncodeAscii("example_table") + [0,0,0,0,0,0,0,1] // depth + ['$' as uint8] // map + [0,0,0,0,0,0,0,4] // length + UTF8.EncodeAscii("name"); - var history := Selector.Map("status-history"); - var index := Selector.List(0); - var timestamp := Selector.Map("timestamp"); - var pathToTest2 := TerminalLocation([history, index, timestamp]); - expect pathToTest2.canonicalPath(tableName) == - UTF8.EncodeAscii("example_table") - + [0,0,0,0,0,0,0,3] // depth - + ['$' as uint8] // map - + [0,0,0,0,0,0,0,14] // length of "status-history" - + UTF8.EncodeAscii("status-history") - + ['#' as uint8] // array - + [0,0,0,0,0,0,0,0] // index - + ['$' as uint8] // map - + [0,0,0,0,0,0,0,9] // length of "timestamp" - + UTF8.EncodeAscii("timestamp"); + // var history := Selector.Map("status-history"); + // var index := Selector.List(0); + // var timestamp := Selector.Map("timestamp"); + // var pathToTest2 := TerminalLocation([history, index, timestamp]); + // expect CanonPath(tableName, pathToTest2) == + // UTF8.EncodeAscii("example_table") + // + [0,0,0,0,0,0,0,3] // depth + // + ['$' as uint8] // map + // + [0,0,0,0,0,0,0,14] // length of "status-history" + // + UTF8.EncodeAscii("status-history") + // + ['#' as uint8] // array + // + [0,0,0,0,0,0,0,0] // index + // + ['$' as uint8] // map + // + [0,0,0,0,0,0,0,9] // length of "timestamp" + // + UTF8.EncodeAscii("timestamp"); } } diff --git a/DynamoDbEncryption/dafny/StructuredEncryption/test/StructuredDataTestFixtures.dfy b/DynamoDbEncryption/dafny/StructuredEncryption/test/StructuredDataTestFixtures.dfy index c0711b9c3..4f03a1e5b 100644 --- a/DynamoDbEncryption/dafny/StructuredEncryption/test/StructuredDataTestFixtures.dfy +++ b/DynamoDbEncryption/dafny/StructuredEncryption/test/StructuredDataTestFixtures.dfy @@ -11,120 +11,53 @@ module StructuredDataTestFixtures { import MaterialProviders import AwsCryptographyMaterialProvidersTypes - const TEST_TYPE_ID : seq := [0xFF, 0xFF]; - const TEST_BLOB_VALUE : seq := [0x21, 0x64, 0x6c, 0x72, 0x6f, 0x77, 0x20, 0x2c, 0x6f, 0x6c, 0x6c, 0x65, 0x68]; + const TEST_TYPE_ID : seq := [0xFF, 0xFF] + const TEST_BLOB_VALUE : seq := [0x21, 0x64, 0x6c, 0x72, 0x6f, 0x77, 0x20, 0x2c, 0x6f, 0x6c, 0x6c, 0x65, 0x68] - const TEST_STRUCTURED_DATA := StructuredData( - content := StructuredDataContent.DataMap( - DataMap := map[ - "foo" := StructuredData( - content := StructuredDataContent.Terminal( - Terminal := StructuredDataTerminal( - value := TEST_BLOB_VALUE, - typeId := TEST_TYPE_ID - ) - ), - attributes := None() - ), - "bar" := StructuredData( - content := StructuredDataContent.Terminal( - Terminal := StructuredDataTerminal( - value := TEST_BLOB_VALUE, - typeId := TEST_TYPE_ID - ) - ), - attributes := None() - ), - "fizzbuzz" := StructuredData( - content := StructuredDataContent.Terminal( - Terminal := StructuredDataTerminal( - value := TEST_BLOB_VALUE, - typeId := TEST_TYPE_ID - ) - ), - attributes := None() - ) - ] - ), - attributes := None() - ); + const TEST_STRUCTURED_DATA : StructuredDataMap := + map[ + "foo" := StructuredDataTerminal( + value := TEST_BLOB_VALUE, + typeId := TEST_TYPE_ID + ), + "bar" := StructuredDataTerminal( + value := TEST_BLOB_VALUE, + typeId := TEST_TYPE_ID + ), + "fizzbuzz" := StructuredDataTerminal( + value := TEST_BLOB_VALUE, + typeId := TEST_TYPE_ID + ) + ] - const TEST_CRYPTO_SCHEMA := CryptoSchema( - content := CryptoSchemaContent.SchemaMap( - SchemaMap := map[ - "foo" := CryptoSchema( - content := CryptoSchemaContent.Action( - Action := CryptoAction.ENCRYPT_AND_SIGN - ), - attributes := None() - ), - "bar" := CryptoSchema( - content := CryptoSchemaContent.Action( - Action := CryptoAction.SIGN_ONLY - ), - attributes := None() - ), - "fizzbuzz" := CryptoSchema( - content := CryptoSchemaContent.Action( - Action := CryptoAction.DO_NOTHING - ), - attributes := None() - ) - ] - ), - attributes := None() - ); - const TEST_CRYPTO_SCHEMA_AUTH_ONLY := CryptoSchema( - content := CryptoSchemaContent.SchemaMap( - SchemaMap := map[ - "foo" := CryptoSchema( - content := CryptoSchemaContent.Action( - Action := CryptoAction.ENCRYPT_AND_SIGN - ), - attributes := None() - ), - "bar" := CryptoSchema( - content := CryptoSchemaContent.Action( - Action := CryptoAction.SIGN_ONLY - ), - attributes := None() - ) - ] - ), - attributes := None() - ); - const TEST_AUTHENTICATE_SCHEMA := AuthenticateSchema( - content := AuthenticateSchemaContent.SchemaMap( - SchemaMap := map[ - "foo" := AuthenticateSchema( - content := AuthenticateSchemaContent.Action( - Action := AuthenticateAction.SIGN - ), - attributes := None() - ), - "bar" := AuthenticateSchema( - content := AuthenticateSchemaContent.Action( - Action := AuthenticateAction.SIGN - ), - attributes := None() - ), - "fizzbuzz" := AuthenticateSchema( - content := AuthenticateSchemaContent.Action( - Action := AuthenticateAction.DO_NOT_SIGN - ), - attributes := None() - ) - ] - ), - attributes := None() - ); - const PUBLIC_US_WEST_2_KMS_TEST_KEY := "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f"; + const TEST_CRYPTO_SCHEMA : CryptoSchemaMap := + map[ + "foo" := CryptoAction.ENCRYPT_AND_SIGN, + "bar" := CryptoAction.SIGN_ONLY, + "fizzbuzz" := CryptoAction.DO_NOTHING + ] + const TEST_CRYPTO_SCHEMA_AUTH_ONLY : CryptoSchemaMap := + map[ + "foo" := CryptoAction.ENCRYPT_AND_SIGN, + "bar" := CryptoAction.SIGN_ONLY + ] + + const TEST_AUTHENTICATE_SCHEMA : AuthenticateSchemaMap := + map[ + "foo" := SIGN, + "bar" := SIGN, + "fizzbuzz" := DO_NOT_SIGN, + "aws_dbe_head" := DO_NOT_SIGN, + "aws_dbe_foot" := DO_NOT_SIGN + ] + + const PUBLIC_US_WEST_2_KMS_TEST_KEY := "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f" method GetDefaultCMMWithKMSKeyring() returns (cmm: AwsCryptographyMaterialProvidersTypes.ICryptographicMaterialsManager) - ensures cmm.ValidState(); - ensures fresh(cmm); - ensures fresh(cmm.Modifies); + ensures cmm.ValidState() + ensures fresh(cmm) + ensures fresh(cmm.Modifies) { var matProv :- expect MaterialProviders.MaterialProviders(MaterialProviders.DefaultMaterialProvidersConfig()); var keyringInput := AwsCryptographyMaterialProvidersTypes.CreateAwsKmsMultiKeyringInput( diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/StructuredEncryption.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/StructuredEncryption.java index 13a86ef6c..d03ad3199 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/StructuredEncryption.java +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/StructuredEncryption.java @@ -10,10 +10,16 @@ import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.__default; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.Error; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.IStructuredEncryptionClient; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.DecryptPathStructureInput; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.DecryptPathStructureOutput; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.DecryptStructureInput; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.DecryptStructureOutput; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.EncryptPathStructureInput; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.EncryptPathStructureOutput; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.EncryptStructureInput; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.EncryptStructureOutput; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.ResolveAuthActionsInput; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.ResolveAuthActionsOutput; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.StructuredEncryptionConfig; public class StructuredEncryption { @@ -40,6 +46,21 @@ public static Builder builder() { return new BuilderImpl(); } + public DecryptPathStructureOutput DecryptPathStructure( + DecryptPathStructureInput input + ) { + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptPathStructureInput dafnyValue = + ToDafny.DecryptPathStructureInput(input); + Result< + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptPathStructureOutput, + Error + > result = this._impl.DecryptPathStructure(dafnyValue); + if (result.is_Failure()) { + throw ToNative.Error(result.dtor_error()); + } + return ToNative.DecryptPathStructureOutput(result.dtor_value()); + } + public DecryptStructureOutput DecryptStructure(DecryptStructureInput input) { software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptStructureInput dafnyValue = ToDafny.DecryptStructureInput(input); @@ -53,6 +74,21 @@ public DecryptStructureOutput DecryptStructure(DecryptStructureInput input) { return ToNative.DecryptStructureOutput(result.dtor_value()); } + public EncryptPathStructureOutput EncryptPathStructure( + EncryptPathStructureInput input + ) { + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptPathStructureInput dafnyValue = + ToDafny.EncryptPathStructureInput(input); + Result< + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptPathStructureOutput, + Error + > result = this._impl.EncryptPathStructure(dafnyValue); + if (result.is_Failure()) { + throw ToNative.Error(result.dtor_error()); + } + return ToNative.EncryptPathStructureOutput(result.dtor_value()); + } + public EncryptStructureOutput EncryptStructure(EncryptStructureInput input) { software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptStructureInput dafnyValue = ToDafny.EncryptStructureInput(input); @@ -66,6 +102,21 @@ public EncryptStructureOutput EncryptStructure(EncryptStructureInput input) { return ToNative.EncryptStructureOutput(result.dtor_value()); } + public ResolveAuthActionsOutput ResolveAuthActions( + ResolveAuthActionsInput input + ) { + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ResolveAuthActionsInput dafnyValue = + ToDafny.ResolveAuthActionsInput(input); + Result< + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ResolveAuthActionsOutput, + Error + > result = this._impl.ResolveAuthActions(dafnyValue); + if (result.is_Failure()) { + throw ToNative.Error(result.dtor_error()); + } + return ToNative.ResolveAuthActionsOutput(result.dtor_value()); + } + protected IStructuredEncryptionClient impl() { return this._impl; } diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/ToDafny.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/ToDafny.java index 983c37717..3ec5e6a19 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/ToDafny.java +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/ToDafny.java @@ -14,22 +14,26 @@ import java.util.List; import java.util.Map; import java.util.Objects; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthItem; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateAction; -import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateSchema; -import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateSchemaContent; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoAction; -import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoSchema; -import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoSchemaContent; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoItem; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptPathStructureInput; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptPathStructureOutput; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptStructureInput; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptStructureOutput; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptPathStructureInput; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptPathStructureOutput; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptStructureInput; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptStructureOutput; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.Error; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.Error_StructuredEncryptionException; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.IStructuredEncryptionClient; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ParsedHeader; -import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredData; -import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredDataContent; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.PathSegment; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ResolveAuthActionsInput; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ResolveAuthActionsOutput; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructureSegment; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredDataTerminal; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredEncryptionConfig; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.CollectionOfErrors; @@ -72,46 +76,76 @@ public static Error Error(CollectionOfErrors nativeValue) { return Error.create_CollectionOfErrors(list, message); } - public static AuthenticateSchema AuthenticateSchema( - software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.AuthenticateSchema nativeValue + public static AuthItem AuthItem( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.AuthItem nativeValue ) { - AuthenticateSchemaContent content; - content = ToDafny.AuthenticateSchemaContent(nativeValue.content()); - Option< - DafnyMap< - ? extends DafnySequence, - ? extends AuthenticateAction - > - > attributes; - attributes = - (Objects.nonNull(nativeValue.attributes()) && - nativeValue.attributes().size() > 0) - ? Option.create_Some( - ToDafny.AuthenticateSchemaAttributes(nativeValue.attributes()) - ) - : Option.create_None(); - return new AuthenticateSchema(content, attributes); + DafnySequence key; + key = ToDafny.Path(nativeValue.key()); + StructuredDataTerminal data; + data = ToDafny.StructuredDataTerminal(nativeValue.data()); + AuthenticateAction action; + action = ToDafny.AuthenticateAction(nativeValue.action()); + return new AuthItem(key, data, action); } - public static CryptoSchema CryptoSchema( - software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.CryptoSchema nativeValue + public static CryptoItem CryptoItem( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.CryptoItem nativeValue ) { - CryptoSchemaContent content; - content = ToDafny.CryptoSchemaContent(nativeValue.content()); + DafnySequence key; + key = ToDafny.Path(nativeValue.key()); + StructuredDataTerminal data; + data = ToDafny.StructuredDataTerminal(nativeValue.data()); + CryptoAction action; + action = ToDafny.CryptoAction(nativeValue.action()); + return new CryptoItem(key, data, action); + } + + public static DecryptPathStructureInput DecryptPathStructureInput( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.DecryptPathStructureInput nativeValue + ) { + DafnySequence tableName; + tableName = + software.amazon.smithy.dafny.conversion.ToDafny.Simple.CharacterSequence( + nativeValue.tableName() + ); + DafnySequence encryptedStructure; + encryptedStructure = ToDafny.AuthList(nativeValue.encryptedStructure()); + ICryptographicMaterialsManager cmm; + cmm = + software.amazon.cryptography.materialproviders.ToDafny.CryptographicMaterialsManager( + nativeValue.cmm() + ); Option< DafnyMap< - ? extends DafnySequence, - ? extends AuthenticateAction + ? extends DafnySequence, + ? extends DafnySequence > - > attributes; - attributes = - (Objects.nonNull(nativeValue.attributes()) && - nativeValue.attributes().size() > 0) + > encryptionContext; + encryptionContext = + (Objects.nonNull(nativeValue.encryptionContext()) && + nativeValue.encryptionContext().size() > 0) ? Option.create_Some( - ToDafny.CryptoSchemaAttributes(nativeValue.attributes()) + software.amazon.cryptography.materialproviders.ToDafny.EncryptionContext( + nativeValue.encryptionContext() + ) ) : Option.create_None(); - return new CryptoSchema(content, attributes); + return new DecryptPathStructureInput( + tableName, + encryptedStructure, + cmm, + encryptionContext + ); + } + + public static DecryptPathStructureOutput DecryptPathStructureOutput( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.DecryptPathStructureOutput nativeValue + ) { + DafnySequence plaintextStructure; + plaintextStructure = ToDafny.CryptoList(nativeValue.plaintextStructure()); + ParsedHeader parsedHeader; + parsedHeader = ToDafny.ParsedHeader(nativeValue.parsedHeader()); + return new DecryptPathStructureOutput(plaintextStructure, parsedHeader); } public static DecryptStructureInput DecryptStructureInput( @@ -122,12 +156,18 @@ public static DecryptStructureInput DecryptStructureInput( software.amazon.smithy.dafny.conversion.ToDafny.Simple.CharacterSequence( nativeValue.tableName() ); - StructuredData encryptedStructure; + DafnyMap< + ? extends DafnySequence, + ? extends StructuredDataTerminal + > encryptedStructure; encryptedStructure = - ToDafny.StructuredData(nativeValue.encryptedStructure()); - AuthenticateSchema authenticateSchema; + ToDafny.StructuredDataMap(nativeValue.encryptedStructure()); + DafnyMap< + ? extends DafnySequence, + ? extends AuthenticateAction + > authenticateSchema; authenticateSchema = - ToDafny.AuthenticateSchema(nativeValue.authenticateSchema()); + ToDafny.AuthenticateSchemaMap(nativeValue.authenticateSchema()); ICryptographicMaterialsManager cmm; cmm = software.amazon.cryptography.materialproviders.ToDafny.CryptographicMaterialsManager( @@ -160,12 +200,82 @@ public static DecryptStructureInput DecryptStructureInput( public static DecryptStructureOutput DecryptStructureOutput( software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.DecryptStructureOutput nativeValue ) { - StructuredData plaintextStructure; + DafnyMap< + ? extends DafnySequence, + ? extends StructuredDataTerminal + > plaintextStructure; plaintextStructure = - ToDafny.StructuredData(nativeValue.plaintextStructure()); + ToDafny.StructuredDataMap(nativeValue.plaintextStructure()); + DafnyMap< + ? extends DafnySequence, + ? extends CryptoAction + > cryptoSchema; + cryptoSchema = ToDafny.CryptoSchemaMap(nativeValue.cryptoSchema()); ParsedHeader parsedHeader; parsedHeader = ToDafny.ParsedHeader(nativeValue.parsedHeader()); - return new DecryptStructureOutput(plaintextStructure, parsedHeader); + return new DecryptStructureOutput( + plaintextStructure, + cryptoSchema, + parsedHeader + ); + } + + public static EncryptPathStructureInput EncryptPathStructureInput( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.EncryptPathStructureInput nativeValue + ) { + DafnySequence tableName; + tableName = + software.amazon.smithy.dafny.conversion.ToDafny.Simple.CharacterSequence( + nativeValue.tableName() + ); + DafnySequence plaintextStructure; + plaintextStructure = ToDafny.CryptoList(nativeValue.plaintextStructure()); + ICryptographicMaterialsManager cmm; + cmm = + software.amazon.cryptography.materialproviders.ToDafny.CryptographicMaterialsManager( + nativeValue.cmm() + ); + Option algorithmSuiteId; + algorithmSuiteId = + Objects.nonNull(nativeValue.algorithmSuiteId()) + ? Option.create_Some( + software.amazon.cryptography.materialproviders.ToDafny.DBEAlgorithmSuiteId( + nativeValue.algorithmSuiteId() + ) + ) + : Option.create_None(); + Option< + DafnyMap< + ? extends DafnySequence, + ? extends DafnySequence + > + > encryptionContext; + encryptionContext = + (Objects.nonNull(nativeValue.encryptionContext()) && + nativeValue.encryptionContext().size() > 0) + ? Option.create_Some( + software.amazon.cryptography.materialproviders.ToDafny.EncryptionContext( + nativeValue.encryptionContext() + ) + ) + : Option.create_None(); + return new EncryptPathStructureInput( + tableName, + plaintextStructure, + cmm, + algorithmSuiteId, + encryptionContext + ); + } + + public static EncryptPathStructureOutput EncryptPathStructureOutput( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.EncryptPathStructureOutput nativeValue + ) { + DafnySequence encryptedStructure; + encryptedStructure = ToDafny.CryptoList(nativeValue.encryptedStructure()); + ParsedHeader parsedHeader; + parsedHeader = ToDafny.ParsedHeader(nativeValue.parsedHeader()); + return new EncryptPathStructureOutput(encryptedStructure, parsedHeader); } public static EncryptStructureInput EncryptStructureInput( @@ -176,11 +286,17 @@ public static EncryptStructureInput EncryptStructureInput( software.amazon.smithy.dafny.conversion.ToDafny.Simple.CharacterSequence( nativeValue.tableName() ); - StructuredData plaintextStructure; + DafnyMap< + ? extends DafnySequence, + ? extends StructuredDataTerminal + > plaintextStructure; plaintextStructure = - ToDafny.StructuredData(nativeValue.plaintextStructure()); - CryptoSchema cryptoSchema; - cryptoSchema = ToDafny.CryptoSchema(nativeValue.cryptoSchema()); + ToDafny.StructuredDataMap(nativeValue.plaintextStructure()); + DafnyMap< + ? extends DafnySequence, + ? extends CryptoAction + > cryptoSchema; + cryptoSchema = ToDafny.CryptoSchemaMap(nativeValue.cryptoSchema()); ICryptographicMaterialsManager cmm; cmm = software.amazon.cryptography.materialproviders.ToDafny.CryptographicMaterialsManager( @@ -223,19 +339,29 @@ public static EncryptStructureInput EncryptStructureInput( public static EncryptStructureOutput EncryptStructureOutput( software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.EncryptStructureOutput nativeValue ) { - StructuredData encryptedStructure; + DafnyMap< + ? extends DafnySequence, + ? extends StructuredDataTerminal + > encryptedStructure; encryptedStructure = - ToDafny.StructuredData(nativeValue.encryptedStructure()); + ToDafny.StructuredDataMap(nativeValue.encryptedStructure()); + DafnyMap< + ? extends DafnySequence, + ? extends CryptoAction + > cryptoSchema; + cryptoSchema = ToDafny.CryptoSchemaMap(nativeValue.cryptoSchema()); ParsedHeader parsedHeader; parsedHeader = ToDafny.ParsedHeader(nativeValue.parsedHeader()); - return new EncryptStructureOutput(encryptedStructure, parsedHeader); + return new EncryptStructureOutput( + encryptedStructure, + cryptoSchema, + parsedHeader + ); } public static ParsedHeader ParsedHeader( software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.ParsedHeader nativeValue ) { - CryptoSchema cryptoSchema; - cryptoSchema = ToDafny.CryptoSchema(nativeValue.cryptoSchema()); DBEAlgorithmSuiteId algorithmSuiteId; algorithmSuiteId = software.amazon.cryptography.materialproviders.ToDafny.DBEAlgorithmSuiteId( @@ -263,7 +389,6 @@ public static ParsedHeader ParsedHeader( nativeValue.encryptionContext() ); return new ParsedHeader( - cryptoSchema, algorithmSuiteId, encryptedDataKeys, storedEncryptionContext, @@ -271,25 +396,30 @@ public static ParsedHeader ParsedHeader( ); } - public static StructuredData StructuredData( - software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.StructuredData nativeValue + public static ResolveAuthActionsInput ResolveAuthActionsInput( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.ResolveAuthActionsInput nativeValue ) { - StructuredDataContent content; - content = ToDafny.StructuredDataContent(nativeValue.content()); - Option< - DafnyMap< - ? extends DafnySequence, - ? extends StructuredDataTerminal - > - > attributes; - attributes = - (Objects.nonNull(nativeValue.attributes()) && - nativeValue.attributes().size() > 0) - ? Option.create_Some( - ToDafny.StructuredDataAttributes(nativeValue.attributes()) - ) - : Option.create_None(); - return new StructuredData(content, attributes); + DafnySequence tableName; + tableName = + software.amazon.smithy.dafny.conversion.ToDafny.Simple.CharacterSequence( + nativeValue.tableName() + ); + DafnySequence authActions; + authActions = ToDafny.AuthList(nativeValue.authActions()); + DafnySequence headerBytes; + headerBytes = + software.amazon.smithy.dafny.conversion.ToDafny.Simple.ByteSequence( + nativeValue.headerBytes() + ); + return new ResolveAuthActionsInput(tableName, authActions, headerBytes); + } + + public static ResolveAuthActionsOutput ResolveAuthActionsOutput( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.ResolveAuthActionsOutput nativeValue + ) { + DafnySequence cryptoActions; + cryptoActions = ToDafny.CryptoList(nativeValue.cryptoActions()); + return new ResolveAuthActionsOutput(cryptoActions); } public static StructuredDataTerminal StructuredDataTerminal( @@ -314,6 +444,17 @@ public static StructuredEncryptionConfig StructuredEncryptionConfig( return new StructuredEncryptionConfig(); } + public static StructureSegment StructureSegment( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.StructureSegment nativeValue + ) { + DafnySequence key; + key = + software.amazon.smithy.dafny.conversion.ToDafny.Simple.CharacterSequence( + nativeValue.key() + ); + return new StructureSegment(key); + } + public static Error Error(StructuredEncryptionException nativeValue) { DafnySequence message; message = @@ -377,155 +518,59 @@ public static CryptoAction CryptoAction( } } - public static AuthenticateSchemaContent AuthenticateSchemaContent( - software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.AuthenticateSchemaContent nativeValue + public static PathSegment PathSegment( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.PathSegment nativeValue ) { - if (Objects.nonNull(nativeValue.Action())) { - return AuthenticateSchemaContent.create_Action( - ToDafny.AuthenticateAction(nativeValue.Action()) - ); - } - if (Objects.nonNull(nativeValue.SchemaMap())) { - return AuthenticateSchemaContent.create_SchemaMap( - ToDafny.AuthenticateSchemaMap(nativeValue.SchemaMap()) - ); - } - if (Objects.nonNull(nativeValue.SchemaList())) { - return AuthenticateSchemaContent.create_SchemaList( - ToDafny.AuthenticateSchemaList(nativeValue.SchemaList()) - ); - } - throw new IllegalArgumentException( - "Cannot convert " + - nativeValue + - " to software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateSchemaContent." - ); - } - - public static CryptoSchemaContent CryptoSchemaContent( - software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.CryptoSchemaContent nativeValue - ) { - if (Objects.nonNull(nativeValue.Action())) { - return CryptoSchemaContent.create_Action( - ToDafny.CryptoAction(nativeValue.Action()) - ); - } - if (Objects.nonNull(nativeValue.SchemaMap())) { - return CryptoSchemaContent.create_SchemaMap( - ToDafny.CryptoSchemaMap(nativeValue.SchemaMap()) - ); - } - if (Objects.nonNull(nativeValue.SchemaList())) { - return CryptoSchemaContent.create_SchemaList( - ToDafny.CryptoSchemaList(nativeValue.SchemaList()) - ); + if (Objects.nonNull(nativeValue.member())) { + return PathSegment.create(ToDafny.StructureSegment(nativeValue.member())); } throw new IllegalArgumentException( "Cannot convert " + nativeValue + - " to software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoSchemaContent." + " to software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.PathSegment." ); } - public static StructuredDataContent StructuredDataContent( - software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.StructuredDataContent nativeValue - ) { - if (Objects.nonNull(nativeValue.Terminal())) { - return StructuredDataContent.create_Terminal( - ToDafny.StructuredDataTerminal(nativeValue.Terminal()) - ); - } - if (Objects.nonNull(nativeValue.DataList())) { - return StructuredDataContent.create_DataList( - ToDafny.StructuredDataList(nativeValue.DataList()) - ); - } - if (Objects.nonNull(nativeValue.DataMap())) { - return StructuredDataContent.create_DataMap( - ToDafny.StructuredDataMap(nativeValue.DataMap()) - ); - } - throw new IllegalArgumentException( - "Cannot convert " + - nativeValue + - " to software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredDataContent." - ); - } - - public static DafnySequence< - ? extends AuthenticateSchema - > AuthenticateSchemaList( + public static DafnySequence AuthList( List< - software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.AuthenticateSchema + software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.AuthItem > nativeValue ) { return software.amazon.smithy.dafny.conversion.ToDafny.Aggregate.GenericToSequence( nativeValue, - software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToDafny::AuthenticateSchema, - AuthenticateSchema._typeDescriptor() + software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToDafny::AuthItem, + AuthItem._typeDescriptor() ); } - public static DafnySequence CryptoSchemaList( + public static DafnySequence CryptoList( List< - software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.CryptoSchema + software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.CryptoItem > nativeValue ) { return software.amazon.smithy.dafny.conversion.ToDafny.Aggregate.GenericToSequence( nativeValue, - software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToDafny::CryptoSchema, - CryptoSchema._typeDescriptor() + software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToDafny::CryptoItem, + CryptoItem._typeDescriptor() ); } - public static DafnySequence StructuredDataList( + public static DafnySequence Path( List< - software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.StructuredData + software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.PathSegment > nativeValue ) { return software.amazon.smithy.dafny.conversion.ToDafny.Aggregate.GenericToSequence( nativeValue, - software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToDafny::StructuredData, - StructuredData._typeDescriptor() + software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToDafny::PathSegment, + PathSegment._typeDescriptor() ); } public static DafnyMap< ? extends DafnySequence, ? extends AuthenticateAction - > AuthenticateSchemaAttributes( - Map< - String, - software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.AuthenticateAction - > nativeValue - ) { - return software.amazon.smithy.dafny.conversion.ToDafny.Aggregate.GenericToMap( - nativeValue, - software.amazon.smithy.dafny.conversion.ToDafny.Simple::CharacterSequence, - software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToDafny::AuthenticateAction - ); - } - - public static DafnyMap< - ? extends DafnySequence, - ? extends AuthenticateSchema > AuthenticateSchemaMap( - Map< - String, - software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.AuthenticateSchema - > nativeValue - ) { - return software.amazon.smithy.dafny.conversion.ToDafny.Aggregate.GenericToMap( - nativeValue, - software.amazon.smithy.dafny.conversion.ToDafny.Simple::CharacterSequence, - software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToDafny::AuthenticateSchema - ); - } - - public static DafnyMap< - ? extends DafnySequence, - ? extends AuthenticateAction - > CryptoSchemaAttributes( Map< String, software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.AuthenticateAction @@ -540,24 +585,24 @@ > CryptoSchemaAttributes( public static DafnyMap< ? extends DafnySequence, - ? extends CryptoSchema + ? extends CryptoAction > CryptoSchemaMap( Map< String, - software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.CryptoSchema + software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.CryptoAction > nativeValue ) { return software.amazon.smithy.dafny.conversion.ToDafny.Aggregate.GenericToMap( nativeValue, software.amazon.smithy.dafny.conversion.ToDafny.Simple::CharacterSequence, - software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToDafny::CryptoSchema + software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToDafny::CryptoAction ); } public static DafnyMap< ? extends DafnySequence, ? extends StructuredDataTerminal - > StructuredDataAttributes( + > StructuredDataMap( Map< String, software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.StructuredDataTerminal @@ -570,22 +615,6 @@ > StructuredDataAttributes( ); } - public static DafnyMap< - ? extends DafnySequence, - ? extends StructuredData - > StructuredDataMap( - Map< - String, - software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.StructuredData - > nativeValue - ) { - return software.amazon.smithy.dafny.conversion.ToDafny.Aggregate.GenericToMap( - nativeValue, - software.amazon.smithy.dafny.conversion.ToDafny.Simple::CharacterSequence, - software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToDafny::StructuredData - ); - } - public static IStructuredEncryptionClient StructuredEncryption( StructuredEncryption nativeValue ) { diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/ToNative.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/ToNative.java index 205442164..fc2900e00 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/ToNative.java +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/ToNative.java @@ -16,21 +16,25 @@ import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.Error_Opaque; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.Error_StructuredEncryptionException; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.IStructuredEncryptionClient; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.AuthItem; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.AuthenticateAction; -import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.AuthenticateSchema; -import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.AuthenticateSchemaContent; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.CollectionOfErrors; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.CryptoAction; -import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.CryptoSchema; -import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.CryptoSchemaContent; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.CryptoItem; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.DecryptPathStructureInput; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.DecryptPathStructureOutput; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.DecryptStructureInput; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.DecryptStructureOutput; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.EncryptPathStructureInput; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.EncryptPathStructureOutput; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.EncryptStructureInput; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.EncryptStructureOutput; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.OpaqueError; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.ParsedHeader; -import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.StructuredData; -import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.StructuredDataContent; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.PathSegment; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.ResolveAuthActionsInput; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.ResolveAuthActionsOutput; +import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.StructureSegment; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.StructuredDataTerminal; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.StructuredEncryptionConfig; import software.amazon.cryptography.dbencryptionsdk.structuredencryption.model.StructuredEncryptionException; @@ -97,40 +101,68 @@ public static RuntimeException Error(Error dafnyValue) { return nativeBuilder.build(); } - public static AuthenticateSchema AuthenticateSchema( - software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateSchema dafnyValue + public static AuthItem AuthItem( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthItem dafnyValue ) { - AuthenticateSchema.Builder nativeBuilder = AuthenticateSchema.builder(); - nativeBuilder.content( - ToNative.AuthenticateSchemaContent(dafnyValue.dtor_content()) - ); - if (dafnyValue.dtor_attributes().is_Some()) { - nativeBuilder.attributes( - ToNative.AuthenticateSchemaAttributes( - dafnyValue.dtor_attributes().dtor_value() - ) - ); - } + AuthItem.Builder nativeBuilder = AuthItem.builder(); + nativeBuilder.key(ToNative.Path(dafnyValue.dtor_key())); + nativeBuilder.data(ToNative.StructuredDataTerminal(dafnyValue.dtor_data())); + nativeBuilder.action(ToNative.AuthenticateAction(dafnyValue.dtor_action())); + return nativeBuilder.build(); + } + + public static CryptoItem CryptoItem( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoItem dafnyValue + ) { + CryptoItem.Builder nativeBuilder = CryptoItem.builder(); + nativeBuilder.key(ToNative.Path(dafnyValue.dtor_key())); + nativeBuilder.data(ToNative.StructuredDataTerminal(dafnyValue.dtor_data())); + nativeBuilder.action(ToNative.CryptoAction(dafnyValue.dtor_action())); return nativeBuilder.build(); } - public static CryptoSchema CryptoSchema( - software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoSchema dafnyValue + public static DecryptPathStructureInput DecryptPathStructureInput( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptPathStructureInput dafnyValue ) { - CryptoSchema.Builder nativeBuilder = CryptoSchema.builder(); - nativeBuilder.content( - ToNative.CryptoSchemaContent(dafnyValue.dtor_content()) - ); - if (dafnyValue.dtor_attributes().is_Some()) { - nativeBuilder.attributes( - ToNative.CryptoSchemaAttributes( - dafnyValue.dtor_attributes().dtor_value() + DecryptPathStructureInput.Builder nativeBuilder = + DecryptPathStructureInput.builder(); + nativeBuilder.tableName( + software.amazon.smithy.dafny.conversion.ToNative.Simple.String( + dafnyValue.dtor_tableName() + ) + ); + nativeBuilder.encryptedStructure( + ToNative.AuthList(dafnyValue.dtor_encryptedStructure()) + ); + nativeBuilder.cmm( + software.amazon.cryptography.materialproviders.ToNative.CryptographicMaterialsManager( + dafnyValue.dtor_cmm() + ) + ); + if (dafnyValue.dtor_encryptionContext().is_Some()) { + nativeBuilder.encryptionContext( + software.amazon.cryptography.materialproviders.ToNative.EncryptionContext( + dafnyValue.dtor_encryptionContext().dtor_value() ) ); } return nativeBuilder.build(); } + public static DecryptPathStructureOutput DecryptPathStructureOutput( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptPathStructureOutput dafnyValue + ) { + DecryptPathStructureOutput.Builder nativeBuilder = + DecryptPathStructureOutput.builder(); + nativeBuilder.plaintextStructure( + ToNative.CryptoList(dafnyValue.dtor_plaintextStructure()) + ); + nativeBuilder.parsedHeader( + ToNative.ParsedHeader(dafnyValue.dtor_parsedHeader()) + ); + return nativeBuilder.build(); + } + public static DecryptStructureInput DecryptStructureInput( software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptStructureInput dafnyValue ) { @@ -142,10 +174,10 @@ public static DecryptStructureInput DecryptStructureInput( ) ); nativeBuilder.encryptedStructure( - ToNative.StructuredData(dafnyValue.dtor_encryptedStructure()) + ToNative.StructuredDataMap(dafnyValue.dtor_encryptedStructure()) ); nativeBuilder.authenticateSchema( - ToNative.AuthenticateSchema(dafnyValue.dtor_authenticateSchema()) + ToNative.AuthenticateSchemaMap(dafnyValue.dtor_authenticateSchema()) ); nativeBuilder.cmm( software.amazon.cryptography.materialproviders.ToNative.CryptographicMaterialsManager( @@ -168,7 +200,59 @@ public static DecryptStructureOutput DecryptStructureOutput( DecryptStructureOutput.Builder nativeBuilder = DecryptStructureOutput.builder(); nativeBuilder.plaintextStructure( - ToNative.StructuredData(dafnyValue.dtor_plaintextStructure()) + ToNative.StructuredDataMap(dafnyValue.dtor_plaintextStructure()) + ); + nativeBuilder.cryptoSchema( + ToNative.CryptoSchemaMap(dafnyValue.dtor_cryptoSchema()) + ); + nativeBuilder.parsedHeader( + ToNative.ParsedHeader(dafnyValue.dtor_parsedHeader()) + ); + return nativeBuilder.build(); + } + + public static EncryptPathStructureInput EncryptPathStructureInput( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptPathStructureInput dafnyValue + ) { + EncryptPathStructureInput.Builder nativeBuilder = + EncryptPathStructureInput.builder(); + nativeBuilder.tableName( + software.amazon.smithy.dafny.conversion.ToNative.Simple.String( + dafnyValue.dtor_tableName() + ) + ); + nativeBuilder.plaintextStructure( + ToNative.CryptoList(dafnyValue.dtor_plaintextStructure()) + ); + nativeBuilder.cmm( + software.amazon.cryptography.materialproviders.ToNative.CryptographicMaterialsManager( + dafnyValue.dtor_cmm() + ) + ); + if (dafnyValue.dtor_algorithmSuiteId().is_Some()) { + nativeBuilder.algorithmSuiteId( + software.amazon.cryptography.materialproviders.ToNative.DBEAlgorithmSuiteId( + dafnyValue.dtor_algorithmSuiteId().dtor_value() + ) + ); + } + if (dafnyValue.dtor_encryptionContext().is_Some()) { + nativeBuilder.encryptionContext( + software.amazon.cryptography.materialproviders.ToNative.EncryptionContext( + dafnyValue.dtor_encryptionContext().dtor_value() + ) + ); + } + return nativeBuilder.build(); + } + + public static EncryptPathStructureOutput EncryptPathStructureOutput( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptPathStructureOutput dafnyValue + ) { + EncryptPathStructureOutput.Builder nativeBuilder = + EncryptPathStructureOutput.builder(); + nativeBuilder.encryptedStructure( + ToNative.CryptoList(dafnyValue.dtor_encryptedStructure()) ); nativeBuilder.parsedHeader( ToNative.ParsedHeader(dafnyValue.dtor_parsedHeader()) @@ -187,10 +271,10 @@ public static EncryptStructureInput EncryptStructureInput( ) ); nativeBuilder.plaintextStructure( - ToNative.StructuredData(dafnyValue.dtor_plaintextStructure()) + ToNative.StructuredDataMap(dafnyValue.dtor_plaintextStructure()) ); nativeBuilder.cryptoSchema( - ToNative.CryptoSchema(dafnyValue.dtor_cryptoSchema()) + ToNative.CryptoSchemaMap(dafnyValue.dtor_cryptoSchema()) ); nativeBuilder.cmm( software.amazon.cryptography.materialproviders.ToNative.CryptographicMaterialsManager( @@ -220,7 +304,10 @@ public static EncryptStructureOutput EncryptStructureOutput( EncryptStructureOutput.Builder nativeBuilder = EncryptStructureOutput.builder(); nativeBuilder.encryptedStructure( - ToNative.StructuredData(dafnyValue.dtor_encryptedStructure()) + ToNative.StructuredDataMap(dafnyValue.dtor_encryptedStructure()) + ); + nativeBuilder.cryptoSchema( + ToNative.CryptoSchemaMap(dafnyValue.dtor_cryptoSchema()) ); nativeBuilder.parsedHeader( ToNative.ParsedHeader(dafnyValue.dtor_parsedHeader()) @@ -232,9 +319,6 @@ public static ParsedHeader ParsedHeader( software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ParsedHeader dafnyValue ) { ParsedHeader.Builder nativeBuilder = ParsedHeader.builder(); - nativeBuilder.cryptoSchema( - ToNative.CryptoSchema(dafnyValue.dtor_cryptoSchema()) - ); nativeBuilder.algorithmSuiteId( software.amazon.cryptography.materialproviders.ToNative.DBEAlgorithmSuiteId( dafnyValue.dtor_algorithmSuiteId() @@ -258,20 +342,33 @@ public static ParsedHeader ParsedHeader( return nativeBuilder.build(); } - public static StructuredData StructuredData( - software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredData dafnyValue + public static ResolveAuthActionsInput ResolveAuthActionsInput( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ResolveAuthActionsInput dafnyValue ) { - StructuredData.Builder nativeBuilder = StructuredData.builder(); - nativeBuilder.content( - ToNative.StructuredDataContent(dafnyValue.dtor_content()) - ); - if (dafnyValue.dtor_attributes().is_Some()) { - nativeBuilder.attributes( - ToNative.StructuredDataAttributes( - dafnyValue.dtor_attributes().dtor_value() - ) - ); - } + ResolveAuthActionsInput.Builder nativeBuilder = + ResolveAuthActionsInput.builder(); + nativeBuilder.tableName( + software.amazon.smithy.dafny.conversion.ToNative.Simple.String( + dafnyValue.dtor_tableName() + ) + ); + nativeBuilder.authActions(ToNative.AuthList(dafnyValue.dtor_authActions())); + nativeBuilder.headerBytes( + software.amazon.smithy.dafny.conversion.ToNative.Simple.ByteBuffer( + dafnyValue.dtor_headerBytes() + ) + ); + return nativeBuilder.build(); + } + + public static ResolveAuthActionsOutput ResolveAuthActionsOutput( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ResolveAuthActionsOutput dafnyValue + ) { + ResolveAuthActionsOutput.Builder nativeBuilder = + ResolveAuthActionsOutput.builder(); + nativeBuilder.cryptoActions( + ToNative.CryptoList(dafnyValue.dtor_cryptoActions()) + ); return nativeBuilder.build(); } @@ -301,6 +398,18 @@ public static StructuredEncryptionConfig StructuredEncryptionConfig( return nativeBuilder.build(); } + public static StructureSegment StructureSegment( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructureSegment dafnyValue + ) { + StructureSegment.Builder nativeBuilder = StructureSegment.builder(); + nativeBuilder.key( + software.amazon.smithy.dafny.conversion.ToNative.Simple.String( + dafnyValue.dtor_key() + ) + ); + return nativeBuilder.build(); + } + public static AuthenticateAction AuthenticateAction( software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateAction dafnyValue ) { @@ -337,106 +446,50 @@ public static CryptoAction CryptoAction( ); } - public static AuthenticateSchemaContent AuthenticateSchemaContent( - software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateSchemaContent dafnyValue - ) { - AuthenticateSchemaContent.Builder nativeBuilder = - AuthenticateSchemaContent.builder(); - if (dafnyValue.is_Action()) { - nativeBuilder.Action( - ToNative.AuthenticateAction(dafnyValue.dtor_Action()) - ); - } - if (dafnyValue.is_SchemaMap()) { - nativeBuilder.SchemaMap( - ToNative.AuthenticateSchemaMap(dafnyValue.dtor_SchemaMap()) - ); - } - if (dafnyValue.is_SchemaList()) { - nativeBuilder.SchemaList( - ToNative.AuthenticateSchemaList(dafnyValue.dtor_SchemaList()) - ); - } - return nativeBuilder.build(); - } - - public static CryptoSchemaContent CryptoSchemaContent( - software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoSchemaContent dafnyValue - ) { - CryptoSchemaContent.Builder nativeBuilder = CryptoSchemaContent.builder(); - if (dafnyValue.is_Action()) { - nativeBuilder.Action(ToNative.CryptoAction(dafnyValue.dtor_Action())); - } - if (dafnyValue.is_SchemaMap()) { - nativeBuilder.SchemaMap( - ToNative.CryptoSchemaMap(dafnyValue.dtor_SchemaMap()) - ); - } - if (dafnyValue.is_SchemaList()) { - nativeBuilder.SchemaList( - ToNative.CryptoSchemaList(dafnyValue.dtor_SchemaList()) - ); - } - return nativeBuilder.build(); - } - - public static StructuredDataContent StructuredDataContent( - software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredDataContent dafnyValue + public static PathSegment PathSegment( + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.PathSegment dafnyValue ) { - StructuredDataContent.Builder nativeBuilder = - StructuredDataContent.builder(); - if (dafnyValue.is_Terminal()) { - nativeBuilder.Terminal( - ToNative.StructuredDataTerminal(dafnyValue.dtor_Terminal()) - ); - } - if (dafnyValue.is_DataList()) { - nativeBuilder.DataList( - ToNative.StructuredDataList(dafnyValue.dtor_DataList()) - ); - } - if (dafnyValue.is_DataMap()) { - nativeBuilder.DataMap( - ToNative.StructuredDataMap(dafnyValue.dtor_DataMap()) - ); + PathSegment.Builder nativeBuilder = PathSegment.builder(); + if (dafnyValue.is_member()) { + nativeBuilder.member(ToNative.StructureSegment(dafnyValue.dtor_member())); } return nativeBuilder.build(); } - public static List AuthenticateSchemaList( + public static List AuthList( DafnySequence< - ? extends software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateSchema + ? extends software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthItem > dafnyValue ) { return software.amazon.smithy.dafny.conversion.ToNative.Aggregate.GenericToList( dafnyValue, - software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToNative::AuthenticateSchema + software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToNative::AuthItem ); } - public static List CryptoSchemaList( + public static List CryptoList( DafnySequence< - ? extends software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoSchema + ? extends software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoItem > dafnyValue ) { return software.amazon.smithy.dafny.conversion.ToNative.Aggregate.GenericToList( dafnyValue, - software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToNative::CryptoSchema + software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToNative::CryptoItem ); } - public static List StructuredDataList( + public static List Path( DafnySequence< - ? extends software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredData + ? extends software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.PathSegment > dafnyValue ) { return software.amazon.smithy.dafny.conversion.ToNative.Aggregate.GenericToList( dafnyValue, - software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToNative::StructuredData + software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToNative::PathSegment ); } - public static Map AuthenticateSchemaAttributes( + public static Map AuthenticateSchemaMap( DafnyMap< ? extends DafnySequence, ? extends software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateAction @@ -449,46 +502,20 @@ public static Map AuthenticateSchemaAttributes( ); } - public static Map AuthenticateSchemaMap( - DafnyMap< - ? extends DafnySequence, - ? extends software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateSchema - > dafnyValue - ) { - return software.amazon.smithy.dafny.conversion.ToNative.Aggregate.GenericToMap( - dafnyValue, - software.amazon.smithy.dafny.conversion.ToNative.Simple::String, - software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToNative::AuthenticateSchema - ); - } - - public static Map CryptoSchemaAttributes( + public static Map CryptoSchemaMap( DafnyMap< ? extends DafnySequence, - ? extends software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateAction + ? extends software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoAction > dafnyValue ) { return software.amazon.smithy.dafny.conversion.ToNative.Aggregate.GenericToMap( dafnyValue, software.amazon.smithy.dafny.conversion.ToNative.Simple::String, - software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToNative::AuthenticateAction + software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToNative::CryptoAction ); } - public static Map CryptoSchemaMap( - DafnyMap< - ? extends DafnySequence, - ? extends software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoSchema - > dafnyValue - ) { - return software.amazon.smithy.dafny.conversion.ToNative.Aggregate.GenericToMap( - dafnyValue, - software.amazon.smithy.dafny.conversion.ToNative.Simple::String, - software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToNative::CryptoSchema - ); - } - - public static Map StructuredDataAttributes( + public static Map StructuredDataMap( DafnyMap< ? extends DafnySequence, ? extends software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredDataTerminal @@ -501,19 +528,6 @@ public static Map StructuredDataAttributes( ); } - public static Map StructuredDataMap( - DafnyMap< - ? extends DafnySequence, - ? extends software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredData - > dafnyValue - ) { - return software.amazon.smithy.dafny.conversion.ToNative.Aggregate.GenericToMap( - dafnyValue, - software.amazon.smithy.dafny.conversion.ToNative.Simple::String, - software.amazon.cryptography.dbencryptionsdk.structuredencryption.ToNative::StructuredData - ); - } - public static StructuredEncryption StructuredEncryption( IStructuredEncryptionClient dafnyValue ) { diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/AuthItem.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/AuthItem.java new file mode 100644 index 000000000..bfb2727b8 --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/AuthItem.java @@ -0,0 +1,121 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +package software.amazon.cryptography.dbencryptionsdk.structuredencryption.model; + +import java.util.List; +import java.util.Objects; + +public class AuthItem { + + private final List key; + + private final StructuredDataTerminal data; + + private final AuthenticateAction action; + + protected AuthItem(BuilderImpl builder) { + this.key = builder.key(); + this.data = builder.data(); + this.action = builder.action(); + } + + public List key() { + return this.key; + } + + public StructuredDataTerminal data() { + return this.data; + } + + public AuthenticateAction action() { + return this.action; + } + + public Builder toBuilder() { + return new BuilderImpl(this); + } + + public static Builder builder() { + return new BuilderImpl(); + } + + public interface Builder { + Builder key(List key); + + List key(); + + Builder data(StructuredDataTerminal data); + + StructuredDataTerminal data(); + + Builder action(AuthenticateAction action); + + AuthenticateAction action(); + + AuthItem build(); + } + + static class BuilderImpl implements Builder { + + protected List key; + + protected StructuredDataTerminal data; + + protected AuthenticateAction action; + + protected BuilderImpl() {} + + protected BuilderImpl(AuthItem model) { + this.key = model.key(); + this.data = model.data(); + this.action = model.action(); + } + + public Builder key(List key) { + this.key = key; + return this; + } + + public List key() { + return this.key; + } + + public Builder data(StructuredDataTerminal data) { + this.data = data; + return this; + } + + public StructuredDataTerminal data() { + return this.data; + } + + public Builder action(AuthenticateAction action) { + this.action = action; + return this; + } + + public AuthenticateAction action() { + return this.action; + } + + public AuthItem build() { + if (Objects.isNull(this.key())) { + throw new IllegalArgumentException( + "Missing value for required field `key`" + ); + } + if (Objects.isNull(this.data())) { + throw new IllegalArgumentException( + "Missing value for required field `data`" + ); + } + if (Objects.isNull(this.action())) { + throw new IllegalArgumentException( + "Missing value for required field `action`" + ); + } + return new AuthItem(this); + } + } +} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/AuthenticateSchema.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/AuthenticateSchema.java deleted file mode 100644 index e2086e579..000000000 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/AuthenticateSchema.java +++ /dev/null @@ -1,88 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 -// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. -package software.amazon.cryptography.dbencryptionsdk.structuredencryption.model; - -import java.util.Map; -import java.util.Objects; - -public class AuthenticateSchema { - - private final AuthenticateSchemaContent content; - - private final Map attributes; - - protected AuthenticateSchema(BuilderImpl builder) { - this.content = builder.content(); - this.attributes = builder.attributes(); - } - - public AuthenticateSchemaContent content() { - return this.content; - } - - public Map attributes() { - return this.attributes; - } - - public Builder toBuilder() { - return new BuilderImpl(this); - } - - public static Builder builder() { - return new BuilderImpl(); - } - - public interface Builder { - Builder content(AuthenticateSchemaContent content); - - AuthenticateSchemaContent content(); - - Builder attributes(Map attributes); - - Map attributes(); - - AuthenticateSchema build(); - } - - static class BuilderImpl implements Builder { - - protected AuthenticateSchemaContent content; - - protected Map attributes; - - protected BuilderImpl() {} - - protected BuilderImpl(AuthenticateSchema model) { - this.content = model.content(); - this.attributes = model.attributes(); - } - - public Builder content(AuthenticateSchemaContent content) { - this.content = content; - return this; - } - - public AuthenticateSchemaContent content() { - return this.content; - } - - public Builder attributes(Map attributes) { - this.attributes = attributes; - return this; - } - - public Map attributes() { - return this.attributes; - } - - public AuthenticateSchema build() { - if (Objects.isNull(this.content())) { - throw new IllegalArgumentException( - "Missing value for required field `content`" - ); - } - return new AuthenticateSchema(this); - } - } -} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/AuthenticateSchemaContent.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/AuthenticateSchemaContent.java deleted file mode 100644 index dc4055c63..000000000 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/AuthenticateSchemaContent.java +++ /dev/null @@ -1,126 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 -// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. -package software.amazon.cryptography.dbencryptionsdk.structuredencryption.model; - -import java.util.List; -import java.util.Map; -import java.util.Objects; - -public class AuthenticateSchemaContent { - - private final AuthenticateAction Action; - - private final Map SchemaMap; - - private final List SchemaList; - - protected AuthenticateSchemaContent(BuilderImpl builder) { - this.Action = builder.Action(); - this.SchemaMap = builder.SchemaMap(); - this.SchemaList = builder.SchemaList(); - } - - public AuthenticateAction Action() { - return this.Action; - } - - public Map SchemaMap() { - return this.SchemaMap; - } - - public List SchemaList() { - return this.SchemaList; - } - - public Builder toBuilder() { - return new BuilderImpl(this); - } - - public static Builder builder() { - return new BuilderImpl(); - } - - public interface Builder { - Builder Action(AuthenticateAction Action); - - AuthenticateAction Action(); - - Builder SchemaMap(Map SchemaMap); - - Map SchemaMap(); - - Builder SchemaList(List SchemaList); - - List SchemaList(); - - AuthenticateSchemaContent build(); - } - - static class BuilderImpl implements Builder { - - protected AuthenticateAction Action; - - protected Map SchemaMap; - - protected List SchemaList; - - protected BuilderImpl() {} - - protected BuilderImpl(AuthenticateSchemaContent model) { - this.Action = model.Action(); - this.SchemaMap = model.SchemaMap(); - this.SchemaList = model.SchemaList(); - } - - public Builder Action(AuthenticateAction Action) { - this.Action = Action; - return this; - } - - public AuthenticateAction Action() { - return this.Action; - } - - public Builder SchemaMap(Map SchemaMap) { - this.SchemaMap = SchemaMap; - return this; - } - - public Map SchemaMap() { - return this.SchemaMap; - } - - public Builder SchemaList(List SchemaList) { - this.SchemaList = SchemaList; - return this; - } - - public List SchemaList() { - return this.SchemaList; - } - - public AuthenticateSchemaContent build() { - if (!onlyOneNonNull()) { - throw new IllegalArgumentException( - "`AuthenticateSchemaContent` is a Union. A Union MUST have one and only one value set." - ); - } - return new AuthenticateSchemaContent(this); - } - - private boolean onlyOneNonNull() { - Object[] allValues = { this.Action, this.SchemaMap, this.SchemaList }; - boolean haveOneNonNull = false; - for (Object o : allValues) { - if (Objects.nonNull(o)) { - if (haveOneNonNull) { - return false; - } - haveOneNonNull = true; - } - } - return haveOneNonNull; - } - } -} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/CryptoItem.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/CryptoItem.java new file mode 100644 index 000000000..897d4f0f5 --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/CryptoItem.java @@ -0,0 +1,121 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +package software.amazon.cryptography.dbencryptionsdk.structuredencryption.model; + +import java.util.List; +import java.util.Objects; + +public class CryptoItem { + + private final List key; + + private final StructuredDataTerminal data; + + private final CryptoAction action; + + protected CryptoItem(BuilderImpl builder) { + this.key = builder.key(); + this.data = builder.data(); + this.action = builder.action(); + } + + public List key() { + return this.key; + } + + public StructuredDataTerminal data() { + return this.data; + } + + public CryptoAction action() { + return this.action; + } + + public Builder toBuilder() { + return new BuilderImpl(this); + } + + public static Builder builder() { + return new BuilderImpl(); + } + + public interface Builder { + Builder key(List key); + + List key(); + + Builder data(StructuredDataTerminal data); + + StructuredDataTerminal data(); + + Builder action(CryptoAction action); + + CryptoAction action(); + + CryptoItem build(); + } + + static class BuilderImpl implements Builder { + + protected List key; + + protected StructuredDataTerminal data; + + protected CryptoAction action; + + protected BuilderImpl() {} + + protected BuilderImpl(CryptoItem model) { + this.key = model.key(); + this.data = model.data(); + this.action = model.action(); + } + + public Builder key(List key) { + this.key = key; + return this; + } + + public List key() { + return this.key; + } + + public Builder data(StructuredDataTerminal data) { + this.data = data; + return this; + } + + public StructuredDataTerminal data() { + return this.data; + } + + public Builder action(CryptoAction action) { + this.action = action; + return this; + } + + public CryptoAction action() { + return this.action; + } + + public CryptoItem build() { + if (Objects.isNull(this.key())) { + throw new IllegalArgumentException( + "Missing value for required field `key`" + ); + } + if (Objects.isNull(this.data())) { + throw new IllegalArgumentException( + "Missing value for required field `data`" + ); + } + if (Objects.isNull(this.action())) { + throw new IllegalArgumentException( + "Missing value for required field `action`" + ); + } + return new CryptoItem(this); + } + } +} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/CryptoSchema.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/CryptoSchema.java deleted file mode 100644 index f65622ad4..000000000 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/CryptoSchema.java +++ /dev/null @@ -1,88 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 -// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. -package software.amazon.cryptography.dbencryptionsdk.structuredencryption.model; - -import java.util.Map; -import java.util.Objects; - -public class CryptoSchema { - - private final CryptoSchemaContent content; - - private final Map attributes; - - protected CryptoSchema(BuilderImpl builder) { - this.content = builder.content(); - this.attributes = builder.attributes(); - } - - public CryptoSchemaContent content() { - return this.content; - } - - public Map attributes() { - return this.attributes; - } - - public Builder toBuilder() { - return new BuilderImpl(this); - } - - public static Builder builder() { - return new BuilderImpl(); - } - - public interface Builder { - Builder content(CryptoSchemaContent content); - - CryptoSchemaContent content(); - - Builder attributes(Map attributes); - - Map attributes(); - - CryptoSchema build(); - } - - static class BuilderImpl implements Builder { - - protected CryptoSchemaContent content; - - protected Map attributes; - - protected BuilderImpl() {} - - protected BuilderImpl(CryptoSchema model) { - this.content = model.content(); - this.attributes = model.attributes(); - } - - public Builder content(CryptoSchemaContent content) { - this.content = content; - return this; - } - - public CryptoSchemaContent content() { - return this.content; - } - - public Builder attributes(Map attributes) { - this.attributes = attributes; - return this; - } - - public Map attributes() { - return this.attributes; - } - - public CryptoSchema build() { - if (Objects.isNull(this.content())) { - throw new IllegalArgumentException( - "Missing value for required field `content`" - ); - } - return new CryptoSchema(this); - } - } -} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/CryptoSchemaContent.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/CryptoSchemaContent.java deleted file mode 100644 index e3fad9730..000000000 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/CryptoSchemaContent.java +++ /dev/null @@ -1,126 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 -// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. -package software.amazon.cryptography.dbencryptionsdk.structuredencryption.model; - -import java.util.List; -import java.util.Map; -import java.util.Objects; - -public class CryptoSchemaContent { - - private final CryptoAction Action; - - private final Map SchemaMap; - - private final List SchemaList; - - protected CryptoSchemaContent(BuilderImpl builder) { - this.Action = builder.Action(); - this.SchemaMap = builder.SchemaMap(); - this.SchemaList = builder.SchemaList(); - } - - public CryptoAction Action() { - return this.Action; - } - - public Map SchemaMap() { - return this.SchemaMap; - } - - public List SchemaList() { - return this.SchemaList; - } - - public Builder toBuilder() { - return new BuilderImpl(this); - } - - public static Builder builder() { - return new BuilderImpl(); - } - - public interface Builder { - Builder Action(CryptoAction Action); - - CryptoAction Action(); - - Builder SchemaMap(Map SchemaMap); - - Map SchemaMap(); - - Builder SchemaList(List SchemaList); - - List SchemaList(); - - CryptoSchemaContent build(); - } - - static class BuilderImpl implements Builder { - - protected CryptoAction Action; - - protected Map SchemaMap; - - protected List SchemaList; - - protected BuilderImpl() {} - - protected BuilderImpl(CryptoSchemaContent model) { - this.Action = model.Action(); - this.SchemaMap = model.SchemaMap(); - this.SchemaList = model.SchemaList(); - } - - public Builder Action(CryptoAction Action) { - this.Action = Action; - return this; - } - - public CryptoAction Action() { - return this.Action; - } - - public Builder SchemaMap(Map SchemaMap) { - this.SchemaMap = SchemaMap; - return this; - } - - public Map SchemaMap() { - return this.SchemaMap; - } - - public Builder SchemaList(List SchemaList) { - this.SchemaList = SchemaList; - return this; - } - - public List SchemaList() { - return this.SchemaList; - } - - public CryptoSchemaContent build() { - if (!onlyOneNonNull()) { - throw new IllegalArgumentException( - "`CryptoSchemaContent` is a Union. A Union MUST have one and only one value set." - ); - } - return new CryptoSchemaContent(this); - } - - private boolean onlyOneNonNull() { - Object[] allValues = { this.Action, this.SchemaMap, this.SchemaList }; - boolean haveOneNonNull = false; - for (Object o : allValues) { - if (Objects.nonNull(o)) { - if (haveOneNonNull) { - return false; - } - haveOneNonNull = true; - } - } - return haveOneNonNull; - } - } -} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/DecryptPathStructureInput.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/DecryptPathStructureInput.java new file mode 100644 index 000000000..6d75646c9 --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/DecryptPathStructureInput.java @@ -0,0 +1,147 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +package software.amazon.cryptography.dbencryptionsdk.structuredencryption.model; + +import java.util.List; +import java.util.Map; +import java.util.Objects; +import software.amazon.cryptography.materialproviders.CryptographicMaterialsManager; +import software.amazon.cryptography.materialproviders.ICryptographicMaterialsManager; + +public class DecryptPathStructureInput { + + private final String tableName; + + private final List encryptedStructure; + + private final ICryptographicMaterialsManager cmm; + + private final Map encryptionContext; + + protected DecryptPathStructureInput(BuilderImpl builder) { + this.tableName = builder.tableName(); + this.encryptedStructure = builder.encryptedStructure(); + this.cmm = builder.cmm(); + this.encryptionContext = builder.encryptionContext(); + } + + public String tableName() { + return this.tableName; + } + + public List encryptedStructure() { + return this.encryptedStructure; + } + + public ICryptographicMaterialsManager cmm() { + return this.cmm; + } + + public Map encryptionContext() { + return this.encryptionContext; + } + + public Builder toBuilder() { + return new BuilderImpl(this); + } + + public static Builder builder() { + return new BuilderImpl(); + } + + public interface Builder { + Builder tableName(String tableName); + + String tableName(); + + Builder encryptedStructure(List encryptedStructure); + + List encryptedStructure(); + + Builder cmm(ICryptographicMaterialsManager cmm); + + ICryptographicMaterialsManager cmm(); + + Builder encryptionContext(Map encryptionContext); + + Map encryptionContext(); + + DecryptPathStructureInput build(); + } + + static class BuilderImpl implements Builder { + + protected String tableName; + + protected List encryptedStructure; + + protected ICryptographicMaterialsManager cmm; + + protected Map encryptionContext; + + protected BuilderImpl() {} + + protected BuilderImpl(DecryptPathStructureInput model) { + this.tableName = model.tableName(); + this.encryptedStructure = model.encryptedStructure(); + this.cmm = model.cmm(); + this.encryptionContext = model.encryptionContext(); + } + + public Builder tableName(String tableName) { + this.tableName = tableName; + return this; + } + + public String tableName() { + return this.tableName; + } + + public Builder encryptedStructure(List encryptedStructure) { + this.encryptedStructure = encryptedStructure; + return this; + } + + public List encryptedStructure() { + return this.encryptedStructure; + } + + public Builder cmm(ICryptographicMaterialsManager cmm) { + this.cmm = CryptographicMaterialsManager.wrap(cmm); + return this; + } + + public ICryptographicMaterialsManager cmm() { + return this.cmm; + } + + public Builder encryptionContext(Map encryptionContext) { + this.encryptionContext = encryptionContext; + return this; + } + + public Map encryptionContext() { + return this.encryptionContext; + } + + public DecryptPathStructureInput build() { + if (Objects.isNull(this.tableName())) { + throw new IllegalArgumentException( + "Missing value for required field `tableName`" + ); + } + if (Objects.isNull(this.encryptedStructure())) { + throw new IllegalArgumentException( + "Missing value for required field `encryptedStructure`" + ); + } + if (Objects.isNull(this.cmm())) { + throw new IllegalArgumentException( + "Missing value for required field `cmm`" + ); + } + return new DecryptPathStructureInput(this); + } + } +} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/DecryptPathStructureOutput.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/DecryptPathStructureOutput.java new file mode 100644 index 000000000..04e8587d3 --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/DecryptPathStructureOutput.java @@ -0,0 +1,93 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +package software.amazon.cryptography.dbencryptionsdk.structuredencryption.model; + +import java.util.List; +import java.util.Objects; + +public class DecryptPathStructureOutput { + + private final List plaintextStructure; + + private final ParsedHeader parsedHeader; + + protected DecryptPathStructureOutput(BuilderImpl builder) { + this.plaintextStructure = builder.plaintextStructure(); + this.parsedHeader = builder.parsedHeader(); + } + + public List plaintextStructure() { + return this.plaintextStructure; + } + + public ParsedHeader parsedHeader() { + return this.parsedHeader; + } + + public Builder toBuilder() { + return new BuilderImpl(this); + } + + public static Builder builder() { + return new BuilderImpl(); + } + + public interface Builder { + Builder plaintextStructure(List plaintextStructure); + + List plaintextStructure(); + + Builder parsedHeader(ParsedHeader parsedHeader); + + ParsedHeader parsedHeader(); + + DecryptPathStructureOutput build(); + } + + static class BuilderImpl implements Builder { + + protected List plaintextStructure; + + protected ParsedHeader parsedHeader; + + protected BuilderImpl() {} + + protected BuilderImpl(DecryptPathStructureOutput model) { + this.plaintextStructure = model.plaintextStructure(); + this.parsedHeader = model.parsedHeader(); + } + + public Builder plaintextStructure(List plaintextStructure) { + this.plaintextStructure = plaintextStructure; + return this; + } + + public List plaintextStructure() { + return this.plaintextStructure; + } + + public Builder parsedHeader(ParsedHeader parsedHeader) { + this.parsedHeader = parsedHeader; + return this; + } + + public ParsedHeader parsedHeader() { + return this.parsedHeader; + } + + public DecryptPathStructureOutput build() { + if (Objects.isNull(this.plaintextStructure())) { + throw new IllegalArgumentException( + "Missing value for required field `plaintextStructure`" + ); + } + if (Objects.isNull(this.parsedHeader())) { + throw new IllegalArgumentException( + "Missing value for required field `parsedHeader`" + ); + } + return new DecryptPathStructureOutput(this); + } + } +} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/DecryptStructureInput.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/DecryptStructureInput.java index 650de7727..8e085414e 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/DecryptStructureInput.java +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/DecryptStructureInput.java @@ -12,9 +12,9 @@ public class DecryptStructureInput { private final String tableName; - private final StructuredData encryptedStructure; + private final Map encryptedStructure; - private final AuthenticateSchema authenticateSchema; + private final Map authenticateSchema; private final ICryptographicMaterialsManager cmm; @@ -32,11 +32,11 @@ public String tableName() { return this.tableName; } - public StructuredData encryptedStructure() { + public Map encryptedStructure() { return this.encryptedStructure; } - public AuthenticateSchema authenticateSchema() { + public Map authenticateSchema() { return this.authenticateSchema; } @@ -61,13 +61,17 @@ public interface Builder { String tableName(); - Builder encryptedStructure(StructuredData encryptedStructure); + Builder encryptedStructure( + Map encryptedStructure + ); - StructuredData encryptedStructure(); + Map encryptedStructure(); - Builder authenticateSchema(AuthenticateSchema authenticateSchema); + Builder authenticateSchema( + Map authenticateSchema + ); - AuthenticateSchema authenticateSchema(); + Map authenticateSchema(); Builder cmm(ICryptographicMaterialsManager cmm); @@ -84,9 +88,9 @@ static class BuilderImpl implements Builder { protected String tableName; - protected StructuredData encryptedStructure; + protected Map encryptedStructure; - protected AuthenticateSchema authenticateSchema; + protected Map authenticateSchema; protected ICryptographicMaterialsManager cmm; @@ -111,21 +115,25 @@ public String tableName() { return this.tableName; } - public Builder encryptedStructure(StructuredData encryptedStructure) { + public Builder encryptedStructure( + Map encryptedStructure + ) { this.encryptedStructure = encryptedStructure; return this; } - public StructuredData encryptedStructure() { + public Map encryptedStructure() { return this.encryptedStructure; } - public Builder authenticateSchema(AuthenticateSchema authenticateSchema) { + public Builder authenticateSchema( + Map authenticateSchema + ) { this.authenticateSchema = authenticateSchema; return this; } - public AuthenticateSchema authenticateSchema() { + public Map authenticateSchema() { return this.authenticateSchema; } diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/DecryptStructureOutput.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/DecryptStructureOutput.java index 72348be44..61ad1f65b 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/DecryptStructureOutput.java +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/DecryptStructureOutput.java @@ -3,23 +3,31 @@ // Do not modify this file. This file is machine generated, and any changes to it will be overwritten. package software.amazon.cryptography.dbencryptionsdk.structuredencryption.model; +import java.util.Map; import java.util.Objects; public class DecryptStructureOutput { - private final StructuredData plaintextStructure; + private final Map plaintextStructure; + + private final Map cryptoSchema; private final ParsedHeader parsedHeader; protected DecryptStructureOutput(BuilderImpl builder) { this.plaintextStructure = builder.plaintextStructure(); + this.cryptoSchema = builder.cryptoSchema(); this.parsedHeader = builder.parsedHeader(); } - public StructuredData plaintextStructure() { + public Map plaintextStructure() { return this.plaintextStructure; } + public Map cryptoSchema() { + return this.cryptoSchema; + } + public ParsedHeader parsedHeader() { return this.parsedHeader; } @@ -33,9 +41,15 @@ public static Builder builder() { } public interface Builder { - Builder plaintextStructure(StructuredData plaintextStructure); + Builder plaintextStructure( + Map plaintextStructure + ); + + Map plaintextStructure(); - StructuredData plaintextStructure(); + Builder cryptoSchema(Map cryptoSchema); + + Map cryptoSchema(); Builder parsedHeader(ParsedHeader parsedHeader); @@ -46,7 +60,9 @@ public interface Builder { static class BuilderImpl implements Builder { - protected StructuredData plaintextStructure; + protected Map plaintextStructure; + + protected Map cryptoSchema; protected ParsedHeader parsedHeader; @@ -54,18 +70,30 @@ protected BuilderImpl() {} protected BuilderImpl(DecryptStructureOutput model) { this.plaintextStructure = model.plaintextStructure(); + this.cryptoSchema = model.cryptoSchema(); this.parsedHeader = model.parsedHeader(); } - public Builder plaintextStructure(StructuredData plaintextStructure) { + public Builder plaintextStructure( + Map plaintextStructure + ) { this.plaintextStructure = plaintextStructure; return this; } - public StructuredData plaintextStructure() { + public Map plaintextStructure() { return this.plaintextStructure; } + public Builder cryptoSchema(Map cryptoSchema) { + this.cryptoSchema = cryptoSchema; + return this; + } + + public Map cryptoSchema() { + return this.cryptoSchema; + } + public Builder parsedHeader(ParsedHeader parsedHeader) { this.parsedHeader = parsedHeader; return this; @@ -81,6 +109,11 @@ public DecryptStructureOutput build() { "Missing value for required field `plaintextStructure`" ); } + if (Objects.isNull(this.cryptoSchema())) { + throw new IllegalArgumentException( + "Missing value for required field `cryptoSchema`" + ); + } if (Objects.isNull(this.parsedHeader())) { throw new IllegalArgumentException( "Missing value for required field `parsedHeader`" diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/EncryptPathStructureInput.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/EncryptPathStructureInput.java new file mode 100644 index 000000000..a8f9bb182 --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/EncryptPathStructureInput.java @@ -0,0 +1,171 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +package software.amazon.cryptography.dbencryptionsdk.structuredencryption.model; + +import java.util.List; +import java.util.Map; +import java.util.Objects; +import software.amazon.cryptography.materialproviders.CryptographicMaterialsManager; +import software.amazon.cryptography.materialproviders.ICryptographicMaterialsManager; +import software.amazon.cryptography.materialproviders.model.DBEAlgorithmSuiteId; + +public class EncryptPathStructureInput { + + private final String tableName; + + private final List plaintextStructure; + + private final ICryptographicMaterialsManager cmm; + + private final DBEAlgorithmSuiteId algorithmSuiteId; + + private final Map encryptionContext; + + protected EncryptPathStructureInput(BuilderImpl builder) { + this.tableName = builder.tableName(); + this.plaintextStructure = builder.plaintextStructure(); + this.cmm = builder.cmm(); + this.algorithmSuiteId = builder.algorithmSuiteId(); + this.encryptionContext = builder.encryptionContext(); + } + + public String tableName() { + return this.tableName; + } + + public List plaintextStructure() { + return this.plaintextStructure; + } + + public ICryptographicMaterialsManager cmm() { + return this.cmm; + } + + public DBEAlgorithmSuiteId algorithmSuiteId() { + return this.algorithmSuiteId; + } + + public Map encryptionContext() { + return this.encryptionContext; + } + + public Builder toBuilder() { + return new BuilderImpl(this); + } + + public static Builder builder() { + return new BuilderImpl(); + } + + public interface Builder { + Builder tableName(String tableName); + + String tableName(); + + Builder plaintextStructure(List plaintextStructure); + + List plaintextStructure(); + + Builder cmm(ICryptographicMaterialsManager cmm); + + ICryptographicMaterialsManager cmm(); + + Builder algorithmSuiteId(DBEAlgorithmSuiteId algorithmSuiteId); + + DBEAlgorithmSuiteId algorithmSuiteId(); + + Builder encryptionContext(Map encryptionContext); + + Map encryptionContext(); + + EncryptPathStructureInput build(); + } + + static class BuilderImpl implements Builder { + + protected String tableName; + + protected List plaintextStructure; + + protected ICryptographicMaterialsManager cmm; + + protected DBEAlgorithmSuiteId algorithmSuiteId; + + protected Map encryptionContext; + + protected BuilderImpl() {} + + protected BuilderImpl(EncryptPathStructureInput model) { + this.tableName = model.tableName(); + this.plaintextStructure = model.plaintextStructure(); + this.cmm = model.cmm(); + this.algorithmSuiteId = model.algorithmSuiteId(); + this.encryptionContext = model.encryptionContext(); + } + + public Builder tableName(String tableName) { + this.tableName = tableName; + return this; + } + + public String tableName() { + return this.tableName; + } + + public Builder plaintextStructure(List plaintextStructure) { + this.plaintextStructure = plaintextStructure; + return this; + } + + public List plaintextStructure() { + return this.plaintextStructure; + } + + public Builder cmm(ICryptographicMaterialsManager cmm) { + this.cmm = CryptographicMaterialsManager.wrap(cmm); + return this; + } + + public ICryptographicMaterialsManager cmm() { + return this.cmm; + } + + public Builder algorithmSuiteId(DBEAlgorithmSuiteId algorithmSuiteId) { + this.algorithmSuiteId = algorithmSuiteId; + return this; + } + + public DBEAlgorithmSuiteId algorithmSuiteId() { + return this.algorithmSuiteId; + } + + public Builder encryptionContext(Map encryptionContext) { + this.encryptionContext = encryptionContext; + return this; + } + + public Map encryptionContext() { + return this.encryptionContext; + } + + public EncryptPathStructureInput build() { + if (Objects.isNull(this.tableName())) { + throw new IllegalArgumentException( + "Missing value for required field `tableName`" + ); + } + if (Objects.isNull(this.plaintextStructure())) { + throw new IllegalArgumentException( + "Missing value for required field `plaintextStructure`" + ); + } + if (Objects.isNull(this.cmm())) { + throw new IllegalArgumentException( + "Missing value for required field `cmm`" + ); + } + return new EncryptPathStructureInput(this); + } + } +} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/EncryptPathStructureOutput.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/EncryptPathStructureOutput.java new file mode 100644 index 000000000..5e14cc80b --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/EncryptPathStructureOutput.java @@ -0,0 +1,93 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +package software.amazon.cryptography.dbencryptionsdk.structuredencryption.model; + +import java.util.List; +import java.util.Objects; + +public class EncryptPathStructureOutput { + + private final List encryptedStructure; + + private final ParsedHeader parsedHeader; + + protected EncryptPathStructureOutput(BuilderImpl builder) { + this.encryptedStructure = builder.encryptedStructure(); + this.parsedHeader = builder.parsedHeader(); + } + + public List encryptedStructure() { + return this.encryptedStructure; + } + + public ParsedHeader parsedHeader() { + return this.parsedHeader; + } + + public Builder toBuilder() { + return new BuilderImpl(this); + } + + public static Builder builder() { + return new BuilderImpl(); + } + + public interface Builder { + Builder encryptedStructure(List encryptedStructure); + + List encryptedStructure(); + + Builder parsedHeader(ParsedHeader parsedHeader); + + ParsedHeader parsedHeader(); + + EncryptPathStructureOutput build(); + } + + static class BuilderImpl implements Builder { + + protected List encryptedStructure; + + protected ParsedHeader parsedHeader; + + protected BuilderImpl() {} + + protected BuilderImpl(EncryptPathStructureOutput model) { + this.encryptedStructure = model.encryptedStructure(); + this.parsedHeader = model.parsedHeader(); + } + + public Builder encryptedStructure(List encryptedStructure) { + this.encryptedStructure = encryptedStructure; + return this; + } + + public List encryptedStructure() { + return this.encryptedStructure; + } + + public Builder parsedHeader(ParsedHeader parsedHeader) { + this.parsedHeader = parsedHeader; + return this; + } + + public ParsedHeader parsedHeader() { + return this.parsedHeader; + } + + public EncryptPathStructureOutput build() { + if (Objects.isNull(this.encryptedStructure())) { + throw new IllegalArgumentException( + "Missing value for required field `encryptedStructure`" + ); + } + if (Objects.isNull(this.parsedHeader())) { + throw new IllegalArgumentException( + "Missing value for required field `parsedHeader`" + ); + } + return new EncryptPathStructureOutput(this); + } + } +} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/EncryptStructureInput.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/EncryptStructureInput.java index b6e0f5e4d..36a36723f 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/EncryptStructureInput.java +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/EncryptStructureInput.java @@ -13,9 +13,9 @@ public class EncryptStructureInput { private final String tableName; - private final StructuredData plaintextStructure; + private final Map plaintextStructure; - private final CryptoSchema cryptoSchema; + private final Map cryptoSchema; private final ICryptographicMaterialsManager cmm; @@ -36,11 +36,11 @@ public String tableName() { return this.tableName; } - public StructuredData plaintextStructure() { + public Map plaintextStructure() { return this.plaintextStructure; } - public CryptoSchema cryptoSchema() { + public Map cryptoSchema() { return this.cryptoSchema; } @@ -69,13 +69,15 @@ public interface Builder { String tableName(); - Builder plaintextStructure(StructuredData plaintextStructure); + Builder plaintextStructure( + Map plaintextStructure + ); - StructuredData plaintextStructure(); + Map plaintextStructure(); - Builder cryptoSchema(CryptoSchema cryptoSchema); + Builder cryptoSchema(Map cryptoSchema); - CryptoSchema cryptoSchema(); + Map cryptoSchema(); Builder cmm(ICryptographicMaterialsManager cmm); @@ -96,9 +98,9 @@ static class BuilderImpl implements Builder { protected String tableName; - protected StructuredData plaintextStructure; + protected Map plaintextStructure; - protected CryptoSchema cryptoSchema; + protected Map cryptoSchema; protected ICryptographicMaterialsManager cmm; @@ -126,21 +128,23 @@ public String tableName() { return this.tableName; } - public Builder plaintextStructure(StructuredData plaintextStructure) { + public Builder plaintextStructure( + Map plaintextStructure + ) { this.plaintextStructure = plaintextStructure; return this; } - public StructuredData plaintextStructure() { + public Map plaintextStructure() { return this.plaintextStructure; } - public Builder cryptoSchema(CryptoSchema cryptoSchema) { + public Builder cryptoSchema(Map cryptoSchema) { this.cryptoSchema = cryptoSchema; return this; } - public CryptoSchema cryptoSchema() { + public Map cryptoSchema() { return this.cryptoSchema; } diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/EncryptStructureOutput.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/EncryptStructureOutput.java index f4573d7e6..72984c5f2 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/EncryptStructureOutput.java +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/EncryptStructureOutput.java @@ -3,23 +3,31 @@ // Do not modify this file. This file is machine generated, and any changes to it will be overwritten. package software.amazon.cryptography.dbencryptionsdk.structuredencryption.model; +import java.util.Map; import java.util.Objects; public class EncryptStructureOutput { - private final StructuredData encryptedStructure; + private final Map encryptedStructure; + + private final Map cryptoSchema; private final ParsedHeader parsedHeader; protected EncryptStructureOutput(BuilderImpl builder) { this.encryptedStructure = builder.encryptedStructure(); + this.cryptoSchema = builder.cryptoSchema(); this.parsedHeader = builder.parsedHeader(); } - public StructuredData encryptedStructure() { + public Map encryptedStructure() { return this.encryptedStructure; } + public Map cryptoSchema() { + return this.cryptoSchema; + } + public ParsedHeader parsedHeader() { return this.parsedHeader; } @@ -33,9 +41,15 @@ public static Builder builder() { } public interface Builder { - Builder encryptedStructure(StructuredData encryptedStructure); + Builder encryptedStructure( + Map encryptedStructure + ); + + Map encryptedStructure(); - StructuredData encryptedStructure(); + Builder cryptoSchema(Map cryptoSchema); + + Map cryptoSchema(); Builder parsedHeader(ParsedHeader parsedHeader); @@ -46,7 +60,9 @@ public interface Builder { static class BuilderImpl implements Builder { - protected StructuredData encryptedStructure; + protected Map encryptedStructure; + + protected Map cryptoSchema; protected ParsedHeader parsedHeader; @@ -54,18 +70,30 @@ protected BuilderImpl() {} protected BuilderImpl(EncryptStructureOutput model) { this.encryptedStructure = model.encryptedStructure(); + this.cryptoSchema = model.cryptoSchema(); this.parsedHeader = model.parsedHeader(); } - public Builder encryptedStructure(StructuredData encryptedStructure) { + public Builder encryptedStructure( + Map encryptedStructure + ) { this.encryptedStructure = encryptedStructure; return this; } - public StructuredData encryptedStructure() { + public Map encryptedStructure() { return this.encryptedStructure; } + public Builder cryptoSchema(Map cryptoSchema) { + this.cryptoSchema = cryptoSchema; + return this; + } + + public Map cryptoSchema() { + return this.cryptoSchema; + } + public Builder parsedHeader(ParsedHeader parsedHeader) { this.parsedHeader = parsedHeader; return this; @@ -81,6 +109,11 @@ public EncryptStructureOutput build() { "Missing value for required field `encryptedStructure`" ); } + if (Objects.isNull(this.cryptoSchema())) { + throw new IllegalArgumentException( + "Missing value for required field `cryptoSchema`" + ); + } if (Objects.isNull(this.parsedHeader())) { throw new IllegalArgumentException( "Missing value for required field `parsedHeader`" diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/ParsedHeader.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/ParsedHeader.java index 2c806dd94..2865782b6 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/ParsedHeader.java +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/ParsedHeader.java @@ -11,8 +11,6 @@ public class ParsedHeader { - private final CryptoSchema cryptoSchema; - private final DBEAlgorithmSuiteId algorithmSuiteId; private final List encryptedDataKeys; @@ -22,17 +20,12 @@ public class ParsedHeader { private final Map encryptionContext; protected ParsedHeader(BuilderImpl builder) { - this.cryptoSchema = builder.cryptoSchema(); this.algorithmSuiteId = builder.algorithmSuiteId(); this.encryptedDataKeys = builder.encryptedDataKeys(); this.storedEncryptionContext = builder.storedEncryptionContext(); this.encryptionContext = builder.encryptionContext(); } - public CryptoSchema cryptoSchema() { - return this.cryptoSchema; - } - public DBEAlgorithmSuiteId algorithmSuiteId() { return this.algorithmSuiteId; } @@ -58,10 +51,6 @@ public static Builder builder() { } public interface Builder { - Builder cryptoSchema(CryptoSchema cryptoSchema); - - CryptoSchema cryptoSchema(); - Builder algorithmSuiteId(DBEAlgorithmSuiteId algorithmSuiteId); DBEAlgorithmSuiteId algorithmSuiteId(); @@ -85,8 +74,6 @@ Builder storedEncryptionContext( static class BuilderImpl implements Builder { - protected CryptoSchema cryptoSchema; - protected DBEAlgorithmSuiteId algorithmSuiteId; protected List encryptedDataKeys; @@ -98,22 +85,12 @@ static class BuilderImpl implements Builder { protected BuilderImpl() {} protected BuilderImpl(ParsedHeader model) { - this.cryptoSchema = model.cryptoSchema(); this.algorithmSuiteId = model.algorithmSuiteId(); this.encryptedDataKeys = model.encryptedDataKeys(); this.storedEncryptionContext = model.storedEncryptionContext(); this.encryptionContext = model.encryptionContext(); } - public Builder cryptoSchema(CryptoSchema cryptoSchema) { - this.cryptoSchema = cryptoSchema; - return this; - } - - public CryptoSchema cryptoSchema() { - return this.cryptoSchema; - } - public Builder algorithmSuiteId(DBEAlgorithmSuiteId algorithmSuiteId) { this.algorithmSuiteId = algorithmSuiteId; return this; @@ -153,11 +130,6 @@ public Map encryptionContext() { } public ParsedHeader build() { - if (Objects.isNull(this.cryptoSchema())) { - throw new IllegalArgumentException( - "Missing value for required field `cryptoSchema`" - ); - } if (Objects.isNull(this.algorithmSuiteId())) { throw new IllegalArgumentException( "Missing value for required field `algorithmSuiteId`" diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/PathSegment.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/PathSegment.java new file mode 100644 index 000000000..60e383fb0 --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/PathSegment.java @@ -0,0 +1,78 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +package software.amazon.cryptography.dbencryptionsdk.structuredencryption.model; + +import java.util.Objects; + +public class PathSegment { + + private final StructureSegment member; + + protected PathSegment(BuilderImpl builder) { + this.member = builder.member(); + } + + public StructureSegment member() { + return this.member; + } + + public Builder toBuilder() { + return new BuilderImpl(this); + } + + public static Builder builder() { + return new BuilderImpl(); + } + + public interface Builder { + Builder member(StructureSegment member); + + StructureSegment member(); + + PathSegment build(); + } + + static class BuilderImpl implements Builder { + + protected StructureSegment member; + + protected BuilderImpl() {} + + protected BuilderImpl(PathSegment model) { + this.member = model.member(); + } + + public Builder member(StructureSegment member) { + this.member = member; + return this; + } + + public StructureSegment member() { + return this.member; + } + + public PathSegment build() { + if (!onlyOneNonNull()) { + throw new IllegalArgumentException( + "`PathSegment` is a Union. A Union MUST have one and only one value set." + ); + } + return new PathSegment(this); + } + + private boolean onlyOneNonNull() { + Object[] allValues = { this.member }; + boolean haveOneNonNull = false; + for (Object o : allValues) { + if (Objects.nonNull(o)) { + if (haveOneNonNull) { + return false; + } + haveOneNonNull = true; + } + } + return haveOneNonNull; + } + } +} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/ResolveAuthActionsInput.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/ResolveAuthActionsInput.java new file mode 100644 index 000000000..6badab5b1 --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/ResolveAuthActionsInput.java @@ -0,0 +1,122 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +package software.amazon.cryptography.dbencryptionsdk.structuredencryption.model; + +import java.nio.ByteBuffer; +import java.util.List; +import java.util.Objects; + +public class ResolveAuthActionsInput { + + private final String tableName; + + private final List authActions; + + private final ByteBuffer headerBytes; + + protected ResolveAuthActionsInput(BuilderImpl builder) { + this.tableName = builder.tableName(); + this.authActions = builder.authActions(); + this.headerBytes = builder.headerBytes(); + } + + public String tableName() { + return this.tableName; + } + + public List authActions() { + return this.authActions; + } + + public ByteBuffer headerBytes() { + return this.headerBytes; + } + + public Builder toBuilder() { + return new BuilderImpl(this); + } + + public static Builder builder() { + return new BuilderImpl(); + } + + public interface Builder { + Builder tableName(String tableName); + + String tableName(); + + Builder authActions(List authActions); + + List authActions(); + + Builder headerBytes(ByteBuffer headerBytes); + + ByteBuffer headerBytes(); + + ResolveAuthActionsInput build(); + } + + static class BuilderImpl implements Builder { + + protected String tableName; + + protected List authActions; + + protected ByteBuffer headerBytes; + + protected BuilderImpl() {} + + protected BuilderImpl(ResolveAuthActionsInput model) { + this.tableName = model.tableName(); + this.authActions = model.authActions(); + this.headerBytes = model.headerBytes(); + } + + public Builder tableName(String tableName) { + this.tableName = tableName; + return this; + } + + public String tableName() { + return this.tableName; + } + + public Builder authActions(List authActions) { + this.authActions = authActions; + return this; + } + + public List authActions() { + return this.authActions; + } + + public Builder headerBytes(ByteBuffer headerBytes) { + this.headerBytes = headerBytes; + return this; + } + + public ByteBuffer headerBytes() { + return this.headerBytes; + } + + public ResolveAuthActionsInput build() { + if (Objects.isNull(this.tableName())) { + throw new IllegalArgumentException( + "Missing value for required field `tableName`" + ); + } + if (Objects.isNull(this.authActions())) { + throw new IllegalArgumentException( + "Missing value for required field `authActions`" + ); + } + if (Objects.isNull(this.headerBytes())) { + throw new IllegalArgumentException( + "Missing value for required field `headerBytes`" + ); + } + return new ResolveAuthActionsInput(this); + } + } +} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/ResolveAuthActionsOutput.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/ResolveAuthActionsOutput.java new file mode 100644 index 000000000..c458e0cb0 --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/ResolveAuthActionsOutput.java @@ -0,0 +1,65 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +package software.amazon.cryptography.dbencryptionsdk.structuredencryption.model; + +import java.util.List; +import java.util.Objects; + +public class ResolveAuthActionsOutput { + + private final List cryptoActions; + + protected ResolveAuthActionsOutput(BuilderImpl builder) { + this.cryptoActions = builder.cryptoActions(); + } + + public List cryptoActions() { + return this.cryptoActions; + } + + public Builder toBuilder() { + return new BuilderImpl(this); + } + + public static Builder builder() { + return new BuilderImpl(); + } + + public interface Builder { + Builder cryptoActions(List cryptoActions); + + List cryptoActions(); + + ResolveAuthActionsOutput build(); + } + + static class BuilderImpl implements Builder { + + protected List cryptoActions; + + protected BuilderImpl() {} + + protected BuilderImpl(ResolveAuthActionsOutput model) { + this.cryptoActions = model.cryptoActions(); + } + + public Builder cryptoActions(List cryptoActions) { + this.cryptoActions = cryptoActions; + return this; + } + + public List cryptoActions() { + return this.cryptoActions; + } + + public ResolveAuthActionsOutput build() { + if (Objects.isNull(this.cryptoActions())) { + throw new IllegalArgumentException( + "Missing value for required field `cryptoActions`" + ); + } + return new ResolveAuthActionsOutput(this); + } + } +} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/StructureSegment.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/StructureSegment.java new file mode 100644 index 000000000..f4e8d95cf --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/StructureSegment.java @@ -0,0 +1,64 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +package software.amazon.cryptography.dbencryptionsdk.structuredencryption.model; + +import java.util.Objects; + +public class StructureSegment { + + private final String key; + + protected StructureSegment(BuilderImpl builder) { + this.key = builder.key(); + } + + public String key() { + return this.key; + } + + public Builder toBuilder() { + return new BuilderImpl(this); + } + + public static Builder builder() { + return new BuilderImpl(); + } + + public interface Builder { + Builder key(String key); + + String key(); + + StructureSegment build(); + } + + static class BuilderImpl implements Builder { + + protected String key; + + protected BuilderImpl() {} + + protected BuilderImpl(StructureSegment model) { + this.key = model.key(); + } + + public Builder key(String key) { + this.key = key; + return this; + } + + public String key() { + return this.key; + } + + public StructureSegment build() { + if (Objects.isNull(this.key())) { + throw new IllegalArgumentException( + "Missing value for required field `key`" + ); + } + return new StructureSegment(this); + } + } +} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/StructuredData.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/StructuredData.java deleted file mode 100644 index d63dd4c58..000000000 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/StructuredData.java +++ /dev/null @@ -1,88 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 -// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. -package software.amazon.cryptography.dbencryptionsdk.structuredencryption.model; - -import java.util.Map; -import java.util.Objects; - -public class StructuredData { - - private final StructuredDataContent content; - - private final Map attributes; - - protected StructuredData(BuilderImpl builder) { - this.content = builder.content(); - this.attributes = builder.attributes(); - } - - public StructuredDataContent content() { - return this.content; - } - - public Map attributes() { - return this.attributes; - } - - public Builder toBuilder() { - return new BuilderImpl(this); - } - - public static Builder builder() { - return new BuilderImpl(); - } - - public interface Builder { - Builder content(StructuredDataContent content); - - StructuredDataContent content(); - - Builder attributes(Map attributes); - - Map attributes(); - - StructuredData build(); - } - - static class BuilderImpl implements Builder { - - protected StructuredDataContent content; - - protected Map attributes; - - protected BuilderImpl() {} - - protected BuilderImpl(StructuredData model) { - this.content = model.content(); - this.attributes = model.attributes(); - } - - public Builder content(StructuredDataContent content) { - this.content = content; - return this; - } - - public StructuredDataContent content() { - return this.content; - } - - public Builder attributes(Map attributes) { - this.attributes = attributes; - return this; - } - - public Map attributes() { - return this.attributes; - } - - public StructuredData build() { - if (Objects.isNull(this.content())) { - throw new IllegalArgumentException( - "Missing value for required field `content`" - ); - } - return new StructuredData(this); - } - } -} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/StructuredDataContent.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/StructuredDataContent.java deleted file mode 100644 index 46fb82b77..000000000 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/structuredencryption/model/StructuredDataContent.java +++ /dev/null @@ -1,126 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 -// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. -package software.amazon.cryptography.dbencryptionsdk.structuredencryption.model; - -import java.util.List; -import java.util.Map; -import java.util.Objects; - -public class StructuredDataContent { - - private final StructuredDataTerminal Terminal; - - private final List DataList; - - private final Map DataMap; - - protected StructuredDataContent(BuilderImpl builder) { - this.Terminal = builder.Terminal(); - this.DataList = builder.DataList(); - this.DataMap = builder.DataMap(); - } - - public StructuredDataTerminal Terminal() { - return this.Terminal; - } - - public List DataList() { - return this.DataList; - } - - public Map DataMap() { - return this.DataMap; - } - - public Builder toBuilder() { - return new BuilderImpl(this); - } - - public static Builder builder() { - return new BuilderImpl(); - } - - public interface Builder { - Builder Terminal(StructuredDataTerminal Terminal); - - StructuredDataTerminal Terminal(); - - Builder DataList(List DataList); - - List DataList(); - - Builder DataMap(Map DataMap); - - Map DataMap(); - - StructuredDataContent build(); - } - - static class BuilderImpl implements Builder { - - protected StructuredDataTerminal Terminal; - - protected List DataList; - - protected Map DataMap; - - protected BuilderImpl() {} - - protected BuilderImpl(StructuredDataContent model) { - this.Terminal = model.Terminal(); - this.DataList = model.DataList(); - this.DataMap = model.DataMap(); - } - - public Builder Terminal(StructuredDataTerminal Terminal) { - this.Terminal = Terminal; - return this; - } - - public StructuredDataTerminal Terminal() { - return this.Terminal; - } - - public Builder DataList(List DataList) { - this.DataList = DataList; - return this; - } - - public List DataList() { - return this.DataList; - } - - public Builder DataMap(Map DataMap) { - this.DataMap = DataMap; - return this; - } - - public Map DataMap() { - return this.DataMap; - } - - public StructuredDataContent build() { - if (!onlyOneNonNull()) { - throw new IllegalArgumentException( - "`StructuredDataContent` is a Union. A Union MUST have one and only one value set." - ); - } - return new StructuredDataContent(this); - } - - private boolean onlyOneNonNull() { - Object[] allValues = { this.Terminal, this.DataList, this.DataMap }; - boolean haveOneNonNull = false; - for (Object o : allValues) { - if (Objects.nonNull(o)) { - if (haveOneNonNull) { - return false; - } - haveOneNonNull = true; - } - } - return haveOneNonNull; - } - } -} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/AuthItem.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/AuthItem.cs new file mode 100644 index 000000000..3645d704d --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/AuthItem.cs @@ -0,0 +1,48 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; +namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption +{ + public class AuthItem + { + private System.Collections.Generic.List _key; + private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal _data; + private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction _action; + public System.Collections.Generic.List Key + { + get { return this._key; } + set { this._key = value; } + } + public bool IsSetKey() + { + return this._key != null; + } + public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal Data + { + get { return this._data; } + set { this._data = value; } + } + public bool IsSetData() + { + return this._data != null; + } + public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction Action + { + get { return this._action; } + set { this._action = value; } + } + public bool IsSetAction() + { + return this._action != null; + } + public void Validate() + { + if (!IsSetKey()) throw new System.ArgumentException("Missing value for required property 'Key'"); + if (!IsSetData()) throw new System.ArgumentException("Missing value for required property 'Data'"); + if (!IsSetAction()) throw new System.ArgumentException("Missing value for required property 'Action'"); + + } + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/AuthenticateItem.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/AuthenticateItem.cs new file mode 100644 index 000000000..c95f3b73b --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/AuthenticateItem.cs @@ -0,0 +1,48 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; +namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption +{ + public class AuthenticateItem + { + private System.Collections.Generic.List _key; + private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal _data; + private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction _action; + public System.Collections.Generic.List Key + { + get { return this._key; } + set { this._key = value; } + } + public bool IsSetKey() + { + return this._key != null; + } + public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal Data + { + get { return this._data; } + set { this._data = value; } + } + public bool IsSetData() + { + return this._data != null; + } + public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction Action + { + get { return this._action; } + set { this._action = value; } + } + public bool IsSetAction() + { + return this._action != null; + } + public void Validate() + { + if (!IsSetKey()) throw new System.ArgumentException("Missing value for required property 'Key'"); + if (!IsSetData()) throw new System.ArgumentException("Missing value for required property 'Data'"); + if (!IsSetAction()) throw new System.ArgumentException("Missing value for required property 'Action'"); + + } + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/AuthenticateSchema.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/AuthenticateSchema.cs deleted file mode 100644 index 29de379ce..000000000 --- a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/AuthenticateSchema.cs +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 -// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. -using System; -using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; -namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption -{ - public class AuthenticateSchema - { - private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchemaContent _content; - private System.Collections.Generic.Dictionary _attributes; - public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchemaContent Content - { - get { return this._content; } - set { this._content = value; } - } - public bool IsSetContent() - { - return this._content != null; - } - public System.Collections.Generic.Dictionary Attributes - { - get { return this._attributes; } - set { this._attributes = value; } - } - public bool IsSetAttributes() - { - return this._attributes != null; - } - public void Validate() - { - if (!IsSetContent()) throw new System.ArgumentException("Missing value for required property 'Content'"); - - } - } -} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/AuthenticateSchemaContent.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/AuthenticateSchemaContent.cs deleted file mode 100644 index 3fb97b542..000000000 --- a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/AuthenticateSchemaContent.cs +++ /dev/null @@ -1,51 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 -// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. -using System; -using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; -namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption -{ - public class AuthenticateSchemaContent - { - private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction _action; - private System.Collections.Generic.Dictionary _schemaMap; - private System.Collections.Generic.List _schemaList; - public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction Action - { - get { return this._action; } - set { this._action = value; } - } - public bool IsSetAction() - { - return this._action != null; - } - public System.Collections.Generic.Dictionary SchemaMap - { - get { return this._schemaMap; } - set { this._schemaMap = value; } - } - public bool IsSetSchemaMap() - { - return this._schemaMap != null; - } - public System.Collections.Generic.List SchemaList - { - get { return this._schemaList; } - set { this._schemaList = value; } - } - public bool IsSetSchemaList() - { - return this._schemaList != null; - } - public void Validate() - { - var numberOfPropertiesSet = Convert.ToUInt16(IsSetAction()) + - Convert.ToUInt16(IsSetSchemaMap()) + - Convert.ToUInt16(IsSetSchemaList()); - if (numberOfPropertiesSet == 0) throw new System.ArgumentException("No union value set"); - - if (numberOfPropertiesSet > 1) throw new System.ArgumentException("Multiple union values set"); - - } - } -} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/CryptoItem.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/CryptoItem.cs new file mode 100644 index 000000000..870ebeed8 --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/CryptoItem.cs @@ -0,0 +1,48 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; +namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption +{ + public class CryptoItem + { + private System.Collections.Generic.List _key; + private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal _data; + private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction _action; + public System.Collections.Generic.List Key + { + get { return this._key; } + set { this._key = value; } + } + public bool IsSetKey() + { + return this._key != null; + } + public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal Data + { + get { return this._data; } + set { this._data = value; } + } + public bool IsSetData() + { + return this._data != null; + } + public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction Action + { + get { return this._action; } + set { this._action = value; } + } + public bool IsSetAction() + { + return this._action != null; + } + public void Validate() + { + if (!IsSetKey()) throw new System.ArgumentException("Missing value for required property 'Key'"); + if (!IsSetData()) throw new System.ArgumentException("Missing value for required property 'Data'"); + if (!IsSetAction()) throw new System.ArgumentException("Missing value for required property 'Action'"); + + } + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/CryptoSchema.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/CryptoSchema.cs deleted file mode 100644 index 19ec93dcd..000000000 --- a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/CryptoSchema.cs +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 -// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. -using System; -using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; -namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption -{ - public class CryptoSchema - { - private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchemaContent _content; - private System.Collections.Generic.Dictionary _attributes; - public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchemaContent Content - { - get { return this._content; } - set { this._content = value; } - } - public bool IsSetContent() - { - return this._content != null; - } - public System.Collections.Generic.Dictionary Attributes - { - get { return this._attributes; } - set { this._attributes = value; } - } - public bool IsSetAttributes() - { - return this._attributes != null; - } - public void Validate() - { - if (!IsSetContent()) throw new System.ArgumentException("Missing value for required property 'Content'"); - - } - } -} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/CryptoSchemaContent.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/CryptoSchemaContent.cs deleted file mode 100644 index e646b6bd0..000000000 --- a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/CryptoSchemaContent.cs +++ /dev/null @@ -1,51 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 -// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. -using System; -using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; -namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption -{ - public class CryptoSchemaContent - { - private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction _action; - private System.Collections.Generic.Dictionary _schemaMap; - private System.Collections.Generic.List _schemaList; - public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction Action - { - get { return this._action; } - set { this._action = value; } - } - public bool IsSetAction() - { - return this._action != null; - } - public System.Collections.Generic.Dictionary SchemaMap - { - get { return this._schemaMap; } - set { this._schemaMap = value; } - } - public bool IsSetSchemaMap() - { - return this._schemaMap != null; - } - public System.Collections.Generic.List SchemaList - { - get { return this._schemaList; } - set { this._schemaList = value; } - } - public bool IsSetSchemaList() - { - return this._schemaList != null; - } - public void Validate() - { - var numberOfPropertiesSet = Convert.ToUInt16(IsSetAction()) + - Convert.ToUInt16(IsSetSchemaMap()) + - Convert.ToUInt16(IsSetSchemaList()); - if (numberOfPropertiesSet == 0) throw new System.ArgumentException("No union value set"); - - if (numberOfPropertiesSet > 1) throw new System.ArgumentException("Multiple union values set"); - - } - } -} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/CryptoSchemaItem.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/CryptoSchemaItem.cs new file mode 100644 index 000000000..62d045ad4 --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/CryptoSchemaItem.cs @@ -0,0 +1,48 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; +namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption +{ + public class CryptoSchemaItem + { + private System.Collections.Generic.List _key; + private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal _data; + private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction _action; + public System.Collections.Generic.List Key + { + get { return this._key; } + set { this._key = value; } + } + public bool IsSetKey() + { + return this._key != null; + } + public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal Data + { + get { return this._data; } + set { this._data = value; } + } + public bool IsSetData() + { + return this._data != null; + } + public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction Action + { + get { return this._action; } + set { this._action = value; } + } + public bool IsSetAction() + { + return this._action != null; + } + public void Validate() + { + if (!IsSetKey()) throw new System.ArgumentException("Missing value for required property 'Key'"); + if (!IsSetData()) throw new System.ArgumentException("Missing value for required property 'Data'"); + if (!IsSetAction()) throw new System.ArgumentException("Missing value for required property 'Action'"); + + } + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/DecryptPathStructureInput.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/DecryptPathStructureInput.cs new file mode 100644 index 000000000..541f1f416 --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/DecryptPathStructureInput.cs @@ -0,0 +1,58 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; +namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption +{ + public class DecryptPathStructureInput + { + private string _tableName; + private System.Collections.Generic.List _encryptedStructure; + private AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager _cmm; + private System.Collections.Generic.Dictionary _encryptionContext; + public string TableName + { + get { return this._tableName; } + set { this._tableName = value; } + } + public bool IsSetTableName() + { + return this._tableName != null; + } + public System.Collections.Generic.List EncryptedStructure + { + get { return this._encryptedStructure; } + set { this._encryptedStructure = value; } + } + public bool IsSetEncryptedStructure() + { + return this._encryptedStructure != null; + } + public AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager Cmm + { + get { return this._cmm; } + set { this._cmm = value; } + } + public bool IsSetCmm() + { + return this._cmm != null; + } + public System.Collections.Generic.Dictionary EncryptionContext + { + get { return this._encryptionContext; } + set { this._encryptionContext = value; } + } + public bool IsSetEncryptionContext() + { + return this._encryptionContext != null; + } + public void Validate() + { + if (!IsSetTableName()) throw new System.ArgumentException("Missing value for required property 'TableName'"); + if (!IsSetEncryptedStructure()) throw new System.ArgumentException("Missing value for required property 'EncryptedStructure'"); + if (!IsSetCmm()) throw new System.ArgumentException("Missing value for required property 'Cmm'"); + + } + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/DecryptPathStructureOutput.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/DecryptPathStructureOutput.cs new file mode 100644 index 000000000..a40a7bd03 --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/DecryptPathStructureOutput.cs @@ -0,0 +1,37 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; +namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption +{ + public class DecryptPathStructureOutput + { + private System.Collections.Generic.List _plaintextStructure; + private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader _parsedHeader; + public System.Collections.Generic.List PlaintextStructure + { + get { return this._plaintextStructure; } + set { this._plaintextStructure = value; } + } + public bool IsSetPlaintextStructure() + { + return this._plaintextStructure != null; + } + public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader ParsedHeader + { + get { return this._parsedHeader; } + set { this._parsedHeader = value; } + } + public bool IsSetParsedHeader() + { + return this._parsedHeader != null; + } + public void Validate() + { + if (!IsSetPlaintextStructure()) throw new System.ArgumentException("Missing value for required property 'PlaintextStructure'"); + if (!IsSetParsedHeader()) throw new System.ArgumentException("Missing value for required property 'ParsedHeader'"); + + } + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/DecryptStructureInput.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/DecryptStructureInput.cs index 7b4451804..667868ccd 100644 --- a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/DecryptStructureInput.cs +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/DecryptStructureInput.cs @@ -8,8 +8,8 @@ namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption public class DecryptStructureInput { private string _tableName; - private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData _encryptedStructure; - private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchema _authenticateSchema; + private System.Collections.Generic.Dictionary _encryptedStructure; + private System.Collections.Generic.Dictionary _authenticateSchema; private AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager _cmm; private System.Collections.Generic.Dictionary _encryptionContext; public string TableName @@ -21,7 +21,7 @@ public bool IsSetTableName() { return this._tableName != null; } - public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData EncryptedStructure + public System.Collections.Generic.Dictionary EncryptedStructure { get { return this._encryptedStructure; } set { this._encryptedStructure = value; } @@ -30,7 +30,7 @@ public bool IsSetEncryptedStructure() { return this._encryptedStructure != null; } - public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchema AuthenticateSchema + public System.Collections.Generic.Dictionary AuthenticateSchema { get { return this._authenticateSchema; } set { this._authenticateSchema = value; } diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/DecryptStructureOutput.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/DecryptStructureOutput.cs index 57b7a8970..00b6e4fd7 100644 --- a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/DecryptStructureOutput.cs +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/DecryptStructureOutput.cs @@ -7,9 +7,10 @@ namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption { public class DecryptStructureOutput { - private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData _plaintextStructure; + private System.Collections.Generic.Dictionary _plaintextStructure; + private System.Collections.Generic.Dictionary _cryptoSchema; private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader _parsedHeader; - public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData PlaintextStructure + public System.Collections.Generic.Dictionary PlaintextStructure { get { return this._plaintextStructure; } set { this._plaintextStructure = value; } @@ -18,6 +19,15 @@ public bool IsSetPlaintextStructure() { return this._plaintextStructure != null; } + public System.Collections.Generic.Dictionary CryptoSchema + { + get { return this._cryptoSchema; } + set { this._cryptoSchema = value; } + } + public bool IsSetCryptoSchema() + { + return this._cryptoSchema != null; + } public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader ParsedHeader { get { return this._parsedHeader; } @@ -30,6 +40,7 @@ public bool IsSetParsedHeader() public void Validate() { if (!IsSetPlaintextStructure()) throw new System.ArgumentException("Missing value for required property 'PlaintextStructure'"); + if (!IsSetCryptoSchema()) throw new System.ArgumentException("Missing value for required property 'CryptoSchema'"); if (!IsSetParsedHeader()) throw new System.ArgumentException("Missing value for required property 'ParsedHeader'"); } diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/EncryptPathStructureInput.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/EncryptPathStructureInput.cs new file mode 100644 index 000000000..6c20b7eab --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/EncryptPathStructureInput.cs @@ -0,0 +1,68 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; +namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption +{ + public class EncryptPathStructureInput + { + private string _tableName; + private System.Collections.Generic.List _plaintextStructure; + private AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager _cmm; + private AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId _algorithmSuiteId; + private System.Collections.Generic.Dictionary _encryptionContext; + public string TableName + { + get { return this._tableName; } + set { this._tableName = value; } + } + public bool IsSetTableName() + { + return this._tableName != null; + } + public System.Collections.Generic.List PlaintextStructure + { + get { return this._plaintextStructure; } + set { this._plaintextStructure = value; } + } + public bool IsSetPlaintextStructure() + { + return this._plaintextStructure != null; + } + public AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager Cmm + { + get { return this._cmm; } + set { this._cmm = value; } + } + public bool IsSetCmm() + { + return this._cmm != null; + } + public AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId AlgorithmSuiteId + { + get { return this._algorithmSuiteId; } + set { this._algorithmSuiteId = value; } + } + public bool IsSetAlgorithmSuiteId() + { + return this._algorithmSuiteId != null; + } + public System.Collections.Generic.Dictionary EncryptionContext + { + get { return this._encryptionContext; } + set { this._encryptionContext = value; } + } + public bool IsSetEncryptionContext() + { + return this._encryptionContext != null; + } + public void Validate() + { + if (!IsSetTableName()) throw new System.ArgumentException("Missing value for required property 'TableName'"); + if (!IsSetPlaintextStructure()) throw new System.ArgumentException("Missing value for required property 'PlaintextStructure'"); + if (!IsSetCmm()) throw new System.ArgumentException("Missing value for required property 'Cmm'"); + + } + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/EncryptPathStructureOutput.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/EncryptPathStructureOutput.cs new file mode 100644 index 000000000..dbae78808 --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/EncryptPathStructureOutput.cs @@ -0,0 +1,37 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; +namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption +{ + public class EncryptPathStructureOutput + { + private System.Collections.Generic.List _encryptedStructure; + private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader _parsedHeader; + public System.Collections.Generic.List EncryptedStructure + { + get { return this._encryptedStructure; } + set { this._encryptedStructure = value; } + } + public bool IsSetEncryptedStructure() + { + return this._encryptedStructure != null; + } + public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader ParsedHeader + { + get { return this._parsedHeader; } + set { this._parsedHeader = value; } + } + public bool IsSetParsedHeader() + { + return this._parsedHeader != null; + } + public void Validate() + { + if (!IsSetEncryptedStructure()) throw new System.ArgumentException("Missing value for required property 'EncryptedStructure'"); + if (!IsSetParsedHeader()) throw new System.ArgumentException("Missing value for required property 'ParsedHeader'"); + + } + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/EncryptStructureInput.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/EncryptStructureInput.cs index 89db897cd..2321e5ba9 100644 --- a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/EncryptStructureInput.cs +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/EncryptStructureInput.cs @@ -8,8 +8,8 @@ namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption public class EncryptStructureInput { private string _tableName; - private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData _plaintextStructure; - private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchema _cryptoSchema; + private System.Collections.Generic.Dictionary _plaintextStructure; + private System.Collections.Generic.Dictionary _cryptoSchema; private AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager _cmm; private AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId _algorithmSuiteId; private System.Collections.Generic.Dictionary _encryptionContext; @@ -22,7 +22,7 @@ public bool IsSetTableName() { return this._tableName != null; } - public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData PlaintextStructure + public System.Collections.Generic.Dictionary PlaintextStructure { get { return this._plaintextStructure; } set { this._plaintextStructure = value; } @@ -31,7 +31,7 @@ public bool IsSetPlaintextStructure() { return this._plaintextStructure != null; } - public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchema CryptoSchema + public System.Collections.Generic.Dictionary CryptoSchema { get { return this._cryptoSchema; } set { this._cryptoSchema = value; } diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/EncryptStructureOutput.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/EncryptStructureOutput.cs index 45a685ab2..8f0a77074 100644 --- a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/EncryptStructureOutput.cs +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/EncryptStructureOutput.cs @@ -7,9 +7,10 @@ namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption { public class EncryptStructureOutput { - private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData _encryptedStructure; + private System.Collections.Generic.Dictionary _encryptedStructure; + private System.Collections.Generic.Dictionary _cryptoSchema; private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader _parsedHeader; - public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData EncryptedStructure + public System.Collections.Generic.Dictionary EncryptedStructure { get { return this._encryptedStructure; } set { this._encryptedStructure = value; } @@ -18,6 +19,15 @@ public bool IsSetEncryptedStructure() { return this._encryptedStructure != null; } + public System.Collections.Generic.Dictionary CryptoSchema + { + get { return this._cryptoSchema; } + set { this._cryptoSchema = value; } + } + public bool IsSetCryptoSchema() + { + return this._cryptoSchema != null; + } public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader ParsedHeader { get { return this._parsedHeader; } @@ -30,6 +40,7 @@ public bool IsSetParsedHeader() public void Validate() { if (!IsSetEncryptedStructure()) throw new System.ArgumentException("Missing value for required property 'EncryptedStructure'"); + if (!IsSetCryptoSchema()) throw new System.ArgumentException("Missing value for required property 'CryptoSchema'"); if (!IsSetParsedHeader()) throw new System.ArgumentException("Missing value for required property 'ParsedHeader'"); } diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/ParsedHeader.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/ParsedHeader.cs index ee3e1d376..bf2cd9f0f 100644 --- a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/ParsedHeader.cs +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/ParsedHeader.cs @@ -7,20 +7,10 @@ namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption { public class ParsedHeader { - private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchema _cryptoSchema; private AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId _algorithmSuiteId; private System.Collections.Generic.List _encryptedDataKeys; private System.Collections.Generic.Dictionary _storedEncryptionContext; private System.Collections.Generic.Dictionary _encryptionContext; - public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchema CryptoSchema - { - get { return this._cryptoSchema; } - set { this._cryptoSchema = value; } - } - public bool IsSetCryptoSchema() - { - return this._cryptoSchema != null; - } public AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId AlgorithmSuiteId { get { return this._algorithmSuiteId; } @@ -59,7 +49,6 @@ public bool IsSetEncryptionContext() } public void Validate() { - if (!IsSetCryptoSchema()) throw new System.ArgumentException("Missing value for required property 'CryptoSchema'"); if (!IsSetAlgorithmSuiteId()) throw new System.ArgumentException("Missing value for required property 'AlgorithmSuiteId'"); if (!IsSetEncryptedDataKeys()) throw new System.ArgumentException("Missing value for required property 'EncryptedDataKeys'"); if (!IsSetStoredEncryptionContext()) throw new System.ArgumentException("Missing value for required property 'StoredEncryptionContext'"); diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/PathSegment.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/PathSegment.cs new file mode 100644 index 000000000..1eaa4b10b --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/PathSegment.cs @@ -0,0 +1,29 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; +namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption +{ + public class PathSegment + { + private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructureSegment _member; + public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructureSegment Member + { + get { return this._member; } + set { this._member = value; } + } + public bool IsSetMember() + { + return this._member != null; + } + public void Validate() + { + var numberOfPropertiesSet = Convert.ToUInt16(IsSetMember()); + if (numberOfPropertiesSet == 0) throw new System.ArgumentException("No union value set"); + + if (numberOfPropertiesSet > 1) throw new System.ArgumentException("Multiple union values set"); + + } + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/ResolveAuthActionsInput.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/ResolveAuthActionsInput.cs new file mode 100644 index 000000000..7220d849e --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/ResolveAuthActionsInput.cs @@ -0,0 +1,48 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; +namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption +{ + public class ResolveAuthActionsInput + { + private string _tableName; + private System.Collections.Generic.List _authActions; + private System.IO.MemoryStream _headerBytes; + public string TableName + { + get { return this._tableName; } + set { this._tableName = value; } + } + public bool IsSetTableName() + { + return this._tableName != null; + } + public System.Collections.Generic.List AuthActions + { + get { return this._authActions; } + set { this._authActions = value; } + } + public bool IsSetAuthActions() + { + return this._authActions != null; + } + public System.IO.MemoryStream HeaderBytes + { + get { return this._headerBytes; } + set { this._headerBytes = value; } + } + public bool IsSetHeaderBytes() + { + return this._headerBytes != null; + } + public void Validate() + { + if (!IsSetTableName()) throw new System.ArgumentException("Missing value for required property 'TableName'"); + if (!IsSetAuthActions()) throw new System.ArgumentException("Missing value for required property 'AuthActions'"); + if (!IsSetHeaderBytes()) throw new System.ArgumentException("Missing value for required property 'HeaderBytes'"); + + } + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/ResolveAuthActionsOutput.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/ResolveAuthActionsOutput.cs new file mode 100644 index 000000000..4346632b8 --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/ResolveAuthActionsOutput.cs @@ -0,0 +1,26 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; +namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption +{ + public class ResolveAuthActionsOutput + { + private System.Collections.Generic.List _cryptoActions; + public System.Collections.Generic.List CryptoActions + { + get { return this._cryptoActions; } + set { this._cryptoActions = value; } + } + public bool IsSetCryptoActions() + { + return this._cryptoActions != null; + } + public void Validate() + { + if (!IsSetCryptoActions()) throw new System.ArgumentException("Missing value for required property 'CryptoActions'"); + + } + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/StructureSegment.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/StructureSegment.cs new file mode 100644 index 000000000..4e5ee19df --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/StructureSegment.cs @@ -0,0 +1,26 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; +namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption +{ + public class StructureSegment + { + private string _key; + public string Key + { + get { return this._key; } + set { this._key = value; } + } + public bool IsSetKey() + { + return this._key != null; + } + public void Validate() + { + if (!IsSetKey()) throw new System.ArgumentException("Missing value for required property 'Key'"); + + } + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/StructuredData.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/StructuredData.cs deleted file mode 100644 index d5dfba14e..000000000 --- a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/StructuredData.cs +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 -// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. -using System; -using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; -namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption -{ - public class StructuredData - { - private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataContent _content; - private System.Collections.Generic.Dictionary _attributes; - public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataContent Content - { - get { return this._content; } - set { this._content = value; } - } - public bool IsSetContent() - { - return this._content != null; - } - public System.Collections.Generic.Dictionary Attributes - { - get { return this._attributes; } - set { this._attributes = value; } - } - public bool IsSetAttributes() - { - return this._attributes != null; - } - public void Validate() - { - if (!IsSetContent()) throw new System.ArgumentException("Missing value for required property 'Content'"); - - } - } -} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/StructuredDataContent.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/StructuredDataContent.cs deleted file mode 100644 index dba48c391..000000000 --- a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/StructuredDataContent.cs +++ /dev/null @@ -1,51 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 -// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. -using System; -using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; -namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption -{ - public class StructuredDataContent - { - private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal _terminal; - private System.Collections.Generic.List _dataList; - private System.Collections.Generic.Dictionary _dataMap; - public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal Terminal - { - get { return this._terminal; } - set { this._terminal = value; } - } - public bool IsSetTerminal() - { - return this._terminal != null; - } - public System.Collections.Generic.List DataList - { - get { return this._dataList; } - set { this._dataList = value; } - } - public bool IsSetDataList() - { - return this._dataList != null; - } - public System.Collections.Generic.Dictionary DataMap - { - get { return this._dataMap; } - set { this._dataMap = value; } - } - public bool IsSetDataMap() - { - return this._dataMap != null; - } - public void Validate() - { - var numberOfPropertiesSet = Convert.ToUInt16(IsSetTerminal()) + - Convert.ToUInt16(IsSetDataList()) + - Convert.ToUInt16(IsSetDataMap()); - if (numberOfPropertiesSet == 0) throw new System.ArgumentException("No union value set"); - - if (numberOfPropertiesSet > 1) throw new System.ArgumentException("Multiple union values set"); - - } - } -} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/StructuredEncryption.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/StructuredEncryption.cs index ad5edaeac..52a8ebd39 100644 --- a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/StructuredEncryption.cs +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/StructuredEncryption.cs @@ -40,5 +40,26 @@ public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptStructureOut if (result.is_Failure) throw TypeConversion.FromDafny_CommonError(result.dtor_error); return TypeConversion.FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput(result.dtor_value); } + public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptPathStructureOutput EncryptPathStructure(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptPathStructureInput input) + { + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IEncryptPathStructureInput internalInput = TypeConversion.ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput(input); + Wrappers_Compile._IResult result = _impl.EncryptPathStructure(internalInput); + if (result.is_Failure) throw TypeConversion.FromDafny_CommonError(result.dtor_error); + return TypeConversion.FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_EncryptPathStructureOutput(result.dtor_value); + } + public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptPathStructureOutput DecryptPathStructure(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptPathStructureInput input) + { + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IDecryptPathStructureInput internalInput = TypeConversion.ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput(input); + Wrappers_Compile._IResult result = _impl.DecryptPathStructure(internalInput); + if (result.is_Failure) throw TypeConversion.FromDafny_CommonError(result.dtor_error); + return TypeConversion.FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_DecryptPathStructureOutput(result.dtor_value); + } + public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ResolveAuthActionsOutput ResolveAuthActions(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ResolveAuthActionsInput input) + { + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IResolveAuthActionsInput internalInput = TypeConversion.ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S23_ResolveAuthActionsInput(input); + Wrappers_Compile._IResult result = _impl.ResolveAuthActions(internalInput); + if (result.is_Failure) throw TypeConversion.FromDafny_CommonError(result.dtor_error); + return TypeConversion.FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_ResolveAuthActionsOutput(result.dtor_value); + } } } diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/TypeConversion.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/TypeConversion.cs index 4cc4a7fe5..4e9890cfe 100644 --- a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/TypeConversion.cs +++ b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/TypeConversion.cs @@ -19,42 +19,6 @@ public static software.amazon.cryptography.dbencryptionsdk.structuredencryption. if (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction.DO_NOT_SIGN.Equals(value)) return software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateAction.create_DO__NOT__SIGN(); throw new System.ArgumentException("Invalid AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction value"); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchemaContent FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_AuthenticateSchemaContent(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateSchemaContent value) - { - software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateSchemaContent concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateSchemaContent)value; - var converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchemaContent(); if (value.is_Action) - { - converted.Action = FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_AuthenticateSchemaContent__M6_Action(concrete.dtor_Action); - return converted; - } - if (value.is_SchemaMap) - { - converted.SchemaMap = FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_AuthenticateSchemaContent__M9_SchemaMap(concrete.dtor_SchemaMap); - return converted; - } - if (value.is_SchemaList) - { - converted.SchemaList = FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_AuthenticateSchemaContent__M10_SchemaList(concrete.dtor_SchemaList); - return converted; - } - throw new System.ArgumentException("Invalid AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchemaContent state"); - } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateSchemaContent ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_AuthenticateSchemaContent(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchemaContent value) - { - value.Validate(); if (value.IsSetAction()) - { - return software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateSchemaContent.create_Action(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_AuthenticateSchemaContent__M6_Action(value.Action)); - } - if (value.IsSetSchemaMap()) - { - return software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateSchemaContent.create_SchemaMap(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_AuthenticateSchemaContent__M9_SchemaMap(value.SchemaMap)); - } - if (value.IsSetSchemaList()) - { - return software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateSchemaContent.create_SchemaList(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_AuthenticateSchemaContent__M10_SchemaList(value.SchemaList)); - } - throw new System.ArgumentException("Invalid AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchemaContent state"); - } public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoAction(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoAction value) { if (value.is_ENCRYPT__AND__SIGN) return AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction.ENCRYPT_AND_SIGN; @@ -71,47 +35,35 @@ public static software.amazon.cryptography.dbencryptionsdk.structuredencryption. if (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction.DO_NOTHING.Equals(value)) return software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoAction.create_DO__NOTHING(); throw new System.ArgumentException("Invalid AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction value"); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchemaContent FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S19_CryptoSchemaContent(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchemaContent value) + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptPathStructureInput FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IDecryptPathStructureInput value) { - software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoSchemaContent concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoSchemaContent)value; - var converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchemaContent(); if (value.is_Action) - { - converted.Action = FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S19_CryptoSchemaContent__M6_Action(concrete.dtor_Action); - return converted; - } - if (value.is_SchemaMap) - { - converted.SchemaMap = FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S19_CryptoSchemaContent__M9_SchemaMap(concrete.dtor_SchemaMap); - return converted; - } - if (value.is_SchemaList) - { - converted.SchemaList = FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S19_CryptoSchemaContent__M10_SchemaList(concrete.dtor_SchemaList); - return converted; - } - throw new System.ArgumentException("Invalid AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchemaContent state"); + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptPathStructureInput concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptPathStructureInput)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptPathStructureInput converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptPathStructureInput(); converted.TableName = (string)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput__M9_tableName(concrete._tableName); + converted.EncryptedStructure = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput__M18_encryptedStructure(concrete._encryptedStructure); + converted.Cmm = (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput__M3_cmm(concrete._cmm); + if (concrete._encryptionContext.is_Some) converted.EncryptionContext = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput__M17_encryptionContext(concrete._encryptionContext); return converted; } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchemaContent ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S19_CryptoSchemaContent(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchemaContent value) + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IDecryptPathStructureInput ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptPathStructureInput value) { - value.Validate(); if (value.IsSetAction()) - { - return software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoSchemaContent.create_Action(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S19_CryptoSchemaContent__M6_Action(value.Action)); - } - if (value.IsSetSchemaMap()) - { - return software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoSchemaContent.create_SchemaMap(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S19_CryptoSchemaContent__M9_SchemaMap(value.SchemaMap)); - } - if (value.IsSetSchemaList()) - { - return software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoSchemaContent.create_SchemaList(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S19_CryptoSchemaContent__M10_SchemaList(value.SchemaList)); - } - throw new System.ArgumentException("Invalid AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchemaContent state"); + value.Validate(); + System.Collections.Generic.Dictionary var_encryptionContext = value.IsSetEncryptionContext() ? value.EncryptionContext : (System.Collections.Generic.Dictionary)null; + return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptPathStructureInput(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput__M9_tableName(value.TableName), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput__M18_encryptedStructure(value.EncryptedStructure), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput__M3_cmm(value.Cmm), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput__M17_encryptionContext(var_encryptionContext)); + } + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptPathStructureOutput FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_DecryptPathStructureOutput(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IDecryptPathStructureOutput value) + { + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptPathStructureOutput concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptPathStructureOutput)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptPathStructureOutput converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptPathStructureOutput(); converted.PlaintextStructure = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_DecryptPathStructureOutput__M18_plaintextStructure(concrete._plaintextStructure); + converted.ParsedHeader = (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_DecryptPathStructureOutput__M12_parsedHeader(concrete._parsedHeader); return converted; + } + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IDecryptPathStructureOutput ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_DecryptPathStructureOutput(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptPathStructureOutput value) + { + value.Validate(); + + return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptPathStructureOutput(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_DecryptPathStructureOutput__M18_plaintextStructure(value.PlaintextStructure), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_DecryptPathStructureOutput__M12_parsedHeader(value.ParsedHeader)); } public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptStructureInput FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_DecryptStructureInput(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IDecryptStructureInput value) { software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptStructureInput concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptStructureInput)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptStructureInput converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptStructureInput(); converted.TableName = (string)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_DecryptStructureInput__M9_tableName(concrete._tableName); - converted.EncryptedStructure = (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_DecryptStructureInput__M18_encryptedStructure(concrete._encryptedStructure); - converted.AuthenticateSchema = (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchema)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_DecryptStructureInput__M18_authenticateSchema(concrete._authenticateSchema); + converted.EncryptedStructure = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_DecryptStructureInput__M18_encryptedStructure(concrete._encryptedStructure); + converted.AuthenticateSchema = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_DecryptStructureInput__M18_authenticateSchema(concrete._authenticateSchema); converted.Cmm = (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_DecryptStructureInput__M3_cmm(concrete._cmm); if (concrete._encryptionContext.is_Some) converted.EncryptionContext = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_DecryptStructureInput__M17_encryptionContext(concrete._encryptionContext); return converted; } @@ -123,20 +75,47 @@ public static software.amazon.cryptography.dbencryptionsdk.structuredencryption. } public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptStructureOutput FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IDecryptStructureOutput value) { - software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptStructureOutput concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptStructureOutput)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptStructureOutput converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptStructureOutput(); converted.PlaintextStructure = (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput__M18_plaintextStructure(concrete._plaintextStructure); + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptStructureOutput concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptStructureOutput)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptStructureOutput converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptStructureOutput(); converted.PlaintextStructure = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput__M18_plaintextStructure(concrete._plaintextStructure); + converted.CryptoSchema = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput__M12_cryptoSchema(concrete._cryptoSchema); converted.ParsedHeader = (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput__M12_parsedHeader(concrete._parsedHeader); return converted; } public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IDecryptStructureOutput ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.DecryptStructureOutput value) { value.Validate(); - return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptStructureOutput(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput__M18_plaintextStructure(value.PlaintextStructure), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput__M12_parsedHeader(value.ParsedHeader)); + return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.DecryptStructureOutput(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput__M18_plaintextStructure(value.PlaintextStructure), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput__M12_cryptoSchema(value.CryptoSchema), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput__M12_parsedHeader(value.ParsedHeader)); + } + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptPathStructureInput FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IEncryptPathStructureInput value) + { + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptPathStructureInput concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptPathStructureInput)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptPathStructureInput converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptPathStructureInput(); converted.TableName = (string)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M9_tableName(concrete._tableName); + converted.PlaintextStructure = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M18_plaintextStructure(concrete._plaintextStructure); + converted.Cmm = (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M3_cmm(concrete._cmm); + if (concrete._algorithmSuiteId.is_Some) converted.AlgorithmSuiteId = (AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M16_algorithmSuiteId(concrete._algorithmSuiteId); + if (concrete._encryptionContext.is_Some) converted.EncryptionContext = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M17_encryptionContext(concrete._encryptionContext); return converted; + } + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IEncryptPathStructureInput ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptPathStructureInput value) + { + value.Validate(); + AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId var_algorithmSuiteId = value.IsSetAlgorithmSuiteId() ? value.AlgorithmSuiteId : (AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId)null; + System.Collections.Generic.Dictionary var_encryptionContext = value.IsSetEncryptionContext() ? value.EncryptionContext : (System.Collections.Generic.Dictionary)null; + return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptPathStructureInput(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M9_tableName(value.TableName), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M18_plaintextStructure(value.PlaintextStructure), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M3_cmm(value.Cmm), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M16_algorithmSuiteId(var_algorithmSuiteId), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M17_encryptionContext(var_encryptionContext)); + } + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptPathStructureOutput FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_EncryptPathStructureOutput(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IEncryptPathStructureOutput value) + { + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptPathStructureOutput concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptPathStructureOutput)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptPathStructureOutput converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptPathStructureOutput(); converted.EncryptedStructure = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_EncryptPathStructureOutput__M18_encryptedStructure(concrete._encryptedStructure); + converted.ParsedHeader = (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_EncryptPathStructureOutput__M12_parsedHeader(concrete._parsedHeader); return converted; + } + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IEncryptPathStructureOutput ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_EncryptPathStructureOutput(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptPathStructureOutput value) + { + value.Validate(); + + return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptPathStructureOutput(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_EncryptPathStructureOutput__M18_encryptedStructure(value.EncryptedStructure), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_EncryptPathStructureOutput__M12_parsedHeader(value.ParsedHeader)); } public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptStructureInput FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IEncryptStructureInput value) { software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptStructureInput concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptStructureInput)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptStructureInput converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptStructureInput(); converted.TableName = (string)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput__M9_tableName(concrete._tableName); - converted.PlaintextStructure = (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput__M18_plaintextStructure(concrete._plaintextStructure); - converted.CryptoSchema = (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchema)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput__M12_cryptoSchema(concrete._cryptoSchema); + converted.PlaintextStructure = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput__M18_plaintextStructure(concrete._plaintextStructure); + converted.CryptoSchema = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput__M12_cryptoSchema(concrete._cryptoSchema); converted.Cmm = (AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput__M3_cmm(concrete._cmm); if (concrete._algorithmSuiteId.is_Some) converted.AlgorithmSuiteId = (AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput__M16_algorithmSuiteId(concrete._algorithmSuiteId); if (concrete._encryptionContext.is_Some) converted.EncryptionContext = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput__M17_encryptionContext(concrete._encryptionContext); return converted; @@ -150,50 +129,55 @@ public static software.amazon.cryptography.dbencryptionsdk.structuredencryption. } public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptStructureOutput FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IEncryptStructureOutput value) { - software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptStructureOutput concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptStructureOutput)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptStructureOutput converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptStructureOutput(); converted.EncryptedStructure = (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M18_encryptedStructure(concrete._encryptedStructure); + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptStructureOutput concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptStructureOutput)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptStructureOutput converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptStructureOutput(); converted.EncryptedStructure = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M18_encryptedStructure(concrete._encryptedStructure); + converted.CryptoSchema = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M12_cryptoSchema(concrete._cryptoSchema); converted.ParsedHeader = (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M12_parsedHeader(concrete._parsedHeader); return converted; } public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IEncryptStructureOutput ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.EncryptStructureOutput value) { value.Validate(); - return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptStructureOutput(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M18_encryptedStructure(value.EncryptedStructure), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M12_parsedHeader(value.ParsedHeader)); + return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.EncryptStructureOutput(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M18_encryptedStructure(value.EncryptedStructure), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M12_cryptoSchema(value.CryptoSchema), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M12_parsedHeader(value.ParsedHeader)); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataContent FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_StructuredDataContent(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataContent value) + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.PathSegment FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S11_PathSegment(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IPathSegment value) { - software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredDataContent concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredDataContent)value; - var converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataContent(); if (value.is_Terminal) + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.PathSegment concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.PathSegment)value; + var converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.PathSegment(); if (value.is_member) { - converted.Terminal = FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_StructuredDataContent__M8_Terminal(concrete.dtor_Terminal); + converted.Member = FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S11_PathSegment__M6_member(concrete.dtor_member); return converted; } - if (value.is_DataList) - { - converted.DataList = FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_StructuredDataContent__M8_DataList(concrete.dtor_DataList); - return converted; - } - if (value.is_DataMap) - { - converted.DataMap = FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_StructuredDataContent__M7_DataMap(concrete.dtor_DataMap); - return converted; - } - throw new System.ArgumentException("Invalid AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataContent state"); + throw new System.ArgumentException("Invalid AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.PathSegment state"); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataContent ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_StructuredDataContent(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataContent value) + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IPathSegment ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S11_PathSegment(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.PathSegment value) { - value.Validate(); if (value.IsSetTerminal()) - { - return software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredDataContent.create_Terminal(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_StructuredDataContent__M8_Terminal(value.Terminal)); - } - if (value.IsSetDataList()) - { - return software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredDataContent.create_DataList(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_StructuredDataContent__M8_DataList(value.DataList)); - } - if (value.IsSetDataMap()) + value.Validate(); if (value.IsSetMember()) { - return software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredDataContent.create_DataMap(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_StructuredDataContent__M7_DataMap(value.DataMap)); + return software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.PathSegment.create(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S11_PathSegment__M6_member(value.Member)); } - throw new System.ArgumentException("Invalid AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataContent state"); + throw new System.ArgumentException("Invalid AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.PathSegment state"); + } + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ResolveAuthActionsInput FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S23_ResolveAuthActionsInput(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IResolveAuthActionsInput value) + { + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ResolveAuthActionsInput concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ResolveAuthActionsInput)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ResolveAuthActionsInput converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ResolveAuthActionsInput(); converted.TableName = (string)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S23_ResolveAuthActionsInput__M9_tableName(concrete._tableName); + converted.AuthActions = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S23_ResolveAuthActionsInput__M11_authActions(concrete._authActions); + converted.HeaderBytes = (System.IO.MemoryStream)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S23_ResolveAuthActionsInput__M11_headerBytes(concrete._headerBytes); return converted; + } + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IResolveAuthActionsInput ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S23_ResolveAuthActionsInput(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ResolveAuthActionsInput value) + { + value.Validate(); + + return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ResolveAuthActionsInput(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S23_ResolveAuthActionsInput__M9_tableName(value.TableName), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S23_ResolveAuthActionsInput__M11_authActions(value.AuthActions), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S23_ResolveAuthActionsInput__M11_headerBytes(value.HeaderBytes)); + } + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ResolveAuthActionsOutput FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_ResolveAuthActionsOutput(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IResolveAuthActionsOutput value) + { + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ResolveAuthActionsOutput concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ResolveAuthActionsOutput)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ResolveAuthActionsOutput converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ResolveAuthActionsOutput(); converted.CryptoActions = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_ResolveAuthActionsOutput__M13_cryptoActions(concrete._cryptoActions); return converted; + } + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IResolveAuthActionsOutput ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_ResolveAuthActionsOutput(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ResolveAuthActionsOutput value) + { + value.Validate(); + + return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ResolveAuthActionsOutput(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_ResolveAuthActionsOutput__M13_cryptoActions(value.CryptoActions)); } public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredEncryptionConfig FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_StructuredEncryptionConfig(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredEncryptionConfig value) { @@ -218,53 +202,53 @@ public static software.amazon.cryptography.dbencryptionsdk.structuredencryption. ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S29_StructuredEncryptionException__M7_message(value.Message) ); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_AuthenticateSchemaContent__M6_Action(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction value) + public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput__M9_tableName(Dafny.ISequence value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateAction(value); + return FromDafny_N6_smithy__N3_api__S6_String(value); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_AuthenticateSchemaContent__M6_Action(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction value) + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput__M9_tableName(string value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateAction(value); + return ToDafny_N6_smithy__N3_api__S6_String(value); } - public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_AuthenticateSchemaContent__M9_SchemaMap(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateSchema> value) + public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput__M18_encryptedStructure(Dafny.ISequence value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthList(value); } - public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateSchema> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_AuthenticateSchemaContent__M9_SchemaMap(System.Collections.Generic.Dictionary value) + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput__M18_encryptedStructure(System.Collections.Generic.List value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthList(value); } - public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_AuthenticateSchemaContent__M10_SchemaList(Dafny.ISequence value) + public static AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput__M3_cmm(software.amazon.cryptography.materialproviders.internaldafny.types.ICryptographicMaterialsManager value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_AuthenticateSchemaList(value); + return FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference(value); } - public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_AuthenticateSchemaContent__M10_SchemaList(System.Collections.Generic.List value) + public static software.amazon.cryptography.materialproviders.internaldafny.types.ICryptographicMaterialsManager ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput__M3_cmm(AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_AuthenticateSchemaList(value); + return ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference(value); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S19_CryptoSchemaContent__M6_Action(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoAction value) + public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput__M17_encryptionContext(Wrappers_Compile._IOption, Dafny.ISequence>> value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoAction(value); + return value.is_None ? (System.Collections.Generic.Dictionary)null : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext(value.Extract()); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoAction ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S19_CryptoSchemaContent__M6_Action(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction value) + public static Wrappers_Compile._IOption, Dafny.ISequence>> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_DecryptPathStructureInput__M17_encryptionContext(System.Collections.Generic.Dictionary value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoAction(value); + return value == null ? Wrappers_Compile.Option, Dafny.ISequence>>.create_None() : Wrappers_Compile.Option, Dafny.ISequence>>.create_Some(ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext((System.Collections.Generic.Dictionary)value)); } - public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S19_CryptoSchemaContent__M9_SchemaMap(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchema> value) + public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_DecryptPathStructureOutput__M18_plaintextStructure(Dafny.ISequence value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoList(value); } - public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchema> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S19_CryptoSchemaContent__M9_SchemaMap(System.Collections.Generic.Dictionary value) + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_DecryptPathStructureOutput__M18_plaintextStructure(System.Collections.Generic.List value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoList(value); } - public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S19_CryptoSchemaContent__M10_SchemaList(Dafny.ISequence value) + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_DecryptPathStructureOutput__M12_parsedHeader(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IParsedHeader value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S16_CryptoSchemaList(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader(value); } - public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S19_CryptoSchemaContent__M10_SchemaList(System.Collections.Generic.List value) + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IParsedHeader ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_DecryptPathStructureOutput__M12_parsedHeader(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S16_CryptoSchemaList(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader(value); } public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_DecryptStructureInput__M9_tableName(Dafny.ISequence value) { @@ -274,21 +258,21 @@ public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncr { return ToDafny_N6_smithy__N3_api__S6_String(value); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_DecryptStructureInput__M18_encryptedStructure(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData value) + public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_DecryptStructureInput__M18_encryptedStructure(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal> value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap(value); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_DecryptStructureInput__M18_encryptedStructure(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData value) + public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_DecryptStructureInput__M18_encryptedStructure(System.Collections.Generic.Dictionary value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap(value); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchema FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_DecryptStructureInput__M18_authenticateSchema(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateSchema value) + public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_DecryptStructureInput__M18_authenticateSchema(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction> value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateSchema(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap(value); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateSchema ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_DecryptStructureInput__M18_authenticateSchema(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchema value) + public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_DecryptStructureInput__M18_authenticateSchema(System.Collections.Generic.Dictionary value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateSchema(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap(value); } public static AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_DecryptStructureInput__M3_cmm(software.amazon.cryptography.materialproviders.internaldafny.types.ICryptographicMaterialsManager value) { @@ -306,13 +290,21 @@ public static System.Collections.Generic.Dictionary FromDafny_N3 { return value == null ? Wrappers_Compile.Option, Dafny.ISequence>>.create_None() : Wrappers_Compile.Option, Dafny.ISequence>>.create_Some(ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext((System.Collections.Generic.Dictionary)value)); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput__M18_plaintextStructure(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData value) + public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput__M18_plaintextStructure(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal> value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap(value); + } + public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput__M18_plaintextStructure(System.Collections.Generic.Dictionary value) + { + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap(value); + } + public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput__M12_cryptoSchema(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoAction> value) + { + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap(value); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput__M18_plaintextStructure(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData value) + public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoAction> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput__M12_cryptoSchema(System.Collections.Generic.Dictionary value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap(value); } public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_DecryptStructureOutput__M12_parsedHeader(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IParsedHeader value) { @@ -322,6 +314,62 @@ public static software.amazon.cryptography.dbencryptionsdk.structuredencryption. { return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader(value); } + public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M9_tableName(Dafny.ISequence value) + { + return FromDafny_N6_smithy__N3_api__S6_String(value); + } + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M9_tableName(string value) + { + return ToDafny_N6_smithy__N3_api__S6_String(value); + } + public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M18_plaintextStructure(Dafny.ISequence value) + { + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoList(value); + } + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M18_plaintextStructure(System.Collections.Generic.List value) + { + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoList(value); + } + public static AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M3_cmm(software.amazon.cryptography.materialproviders.internaldafny.types.ICryptographicMaterialsManager value) + { + return FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference(value); + } + public static software.amazon.cryptography.materialproviders.internaldafny.types.ICryptographicMaterialsManager ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M3_cmm(AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager value) + { + return ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference(value); + } + public static AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M16_algorithmSuiteId(Wrappers_Compile._IOption value) + { + return value.is_None ? (AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId)null : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S19_DBEAlgorithmSuiteId(value.Extract()); + } + public static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M16_algorithmSuiteId(AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId value) + { + return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S19_DBEAlgorithmSuiteId((AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId)value)); + } + public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M17_encryptionContext(Wrappers_Compile._IOption, Dafny.ISequence>> value) + { + return value.is_None ? (System.Collections.Generic.Dictionary)null : FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext(value.Extract()); + } + public static Wrappers_Compile._IOption, Dafny.ISequence>> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_EncryptPathStructureInput__M17_encryptionContext(System.Collections.Generic.Dictionary value) + { + return value == null ? Wrappers_Compile.Option, Dafny.ISequence>>.create_None() : Wrappers_Compile.Option, Dafny.ISequence>>.create_Some(ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext((System.Collections.Generic.Dictionary)value)); + } + public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_EncryptPathStructureOutput__M18_encryptedStructure(Dafny.ISequence value) + { + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoList(value); + } + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_EncryptPathStructureOutput__M18_encryptedStructure(System.Collections.Generic.List value) + { + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoList(value); + } + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_EncryptPathStructureOutput__M12_parsedHeader(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IParsedHeader value) + { + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader(value); + } + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IParsedHeader ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S26_EncryptPathStructureOutput__M12_parsedHeader(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader value) + { + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader(value); + } public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput__M9_tableName(Dafny.ISequence value) { return FromDafny_N6_smithy__N3_api__S6_String(value); @@ -330,21 +378,21 @@ public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncr { return ToDafny_N6_smithy__N3_api__S6_String(value); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput__M18_plaintextStructure(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData value) + public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput__M18_plaintextStructure(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal> value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap(value); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput__M18_plaintextStructure(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData value) + public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput__M18_plaintextStructure(System.Collections.Generic.Dictionary value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap(value); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchema FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput__M12_cryptoSchema(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchema value) + public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput__M12_cryptoSchema(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoAction> value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoSchema(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap(value); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchema ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput__M12_cryptoSchema(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchema value) + public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoAction> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput__M12_cryptoSchema(System.Collections.Generic.Dictionary value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoSchema(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap(value); } public static AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_EncryptStructureInput__M3_cmm(software.amazon.cryptography.materialproviders.internaldafny.types.ICryptographicMaterialsManager value) { @@ -370,89 +418,77 @@ public static System.Collections.Generic.Dictionary FromDafny_N3 { return value == null ? Wrappers_Compile.Option, Dafny.ISequence>>.create_None() : Wrappers_Compile.Option, Dafny.ISequence>>.create_Some(ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext((System.Collections.Generic.Dictionary)value)); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M18_encryptedStructure(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData value) + public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M18_encryptedStructure(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal> value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData(value); - } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M18_encryptedStructure(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData value) - { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData(value); - } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M12_parsedHeader(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IParsedHeader value) - { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap(value); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IParsedHeader ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M12_parsedHeader(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader value) + public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M18_encryptedStructure(System.Collections.Generic.Dictionary value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap(value); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_StructuredDataContent__M8_Terminal(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal value) + public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M12_cryptoSchema(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoAction> value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap(value); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_StructuredDataContent__M8_Terminal(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal value) + public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoAction> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M12_cryptoSchema(System.Collections.Generic.Dictionary value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap(value); } - public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_StructuredDataContent__M8_DataList(Dafny.ISequence value) + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M12_parsedHeader(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IParsedHeader value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_StructuredDataList(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader(value); } - public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_StructuredDataContent__M8_DataList(System.Collections.Generic.List value) + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IParsedHeader ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_EncryptStructureOutput__M12_parsedHeader(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_StructuredDataList(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader(value); } - public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_StructuredDataContent__M7_DataMap(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData> value) + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructureSegment FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S11_PathSegment__M6_member(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructureSegment value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S16_StructureSegment(value); } - public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_StructuredDataContent__M7_DataMap(System.Collections.Generic.Dictionary value) + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructureSegment ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S11_PathSegment__M6_member(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructureSegment value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S16_StructureSegment(value); } - public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S29_StructuredEncryptionException__M7_message(Dafny.ISequence value) + public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S23_ResolveAuthActionsInput__M9_tableName(Dafny.ISequence value) { return FromDafny_N6_smithy__N3_api__S6_String(value); } - public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S29_StructuredEncryptionException__M7_message(string value) + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S23_ResolveAuthActionsInput__M9_tableName(string value) { return ToDafny_N6_smithy__N3_api__S6_String(value); } - public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateSchema> value) + public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S23_ResolveAuthActionsInput__M11_authActions(Dafny.ISequence value) { - return value.ItemEnumerable.ToDictionary(pair => FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap__M3_key(pair.Car), pair => FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap__M5_value(pair.Cdr)); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthList(value); } - public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateSchema> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap(System.Collections.Generic.Dictionary value) + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S23_ResolveAuthActionsInput__M11_authActions(System.Collections.Generic.List value) { - return Dafny.Map, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateSchema>.FromCollection(value.Select(pair => - new Dafny.Pair, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateSchema>(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap__M3_key(pair.Key), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap__M5_value(pair.Value)) - )); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthList(value); } - public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_AuthenticateSchemaList(Dafny.ISequence value) + public static System.IO.MemoryStream FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S23_ResolveAuthActionsInput__M11_headerBytes(Dafny.ISequence value) { - return new System.Collections.Generic.List(value.Elements.Select(FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_AuthenticateSchemaList__M6_member)); + return FromDafny_N6_smithy__N3_api__S4_Blob(value); } - public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_AuthenticateSchemaList(System.Collections.Generic.List value) + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S23_ResolveAuthActionsInput__M11_headerBytes(System.IO.MemoryStream value) { - return Dafny.Sequence.FromArray(value.Select(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_AuthenticateSchemaList__M6_member).ToArray()); + return ToDafny_N6_smithy__N3_api__S4_Blob(value); } - public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchema> value) + public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_ResolveAuthActionsOutput__M13_cryptoActions(Dafny.ISequence value) { - return value.ItemEnumerable.ToDictionary(pair => FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap__M3_key(pair.Car), pair => FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap__M5_value(pair.Cdr)); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoList(value); } - public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchema> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap(System.Collections.Generic.Dictionary value) + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_ResolveAuthActionsOutput__M13_cryptoActions(System.Collections.Generic.List value) { - return Dafny.Map, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchema>.FromCollection(value.Select(pair => - new Dafny.Pair, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchema>(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap__M3_key(pair.Key), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap__M5_value(pair.Value)) - )); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoList(value); } - public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S16_CryptoSchemaList(Dafny.ISequence value) + public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S29_StructuredEncryptionException__M7_message(Dafny.ISequence value) { - return new System.Collections.Generic.List(value.Elements.Select(FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S16_CryptoSchemaList__M6_member)); + return FromDafny_N6_smithy__N3_api__S6_String(value); } - public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S16_CryptoSchemaList(System.Collections.Generic.List value) + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S29_StructuredEncryptionException__M7_message(string value) { - return Dafny.Sequence.FromArray(value.Select(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S16_CryptoSchemaList__M6_member).ToArray()); + return ToDafny_N6_smithy__N3_api__S6_String(value); } public static string FromDafny_N6_smithy__N3_api__S6_String(Dafny.ISequence value) { @@ -462,27 +498,13 @@ public static Dafny.ISequence ToDafny_N6_smithy__N3_api__S6_String(string { return Dafny.Sequence.FromString(value); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData value) - { - software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredData concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredData)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData(); converted.Content = (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataContent)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData__M7_content(concrete._content); - if (concrete._attributes.is_Some) converted.Attributes = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData__M10_attributes(concrete._attributes); return converted; - } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData value) - { - value.Validate(); - System.Collections.Generic.Dictionary var_attributes = value.IsSetAttributes() ? value.Attributes : (System.Collections.Generic.Dictionary)null; - return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredData(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData__M7_content(value.Content), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData__M10_attributes(var_attributes)); - } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchema FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateSchema(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateSchema value) + public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthList(Dafny.ISequence value) { - software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateSchema concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateSchema)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchema converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchema(); converted.Content = (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchemaContent)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateSchema__M7_content(concrete._content); - if (concrete._attributes.is_Some) converted.Attributes = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateSchema__M10_attributes(concrete._attributes); return converted; + return new System.Collections.Generic.List(value.Elements.Select(FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthList__M6_member)); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateSchema ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateSchema(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchema value) + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthList(System.Collections.Generic.List value) { - value.Validate(); - System.Collections.Generic.Dictionary var_attributes = value.IsSetAttributes() ? value.Attributes : (System.Collections.Generic.Dictionary)null; - return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthenticateSchema(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateSchema__M7_content(value.Content), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateSchema__M10_attributes(var_attributes)); + return Dafny.Sequence.FromArray(value.Select(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthList__M6_member).ToArray()); } public static AWS.Cryptography.MaterialProviders.ICryptographicMaterialsManager FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S38_CryptographicMaterialsManagerReference(software.amazon.cryptography.materialproviders.internaldafny.types.ICryptographicMaterialsManager value) { @@ -506,10 +528,17 @@ public static System.Collections.Generic.Dictionary FromDafny_N3 new Dafny.Pair, Dafny.ISequence>(ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M3_key(pair.Key), ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M5_value(pair.Value)) )); } + public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoList(Dafny.ISequence value) + { + return new System.Collections.Generic.List(value.Elements.Select(FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoList__M6_member)); + } + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoList(System.Collections.Generic.List value) + { + return Dafny.Sequence.FromArray(value.Select(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoList__M6_member).ToArray()); + } public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IParsedHeader value) { - software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ParsedHeader concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ParsedHeader)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader(); converted.CryptoSchema = (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchema)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader__M12_cryptoSchema(concrete._cryptoSchema); - converted.AlgorithmSuiteId = (AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader__M16_algorithmSuiteId(concrete._algorithmSuiteId); + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ParsedHeader concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ParsedHeader)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.ParsedHeader(); converted.AlgorithmSuiteId = (AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader__M16_algorithmSuiteId(concrete._algorithmSuiteId); converted.EncryptedDataKeys = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader__M17_encryptedDataKeys(concrete._encryptedDataKeys); converted.StoredEncryptionContext = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader__M23_storedEncryptionContext(concrete._storedEncryptionContext); converted.EncryptionContext = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader__M17_encryptionContext(concrete._encryptionContext); return converted; @@ -518,139 +547,80 @@ public static software.amazon.cryptography.dbencryptionsdk.structuredencryption. { value.Validate(); - return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ParsedHeader(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader__M12_cryptoSchema(value.CryptoSchema), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader__M16_algorithmSuiteId(value.AlgorithmSuiteId), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader__M17_encryptedDataKeys(value.EncryptedDataKeys), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader__M23_storedEncryptionContext(value.StoredEncryptionContext), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader__M17_encryptionContext(value.EncryptionContext)); - } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchema FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoSchema(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchema value) - { - software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoSchema concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoSchema)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchema converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchema(); converted.Content = (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchemaContent)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoSchema__M7_content(concrete._content); - if (concrete._attributes.is_Some) converted.Attributes = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoSchema__M10_attributes(concrete._attributes); return converted; - } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchema ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoSchema(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchema value) - { - value.Validate(); - System.Collections.Generic.Dictionary var_attributes = value.IsSetAttributes() ? value.Attributes : (System.Collections.Generic.Dictionary)null; - return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoSchema(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoSchema__M7_content(value.Content), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoSchema__M10_attributes(var_attributes)); - } - public static AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S19_DBEAlgorithmSuiteId(software.amazon.cryptography.materialproviders.internaldafny.types._IDBEAlgorithmSuiteId value) - { - if (value.is_ALG__AES__256__GCM__HKDF__SHA512__COMMIT__KEY__SYMSIG__HMAC__SHA384) return AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_SYMSIG_HMAC_SHA384; - if (value.is_ALG__AES__256__GCM__HKDF__SHA512__COMMIT__KEY__ECDSA__P384__SYMSIG__HMAC__SHA384) return AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384_SYMSIG_HMAC_SHA384; - throw new System.ArgumentException("Invalid AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId value"); - } - public static software.amazon.cryptography.materialproviders.internaldafny.types._IDBEAlgorithmSuiteId ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S19_DBEAlgorithmSuiteId(AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId value) - { - if (AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_SYMSIG_HMAC_SHA384.Equals(value)) return software.amazon.cryptography.materialproviders.internaldafny.types.DBEAlgorithmSuiteId.create_ALG__AES__256__GCM__HKDF__SHA512__COMMIT__KEY__SYMSIG__HMAC__SHA384(); - if (AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384_SYMSIG_HMAC_SHA384.Equals(value)) return software.amazon.cryptography.materialproviders.internaldafny.types.DBEAlgorithmSuiteId.create_ALG__AES__256__GCM__HKDF__SHA512__COMMIT__KEY__ECDSA__P384__SYMSIG__HMAC__SHA384(); - throw new System.ArgumentException("Invalid AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId value"); - } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal value) - { - software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredDataTerminal concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredDataTerminal)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal(); converted.Value = (System.IO.MemoryStream)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal__M5_value(concrete._value); - converted.TypeId = (System.IO.MemoryStream)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal__M6_typeId(concrete._typeId); return converted; - } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal value) - { - value.Validate(); - - return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredDataTerminal(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal__M5_value(value.Value), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal__M6_typeId(value.TypeId)); - } - public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_StructuredDataList(Dafny.ISequence value) - { - return new System.Collections.Generic.List(value.Elements.Select(FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_StructuredDataList__M6_member)); - } - public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_StructuredDataList(System.Collections.Generic.List value) - { - return Dafny.Sequence.FromArray(value.Select(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_StructuredDataList__M6_member).ToArray()); + return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.ParsedHeader(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader__M16_algorithmSuiteId(value.AlgorithmSuiteId), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader__M17_encryptedDataKeys(value.EncryptedDataKeys), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader__M23_storedEncryptionContext(value.StoredEncryptionContext), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader__M17_encryptionContext(value.EncryptionContext)); } - public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData> value) + public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal> value) { return value.ItemEnumerable.ToDictionary(pair => FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap__M3_key(pair.Car), pair => FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap__M5_value(pair.Cdr)); } - public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap(System.Collections.Generic.Dictionary value) + public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap(System.Collections.Generic.Dictionary value) { - return Dafny.Map, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData>.FromCollection(value.Select(pair => - new Dafny.Pair, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData>(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap__M3_key(pair.Key), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap__M5_value(pair.Value)) + return Dafny.Map, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal>.FromCollection(value.Select(pair => + new Dafny.Pair, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal>(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap__M3_key(pair.Key), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap__M5_value(pair.Value)) )); } - public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap__M3_key(Dafny.ISequence value) - { - return FromDafny_N6_smithy__N3_api__S6_String(value); - } - public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap__M3_key(string value) - { - return ToDafny_N6_smithy__N3_api__S6_String(value); - } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchema FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap__M5_value(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateSchema value) - { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateSchema(value); - } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateSchema ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap__M5_value(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchema value) - { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateSchema(value); - } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchema FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_AuthenticateSchemaList__M6_member(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateSchema value) + public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction> value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateSchema(value); - } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateSchema ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_AuthenticateSchemaList__M6_member(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchema value) - { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateSchema(value); - } - public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap__M3_key(Dafny.ISequence value) - { - return FromDafny_N6_smithy__N3_api__S6_String(value); - } - public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap__M3_key(string value) - { - return ToDafny_N6_smithy__N3_api__S6_String(value); - } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchema FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap__M5_value(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchema value) - { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoSchema(value); + return value.ItemEnumerable.ToDictionary(pair => FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap__M3_key(pair.Car), pair => FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap__M5_value(pair.Cdr)); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchema ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap__M5_value(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchema value) + public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap(System.Collections.Generic.Dictionary value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoSchema(value); + return Dafny.Map, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction>.FromCollection(value.Select(pair => + new Dafny.Pair, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction>(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap__M3_key(pair.Key), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap__M5_value(pair.Value)) + )); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchema FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S16_CryptoSchemaList__M6_member(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchema value) + public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoAction> value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoSchema(value); + return value.ItemEnumerable.ToDictionary(pair => FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap__M3_key(pair.Car), pair => FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap__M5_value(pair.Cdr)); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchema ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S16_CryptoSchemaList__M6_member(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchema value) + public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoAction> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap(System.Collections.Generic.Dictionary value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoSchema(value); + return Dafny.Map, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoAction>.FromCollection(value.Select(pair => + new Dafny.Pair, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoAction>(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap__M3_key(pair.Key), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap__M5_value(pair.Value)) + )); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataContent FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData__M7_content(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataContent value) + public static AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S19_DBEAlgorithmSuiteId(software.amazon.cryptography.materialproviders.internaldafny.types._IDBEAlgorithmSuiteId value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_StructuredDataContent(value); + if (value.is_ALG__AES__256__GCM__HKDF__SHA512__COMMIT__KEY__SYMSIG__HMAC__SHA384) return AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_SYMSIG_HMAC_SHA384; + if (value.is_ALG__AES__256__GCM__HKDF__SHA512__COMMIT__KEY__ECDSA__P384__SYMSIG__HMAC__SHA384) return AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384_SYMSIG_HMAC_SHA384; + throw new System.ArgumentException("Invalid AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId value"); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataContent ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData__M7_content(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataContent value) + public static software.amazon.cryptography.materialproviders.internaldafny.types._IDBEAlgorithmSuiteId ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S19_DBEAlgorithmSuiteId(AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_StructuredDataContent(value); + if (AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_SYMSIG_HMAC_SHA384.Equals(value)) return software.amazon.cryptography.materialproviders.internaldafny.types.DBEAlgorithmSuiteId.create_ALG__AES__256__GCM__HKDF__SHA512__COMMIT__KEY__SYMSIG__HMAC__SHA384(); + if (AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384_SYMSIG_HMAC_SHA384.Equals(value)) return software.amazon.cryptography.materialproviders.internaldafny.types.DBEAlgorithmSuiteId.create_ALG__AES__256__GCM__HKDF__SHA512__COMMIT__KEY__ECDSA__P384__SYMSIG__HMAC__SHA384(); + throw new System.ArgumentException("Invalid AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId value"); } - public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData__M10_attributes(Wrappers_Compile._IOption, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal>> value) + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructureSegment FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S16_StructureSegment(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructureSegment value) { - return value.is_None ? (System.Collections.Generic.Dictionary)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_StructuredDataAttributes(value.Extract()); + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructureSegment concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructureSegment)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructureSegment converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructureSegment(); converted.Key = (string)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S16_StructureSegment__M3_key(concrete._key); return converted; } - public static Wrappers_Compile._IOption, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal>> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData__M10_attributes(System.Collections.Generic.Dictionary value) + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructureSegment ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S16_StructureSegment(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructureSegment value) { - return value == null ? Wrappers_Compile.Option, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal>>.create_None() : Wrappers_Compile.Option, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal>>.create_Some(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_StructuredDataAttributes((System.Collections.Generic.Dictionary)value)); + value.Validate(); + + return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructureSegment(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S16_StructureSegment__M3_key(value.Key)); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchemaContent FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateSchema__M7_content(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateSchemaContent value) + public static System.IO.MemoryStream FromDafny_N6_smithy__N3_api__S4_Blob(Dafny.ISequence value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_AuthenticateSchemaContent(value); + return new System.IO.MemoryStream(value.Elements); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateSchemaContent ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateSchema__M7_content(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateSchemaContent value) + public static Dafny.ISequence ToDafny_N6_smithy__N3_api__S4_Blob(System.IO.MemoryStream value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_AuthenticateSchemaContent(value); + if (value.ToArray().Length == 0 && value.Length > 0) + { + throw new System.ArgumentException("Fatal Error: MemoryStream instance not backed by an array!"); + } + return Dafny.Sequence.FromArray(value.ToArray()); + } - public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateSchema__M10_attributes(Wrappers_Compile._IOption, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction>> value) + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthItem FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthList__M6_member(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthItem value) { - return value.is_None ? (System.Collections.Generic.Dictionary)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S28_AuthenticateSchemaAttributes(value.Extract()); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthItem(value); } - public static Wrappers_Compile._IOption, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction>> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateSchema__M10_attributes(System.Collections.Generic.Dictionary value) + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthItem ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthList__M6_member(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthItem value) { - return value == null ? Wrappers_Compile.Option, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction>>.create_None() : Wrappers_Compile.Option, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction>>.create_Some(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S28_AuthenticateSchemaAttributes((System.Collections.Generic.Dictionary)value)); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthItem(value); } public static string FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext__M3_key(Dafny.ISequence value) { @@ -668,13 +638,13 @@ public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N17_materi { return ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S9_Utf8Bytes(value); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchema FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader__M12_cryptoSchema(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchema value) + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoItem FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoList__M6_member(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoItem value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoSchema(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoItem(value); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchema ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader__M12_cryptoSchema(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchema value) + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoItem ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoList__M6_member(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoItem value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoSchema(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoItem(value); } public static AWS.Cryptography.MaterialProviders.DBEAlgorithmSuiteId FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_ParsedHeader__M16_algorithmSuiteId(software.amazon.cryptography.materialproviders.internaldafny.types._IDBEAlgorithmSuiteId value) { @@ -708,81 +678,73 @@ public static System.Collections.Generic.Dictionary FromDafny_N3 { return ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S17_EncryptionContext(value); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchemaContent FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoSchema__M7_content(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchemaContent value) - { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S19_CryptoSchemaContent(value); - } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoSchemaContent ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoSchema__M7_content(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoSchemaContent value) - { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S19_CryptoSchemaContent(value); - } - public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoSchema__M10_attributes(Wrappers_Compile._IOption, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction>> value) + public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap__M3_key(Dafny.ISequence value) { - return value.is_None ? (System.Collections.Generic.Dictionary)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_CryptoSchemaAttributes(value.Extract()); + return FromDafny_N6_smithy__N3_api__S6_String(value); } - public static Wrappers_Compile._IOption, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction>> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoSchema__M10_attributes(System.Collections.Generic.Dictionary value) + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap__M3_key(string value) { - return value == null ? Wrappers_Compile.Option, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction>>.create_None() : Wrappers_Compile.Option, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction>>.create_Some(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_CryptoSchemaAttributes((System.Collections.Generic.Dictionary)value)); + return ToDafny_N6_smithy__N3_api__S6_String(value); } - public static System.IO.MemoryStream FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal__M5_value(Dafny.ISequence value) + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap__M5_value(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S13_TerminalValue(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal(value); } - public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal__M5_value(System.IO.MemoryStream value) + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap__M5_value(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S13_TerminalValue(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal(value); } - public static System.IO.MemoryStream FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal__M6_typeId(Dafny.ISequence value) + public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap__M3_key(Dafny.ISequence value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_TerminalTypeId(value); + return FromDafny_N6_smithy__N3_api__S6_String(value); } - public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal__M6_typeId(System.IO.MemoryStream value) + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap__M3_key(string value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_TerminalTypeId(value); + return ToDafny_N6_smithy__N3_api__S6_String(value); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_StructuredDataList__M6_member(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData value) + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap__M5_value(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateAction(value); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_StructuredDataList__M6_member(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData value) + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S21_AuthenticateSchemaMap__M5_value(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateAction(value); } - public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap__M3_key(Dafny.ISequence value) + public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap__M3_key(Dafny.ISequence value) { return FromDafny_N6_smithy__N3_api__S6_String(value); } - public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap__M3_key(string value) + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap__M3_key(string value) { return ToDafny_N6_smithy__N3_api__S6_String(value); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap__M5_value(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData value) + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap__M5_value(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoAction value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoAction(value); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredData ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S17_StructuredDataMap__M5_value(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredData value) + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoAction ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S15_CryptoSchemaMap__M5_value(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_StructuredData(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoAction(value); } - public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_StructuredDataAttributes(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal> value) + public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S16_StructureSegment__M3_key(Dafny.ISequence value) { - return value.ItemEnumerable.ToDictionary(pair => FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_StructuredDataAttributes__M3_key(pair.Car), pair => FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_StructuredDataAttributes__M5_value(pair.Cdr)); + return FromDafny_N6_smithy__N3_api__S6_String(value); } - public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_StructuredDataAttributes(System.Collections.Generic.Dictionary value) + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S16_StructureSegment__M3_key(string value) { - return Dafny.Map, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal>.FromCollection(value.Select(pair => - new Dafny.Pair, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal>(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_StructuredDataAttributes__M3_key(pair.Key), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_StructuredDataAttributes__M5_value(pair.Value)) - )); + return ToDafny_N6_smithy__N3_api__S6_String(value); } - public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S28_AuthenticateSchemaAttributes(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction> value) + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthItem FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthItem(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthItem value) { - return value.ItemEnumerable.ToDictionary(pair => FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S28_AuthenticateSchemaAttributes__M3_key(pair.Car), pair => FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S28_AuthenticateSchemaAttributes__M5_value(pair.Cdr)); + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthItem concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthItem)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthItem converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthItem(); converted.Key = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthItem__M3_key(concrete._key); + converted.Data = (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthItem__M4_data(concrete._data); + converted.Action = (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthItem__M6_action(concrete._action); return converted; } - public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S28_AuthenticateSchemaAttributes(System.Collections.Generic.Dictionary value) + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthItem ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthItem(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthItem value) { - return Dafny.Map, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction>.FromCollection(value.Select(pair => - new Dafny.Pair, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction>(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S28_AuthenticateSchemaAttributes__M3_key(pair.Key), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S28_AuthenticateSchemaAttributes__M5_value(pair.Value)) - )); + value.Validate(); + + return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.AuthItem(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthItem__M3_key(value.Key), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthItem__M4_data(value.Data), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthItem__M6_action(value.Action)); } public static string FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S9_Utf8Bytes(Dafny.ISequence value) { @@ -794,6 +756,18 @@ public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N17_materi System.Text.UTF8Encoding utf8 = new System.Text.UTF8Encoding(false, true); return Dafny.Sequence.FromArray(utf8.GetBytes(value)); } + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoItem FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoItem(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoItem value) + { + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoItem concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoItem)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoItem converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoItem(); converted.Key = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoItem__M3_key(concrete._key); + converted.Data = (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoItem__M4_data(concrete._data); + converted.Action = (AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoItem__M6_action(concrete._action); return converted; + } + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoItem ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoItem(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoItem value) + { + value.Validate(); + + return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.CryptoItem(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoItem__M3_key(value.Key), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoItem__M4_data(value.Data), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoItem__M6_action(value.Action)); + } public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_EncryptedDataKeyList(Dafny.ISequence value) { return new System.Collections.Generic.List(value.Elements.Select(FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_EncryptedDataKeyList__M6_member)); @@ -802,73 +776,64 @@ public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N17_materi { return Dafny.Sequence.FromArray(value.Select(ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_EncryptedDataKeyList__M6_member).ToArray()); } - public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_CryptoSchemaAttributes(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction> value) + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal value) { - return value.ItemEnumerable.ToDictionary(pair => FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_CryptoSchemaAttributes__M3_key(pair.Car), pair => FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_CryptoSchemaAttributes__M5_value(pair.Cdr)); + software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredDataTerminal concrete = (software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredDataTerminal)value; AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal converted = new AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal(); converted.Value = (System.IO.MemoryStream)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal__M5_value(concrete._value); + converted.TypeId = (System.IO.MemoryStream)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal__M6_typeId(concrete._typeId); return converted; } - public static Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_CryptoSchemaAttributes(System.Collections.Generic.Dictionary value) + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal value) { - return Dafny.Map, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction>.FromCollection(value.Select(pair => - new Dafny.Pair, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction>(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_CryptoSchemaAttributes__M3_key(pair.Key), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_CryptoSchemaAttributes__M5_value(pair.Value)) - )); + value.Validate(); + + return new software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types.StructuredDataTerminal(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal__M5_value(value.Value), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal__M6_typeId(value.TypeId)); } - public static System.IO.MemoryStream FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S13_TerminalValue(Dafny.ISequence value) + public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthItem__M3_key(Dafny.ISequence value) { - return new System.IO.MemoryStream(value.Elements); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S4_Path(value); } - public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S13_TerminalValue(System.IO.MemoryStream value) + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthItem__M3_key(System.Collections.Generic.List value) { - if (value.ToArray().Length == 0 && value.Length > 0) - { - throw new System.ArgumentException("Fatal Error: MemoryStream instance not backed by an array!"); - } - return Dafny.Sequence.FromArray(value.ToArray()); - + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S4_Path(value); } - public static System.IO.MemoryStream FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_TerminalTypeId(Dafny.ISequence value) + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthItem__M4_data(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal value) { - return new System.IO.MemoryStream(value.Elements); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal(value); } - public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_TerminalTypeId(System.IO.MemoryStream value) + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthItem__M4_data(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal value) { - if (value.ToArray().Length == 0 && value.Length > 0) - { - throw new System.ArgumentException("Fatal Error: MemoryStream instance not backed by an array!"); - } - return Dafny.Sequence.FromArray(value.ToArray()); - + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal(value); } - public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_StructuredDataAttributes__M3_key(Dafny.ISequence value) + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthItem__M6_action(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction value) { - return FromDafny_N6_smithy__N3_api__S6_String(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateAction(value); } - public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_StructuredDataAttributes__M3_key(string value) + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S8_AuthItem__M6_action(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction value) { - return ToDafny_N6_smithy__N3_api__S6_String(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateAction(value); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_StructuredDataAttributes__M5_value(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal value) + public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoItem__M3_key(Dafny.ISequence value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S4_Path(value); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S24_StructuredDataAttributes__M5_value(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal value) + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoItem__M3_key(System.Collections.Generic.List value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S4_Path(value); } - public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S28_AuthenticateSchemaAttributes__M3_key(Dafny.ISequence value) + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoItem__M4_data(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal value) { - return FromDafny_N6_smithy__N3_api__S6_String(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal(value); } - public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S28_AuthenticateSchemaAttributes__M3_key(string value) + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IStructuredDataTerminal ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoItem__M4_data(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal value) { - return ToDafny_N6_smithy__N3_api__S6_String(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal(value); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S28_AuthenticateSchemaAttributes__M5_value(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction value) + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoItem__M6_action(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoAction value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateAction(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoAction(value); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S28_AuthenticateSchemaAttributes__M5_value(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction value) + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoAction ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S10_CryptoItem__M6_action(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateAction(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S12_CryptoAction(value); } public static AWS.Cryptography.MaterialProviders.EncryptedDataKey FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S20_EncryptedDataKeyList__M6_member(software.amazon.cryptography.materialproviders.internaldafny.types._IEncryptedDataKey value) { @@ -878,21 +843,29 @@ public static software.amazon.cryptography.materialproviders.internaldafny.types { return ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_EncryptedDataKey(value); } - public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_CryptoSchemaAttributes__M3_key(Dafny.ISequence value) + public static System.IO.MemoryStream FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal__M5_value(Dafny.ISequence value) { - return FromDafny_N6_smithy__N3_api__S6_String(value); + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S13_TerminalValue(value); } - public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_CryptoSchemaAttributes__M3_key(string value) + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal__M5_value(System.IO.MemoryStream value) { - return ToDafny_N6_smithy__N3_api__S6_String(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S13_TerminalValue(value); + } + public static System.IO.MemoryStream FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal__M6_typeId(Dafny.ISequence value) + { + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_TerminalTypeId(value); } - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_CryptoSchemaAttributes__M5_value(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction value) + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_StructuredDataTerminal__M6_typeId(System.IO.MemoryStream value) { - return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateAction(value); + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_TerminalTypeId(value); } - public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S22_CryptoSchemaAttributes__M5_value(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction value) + public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S4_Path(Dafny.ISequence value) { - return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateAction(value); + return new System.Collections.Generic.List(value.Elements.Select(FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S4_Path__M6_member)); + } + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S4_Path(System.Collections.Generic.List value) + { + return Dafny.Sequence.FromArray(value.Select(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S4_Path__M6_member).ToArray()); } public static AWS.Cryptography.MaterialProviders.EncryptedDataKey FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_EncryptedDataKey(software.amazon.cryptography.materialproviders.internaldafny.types._IEncryptedDataKey value) { @@ -906,6 +879,40 @@ public static software.amazon.cryptography.materialproviders.internaldafny.types return new software.amazon.cryptography.materialproviders.internaldafny.types.EncryptedDataKey(ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_EncryptedDataKey__M13_keyProviderId(value.KeyProviderId), ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_EncryptedDataKey__M15_keyProviderInfo(value.KeyProviderInfo), ToDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_EncryptedDataKey__M10_ciphertext(value.Ciphertext)); } + public static System.IO.MemoryStream FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S13_TerminalValue(Dafny.ISequence value) + { + return new System.IO.MemoryStream(value.Elements); + } + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S13_TerminalValue(System.IO.MemoryStream value) + { + if (value.ToArray().Length == 0 && value.Length > 0) + { + throw new System.ArgumentException("Fatal Error: MemoryStream instance not backed by an array!"); + } + return Dafny.Sequence.FromArray(value.ToArray()); + + } + public static System.IO.MemoryStream FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_TerminalTypeId(Dafny.ISequence value) + { + return new System.IO.MemoryStream(value.Elements); + } + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S14_TerminalTypeId(System.IO.MemoryStream value) + { + if (value.ToArray().Length == 0 && value.Length > 0) + { + throw new System.ArgumentException("Fatal Error: MemoryStream instance not backed by an array!"); + } + return Dafny.Sequence.FromArray(value.ToArray()); + + } + public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.PathSegment FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S4_Path__M6_member(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IPathSegment value) + { + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S11_PathSegment(value); + } + public static software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IPathSegment ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S4_Path__M6_member(AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.PathSegment value) + { + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S11_PathSegment(value); + } public static string FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S16_EncryptedDataKey__M13_keyProviderId(Dafny.ISequence value) { return FromDafny_N3_aws__N12_cryptography__N17_materialProviders__S9_Utf8Bytes(value); @@ -930,19 +937,6 @@ public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N17_materi { return ToDafny_N6_smithy__N3_api__S4_Blob(value); } - public static System.IO.MemoryStream FromDafny_N6_smithy__N3_api__S4_Blob(Dafny.ISequence value) - { - return new System.IO.MemoryStream(value.Elements); - } - public static Dafny.ISequence ToDafny_N6_smithy__N3_api__S4_Blob(System.IO.MemoryStream value) - { - if (value.ToArray().Length == 0 && value.Length > 0) - { - throw new System.ArgumentException("Fatal Error: MemoryStream instance not backed by an array!"); - } - return Dafny.Sequence.FromArray(value.ToArray()); - - } public static System.Exception FromDafny_CommonError(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IError value) { switch (value) diff --git a/specification/.markdownlint.json b/specification/.markdownlint.json new file mode 100644 index 000000000..db00eedc6 --- /dev/null +++ b/specification/.markdownlint.json @@ -0,0 +1,5 @@ +{ + "MD013": false, + "MD032": false, + "MD041": false +} diff --git a/specification/changes/2024-02-29-encryption-context/background.md b/specification/changes/2024-02-29-encryption-context/background.md index 86a1e5bf2..e8d01e10e 100644 --- a/specification/changes/2024-02-29-encryption-context/background.md +++ b/specification/changes/2024-02-29-encryption-context/background.md @@ -1,6 +1,10 @@ +[//]: # "Copyright Amazon.com Inc. or its affiliates. All Rights Reserved." +[//]: # "SPDX-License-Identifier: CC-BY-SA-4.0" + # Additional Encryption Context ## Motivation + In the current design, the primary hash and sort keys are made available for branch key calculations. This is sufficient for any system specifically designed with branch keys in mind, but may be insufficient for some legacy systems. For example, imagine two tables : Users and Groups. @@ -12,15 +16,15 @@ Thus when querying the User table, the GroupID is unavailable to the branch key Designate some sign-only attributes to be available to customers for branch key calculations, KMS encryption contexts and such. -### Where to handle the additions +### Where to handle the additions -#### Option Taken : Add attributes to the encryption context. +#### Option Taken : Add attributes to the encryption context Advantages include : * Simple user story * Tiny change to API -#### Option Not Taken : Pass attributes to the keyring. +#### Option Not Taken : Pass attributes to the keyring We could have extended the keyring interface to receive a set of key-value pairs, and then passed all signed attributes to the keyring, which would use that to choose the branch key. @@ -33,7 +37,7 @@ Drawbacks include : ### Which Attributes to Include -#### Option Taken : Allow the user to configure which signed fields are included. +#### Option Taken : Allow the user to configure which signed fields are included Where the customer used to designate “sign only” they now specify a subset of those to be in the encryption context. @@ -41,8 +45,7 @@ Where the customer used to designate “sign only” they now specify a subset o Simplest for the customer, but this could be very large in some cases, and the KMS limit on encryption context size is fairly small. - -### Versioning +### Versioning We need some way, at decrypt time, to know which attributes were used in the encryption context. @@ -64,21 +67,24 @@ Once we support version 2, we always write version 2. The downside to this is th Currently, the primary hash and sort keys must be SIGN_ONLY, even though they behave as SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT. Going forward, the primary keys must continue to have the SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT functionality. -#### Option Taken - If any attributes are marked SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT then primary keys must also be SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT. +#### Option Taken - If any attributes are marked SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT then primary keys must also be SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT This keeps a consistent meaning for all the CryptoActions, while not requiring a version2 header for customers not using the new feature. #### Option Not Taken - Primary keys MUST still be SIGN_ONLY + When customers adopt SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT, they don’t need to update their primary keys; however, this means that SIGN_ONLY sometimes means SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT leading to confusion #### Option Not Taken - Primary keys can be either SIGN_ONLY or SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT + Even easier on customers, as they can change or not, but this still means that SIGN_ONLY sometimes means SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT leading to confusion ### Where to calculate the new encryption context entries? Currently, we generate the encryption context in the Item Encryptor, but only the Structure Encryptor has access to the header and its legend. -#### Option Taken - Structure Encryptor +#### Option Taken - Structure Encryptor + On Decrypt, the Structure Encryptor has the necessary context to determine which attributes were used in the encryption context. On encrypt, the Structure Encryptor adds to the required encryption context any attributes marked as SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT. @@ -86,11 +92,12 @@ On encrypt, the Structure Encryptor adds to the required encryption context any On decrypt, the Structure Encryptor examines the legend in the header to determine which fields were SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT, and performs the same operation as in encrypt. #### Option Not Taken - Item Encryptor + This would be simplest for Encrypt, as we already generate the encryption context in the Item Encryptor and pass it into the Structure Encryptor. Unfortunately, on Decrypt things are more complex, and we need to parse the header to find out which attributes were used in the encryption context. Trying to do this in the Item Encryptor would require too much back and forth across the Item/Structure boundary. # User Friendly Encryption Context -## Background +## Background In the DBESDK, we include the values of the primary hash and sort keys in the encryption context. We serialize the AttributeValue into a a sequence of bytes (as per StructuredEncryption) and then Base64 encode the result. Thus the string “key” is in the encryption context as “AAFrZXk=”. @@ -106,7 +113,7 @@ The branch key selector function takes a map of AttributeName to AttributeValue. Further, we can’t ameliorate this with something in the config file, or even the encrypted record’s version number, because the only input to the branch key selector function is the encryption context. -#### Option Taken - plain strings, plus a legend. +### Option Taken - plain strings, plus a legend In the version 2 records, add a new entry to the encryption context : aws-crypto-legend. Much like the legend in the StructuredEncryption header, this holds one character per attribute in the encryption context. Sort the keys in the encryption context and the values in the legend are in that same order. @@ -123,7 +130,7 @@ Whenever we generate an encryption context, we know what record version we’re If a customer wants this new functionality, they can simply change their primary hash and sort keys to SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT. -#### Option Not Taken : DynamoDB's JSON syntax +### Option Not Taken : DynamoDB's JSON syntax We could do without the legend if we used the DynamoDB JSON syntax for values. Thus key would become {”S“ : ”key“} @@ -133,20 +140,20 @@ This has the advantage of simplicity, and is more user friendly then the current * A key policy referring directly to {”S“ : ”key“} is still a suboptimal user experience * This would increase the size of the encryption context. Eventually somebody’s going to bump up against the 4K barrier for encryption contexts in KMS. -#### Option Not Taken - Change interface to branch key selector +### Option Not Taken - Change interface to branch key selector If this took a map of string to string, instead of an AttributeMap, then it would be ok to lose the type information. Unfortunately, this would break all the customers currently using one. -#### Option Not Taken - Change interface to branch key selector for version 2 records +### Option Not Taken - Change interface to branch key selector for version 2 records The place where we construct the branchKeyIdSupplier, we don’t know the version. Once we know the version, we’ve lost the knowledge of which supplier we are using. -#### Option Not Taken - Deduce the type +### Option Not Taken - Deduce the type Skip the legend. If it looks like a number or a literal, that’s what it is. If it ends with a ‘=’ it’s binary, otherwise it’s a string. This would work 99% of the time, but we need 100%. -#### Option Not Taken - Pass in everything as a string +### Option Not Taken - Pass in everything as a string We could store everything in this new way, but don’t keep the legend. Then wrap everything up as an AttributeValue of type String. Any customer with a binary key would be out of luck entirely. @@ -154,7 +161,3 @@ Any customer that actually cares about the difference between String(123) and Nu Add type information to the config for every SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT attribute. This would be great, except that the branch key selector doesn’t have access to the config. - - - - diff --git a/specification/changes/2024-02-29-encryption-context/change.md b/specification/changes/2024-02-29-encryption-context/change.md index 58fdfdba6..6f36470ea 100644 --- a/specification/changes/2024-02-29-encryption-context/change.md +++ b/specification/changes/2024-02-29-encryption-context/change.md @@ -27,7 +27,7 @@ and therefore available to the Branch Key Selector. A fourth Crypto Action will be made available : `SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT`, to join the existing `DO_NOTHING`, `SIGN_ONLY` and `ENCRYPT_AND_SIGN`. The presence of any SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT attribute in the configuration -will cause a version 2 record to be written. +will cause a version 2 record to be written. If any SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT attribute is configured, then the primary partition and sort keys must also be SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT. @@ -62,7 +62,7 @@ based solely on the encryption context -- since no configuration or version numb ### Parsed Header For both record versions, the Parsed Header returned from Structured Encryption operations now -contains an additional field : the full encryption context. +contains an additional field : the full encryption context. Similarly, the Parsed Header returned from Item Encryptor operations now contains two additional fields : the full encryption context, @@ -71,7 +71,7 @@ and the value map that would be passed to the Branch Key Selector. ## Implementation Changes For version 1 records, only the Item Encryptor operations know which attributes should -be in the encryption context, +be in the encryption context, The logical table name, plus the names and values of the primary hash and sort keys, and so the full encryption context, along with the associated RequiredEncryptionContextCMM, @@ -93,13 +93,13 @@ another layer of RequiredEncryptionContextCMM to include those value. To use this new functionality with the DynamoDB Enhanced Client in Java, tag your attribute with `@DynamoDbEncryptionSignAndIncludeInEncryptionContext` -### Single Table Design +## Single Table Design To better handle [Single-Table Design](https://aws.amazon.com/blogs/compute/creating-a-single-table-design-with-amazon-dynamodb/), one can now specify multiple schemas when building a DynamoDbEnhancedTableEncryptionConfig as shown below. -``` +```java TableSchema tableSchema1 = TableSchema.fromBean(Class1.class); TableSchema tableSchema2 = TableSchema.fromBean(Class2.class); TableSchema tableSchema3 = TableSchema.fromBean(Class3.class); @@ -121,4 +121,4 @@ TransactWriteItemsEnhancedRequest.builder() .addPutItem(table2, item2) .addPutItem(table3, item3) .build(); -``` \ No newline at end of file +``` diff --git a/specification/changes/2024-05-19-simplify-structured-encryption/background.md b/specification/changes/2024-05-19-simplify-structured-encryption/background.md new file mode 100644 index 000000000..9b87c5a39 --- /dev/null +++ b/specification/changes/2024-05-19-simplify-structured-encryption/background.md @@ -0,0 +1,146 @@ +[//]: # "Copyright Amazon.com Inc. or its affiliates. All Rights Reserved." +[//]: # "SPDX-License-Identifier: CC-BY-SA-4.0" + +# Simplify Structure Encryption + +The problems with structured encryption are twofold: +1. The existing recursive structures are needlessly complex +2. The existing structures are not actually suitable for encrypting nested structures. + +So we'll look at the changes in two steps : Simplify and Add Structure + +## Simplify + +There were three parallel data structures, for StructuredData, CryptoSchema and AuthenticateSchema. + +This is the CryptoSchema as an example + +```smithy +structure CryptoSchema { + content: CryptoSchemaContent, + attributes: CryptoSchemaAttributes +} + +union CryptoSchemaContent { + Action: CryptoAction, + SchemaMap: CryptoSchemaMap, + SchemaList: CryptoSchemaList +} + +map CryptoSchemaMap { + key: String, + value: CryptoSchema +} + +list CryptoSchemaList { + member: CryptoSchema +} + +map CryptoSchemaAttributes { + key: String, + value: AuthenticateAction +} +``` + +The DynamoDB encryption client restricted itself to a flattened subset of this, +such that a CryptoSchema's attributes were always `None` and the content was always a CryptoSchemaMap +whose values were always a CryptoAction. + +Thus we might as well replace the whole thing with + +``` smithy +map CryptoSchemaMap { + key: String, + value: CryptoAction +} +``` + +which gives us all the flexibility we actually use. + +## Add Structure + +You might ask "why not use the structure you just removed?". + +The old way to say that A.B is SIGN_ONLY and A.C is ENCRYPT_AND_SIGN is a much more complicated version of this: + +```dafny +SchemaMap("A" := SchemaMap("B" := SIGN_ONLY, "C" := ENCRYPT_AND_SIGN))); +DataMap("A" := DataMap("B" := SomeBytes, "C" := OtherBytes))); +``` + +Among the difficulties here is that there is no straightforward way to test if both the Schema and the Data contain the same things, i.e. A.B and A.C. The obvious Schema.Keys == Data.Keys evaluates to true, but is only comparing the “A”‘s, which is a sharp edge best avoided. + +So the existing smithy model makes nested structures difficult to write and difficult to reason about. + +More useful would be something more like this : + +CryptoSchema ("A.B" := SIGN_ONLY, "A.C" := ENCRYPT_AND_SIGN); +StructuredData("A.B" := SomeBytes, "A.C" := OtherBytes)); + +Thus we introduce the type `Path` which is a sequence of member strings, +so the two paths in the example above would be ["A","B"] and ["A","C"]. + +The Path is really the more complex : + +```smithy +structure StructureSegment {@required key : String} +union PathSegment { + member: StructureSegment, +} +list Path { + member: PathSegment +} +``` + +So that in the future it can become something like + +```smithy +structure StructureSegment {@required key : String} +@range(min:0) +integer Position +structure ListSegment {@required key : Position} +structure AttributeSegment {@required key : String} +union PathSegment { + member: StructureSegment, + list: ListSegment, + attribute: AttributeSegment, +} +list Path { + member: PathSegment +} +``` + +To capture a more comprehensive set of structures. + +The obvious next step is to change the maps to this form: + +``` smithy +map CryptoSchemaMap { + key: Path, + value: CryptoAction +} +``` + +but we can't do that, because smithy maps can only have keys of type `string`. + +So what to do? + +Speaking of complexity, every operation either takes a CryptoSchemaMap and a StructuredDataMap, +or an AuthSchemaMap and a StructuredDataMap. +Much code exists to ensure that the two maps have the same keys, +and to ensure that the intermediate maps similarly maintain the same sets of keys. + +A third bit of complexity is that, at its lowest level, Structure Encryption works on +an ordered list of entries, and so internally we must convert from map to list and back to map. + +Solving all three problems, instead of a CryptoSchemaMap and a StructuredDataMap, +we have a single list of structures containing + +- Path +- StructuredDataTerminal +- CryptoAction + +This way, there is no way to have mismatching maps, because every data must have an action, +and every action must have a data. + +The only bit of added complexity is verifying that all the paths in the input list are unique. diff --git a/specification/changes/2024-05-19-simplify-structured-encryption/change.md b/specification/changes/2024-05-19-simplify-structured-encryption/change.md new file mode 100644 index 000000000..c9ba51ac2 --- /dev/null +++ b/specification/changes/2024-05-19-simplify-structured-encryption/change.md @@ -0,0 +1,46 @@ +[//]: # "Copyright Amazon.com Inc. or its affiliates. All Rights Reserved." +[//]: # "SPDX-License-Identifier: CC-BY-SA-4.0" + +# Simplify Structure Encryption + +The smithy model for Structure Encryption has changed. + +This is considered a non-breaking change, +because Structure Encryption is not supposed to be used directly by customers. + +The other smithy models (ItemEncryptor et al) have NOT changed. + +## EncryptStructure and DecryptStructure + +The interfaces of these two functions are slightly changed, +and are implemented as thin wrappers around EncryptPathStructure and DecryptPathStructure. + +First, the maps passed in are no longer the complex recursive structures, +simple key-value maps where the key is a plain string, +and the value is a StructuredDataTerminal, CryptoAction or AuthenticateAction. + +Further, the CryptoAction maps has moved from `output.parsedHeader.cryptoSchema` to `output.cryptoSchema`. + +This latter change is so that `*cryptStructure` and `*cryptPathStructure` +can use the same ParsedHeader. + +## EncryptPathStructure and DecryptPathStructure + +These are the same as their non-path counter parts, except where EncryptStructure and DecryptStructure +deal in pairs of maps, e.g. + +- data : map +- actions : map + +These two take a single parameter which is a list of + +- path : Path +- data : StructuredDataTerminal +- action : CryptoAction + +and exhibit the same behavior, other than needing to generalize from string to path. + +## ResolveAuthActions + +Convert AuthActions into CryptoActions, without doing any decryption. +Useful if you need to know which fields are encrypted BEFORE you can properly call DecryptStructure or DecryptPathStructure. diff --git a/specification/dynamodb-encryption-client/ddb-encryption-branch-key-id-supplier.md b/specification/dynamodb-encryption-client/ddb-encryption-branch-key-id-supplier.md index 9359658e0..ae6e6a0c8 100644 --- a/specification/dynamodb-encryption-client/ddb-encryption-branch-key-id-supplier.md +++ b/specification/dynamodb-encryption-client/ddb-encryption-branch-key-id-supplier.md @@ -24,7 +24,7 @@ The `CreateDynamoDbEncryptionBranchKeyIdSupplier` is an operation that MUST be v ### Input -This operation MUST take in a [DynamoDbKeyBranchKeyIdSupplier](#dynamodb-key-branch-key-id-supplier) as input. +This operation MUST take in a [DynamoDbKeyBranchKeyIdSupplier](#dynamodbkeybranchkeyidsupplier) as input. ### Output diff --git a/specification/dynamodb-encryption-client/ddb-item-conversion.md b/specification/dynamodb-encryption-client/ddb-item-conversion.md index 644624d58..a50ac1656 100644 --- a/specification/dynamodb-encryption-client/ddb-item-conversion.md +++ b/specification/dynamodb-encryption-client/ddb-item-conversion.md @@ -37,8 +37,6 @@ and the numeric value might be formatted differently. A [Structured Data](../structured-encryption/structures.md#structured-data) converted from a DynamoDB Item has the following requirements: -- MUST be a [Structured Data Map](../structured-encryption/structures.md#structured-data-map). -- MUST NOT have [Structured Data Attributes](../structured-encryption/structures.md#structured-data-attributes). - MUST contain a [Structured Data Terminal](../structured-encryption/structures.md#structured-data-terminal) for each attribute on the DynamoDB Item, and no others. @@ -54,11 +52,8 @@ converted from a DynamoDB Item has the following requirements: In order to convert to a DynamoDB Item, [Structured Data](../structured-encryption/structures.md#structured-data) adheres to the following: -- MUST be a [Structured Data Map](../structured-encryption/structures.md#structured-data-map). - This [Structured Data Map](../structured-encryption/structures.md#structured-data-map), if not empty, - MUST only contain [Structured Data Terminals](../structured-encryption/structures.md#structured-data-terminal). -- MUST NOT have [Structured Data Attributes](../structured-encryption/structures.md#structured-data-attributes). - MUST NOT have any `Key` strings that are invalid DynamoDB AttributeNames, that is, with more than 65535 characters. A DynamoDB Item converted from a diff --git a/specification/dynamodb-encryption-client/ddb-sdk-integration.md b/specification/dynamodb-encryption-client/ddb-sdk-integration.md index 3f48a692a..75ed5e0ee 100644 --- a/specification/dynamodb-encryption-client/ddb-sdk-integration.md +++ b/specification/dynamodb-encryption-client/ddb-sdk-integration.md @@ -104,13 +104,13 @@ Any Condition Expression must be checked for [validity](ddb-support.md#testcondi Any Update Expression must be checked for [validity](ddb-support.md#testupdateexpression) If data is to be written - - the input data must validated - - beacons must be added - - the input data must be encrypted +- the input data must validated +- beacons must be added +- the input data must be encrypted If data is being read - - the output data must be decrypted - - beacons must be removed +- the output data must be decrypted +- beacons must be removed For Query and Scan, more complex processing must be invoked for both input (before encryption), and output (after decryption). @@ -130,7 +130,7 @@ MUST have the following modified behavior: - [Decrypt after BatchGetItem](#decrypt-after-batchgetitem) - [Decrypt after Scan](#decrypt-after-scan) - [Decrypt after Query](#decrypt-after-query) -- [Decrypt after TransactGetItem](#decrypt-after-transactgetitem) +- [Decrypt after TransactGetItem](#decrypt-after-transactgetitems) - [Validate before UpdateItem](#validate-before-updateitem) - [Validate before DeleteItem](#validate-before-deleteitem) - [Validate before ExecuteStatement](#validate-before-executestatement) @@ -139,7 +139,7 @@ MUST have the following modified behavior: - [Modify before Scan](#modify-before-scan) - [Modify before Query](#modify-before-query) -The [Allowed Passthrough DynmanoDB APIs](#allowed-passthrough-dynamodb-apis) +The [Allowed Passthrough DynamoDB APIs](#allowed-passthrough-dynamodb-apis) MUST NOT be modified. Any DynamoDB API not specified is this document either @@ -271,22 +271,22 @@ MUST be unchanged. If there is an `Update` that refers to a `TableName` that refers to an [encrypted-table](#encrypted-table) - - The UpdateExpression of the `Update` MUST be [valid](ddb-support.md#testupdateexpression). - - The ConditionExpression of the `Update` MUST be [valid](ddb-support.md#testconditionexpression). +- The UpdateExpression of the `Update` MUST be [valid](ddb-support.md#testupdateexpression). +- The ConditionExpression of the `Update` MUST be [valid](ddb-support.md#testconditionexpression). If there is a `ConditionCheck` that refers to a `TableName` that refers to an [encrypted-table](#encrypted-table) - - The ConditionExpression of the `ConditionCheck` MUST be [valid](ddb-support.md#testconditionexpression). +- The ConditionExpression of the `ConditionCheck` MUST be [valid](ddb-support.md#testconditionexpression). If there is a `Delete` that refers to a `TableName` that refers to an [encrypted-table](#encrypted-table) - - The ConditionExpression of the `Delete` MUST be [valid](ddb-support.md#testconditionexpression). +- The ConditionExpression of the `Delete` MUST be [valid](ddb-support.md#testconditionexpression). If there is a `Put` that refers to a `TableName` that refers to an [encrypted-table](#encrypted-table) - - The Item MUST be [writable](ddb-support.md#writable). - - The ConditionExpression `Put` MUST be [valid](ddb-support.md#testconditionexpression). - - Signed Beacons MUST be [added](ddb-support.md#addsignedbeacons). +- The Item MUST be [writable](ddb-support.md#writable). +- The ConditionExpression `Put` MUST be [valid](ddb-support.md#testconditionexpression). +- Signed Beacons MUST be [added](ddb-support.md#addsignedbeacons). - If the [Beacon Key Source](../searchable-encryption/search-config.md#beacon-key-source) is a [Multi Key Store](../searchable-encryption/search-config.md#multi-key-store-initialization) the [Beacon Key Field Name](../searchable-encryption/search-config.md#beacon-key-field-name) @@ -308,11 +308,11 @@ is a [Multi Key Store](../searchable-encryption/search-config.md#multi-key-store and a `branch key id` was returned from [handling the beacon key field name](ddb-support.md#handlebeaconkeyfieldname) this `branch key id` MUST match the value returned from [Get beacon key id from Parsed Header](../searchable-encryption/search-config.md#get-beacon-key-id-from-parsed-header). - - Encrypted Beacons MUST be [added](ddb-support.md#addencryptedbeacons). - - If any of the above fails, +- Encrypted Beacons MUST be [added](ddb-support.md#addencryptedbeacons). +- If any of the above fails, the client MUST NOT make a network call to DynamoDB, and PutItem MUST yield an error. - - The PutItem request's `Item` field MUST be replaced +- The PutItem request's `Item` field MUST be replaced with a value that is equivalent to the result [Encrypted DynamoDB Item](./encrypt-item.md#encrypted-dynamodb-item) calculated above. @@ -398,7 +398,7 @@ being returned to the caller if: with a [DynamoDB Table Name](./ddb-item-encryptor.md#dynamodb-table-name) equal to the `TableName` on the UpdateItem request. - the response contains [Attributes](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_UpdateItem.html#DDB-UpdateItem-response-Attributes). -- the original UpdateItem request had a +- the original UpdateItem request had a [ReturnValues](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_UpdateItem.html#DDB-UpdateItem-request-ReturnValues) with a value of `ALL_OLD` or `ALL_NEW`. @@ -449,7 +449,7 @@ After a [Scan](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/AP call is made to DynamoDB : For each list entry in `Items` in the response, -if there exists an Item Encryptor specified within the +if there exists an Item Encryptor specified within the [DynamoDB Encryption Client Config](#dynamodb-encryption-client-configuration) with a [DynamoDB Table Name](./ddb-item-encryptor.md#dynamodb-table-name) equal to the `TableName` on the request, @@ -472,7 +472,7 @@ After a [Query](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/A call is made to DynamoDB : For each list entry in `Items` in the response, -if there exists an Item Encryptor specified within the +if there exists an Item Encryptor specified within the [DynamoDB Encryption Client Config](#dynamodb-encryption-client-configuration) with a [DynamoDB Table Name](./ddb-item-encryptor.md#dynamodb-table-name) equal to the `TableName` on the request, @@ -559,7 +559,6 @@ If no such Item Encryptor exists, there MUST NOT be any modification to the ExecuteStatement request. - ### Validate Before BatchExecuteStatement Before an [BatchExecuteStatement](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/BatchExecuteStatement.html) @@ -622,7 +621,6 @@ specifically AttributesToGet, KeyConditions, QueryFilter and ConditionalOperator The request MUST be [altered](./ddb-support.md#queryinputforbeacons) to transform any references to encrypted attributes into references to beacons. - ## Allowed Passthrough DynamoDB APIs - CreateBackup diff --git a/specification/dynamodb-encryption-client/ddb-support.md b/specification/dynamodb-encryption-client/ddb-support.md index b276942f4..fef516ce3 100644 --- a/specification/dynamodb-encryption-client/ddb-support.md +++ b/specification/dynamodb-encryption-client/ddb-support.md @@ -15,26 +15,26 @@ There are two categories of support functions. The first category is for general support, used across multiple DynamoDB API transformations. - * [Writable](#writable) - are the attributes in this item ok to write - * [TestConditionExpression](#testconditionexpression) - Is this condition expression suitable for use - * [TestUpdateExpression](#testupdateexpression) - Is this update expression suitable for use - * [AddSignedBeacons](#addsignedbeacons) - Add non encrypted attributes to an item to enable searchable encryption - * [GetEncryptedBeacons](#getencryptedbeacons) - Get new attributes for an item to enable searchable encryption - * [RemoveBeacons](#removebeacons) - Remove all private attributes from an item, +- [Writable](#writable) - are the attributes in this item ok to write +- [TestConditionExpression](#testconditionexpression) - Is this condition expression suitable for use +- [TestUpdateExpression](#testupdateexpression) - Is this update expression suitable for use +- [AddSignedBeacons](#addsignedbeacons) - Add non encrypted attributes to an item to enable searchable encryption +- [GetEncryptedBeacons](#getencryptedbeacons) - Get new attributes for an item to enable searchable encryption +- [RemoveBeacons](#removebeacons) - Remove all private attributes from an item, e.g. the ones added in [AddSignedBeacons](#addsignedbeacons) and [GetEncryptedBeacons](#getencryptedbeacons) - * [HandleBeaconKeyFieldName](#handlebeaconkeyfieldname) - Handle the beacon key field name for Multi Key Store configurations +- [HandleBeaconKeyFieldName](#handlebeaconkeyfieldname) - Handle the beacon key field name for Multi Key Store configurations The second category is support for specific interceptors, where the whole input or output structure is modified. - * [QueryInputForBeacons](#queryinputforbeacons) - * [QueryOutputForBeacons](#queryoutputforbeacons) - * [ScanInputForBeacons](#scaninputforbeacons) - * [ScanOutputForBeacons](#scanoutputforbeacons) +- [QueryInputForBeacons](#queryinputforbeacons) +- [QueryOutputForBeacons](#queryoutputforbeacons) +- [ScanInputForBeacons](#scaninputforbeacons) +- [ScanOutputForBeacons](#scanoutputforbeacons) ## Writable Writeable MUST reject any item containing an attribute which begins with `aws_dbe_`. -One needn't worry about attributes with the same names as beacons or virtual fields, +One needn't worry about attributes with the same names as beacons or virtual fields, because elsewhere we make sure that the beacons do not overlap with configured fields, and so trying to write those fields will result in "writing unconfigured field" errors already. @@ -242,7 +242,7 @@ with the value map containing (:fruit = banana). The actual query resolved by the server will be "aws_dbe_b_Fruit = :fruit" with the value map containing (:fruit = 12345). -Further imagine that two records were returned, one with fruit = banana, +Further imagine that two records were returned, one with fruit = banana, and one with fruit = orange (but both with aws_dbe_b_Fruit = 12345). This operation must look at the field "fruit" and keep only the record diff --git a/specification/dynamodb-encryption-client/ddb-table-encryption-config.md b/specification/dynamodb-encryption-client/ddb-table-encryption-config.md index 0708ea484..f9715937e 100644 --- a/specification/dynamodb-encryption-client/ddb-table-encryption-config.md +++ b/specification/dynamodb-encryption-client/ddb-table-encryption-config.md @@ -110,7 +110,7 @@ This Sort Key Name MUST be a valid DynamoDB Key Schema Attribute Name ### Configuration Version -If any of the [Attribute Actions](#attribute-actions) are configured as +If any of the [Attribute Actions](#attribute-actions) are configured as [SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT](../structured-encryption/structures.md#contextandsign) then the configuration version MUST be 2; otherwise, the configuration version MUST be 1. diff --git a/specification/dynamodb-encryption-client/decrypt-item.md b/specification/dynamodb-encryption-client/decrypt-item.md index fc18ee6a6..fb1873302 100644 --- a/specification/dynamodb-encryption-client/decrypt-item.md +++ b/specification/dynamodb-encryption-client/decrypt-item.md @@ -29,9 +29,9 @@ decrypts a DynamoDB Item originally encrypted via the [Encrypt Item](./encrypt-i The following inputs to this behavior are REQUIRED: -- DynamoDB Item +- [DynamoDb Item](#input-dynamodb-item) -### DynamoDB Item +### Input DynamoDB Item The DynamoDB Item is the item to be decrypted by this behavior. @@ -49,7 +49,7 @@ Otherwise this operation MUST yield an error. This operation MUST output the following: -- [DynamoDb Item](#dynamodb-item-1) +- [DynamoDb Item](#output-dynamodb-item) This operation MUST also output a [Parsed Header](#parsed-header) if the following is true: - The operation is not using a [Legacy Policy](./ddb-table-encryption-config.md#legacy-policy) that allows legacy decrypts, @@ -57,9 +57,9 @@ This operation MUST also output a [Parsed Header](#parsed-header) if the followi - The operation is not using a [Plaintext Policy](./ddb-table-encryption-config.md#plaintext-policy) that allows plaintext reads, and the input item is a [plaintext item](#determining-plaintext-items). -### DynamoDB Item +### Output DynamoDB Item -The DynamoDB Item is the decryption of the [input DynamoBD Item](#dynamodb-item). +The DynamoDB Item is the decryption of the [input DynamoBD Item](#input dynamodb-item). ### Parsed Header @@ -99,7 +99,7 @@ this operation MUST NOT decrypt the input item, and MUST passthrough that item as the output. This behavior REQUIRES a [Structured Data](../structured-encryption/structures.md#structured-data) -which is [converted](./ddb-item-conversion.md) from the [input DynamoDB Item](#dynamodb-item). +which is [converted](./ddb-item-conversion.md) from the [input DynamoDB Item](#input-dynamodb-item). This operation MUST create a [Required Encryption Context CMM](https://github.com/awslabs/private-aws-encryption-sdk-specification-staging/blob/dafny-verified/framework/required-encryption-context-cmm.md) @@ -114,24 +114,24 @@ with the following inputs: - Encrypted Structured Data MUST be the Structured Data converted above. - Authenticate Schema MUST be a [Authenticate Schema](../structured-encryption/structures.md#crypto-schema) built with the following requirements: - - For every Attribute in the [input DynamoDB Item](#dynamodb-item) + - For every Attribute in the [input DynamoDB Item](#input-dynamodb-item) that is in the [signature scope](#signature-scope), there MUST exist a [SIGN Authenticate Action](../structured-encryption/structures.md#sign) in the Authenticate Schema, string indexed at the top level by that attribute name. - - For every Attribute in the [input DynamoDB Item](#dynamodb-item) + - For every Attribute in the [input DynamoDB Item](#input-dynamodb-item) that is not in the [signature scope](#signature-scope), there MUST exist a [DO_NOT_SIGN Authenticate Action](../structured-encryption/structures.md#do_not_sign) in the Authenticate Schema, string indexed at the top level by that attribute name. - The number of Authenticate Actions in the Authenticate Schema - MUST EQUAL the number of Attributes on the [input DynamoDB Item](#dynamodb-item). + MUST EQUAL the number of Attributes on the [input DynamoDB Item](#input-dynamodb-item). - Encryption Context MUST be the input Item's [DynamoDB Item Base Context](./encrypt-item.md#dynamodb-item-base-context). - CMM MUST be the CMM constructed above. The output to this behavior is the [conversion](./ddb-item-conversion.md) of the decrypted Structured Data determined above -into the [output DynamoDB Item](#encrypted-dynamodb-item). +into the [output DynamoDB Item](./encrypt-item.md#encrypted-dynamodb-item). The output MUST also include a [Parsed Header](#parsed-header) that contains data that was serialized into the header included in the output DynamoDb Item. diff --git a/specification/dynamodb-encryption-client/encrypt-item.md b/specification/dynamodb-encryption-client/encrypt-item.md index fc9fd2e50..8ddeea5e6 100644 --- a/specification/dynamodb-encryption-client/encrypt-item.md +++ b/specification/dynamodb-encryption-client/encrypt-item.md @@ -58,9 +58,9 @@ This operation MUST output the following: This operation MUST also output a [Parsed Header](#parsed-header) if the following is true: - The operation is not using a [Legacy Policy](./ddb-table-encryption-config.md#legacy-policy) that allows legacy decrypts, - and the input item is a [legacy item](#determining-legacy-items). + and the input item is a [legacy item](./decrypt-item.md#determining-legacy-items). - The operation is not using a [Plaintext Policy](./ddb-table-encryption-config.md#plaintext-policy) that allows plaintext reads, - and the input item is a [plaintext item](#determining-plaintext-items). + and the input item is a [plaintext item](./decrypt-item.md#determining-plaintext-items). ### Encrypted DynamoDB Item @@ -78,7 +78,6 @@ representing the deserialized form of the header of the input encrypted structur converted into Attribute Actions. - [Encrypted Data Keys](./header.md#encrypted-data-keys): The Encrypted Data Keys stored in the header. - ## Behavior If a [Legacy Policy](./ddb-table-encryption-config.md#legacy-policy) of @@ -146,14 +145,14 @@ A DynamoDB Item Base Context is a map of string key-values pairs that contains information related to a particular DynamoDB Item. The DynamoDB Item Base Context MUST contain: - - the key "aws-crypto-table-name" with a value equal to the configured +- the key "aws-crypto-table-name" with a value equal to the configured [logical table name](./ddb-table-encryption-config.md#logical-table-name). - - the key "aws-crypto-partition-name" with a value equal to the name of the Partition Key on this item. - - the [value](#base-context-value-version-1) of the Partition Key. +- the key "aws-crypto-partition-name" with a value equal to the name of the Partition Key on this item. +- the [value](#base-context-value-version-1) of the Partition Key. If this item has a Sort Key attribute, the DynamoDB Item Base Context MUST contain: - - the key "aws-crypto-sort-name" with a value equal to the [DynamoDB Sort Key Name](#dynamodb-sort-key-name). - - the [value](#base-context-value-version-1) of the Sort Key. +- the key "aws-crypto-sort-name" with a value equal to the [DynamoDB Sort Key Name](./ddb-table-encryption-config.md#dynamodb-sort-key-name). +- the [value](#base-context-value-version-1) of the Sort Key. If this item does not have a sort key attribute, the DynamoDB Item Context MUST NOT contain the key `aws-crypto-sort-name`. @@ -164,22 +163,20 @@ A DynamoDB Item Base Context is a map of string key-values pairs that contains information related to a particular DynamoDB Item. The DynamoDB Item Base Context MUST contain: - - the key "aws-crypto-table-name" with a value equal to the DynamoDB Table Name of the DynamoDB Table +- the key "aws-crypto-table-name" with a value equal to the DynamoDB Table Name of the DynamoDB Table this item is stored in (or will be stored in). - - the key "aws-crypto-partition-name" with a value equal to the name of the Partition Key on this item. +- the key "aws-crypto-partition-name" with a value equal to the name of the Partition Key on this item. If this item has a Sort Key attribute, the DynamoDB Item Base Context MUST contain: - - the key "aws-crypto-sort-name" with a value equal to the [DynamoDB Sort Key Name](#dynamodb-sort-key-name). +- the key "aws-crypto-sort-name" with a value equal to the [DynamoDB Sort Key Name](./ddb-table-encryption-config.md#dynamodb-sort-key-name). If this item does not have a sort key attribute, the DynamoDB Item Context MUST NOT contain the key `aws-crypto-sort-name`. - #### Base Context Value Version 1 -The key MUST be the following concatenation, -where `attributeName` is the name of the attribute: -"aws-crypto-attr." + `attributeName`. +The key MUST be as per [Encryption Context Naming] +(../structured-encryption/encrypt-path-structure.md#encryption-context-naming). The value MUST be the UTF8 Encoding of the [Base 64 encoded](https://www.rfc-editor.org/rfc/rfc4648), @@ -190,9 +187,8 @@ and `serializedValue` is the attribute's value serialized according to #### Base Context Value Version 2 -The key MUST be the following concatenation, -where `attributeName` is the name of the attribute: -"aws-crypto-attr." + `attributeName`. +The key MUST be as per [Encryption Context Naming] +(../structured-encryption/encrypt-path-structure.md#encryption-context-naming). The value MUST be : - If the type is Number or String, the unaltered (already utf8) bytes of the value diff --git a/specification/searchable-encryption/beacons.md b/specification/searchable-encryption/beacons.md index e401fb2fd..e973adb23 100644 --- a/specification/searchable-encryption/beacons.md +++ b/specification/searchable-encryption/beacons.md @@ -18,17 +18,21 @@ using truncation to provide some basic privacy protections. ### Definitions #### virtual field + A [virtual field](virtual.md) is a string computed from parts of a record. #### virtual database field + A `virtual database field` is a string computed from fields and virtual fields, from which a [compound beacon](#compound-beacon) is constructed. #### Real Field + A `real field` is a field that was placed in the record by the customer, rather than being generated. #### Source Field + A `source field` is a [real field](#real-field) used to construct a [virtual field](#virtual-field) or [virtual database field](#virtual-database-field). @@ -175,8 +179,8 @@ Every constructor must contain at least one required field. An example list of constructors might be : - - Person : timestamp(required) social(optional) zipcode(required) - - Location : address(required) zipcode(required) +- Person : timestamp(required) social(optional) zipcode(required) +- Location : address(required) zipcode(required) A constructor `succeeds` if all its required [source fields](#source-field) exist in the record. @@ -198,16 +202,16 @@ with parts separated by the `split character`. For example, the above configuration might result in [virtual database fields](#virtual-database-field) that look like this : - - T-20221225.S-123-45-6789.Z-12345 - - A-1234 Main Street.Z-23456 +- T-20221225.S-123-45-6789.Z-12345 +- A-1234 Main Street.Z-23456 These [virtual database field](#virtual-database-field) are never written to the database, or even fully assembled. But this is what the customer must imagine. Encrypted values are then replaced with the appropriate beacon. For example - - T-20221225.S-abcdef.Z-7abc - - A-3ab.Z-edc3 +- T-20221225.S-abcdef.Z-7abc +- A-3ab.Z-edc3 Which is then stored in the database, with a field name of `aws_dbe_b_MyField`. @@ -216,8 +220,8 @@ Which is then stored in the database, with a field name of `aws_dbe_b_MyField`. At query time, the customer uses MyField in a query as if it were the full [virtual database field](#virtual-database-field), for example : - * MyField starts_with("A-") - * MyField contains("Z-12345") +- MyField starts_with("A-") +- MyField contains("Z-12345") The onus is on the customer to properly re-create the results of all of the above configuration. @@ -255,9 +259,9 @@ The beacon value MUST be stored as `NAME`, rather than the usual `aws_dbe_b_NAME This has certain implications. - * `NAME` can be used as a primary table key. - * `NAME` will not be stripped out of records returned from Query or GetItem. - * `NAME` is allowed to appear in a record to be written. +- `NAME` can be used as a primary table key. +- `NAME` will not be stripped out of records returned from Query or GetItem. +- `NAME` is allowed to appear in a record to be written. Initialization MUST fail if `NAME` is explicitly configured with an [attribute actions](../dynamodb-encryption-client/ddb-item-encryptor.md#attribute-actions) or @@ -276,32 +280,31 @@ then the write must fail if the constructed and supplied values are not equal. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119](https://tools.ietf.org/html/rfc2119). - ### Standard Beacon Initialization On initialization of a Standard Beacon, the caller MUST provide: - * A name -- a string - * A `length` -- a [beacon length](#beacon-length) +- A name -- a string +- A `length` -- a [beacon length](#beacon-length) On initialization of a Standard Beacon, the caller MAY provide: - * a [terminal location](virtual.md#terminal-location) -- a string - * a [beacon style](beacon-style-initialization) +- a [terminal location](virtual.md#terminal-location) -- a string +- a [beacon style](beacon-style-initialization) If no [terminal location](virtual.md#terminal-location) is provided, the `name` MUST be used as the [terminal location](virtual.md#terminal-location). Initialization MUST fail if two standard beacons are configured with the same location. - ### Beacon Style Initialization +### Beacon Style Initialization On initialization of a Beacon Style, the caller MUST provide exactly one of - * a [PartOnly](#partonly-initialization) - * a [Shared](#shared-initialization) - * an [AsSet](#asset-initialization) - * a [SharedSet](#sharedset-initialization) +- a [PartOnly](#partonly-initialization) +- a [Shared](#shared-initialization) +- an [AsSet](#asset-initialization) +- a [SharedSet](#sharedset-initialization) ### PartOnly Initialization @@ -319,17 +322,17 @@ A query MUST fail if it tries to search on a PartOnly beacon directly. On initialization of as AsSet, the caller MUST NOT provide any additional parameters to the AsSet. -* initialization MUST fail if any compound beacon has an AsSet beacon as a part. -* Writing an item MUST fail if the item contains this beacon's attribute, +- initialization MUST fail if any compound beacon has an AsSet beacon as a part. +- Writing an item MUST fail if the item contains this beacon's attribute, and that attribute is not of type Set. -* The Standard Beacon MUST be stored in the item as a Set, +- The Standard Beacon MUST be stored in the item as a Set, comprised of the [beacon values](#beacon-value) of all the elements in the original Set. ### Shared Initialization On initialization of a Shared, the caller MUST provide: -* other : a beacon name +- other : a beacon name This name MUST be the name of a previously defined Standard Beacon. @@ -341,34 +344,33 @@ This beacon MUST calculate its [value](#beacon-value) as if it were the `other` On initialization of a SharedSet, the caller MUST provide: -* other : a beacon name +- other : a beacon name A SharedSet Beacon MUST behave both as [Shared](#shared-initialization) and [AsSet](#asset-initialization). - ### Compound Beacon Initialization On initialization of a Compound Beacon, the caller MUST provide: - * A name -- a string - * A split character -- a character +- A name -- a string +- A split character -- a character On initialization of a Compound Beacon, the caller MAY provide: - * A list of [encrypted parts](#encrypted-part-initialization) - * A list of [signed parts](#signed-part-initialization) - * A list of constructors +- A list of [encrypted parts](#encrypted-part-initialization) +- A list of [signed parts](#signed-part-initialization) +- A list of constructors #### Signed Part Initialization On initialization of a [signed part](#signed-part-initialization), the caller MUST provide: - * A name -- a string - * A prefix -- a string +- A name -- a string +- A prefix -- a string On initialization of a [signed parts](#signed-part-initialization), the caller MAY provide: - * A [terminal location](virtual.md#terminal-location) -- a string +- A [terminal location](virtual.md#terminal-location) -- a string If no [terminal location](virtual.md#terminal-location) is provided, the `name` MUST be used as the [terminal location](virtual.md#terminal-location). @@ -377,21 +379,21 @@ the `name` MUST be used as the [terminal location](virtual.md#terminal-location) On initialization of a [encrypted part](#encrypted-part-initialization), the caller MUST provide: - * A name -- a string, the name of a standard beacon - * A prefix -- a string +- A name -- a string, the name of a standard beacon +- A prefix -- a string #### Constructor Initialization On initialization of a constructor, the caller MUST provide: - * A non-empty list of [Constructor parts](#constructor-part-initialization) +- A non-empty list of [Constructor parts](#constructor-part-initialization) #### Constructor Part Initialization On initialization of a constructor part, the caller MUST provide: - * A name -- a string - * A required flag -- a boolean +- A name -- a string +- A required flag -- a boolean This name MUST match the name of one of the [encrypted](#encrypted-part-initialization) or [signed](#signed-part-initialization) parts. @@ -400,10 +402,10 @@ These parts may come from these locally defined parts lists, or from the ### Default Construction -* If no constructors are configured, a default constructor MUST be generated. -* This default constructor MUST be all of the signed parts, +- If no constructors are configured, a default constructor MUST be generated. +- This default constructor MUST be all of the signed parts, followed by all the encrypted parts, all parts being required. -* Initialization MUST fail if no constructors are configured, and no local parts are configured. +- Initialization MUST fail if no constructors are configured, and no local parts are configured. ### Part @@ -417,13 +419,13 @@ the `prefix` of any other [part](#part). Initialization MUST fail if any [signed-part](#signed-part-initialization) contains anything but SIGN_ONLY fields. -Initialization MUST fail if any [constructor](#constructor) is configured with a field name +Initialization MUST fail if any [constructor](#constructor-initialization) is configured with a field name that is not a defined [part](#part). -Initialization MUST fail if any [constructor](#constructor) is configured without at least one +Initialization MUST fail if any [constructor](#constructor-initialization) is configured without at least one required part. -Initialization MUST fail if two [constructors](#constructor) are configured +Initialization MUST fail if two [constructors](#constructor-initialization) are configured with the same set of required parts. ### Beacon Value @@ -435,76 +437,81 @@ or [value for a compound beacon](#value-for-a-compound-beacon). ## Beacon Operations Both standard and compound beacons define two operations - * [hash](#hash) - turn a plaintext record into a beacon - * [getPart](#getpart) - turn a plaintext query string into a beacon +- hash - turn a plaintext record into a beacon +- getPart - turn a plaintext query string into a beacon ### basicHash - * basicHash MUST take an [hmac key](./search-config.md#hmac-key-generation), a [beacon length](#beacon-length) and a sequence of bytes as input. - * basicHash MUST produce a non-empty string as output. - * basicHash MUST calculate the [HmacSha384](https://www.ietf.org/rfc/rfc2104.txt) + +- basicHash MUST take an [hmac key](./search-config.md#hmac-key-generation), a [beacon length](#beacon-length) and a sequence of bytes as input. +- basicHash MUST produce a non-empty string as output. +- basicHash MUST calculate the [HmacSha384](https://www.ietf.org/rfc/rfc2104.txt) of the input bytes and the [hmac key](./search-config.md#hmac-key-generation), and keep the first 8 bytes. - * basicHash MUST return the rightmost [beacon length](#beacon-length) bits of these 8 bytes as a hexadecimal string. - * the length of the returned string MUST be (`beacon length`/4) rounded up. +- basicHash MUST return the rightmost [beacon length](#beacon-length) bits of these 8 bytes as a hexadecimal string. +- the length of the returned string MUST be (`beacon length`/4) rounded up. ### string hash - * string hash MUST take a string and some [key materials](./search-config.md#get-beacon-key-materials) + +- string hash MUST take a string and some [key materials](./search-config.md#get-beacon-key-materials) as input, and produce a string as output. - * string hash MUST return the [basic hash](#basichash) of the UTF8 representation +- string hash MUST return the [basic hash](#basichash) of the UTF8 representation of the input string, the HMAC key from the [key materials](./search-config.md#get-beacon-key-materials) associated with this beacon, and the beacon length associated with this beacon. ### value for a standard beacon - * This operation MUST take an [hmac key](./search-config.md#hmac-key-generation), a record as input, and produce an optional [AttributeValue](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_AttributeValue.html). - * This operation MUST return no value if the associated field does not exist in the record - * If this beacon is marked AsSet then this operation MUST return the + +- This operation MUST take an [hmac key](./search-config.md#hmac-key-generation), a record as input, and produce an optional [AttributeValue](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_AttributeValue.html). +- This operation MUST return no value if the associated field does not exist in the record +- If this beacon is marked AsSet then this operation MUST return the [set value](#value-for-a-set-standard-beacon), otherwise it MUST return the [non-set value](#value-for-a-non-set-standard-beacon) ### value for a non-set standard beacon - * This operation MUST convert the attribute value of the associated field to + +- This operation MUST convert the attribute value of the associated field to a sequence of bytes, as per [attribute serialization](../dynamodb-encryption-client/ddb-attribute-serialization.md). - * This operation MUST return the [basicHash](#basichash) of the resulting bytes and the configured [beacon length](#beacon-length). - * The returned +- This operation MUST return the [basicHash](#basichash) of the resulting bytes and the configured [beacon length](#beacon-length). +- The returned [AttributeValue](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_AttributeValue.html) MUST be type "S" String. ### value for a set standard beacon - * This operation MUST convert the value of each item in the set to + +- This operation MUST convert the value of each item in the set to a sequence of bytes, as per [attribute serialization](../dynamodb-encryption-client/ddb-attribute-serialization.md). - * This operation MUST return a set containing the [basicHash](#basichash) of the resulting bytes and the configured [beacon length](#beacon-length). - * The resulting set MUST NOT contain duplicates. - * The returned +- This operation MUST return a set containing the [basicHash](#basichash) of the resulting bytes and the configured [beacon length](#beacon-length). +- The resulting set MUST NOT contain duplicates. +- The returned [AttributeValue](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_AttributeValue.html) MUST be type "SS" StringSet. ### value for a compound beacon - * This operation MUST take a record as input, and produce an optional string. - * If a string is returned, it MUST NOT be empty. - * This operation MUST iterate through all constructors, in order, using the first that succeeds. - * For that constructor, hash MUST join the [part value](#part-value) for each part +- This operation MUST take a record as input, and produce an optional string. +- If a string is returned, it MUST NOT be empty. +- This operation MUST iterate through all constructors, in order, using the first that succeeds. +- For that constructor, hash MUST join the [part value](#part-value) for each part on the `split character`, excluding parts that are not required and with a source field that is not available. - * This operation MUST fail if any plaintext value used in the construction contains the split character. - * If no constructor succeeds, this operation MUST return no value. +- This operation MUST fail if any plaintext value used in the construction contains the split character. +- If no constructor succeeds, this operation MUST return no value. ### getPart for a standard beacon - * getPart MUST take an [hmac key](./search-config.md#hmac-key-generation), a sequence of bytes as input, and produce a string. - * getPart MUST return the [basicHash](#basichash) of the input and the configured [beacon length](#beacon-length). +- getPart MUST take an [hmac key](./search-config.md#hmac-key-generation), a sequence of bytes as input, and produce a string. +- getPart MUST return the [basicHash](#basichash) of the input and the configured [beacon length](#beacon-length). ### getPart for a compound beacon - * getPart MUST take a string as input and produce a string. - * The returned string MUST NOT be empty. - * The string MUST be split on the `split character` into pieces. - * For each piece, a [part](#part) MUST be identified +- getPart MUST take a string as input and produce a string. +- The returned string MUST NOT be empty. +- The string MUST be split on the `split character` into pieces. +- For each piece, a [part](#part) MUST be identified by matching the prefix of a [part](#part) to the beginning of the piece. - * If no such part exists, this operation MUST fail. - * The [Part Value](#part-value-calculation) MUST be calculated for each piece, +- If no such part exists, this operation MUST fail. +- The [Part Value](#part-value-calculation) MUST be calculated for each piece, using the prefix and length from the discovered part. - * The value returned MUST be these part values, joined with the `split character`. +- The value returned MUST be these part values, joined with the `split character`. ### Part Value diff --git a/specification/searchable-encryption/search-config.md b/specification/searchable-encryption/search-config.md index 996f97de2..0875e7d59 100644 --- a/specification/searchable-encryption/search-config.md +++ b/specification/searchable-encryption/search-config.md @@ -21,10 +21,10 @@ Although [versioning](#versioning) is not yet supported, it exists in the config On initialization of the Search Config, the caller MUST provide: - - A list of [beacon versions](#beacon-version-initialization) - - The [version number](#version-number) of the [beacon versions](#beacon-version) to be used for writing. +- A list of [beacon versions](#beacon-version-initialization) +- The [version number](#version-number) of the [beacon versions](#beacon-version-initialization) to be used for writing. -Initialization MUST fail if the length of the list of [beacon versions](#beacon-version) is not 1. +Initialization MUST fail if the length of the list of [beacon versions](#beacon-version-initialization) is not 1. Initialization MUST fail if the [version number](#version-number) is not `1`. @@ -37,22 +37,21 @@ configuration as one of the [unauthenticated attributes](../dynamodb-encryption-client/ddb-item-encryptor.md#unauthenticated-attributes), or begins with the [unauthenticated attribute prefix](../dynamodb-encryption-client/ddb-item-encryptor.md#unauthenticated-attribute-prefix). - ### Beacon Version Initialization On initialization of a Beacon Version, the caller MUST provide: - - A [version number](#version number) - - A [Beacon Key Source](#beacon-key-source) - - A [Keystore](#keystore) - - A list of [standard beacons](beacons.md#standard-beacon-initialization) +- A [version number](#version number) +- A [Beacon Key Source](#beacon-key-source) +- A [Keystore](#keystore) +- A list of [standard beacons](beacons.md#standard-beacon-initialization) On initialization of the Beacon Version, the caller MAY provide: - - A list of [compound beacons](beacons.md#compound-beacon-initialization) - - A list of [virtual fields](virtual.md#virtual-field-initialization) - - A list of [signed parts](beacons.md#signed-part-initialization) - - A list of [encrypted parts](beacons.md#encrypted-part-initialization) +- A list of [compound beacons](beacons.md#compound-beacon-initialization) +- A list of [virtual fields](virtual.md#virtual-field-initialization) +- A list of [signed parts](beacons.md#signed-part-initialization) +- A list of [encrypted parts](beacons.md#encrypted-part-initialization) Initialization MUST fail if the [version number](#version number) is not `1`. @@ -70,7 +69,7 @@ and the name of any of the following match the [beacon key field name](#beacon-k Initialization MUST fail if the [beacon key source](#beacon-key-source) is a [multi key store](#multi-key-store-initialization) and the [beacon key field name](#beacon-key-field-name) -is a [configured field](#configured-field) +is a [configured field](#configured-field) with [ENCRYPT_AND_SIGN](../structured-encryption/structures.md#encrypt_and_sign). Initialization MUST fail if the name of any [standard beacon](beacons.md#standard-beacon) @@ -120,8 +119,6 @@ Global Parts List. Parts specified in a [compound beacon's](beacons.md#compound-beacon-initialization) constructor, may come from any combination of their local definitions or the Global Parts List. - - ### Version Number A version number MUST be `1`. @@ -154,8 +151,8 @@ For version `N`, the name of the version tag is `aws_dbe_vN` and the value of th ## Beacon Key Source On initialization of a Beacon Key Source, the caller MUST provide exactly one of - * a [Single Key Store](#single-key-store-initialization) - * a [Multi Key Store](#multi-key-store-initialization) +- a [Single Key Store](#single-key-store-initialization) +- a [Multi Key Store](#multi-key-store-initialization) ### Single Key Store Initialization @@ -165,8 +162,8 @@ This can also be described as single tenant. On initialization of a Single Key Store, the caller MUST provide: - - [Beacon Key Id](#beacon-key-id) - - [cacheTTL](#cachettl) +- [Beacon Key Id](#beacon-key-id) +- [cacheTTL](#cachettl) ### Multi Key Store Initialization @@ -176,9 +173,9 @@ This can also be described as multi tenant. On initialization of a Multi Key Store, the caller MUST provide: - - [Beacon Key Field Name](#beacon-key-field-name) - - [cacheTTL](#cachettl) - - [max cache size](#max-cache-size) +- [Beacon Key Field Name](#beacon-key-field-name) +- [cacheTTL](#cachettl) +- [max cache size](#max-cache-size) ### Field descriptions @@ -192,7 +189,7 @@ this SHOULD be the same Keystore as configured to that Keyring. #### Beacon Key Id A single [Beacon Key Id](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/branch-key-store.md) -that exists in the [keystore](####keystore). +that exists in the [keystore](#keystore). #### Beacon Key Field Name @@ -205,10 +202,12 @@ It can be referenced in [compound beacons](./beacons.md#compound-beacon) and used to extract a beacon key id from a query. #### cacheTTL + The [cacheTTL](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/cryptographic-materials-cache.md#time-to-live-ttl) for how long a beacon key should exist locally before reauthorization. #### max cache size + The [max cache size](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/local-cryptographic-materials-cache.md#entry-capacity) that the [Key Store Cache](#key-store-cache) will be configured to. @@ -309,9 +308,10 @@ If `GetBeaconKey` fails get beacon key MUST fail. For every [standard beacons](beacons.md#standard-beacon-initialization) an HMAC key MUST be generated in accordance with [HMAC Key Generation](#hmac-key-generation). + [Beacon Key Materials](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/structures.md#beacon-key-materials) MUST be generated with the [beacon key id](#beacon-key-id) equal to the `beacon key id` -and the [HMAC Keys](#hmac-keys) equal to a map +and the [HMAC Keys](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/structures.md#hmac-keys) equal to a map of every [standard beacons](beacons.md#standard-beacon-initialization) name to its generated HMAC key. These materials MUST be put into the associated [Key Store Cache](#key-store-cache) diff --git a/specification/searchable-encryption/virtual.md b/specification/searchable-encryption/virtual.md index d9c400cc7..c3b52edc9 100644 --- a/specification/searchable-encryption/virtual.md +++ b/specification/searchable-encryption/virtual.md @@ -28,8 +28,8 @@ contain virtual field values. On initialization of a Virtual Field, the caller MUST provide: - * A name -- a string - * A list of [Virtual Parts](#virtual-part-initialization) +- A name -- a string +- A list of [Virtual Parts](#virtual-part-initialization) The evaluation of a Virtual Field MUST be the concatenation of all of its parts, in the order they are configured. @@ -43,11 +43,11 @@ and also a [standard beacon](beacons.md#standard-beacon) is defined with that sa On initialization of a Virtual Part, the caller MUST provide: - * A location -- a [Terminal Location](#terminal-location) +- A location -- a [Terminal Location](#terminal-location) On initialization of a Virtual Part, the caller MAY provide: - * A list of [Virtual Transforms](#virtual-transform-initialization) +- A list of [Virtual Transforms](#virtual-transform-initialization) The evaluation of a Virtual Part MUST be the value of its location, which is then transformed by each Virtual Transform, @@ -56,18 +56,18 @@ in the order they are configured. Evaluation MUST return no value if the location does not exist, or is not a plain string value. - ### Virtual Transform Initialization +### Virtual Transform Initialization On initialization of a Virtual Transform, the caller MUST provide exactly one of - * an [Upper](#upper-transform-initialization) transform - * a [Lower](#lower-transform-initialization) transform - * an [Insert](#insert-transform-initialization) transform - * a [GetPrefix](#getprefix-transform-initialization) transform - * a [GetSuffix](#getsuffix-transform-initialization) transform - * a [GetSubstring](#getsubstring-transform-initialization) transform - * a [GetSegment](#getsegment-transform-initialization) transform - * a [GetSegments](#getsegments-transform-initialization) transform +- an [Upper](#upper-transform-initialization) transform +- a [Lower](#lower-transform-initialization) transform +- an [Insert](#insert-transform-initialization) transform +- a [GetPrefix](#getprefix-transform-initialization) transform +- a [GetSuffix](#getsuffix-transform-initialization) transform +- a [GetSubstring](#getsubstring-transform-initialization) transform +- a [GetSegment](#getsegment-transform-initialization) transform +- a [GetSegments](#getsegments-transform-initialization) transform All transforms take a string as input and produce a string as output. @@ -76,20 +76,20 @@ All transforms take a string as input and produce a string as output. On initialization of an Upper Transform, the caller MUST NOT provide any additional parameters to the Upper Transform. -The Upper transform MUST convert all ascii lowercase characters into their uppercase equivalents. +The Upper transform MUST convert all ascii lowercase characters into their uppercase equivalents. ### Lower Transform Initialization On initialization of a Lower Transform, the caller MUST NOT provide any additional parameters to the Lower Transform. -The Lower transform MUST convert all ascii uppercase characters into their lowercase equivalents. +The Lower transform MUST convert all ascii uppercase characters into their lowercase equivalents. ### Insert Transform Initialization On initialization of an Insert Transform, the caller MUST provide: -* a literal string +- a literal string The Insert transform MUST append this string to its input @@ -97,7 +97,7 @@ The Insert transform MUST append this string to its input On initialization of a GetPrefix Transform, the caller MUST provide: - * length : an integer +- length : an integer If length is non-negative, the GetPrefix transform MUST return the first `length` characters of the input. @@ -109,12 +109,11 @@ all but the last `-length` character of the input. If length is negative and -length exceeds the length on the input, the empty string MUST be returned. - ### GetSuffix Transform Initialization On initialization of a GetSuffix Transform, the caller MUST provide: - * length : an integer +- length : an integer If length is non-negative, the GetSuffix transform MUST return the last `length` characters of the input. @@ -141,8 +140,8 @@ Positions are always clamped to the bounds of the list. That is `-999999999` ref On initialization of a GetSubstring Transform, the caller MUST provide: - * low : an integer [position](#position-definition) - * high : an integer [position](#position-definition) +- low : an integer [position](#position-definition) +- high : an integer [position](#position-definition) The GetSubstring transform MUST return the range of characters from low (inclusive) to high (exclusive) @@ -153,8 +152,8 @@ If high is less than or equal to low, an empty string is returned. On initialization of a GetSegment Transform, the caller MUST provide: - * split : an character - * index : an integer [position](#position-definition) +- split : an character +- index : an integer [position](#position-definition) The GetSegment transform MUST split the input string on the given character, and return the item in the resulting list the corresponds to the given position. @@ -165,9 +164,9 @@ If index is greater than the number of items in the list, an empty string MUST b On initialization of a GetSegments Transform, the caller MUST provide: - * split : an character - * low : an integer [position](#position-definition) - * high : an integer [position](#position-definition) +- split : an character +- low : an integer [position](#position-definition) +- high : an integer [position](#position-definition) The GetSegments transform MUST split the input string on the `split` character. @@ -189,6 +188,6 @@ the first one of which must be a string index. A Segment MUST be one of - - A literal "." followed by a field name, indicating a lookup into a Structured Data Map. - - A literal "[" followed by a decimal integer followed by a literal "]", +- A literal "." followed by a field name, indicating a lookup into a Structured Data Map. +- A literal "[" followed by a decimal integer followed by a literal "]", indicating an index into a Structured Data List. diff --git a/specification/structured-encryption/decrypt-path-structure.md b/specification/structured-encryption/decrypt-path-structure.md new file mode 100644 index 000000000..f523b43a6 --- /dev/null +++ b/specification/structured-encryption/decrypt-path-structure.md @@ -0,0 +1,252 @@ +[//]: # "Copyright Amazon.com Inc. or its affiliates. All Rights Reserved." +[//]: # "SPDX-License-Identifier: CC-BY-SA-4.0" + +# Decrypt Path Structure + +## Version + +1.0.0 + +### Changelog + +- 1.0.0 + + - Initial record + +## Definitions + +### Conventions used in this document + +The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" +in this document are to be interpreted as described in [RFC 2119](https://tools.ietf.org/html/rfc2119). + +## Overview + +This document describes the behavior by which a [Structured Data](./structures.md#structured-data) +which has been [encrypted](./encrypt-structure.md) is decrypted. +We define decryption over this [Structured Data](./structures.md#structured-data) to mean that +we obtain back the original Structured Data, +and ensure integrity and authenticity is ensured over a set of [Terminal Data](./structures.md#terminal-data). + +## Input + +The following inputs to this behavior are REQUIRED: + +- [Table Name](#table-name) +- [Cryptographic Materials Manager (CMM)](#cmm) +- [Auth List](#auth-list) + +The following inputs to this behavior MUST be OPTIONAL: + +- [Encryption Context](#encryption-context) + +### Table Name + +The logical name for the structure. +This can be the same as the physical name. +For example the name of the table to hold the encrypted record. + +### Auth List + +The [Auth List](./structures.md#auth-list) to be decrypted. + +This Auth List MUST contain data located at the [header index](./header.md#header-index) +and the [footer index](./footer.md#footer-index). + +The Auth List describes how each [Terminal Data](./structures.md#terminal-data) should be treated during decryption. + +The Auth List MUST include at least one [SIGN Authenticate Action](./structures.md#sign); +otherwise, this operation MUST yield an error. + +### CMM + +A CMM that implements the [CMM interface](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/cmm-interface.md). + +### Encryption Context + +See [encryption context](./structures.md#encryption-context). + +In order for decryption to succeed: +- This MUST include any key-values pairs that were used during the original [encryption](./encrypt-path-structure.md) +of the [input data](#auth-list), +but not stored in the [input Structured Data's header](./header.md#encryption-context). +- This MAY include any key-values pairs that are stored +in the [input Structured Data's header](./header.md#encryption-context). +- This MUST NOT include any key-values pairs that were not +used during the original [encryption](./encrypt-structure.md) of the [input data](#auth-list). + +## Output + +This operation MUST output the following: + +- [Crypto List](./structures.md#crypto-list): Decrypted Terminals and the Crypto Schema for each Terminal, + calculated using the Crypto Legend in the header, the signature scope used for decryption, and the data in the input structure. +- [Parsed Header](#parsed-header) + +### Parsed Header + +This structure MUST contain the following values, +representing the deserialized form of the header of the input encrypted structure: + +- [Algorithm Suite ID](./header.md#format-flavor): The Algorithm Suite ID associated with the Format Flavor on the header. +- [Stored Encryption Context](./header.md#encryption-context): The Encryption Context stored in the header. +- [Encrypted Data Keys](./header.md#encrypted-data-keys): The Encrypted Data Keys stored in the header. +- [Encryption Context](#encryption-context): The full Encryption Context used. + +## Behavior + +All inputs MUST adhere to their requirements; +otherwise this operation MUST immediately yield an error. + +The Decrypt Structure operation is divided into several distinct steps: + +1. [Parse the Header](#parse-the-header) +1. [Retrieve Decryption Materials](#retrieve-decryption-materials) +1. [Verify Signatures](#verify-signatures) +1. [Construct Decrypted Structured Data](#construct-decrypted-structured-data) + +This operation MUST perform all the above steps, +and it MUST perform them in the above order. + +If any of these steps fails, this operation MUST halt and indicate a failure to the caller. + +### Parse the Header + +Given the [input data](#auth-list), +this operation MUST access the [Terminal Data](./structures.md#terminal-data) +at "aws_dbe_head". + +The [Terminal Type Id](./structures.md#terminal-type-id) on this Terminal Data MUST be `0xFFFF`. +We refer to the [Terminal Value](./structures.md#terminal-value) +on this Terminal Data as the header bytes. + +This operation MUST deserialize the header bytes +according to the [header format](./header.md). + +The header field value MUST be [verified](header.md#commitment-verification) + +The below calculations REQUIRE a [Crypto Schema](./structures.md#crypto-schema), +which is determined based on the input [Authentication Schema](#auth-list) and the +parsed [Encrypt Legend](./header.md#encrypt-legend) in the header, +such that for each [Terminal Data](./structures.md#terminal-data) +in the [input Structured Data](#auth-list): +- The Crypto Action is [DO_NOTHING](./structures.md#DO_NOTHING) if + the Authentication Schema indicates [DO_NOT_SIGN](./structures.md#donotsign) for this Terminal Data. +- The Crypto Action is [SIGN_ONLY](./structures.md#signonly) if + the Authentication Schema indicates [SIGN](./structures.md#sign) for this Terminal Data + and the Encrypt Legend byte corresponding to this Terminal Data is `0x73`. +- The Crypto Action is [SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT](./structures.md#sign_and_include_in_encryption_context) if + the Authentication Schema indicates [SIGN](./structures.md#sign) for this Terminal Data + and the Encrypt Legend byte corresponding to this Terminal Data is `0x63`. +- The Crypto Action is [ENCRYPT_AND_SIGN](./structures.md#encryptandsign) if + the Authentication Schema indicates [SIGN](./structures.md#sign) for this Terminal Data + and the Encrypt Legend byte corresponding to this Terminal Data is `0x65`. + +### Retrieve Decryption Materials + +This operation MUST [calculate the appropriate CMM and encryption context](#create-new-encryption-context-and-cmm). + +This operation MUST obtain a set of decryption materials by calling +[Decrypt Materials](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/cmm-interface.md#decrypt-materials) +on the [CMM](#cmm) calculated above. + +The call to the CMM's Decrypt Materials operation MUST be constructed as follows: +- Encryption Context: The [Encryption Context parsed from the header](./header.md#encryption-context). +- Algorithm Suite ID: The algorithm suite [indicated by the Message Format Flavor](./header.md#format-flavor) + parsed in the header. +- Commitment Policy: DBE_COMMITMENT_POLICY +- Encrypted Data Keys: The [Encrypted Data Keys parsed from the header](./header.md#encrypted-data-keys). +- Reproduced Encryption Context: This is the encryption context calculated above. + +The algorithm suite used in all further aspects of this operation MUST be +the algorithm suite in the +[decryption materials](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/structures.md#decryption-materials) +returned from the Decrypt Materials call. +Note that the algorithm suite in the retrieved decryption materials MAY be different from the input algorithm suite. +If this algorithm suite is not a +[supported suite for DBE](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#supported-algorithm-suites-enum) +this operation MUST yield an error. + +#### Create New Encryption Context and CMM + +If the version stored in the header is 1, +then the input cmm and encryption context MUST be used unchanged. + +Otherwise, this operation MUST add an [entry](../dynamodb-encryption-client/encrypt-item.md#base-context-value-version-2) to the encryption context for every +[SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT Crypto Action](./structures.md#sign_and_include_in_encryption_context) +[Terminal Data](./structures.md#terminal-data) +in the input record, plus the Legend. + +An error MUST be returned if any of the entries added to the encryption context in this step +have the same key as any entry already in the encryption context. + +Then, this operation MUST create a [Required Encryption Context CMM](https://github.com/awslabs/private-aws-encryption-sdk-specification-staging/blob/dafny-verified/framework/required-encryption-context-cmm.md) +with the following inputs: +- This input [CMM](./ddb-table-encryption-config.md#cmm) as the underlying CMM. +- The name of every entry added above. + +### Verify Signatures + +A footer field MUST exist with the name `aws_dbe_foot` + +The footer field TypeID MUST be 0xFFFF + +The footer field value MUST be [verified](footer.md#footer-verification). + +Decryption MUST fail immediately if verification fails. + +This operation MUST deserialize the bytes in [Terminal Value](./structures.md#terminal-value) +according to the [footer format](./footer.md). + +The number of [HMACs in the footer](./footer.md#hmacs) +MUST be the number of [Encrypted Data Keys in the header](./header.md#encrypted-data-keys). + +### Calculate Cipherkey and Nonce + +The Cipherkey and Nonce must be calculated as for [encryption](encrypt-structure.md#calculate-cipherkey-and-nonce). + +### Construct Decrypted Structured Data + +In the output a [Crypto List](./structures.md#crypto-list): +- An entry MUST NOT exist with the key "aws_dbe_head" or "aws_dbe_foot". +- For every entry in the [input Auth List](#auth-list), other than the header and footer, + an entry MUST exist with the same key in the output Crypto List. +- The output Crypto List MUST NOT have any additional entries. + Put plainly, the output does not add or drop any entries during decryption, other than the header and footer. + +For each entry in the output Crypto List: + +If the action is [ENCRYPT_AND_SIGN](./structures.md#encryptandsign) +this Terminal Data MUST have [Terminal Type ID](./structures.md#terminal-type-id) +equal to the first two bytes of the input Terminal Data's value, +and a value equal to the [decryption](#terminal-data-decryption) of the input Terminal Data's value. + +Otherwise, this Terminal Data MUST have [Terminal Type ID](./structures.md#terminal-type-id) and +[Terminal Value](./structures.md#terminal-value) equal to the input Terminal Data. + +The output MUST also include a [Parsed Header](#parsed-header) that contains +data that was serialized into the header included in the output Structured Data. + +#### Terminal Data Decryption + +Decryption of [Terminal Data](./structures.md#terminal-data) takes a +encrypted Terminal Data as input, and returns a Terminal Data. + +The input [Terminal Value](./structures.md#terminal-value) MUST be deserialized as follows: + +| Field | Length | +| -------------------------- | -------- | +| Terminal Type Id | 2 | +| Encrypted Terminal Value | Variable | + +The output Terminal Data MUST have a [Terminal Type Id](./structures.md#terminal-type-id) +equal to the deserialized Terminal Type Id. + +The output Terminal Data MUST have a [Terminal Value](./structures.md#terminal-type-id) +equal to the following decryption: +- The decryption algorithm used is the + [encryption algorithm](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#algorithm-suites-encryption-settings) + indicated in the algorithm suite. +- The AAD is the [canonical path](./header.md#canonical-path) for this Terminal Data. +- The Cipherkey and Nonce are as calculate [above](#calculate-cipherkey-and-nonce). +- The ciphertext is the deserialized Encrypted Terminal Value. diff --git a/specification/structured-encryption/decrypt-structure.md b/specification/structured-encryption/decrypt-structure.md index 0746d6e6a..d4538c0fd 100644 --- a/specification/structured-encryption/decrypt-structure.md +++ b/specification/structured-encryption/decrypt-structure.md @@ -5,12 +5,14 @@ ## Version -1.0.0 +1.1.0 ### Changelog -- 1.0.0 +- 1.1.0 + - Update for simplified structured encryption +- 1.0.0 - Initial record ## Definitions @@ -32,254 +34,34 @@ and ensure integrity and authenticity is ensured over a set of [Terminal Data](. The following inputs to this behavior are REQUIRED: -- [Table Name](#table-name) -- [Authenticate Schema](#authenticate-schema) -- [Cryptographic Materials Manager (CMM)](#cmm) -- [Encrypted Structured Data](#encrypted-structured-data) +- [Table Name](decrypt-path-structure.md#table-name) +- [Authenticate Schema](decrypt-path-structure.md#authenticate-schema) +- [Cryptographic Materials Manager (CMM)](decrypt-path-structure.md#cmm) +- [Encrypted Structured Data](decrypt-path-structure.md#encrypted-structured-data) The following inputs to this behavior MUST be OPTIONAL: -- [Encryption Context](#encryption-context) - -### Table Name - -The logical name for the structure. -This can be the same as the physical name. -For example the name of the table to hold the encrypted record. - -### Authenticate Schema - -The [Authenticate Schema](./structures.md#authenticate-schema) that indicates -which [Terminal Data](./structures.md#terminal-data) in the -[Encrypted Structured Data](#encrypted-structured-data) MUST -be included in the signature scope. - -The Authenticate Schema MUST explicitly configure a [Authenticate Action](./structures.md#authenticate-action) for every -[Terminal Data](./structures.md#terminal-data) that exists on the [input Structured Data](#structured-data), -and MUST NOT describe Authenticate Actions for locations within the input Structured Data that either -do not exist, or contain non-Terminal Data structures; -otherwise, this operation operation MUST yield an error. - -The Authenticate Schema MUST include at least one [SIGN Authenticate Action](./structures.md#sign); -otherwise, this operation MUST yield an error. - -### CMM - -A CMM that implements the [CMM interface](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/cmm-interface.md). - -### Encrypted Structured Data - -The [Structured Data](./structures.md#structured-data) to be decrypted. - -### Encryption Context - -See [encryption context](./structures.md#encryption-context). - -In order for decryption to succeed: -- This MUST include any key-values pairs that were used during the original [encryption](./encrypt-structure.md) -of the [input Structured Data](#structured-data), -but not stored in the [input Structured Data's header](./header.md#encryption-context). -- This MAY include any key-values pairs that are stored -in the [input Structured Data's header](./header.md#encryption-context). -- This MUST NOT include any key-values pairs that were not -used during the original [encryption](./encrypt-structure.md) of the [input Structured Data](#structured-data). +- [Encryption Context](decrypt-path-structure.md#encryption-context) ## Output This operation MUST output the following: -- [Structured Data](#structured-data) -- [Parsed Header](#parsed-header) - -### Structured Data - -The decrypted form of the [input Encrypted Structured Data](#encrypted-structured-data), -decrypted according to the [behavior specified below](#behavior). - -### Parsed Header - -This structure MUST contain the following values, -representing the deserialized form of the header of the input encrypted structure: - -- [Algorithm Suite ID](./header.md#format-flavor): The Algorithm Suite ID associated with the Format Flavor on the header. -- [Crypto Schema](./header.md#encrypt-legend): The Crypto Schema for each signed Terminal, +- [Structured Data](decrypt-path-structure.md#structured-data) +- [Crypto Schema](./structures.md#crypto-schema): The Crypto Schema for each signed Terminal, calculated using the Crypto Legend in the header, the signature scope used for decryption, and the data in the input structure. -- [Stored Encryption Context](./header.md#encryption-context): The Encryption Context stored in the header. -- [Encrypted Data Keys](./header.md#encrypted-data-keys): The Encrypted Data Keys stored in the header. -- [Encryption Context](#encryption-context): The full Encryption Context used. +- [Parsed Header](decrypt-path-structure.md#parsed-header) ## Behavior -All inputs MUST adhere to their requirements; -otherwise this operation MUST immediately yield an error. - -The Decrypt Structure operation is divided into several distinct steps: - -1. [Parse the Header](#parse-the-header) -1. [Retrieve Decryption Materials](#retrieve-decryption-materials) -1. [Verify Signatures](#verify-signatures) -1. [Construct Decrypted Structured Data](#construct-decrypted-structured-data) - -This operation MUST perform all the above steps, -and it MUST perform them in the above order. - -If any of these steps fails, this operation MUST halt and indicate a failure to the caller. - -### Parse the Header - -Given the [input Structured Data](#structured-data), -this operation MUST access the [Terminal Data](./structures.md#terminal-data) -at the "aws_dbe_head" - -The [Terminal Type Id](./structures.md#terminal-type-id) on this Terminal Data MUST be `0xFFFF`. -We refer to the [Terminal Value](./structures.md#terminal-value) -on this Terminal Data as the header bytes. - -This operation MUST deserialize the header bytes -according to the [header format](./header.md). - -The header field value MUST be [verified](header.md#commitment-verification) - -The below calculations REQUIRE a [Crypto Schema](./structures.md#crypto-schema), -which is determined based on the input [Authentication Schema](#authenticate-schema) and the -parsed [Encrypt Legend](./header.md#encrypt-legend) in the header, -such that for each [Terminal Data](./structures.md#terminal-data) -in the [input Structured Data](#structured-data): -- The Crypto Action is [DO_NOTHING](./structures.md#DO_NOTHING) if - the Authentication Schema indicates [DO_NOT_SIGN](./structures.md#donotsign) for this Terminal Data. -- The Crypto Action is [SIGN_ONLY](./structures.md#signonly) if - the Authentication Schema indicates [SIGN](./structures.md#sign) for this Terminal Data - and the Encrypt Legend byte corresponding to this Terminal Data is `0x73`. -- The Crypto Action is [ENCRYPT_AND_SIGN](./structures.md#encryptandsign) if - the Authentication Schema indicates [SIGN](./structures.md#sign) for this Terminal Data - and the Encrypt Legend byte corresponding to this Terminal Data is `0x65`. - -### Retrieve Decryption Materials - -This operation MUST [calculate the appropriate CMM and encryption context](#create-new-encryption-context-and-cmm). - -This operation MUST obtain a set of decryption materials by calling -[Decrypt Materials](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/cmm-interface.md#decrypt-materials) -on the [CMM](#cmm) calculated above. - -The call to the CMM's Decrypt Materials operation MUST be constructed as follows: -- Encryption Context: The [Encryption Context parsed from the header](./header.md#encryption-context). -- Algorithm Suite ID: The algorithm suite [indicated by the Message Format Flavor](./header.md#format-flavor) - parsed in the header. -- Commitment Policy: DBE_COMMITMENT_POLICY -- Encrypted Data Keys: The [Encrypted Data Keys parsed from the header](./header.md#encrypted-data-keys). -- Reproduced Encryption Context: This is the encryption context calculated above. - -The algorithm suite used in all further aspects of this operation MUST be -the algorithm suite in the -[decryption materials](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/structures.md#decryption-materials) -returned from the Decrypt Materials call. -Note that the algorithm suite in the retrieved decryption materials MAY be different from the input algorithm suite. -If this algorithm suite is not a -[supported suite for DBE](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#supported-algorithm-suites-enum) -this operation MUST yield an error. - -#### Create New Encryption Context and CMM - -If the version stored in the header is 1, -then the input cmm and encryption context MUST be used unchanged. - -Otherwise, this operation MUST add an [entry](../dynamodb-encryption-client/encrypt-item.md#base-context-value-version-2) to the encryption context for every -[SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT Crypto Action](./structures.md#sign_and_include_in_encryption_context) -[Terminal Data](./structures.md#terminal-data) -in the input record, plus the Legend. - -An error MUST be returned if any of the entries added to the encryption context in this step -have the same key as any entry already in the encryption context. - -Then, this operation MUST create a [Required Encryption Context CMM](https://github.com/awslabs/private-aws-encryption-sdk-specification-staging/blob/dafny-verified/framework/required-encryption-context-cmm.md) -with the following inputs: -- This input [CMM](./ddb-table-encryption-config.md#cmm) as the underlying CMM. -- The name of every entry added above. - - -### Verify Signatures - -A footer field MUST exist with the name `aws_dbe_foot` - -The footer field TypeID MUST be 0xFFFF - -The footer field value MUST be [verified](footer.md#footer-verification). - -Decryption MUST fail immediately if verification fails. - -This operation MUST deserialize the bytes in [Terminal Value](./structures.md#terminal-value) -according to the [footer format](./footer.md). - -The number of [HMACs in the footer](./footer.md#hmacs) -MUST be the number of [Encrypted Data Keys in the header](./header.md#encrypted-data-keys). - -### Calculate Cipherkey and Nonce - -The Cipherkey and Nonce must be calculated for [encryption](encrypt-structure.md#calculate-cipherkey-and-nonce). - -### Calculate Signed and Encrypted Field Lists - -The `signed field list` MUST be all fields for which -the [Authenticate Schema](#authenticate-schema) -indicates an [Authenticate Action](./structures.md#authenticate-action) -of [SIGN](./structures.md#SIGN) for that field, -sorted by the [Canonical Path](header.md.#canonical-path). - -Decryption MUST fail if the length of this list does not equal the -length of the header's [Encrypt Legend](header.md.#encrypt-legend). - -The `encrypted field list` MUST be all fields in the `signed field list` -for which the corresponding byte in the [Encrypt Legend](header.md.#encrypt-legend) -is `0x65` indicating [Encrypt and Sign](header.md.#encrypt-legend-bytes), -sorted by the field's [canonical path](./header.md#canonical-path). - -### Construct Decrypted Structured Data - -This operation MUST output a [Structured Data](#structured-data) with the following specifics: -- [Terminal Data](./structures.md#terminal-data) MUST NOT exist at the "aws_dbe_head" - or "aws_dbe_foot". -- For every [input Terminal Data](./structures.md#terminal-data) in the [input Structured Data](#structured-data) - (aside from the header and footer), - a Terminal Data MUST exist with the same [canonical path](./header.md#canonical-path) in the output Structured Data. - Put plainly, the output Structured Data does not drop any Terminal Data during decryption, - other than the header and footer. - - - For each Terminal Data in the output Structured Data, -if the field name is not in the [Encrypted Field Lists](#calculate-signed-and-encrypted-field-lists) -this Terminal Data MUST have [Terminal Type ID](./structures.md#terminal-type-id) and -[Terminal Value](./structures.md#terminal-value) equal to the input Terminal Data's, -otherwise this Terminal Data MUST have [Terminal Type ID](./structures.md#terminal-type-id) -equal to the first two bytes of the input Terminal Data's value, -and a value equal to the [decryption](#terminal-data-decryption) of the input Terminal Data's value. - -- for every [Terminal Data](./structures.md#terminal-data) in the output Structured Data, - a Terminal Data MUST exist with the same [canonical path](./header.md#canonical-path) in the [input Structured Data](#structured-data). - Put plainly, the output Structured Data does not add any extra Structured Data during decryption. - -The output MUST also include a [Parsed Header](#parsed-header) that contains -data that was serialized into the header included in the output Structured Data. - -#### Terminal Data Decryption - -Decryption of [Terminal Data](./structures.md#terminal-data) takes a -encrypted Terminal Data as input, and returns a Terminal Data. - -The input [Terminal Value](./structures.md#terminal-value) MUST be deserialized as follows: +The input [Structured Data](decrypt-path-structure.md#structured-data) and [Authenticate Schema](decrypt-path-structure.md#authenticate-schema) +MUST refer to the same set of locations. -| Field | Length | -| -------------------------- | -------- | -| Terminal Type Id | 2 | -| Encrypted Terminal Value | Variable | +The input [Structured Data](decrypt-path-structure.md#structured-data) and [Authenticate Schema](decrypt-path-structure.md#authenticate-schema) +MUST be combined into a single [Auth List](decrypt-path-structure.md#auth-list). -The output Terminal Data MUST have a [Terminal Type Id](./structures.md#terminal-type-id) -equal to the deserialized Terminal Type Id. +Decrypt Structure MUST then behave as [Decrypt Path Structure](decrypt-path-structure.md) -The output Terminal Data MUST have a [Terminal Value](./structures.md#terminal-type-id) -equal to the following decryption: -- The decryption algorithm used is the - [encryption algorithm](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#algorithm-suites-encryption-settings) - indicated in the algorithm suite. -- The AAD is the [canonical path](./header.md#canonical-path) for this Terminal Data. -- The Cipherkey and Nonce are as calculate [above](#calculate-cipherkey-and-nonce). -- The ciphertext is the deserialized Encrypted Terminal Value. +The output [Crypto List](decrypt-path-structure.md#crypto-list) produced by [Decrypt Path Structure](decrypt-path-structure.md) +MUST be split into [Structured Data](decrypt-path-structure.md#structured-data) and [Crypto Schema](decrypt-path-structure.md#crypto-schema) +maps. diff --git a/specification/structured-encryption/encrypt-path-structure.md b/specification/structured-encryption/encrypt-path-structure.md new file mode 100644 index 000000000..97e01ed32 --- /dev/null +++ b/specification/structured-encryption/encrypt-path-structure.md @@ -0,0 +1,327 @@ +[//]: # "Copyright Amazon.com Inc. or its affiliates. All Rights Reserved." +[//]: # "SPDX-License-Identifier: CC-BY-SA-4.0" + +# Encrypt Path Structure + +## Version + +1.0.0 + +### Changelog + +- 1.0.0 + + - Initial record + +## Definitions + +### Conventions used in this document + +The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" +in this document are to be interpreted as described in [RFC 2119](https://tools.ietf.org/html/rfc2119). + +## Overview + +This document describes the behavior by which a [Structured Data](./structures.md#structured-data) is encrypted. +We define encryption over this [Structured Data](./structures.md#structured-data) to mean that +authenticity is ensured over a non-empty set of [Terminal Data](./structures.md#terminal-data), +and confidentiality is ensured over a (possibly empty) subset of that Terminal Data. + +## Input + +The following inputs to this behavior are REQUIRED: + +- [Table Name](#table-name) +- [Crypto List](#crypto-list) +- [Cryptographic Materials Manager (CMM)](#cmm) + +The following inputs to this behavior MUST be OPTIONAL: + +- [Algorithm Suite](#algorithm-suite) +- [Encryption Context](#encryption-context) + +### Table Name + +The logical name for the structure. +This can be the same as the physical name. +For example the name of the table to hold the encrypted record. + +### Crypto List + +The [Crypto List](./structures.md#crypto-list) to be encrypted. + +The [paths](./structures.md#path) in the input [Crypto List](./structures.md#crypto-list) MUST be unique. + +This Crypto List MUST NOT already contain data located at the [header index](./header.md#header-index) +or the [footer index](./footer.md#footer-index). + +The Crypto List describes how each [Terminal Data](./structures.md#terminal-data) should be treated during encryption. + +The Crypto List MUST include at least one [Crypto Action](./structures.md#crypto-action) +that is not [DO_NOTHING](./structures.md#do_nothing). + +### CMM + +A CMM that implements the [CMM interface](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/cmm-interface.md). + +### Algorithm Suite + +The [algorithm suite](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md) that SHOULD be used for encryption. + +This algorithm suite MUST be a +[supported suite for Database Encryption (DBE)](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#supported-algorithm-suites-enum); +otherwise, this operation MUST yield an error. + +### Encryption Context + +See [encryption context](./structures.md#encryption-context). + +The prefix `aws-crypto-` is reserved for internal use by the AWS Encryption SDK; see the +[the Default CMM spec](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/default-cmm.md) +for one such use. + +## Output + +This operation MUST output the following: +- [Encrypted Crypto List](#encrypted-crypto-list) +- [Parsed Header](./decrypt-structure.md#parsed-header) + +### Encrypted Crypto List + +An encrypted form of the [input Crypto List](#crypto-list), +encrypted according to the [behavior specified below](#behavior). + +## Behavior + +All inputs MUST adhere to their requirements; +otherwise this operation MUST immediately yield an error. + +Given valid inputs, +the Encrypt Structure operation is divided into several distinct steps: + +1. [Retrieve Encryption Materials](#retrieve-encryption-materials) +1. [Calculate Intermediate Encrypted Structured Data](#calculate-intermediate-encrypted-structured-data) +1. [Construct Encrypted Structured Data](#construct-encrypted-structured-data) + +This operation MUST perform all the above steps, +and it MUST perform them in the above order. + +If any of these steps fails, this operation MUST halt and indicate a failure to the caller. + +### Retrieve Encryption Materials + +This operation MUST [calculate the appropriate CMM and encryption context](#create-new-encryption-context-and-cmm). + +This operation MUST obtain a set of encryption materials by calling +[Get Encryption Materials](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/cmm-interface.md#get-encryption-materials) +on the [CMM](#cmm) calculated above. + +This operation MUST call Get Encryption Materials on the CMM as follows. +- Encryption Context: This MUST be the encryption context calculated above. +- Commitment Policy: This MUST be + [REQUIRE_ENCRYPT_REQUIRE_DECRYPT](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/commitment-policy.md#esdkrequire_encrypt_require_decrypt). +- Algorithm Suite: If provided, this is the [input algorithm suite](#algorithm-suite); + otherwise, this field MUST be the algorithm suite corresponding to the enum + [DBE.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384_SYMSIG_HMAC_SHA384](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#supported-algorithm-suites-enum). +- Max Plaintext Length: This field MUST be the result of the calculation `encryptedTerminalDataNum * 2 + totalEncryptedTerminalValuesSize` + - `encryptedTerminalDataNum` is the number of [Terminal Data](./structures.md#terminal-data) + in the [input data](#crypto-list) being encrypted, + as defined by the [input Crypto Schema](#crypto-list). + - `totalEncryptedTerminalValuesSize` is the sum of the length of all [Terminal Values](./structures.md#terminal-value) + in the [input data](#crypto-list) being encrypted, + as defined by the [input Crypto Schema](#crypto-list). + +The algorithm suite used in all aspects of this operation MUST be +the algorithm suite in the +[encryption materials](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/structures.md#encryption-materials) +returned from the Get Encryption Materials call. + +Note that the algorithm suite in the retrieved encryption materials MAY be different from the input algorithm suite. +If this algorithm suite is not a +[supported suite for Database Encryption (DBE)](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#supported-algorithm-suites-enum), +this operation MUST yield an error. + +#### Create New Encryption Context and CMM + +If no [Crypto Action](./structures.md#crypto-action) is configured to be +[SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT Crypto Action](./structures.md#sign_and_include_in_encryption_context) +then the input cmm and encryption context MUST be used unchanged. + +Otherwise, this operation MUST add an [entry](../dynamodb-encryption-client/encrypt-item.md#base-context-value-version-2) to the encryption context for every +[SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT Crypto Action](./structures.md#sign_and_include_in_encryption_context) +[Terminal Data](./structures.md#terminal-data) +in the input record, plus the Legend. + +An error MUST be returned if any of the entries added to the encryption context in this step +have the same key as any entry already in the encryption context. + +The Legend MUST be named "aws-crypto-legend" and be a string with one character per attribute added above, +with a one-to-one correspondence with the attributes sorted by their UTF8 encoding, +each character designating the original type of the attribute, +to allow reversing of the [encoding](../dynamodb-encryption-client/encrypt-item.md#base-context-value-version-2). +- 'S' if the attribute was of type String +- 'N' if the attribute was of type Number +- 'L' if the attribute was of type Null or Boolean +- 'B' otherwise + +Then, this operation MUST create a [Required Encryption Context CMM](https://github.com/awslabs/private-aws-encryption-sdk-specification-staging/blob/dafny-verified/framework/required-encryption-context-cmm.md) +with the following inputs: +- This input [CMM](./ddb-table-encryption-config.md#cmm) as the underlying CMM. +- The name of every entry added above. + +#### Encryption Context Naming + +When a key-value pair is added to the encryption context, +the key MUST be the concatenation of the literal +"aws-crypto-attr." and the member strings of the +path joined by the '.' character. + +This mapping does not produce a unique output for every unique input. +For example ['a.b'] and ['a', 'b'] both produce "a.b". + +An error MUST be returned if an attempt is made to add two +different attributes that produce the same encryption context key. + +### Calculate Intermediate Encrypted Structured Data + +To construct the final Encrypted Structured Data, +a pre-signature version of this Encrypted Structured Data +must first be calculated. +This will be referred to as the Intermediate Encryption Structured Data. + +The calculations below REQUIRE generating a unique [Message ID](./header.md#message-id) for this Encrypted Structured Data. +The process used to generate this identifier MUST use a good source of randomness +to make the chance of duplicate identifiers negligible. + +The Intermediate Encryption Structured Data has the following specifics: + +For every entry +in the input [Crypto List](#crypto-list) +there MUST be an entry with the same [canonical path](./header.md#canonical-path) +in Intermediate Encrypted Structured Data. + +There MUST be no other entries in the Intermediate Encrypted Structured Data. + +### Calculate Info + +The `info` used for the HKDF function MUST be +| Field | Length | +| -------------------- | -------- | +| "AWS_DBE_DERIVE_KEY" | 18 | +| Message ID | 32 | + +### Calculate Cipherkey and Nonce + +The HKDF algorithm used to calculate the Field Root Key MUST be the +[Encryption Key KDF](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#algorithm-suites-encryption-key-derivation-settings) +indicated by the algorithm suite, using a provided plaintext data key, no salt, +and an info as calculated [above](#calculate-info) + +The `FieldRootKey` MUST be generated with the plaintext data key in the encryption materials +and the Message ID generated for this Encrypted Structured Data. + +The `FieldRootKey` is combined with the ordinal position of a field within a record +to generate a unique `FieldKey` for encrypting that field. + +The ordinal position is calculated by sorting the +[canonical path](./header.md#canonical-path) +of all of the [ENCRYPT_AND_SIGN](./structures.md#encryptandsign) fields, +sorting those paths in ascending order, +and taking the zero-based position of the field in that sorted list. + +The calculated Field Root MUST have length equal to the + [algorithm suite's encryption key length](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#algorithm-suites-encryption-settings). + +The `FieldKeyNonce` for a given offset MUST be 16 bytes comprised of +| Field | Length | Interpretation | +| ------------- | -------- | -------------- | +| "AwsDbeField" | 11 | Literal Ascii String | +| 0x2c | 1 | 44, the length of the eventual FieldKey | +| offset | 4 | 32 bit integer representation of offset | + +The `FieldKey` for a given key and offset MUST be the first 44 bytes +of the aes256ctr_stream +of the `FieldRootKey` and the `FieldKeyNonce` of three times the given offset. +The `FieldKey` is used to derive a specific Cipherkey for each specific TerminalData to be encrypted, and the nonces that are used for that encryption" + +The `Cipherkey` MUST be the first 32 bytes of the `FieldKey` + +The `Nonce` MUST be the remaining 12 bytes of the `FieldKey` + +#### Terminal Data Encryption + +Encryption of [Terminal Data](./structures.md#terminal-data) takes a +Terminal Data as input, and returns an encrypted Terminal Data. + +The output encrypted Terminal Data MUST have a [Terminal Type Id](./structures.md#terminal-type-id) +equal `0xFFFF`. + +The output encrypted Terminal Data MUST have a [Terminal Value](./structures.md#terminal-value) +with the following serialization: + +| Field | Length | +| -------------------------- | -------- | +| Terminal Type Id | 2 | +| Encrypted Terminal Value | Variable | + +##### Terminal Type Id + +Terminal Type Id MUST equal the input Terminal Data's Terminal Type Id. + +##### Encrypted Terminal Value + +The Encrypted Terminal Value MUST be derived according to the following encryption: +- The encryption algorithm used is the + [encryption algorithm](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#algorithm-suites-encryption-settings) + indicated in the algorithm suite. +- The AAD is the [canonical path](./header.md#canonical-path) for this Terminal Data. +- The [Cipherkey and Nonce](#calculate-cipherkey-and-nonce) are as calculated above. +- The plaintext is the [Terminal Value](./structures.md#terminal-value) for this Terminal Data. + +### Construct Encrypted Structured Data + +Given an Intermediate Encrypted Structured Data, +the signatures over this Structured Data may be calculated, +and the final Encrypted Structured Data outputted. + +#### Header Field + +The Header Field name MUST be `aws_dbe_head` + +The Header Field TypeID MUST be 0xFFFF + +The Header Field Value MUST be the full serialized [header](header.md) with commitment. + +The encryption context field serialized in the header MUST contain all key-value +pairs of the encryption context in the [encryption materials](#retrieve-encryption-materials) +that are not included in the +[required encryption context keys](../framework/structures.md#required-encryption-context-keys) list. + +#### Footer Field + +The Footer Field name MUST be `aws_dbe_foot` + +The Footer Field TypeID MUST be 0xFFFF + +The Footer Field Value MUST be the serialized [footer](footer.md). + +#### Encrypted Structured Data + +- for every entry in the input [Crypto List](#crypto-list) + an entry MUST exist with the same [path](./structures.md#path) in the final Encrypted Structured Data. +- The [Header Field](#header-field) MUST exist in the final Encrypted Structured Data +- The [Footer Field](#footer-field) MUST exist in the final Encrypted Structured Data +- There MUST be no other entries in the final Encrypted Structured Data. + +For each entry in the final Encrypted Structured Data: + +If the [Crypto Schema](#crypto-list) +indicates a [Crypto Action](./structures.md#crypto-action) +of [ENCRYPT_AND_SIGN](./structures.md#encryptandsign), +the Terminal Data MUST have [Terminal Type ID](./structures.md#terminal-type-id) +equal to 0xffff and the value MUST be +the [encryption](#terminal-data-encryption) +of the input's Terminal Data. + +Otherwise, this Terminal Data MUST have [Terminal Type ID](./structures.md#terminal-type-id) +and [Terminal Value](./structures.md#terminal-value) equal to the input Terminal Data's. diff --git a/specification/structured-encryption/encrypt-structure.md b/specification/structured-encryption/encrypt-structure.md index 39bf00931..c1c8b9c9b 100644 --- a/specification/structured-encryption/encrypt-structure.md +++ b/specification/structured-encryption/encrypt-structure.md @@ -5,12 +5,14 @@ ## Version -1.0.0 +1.1.0 ### Changelog -- 1.0.0 +- 1.1.0 + - Update for simplified structured encryption +- 1.0.0 - Initial record ## Definitions @@ -31,310 +33,33 @@ and confidentiality is ensured over a (possibly empty) subset of that Terminal D The following inputs to this behavior are REQUIRED: -- [Table Name](#table-name) -- [Structured Data](#structured-data) -- [Crypto Schema](#crypto-schema) -- [Cryptographic Materials Manager (CMM)](#cmm) +- [Table Name](encrypt-path-structure.md#table-name) +- [Structured Data](encrypt-path-structure.md#structured-data) +- [Crypto Schema](encrypt-path-structure.md#crypto-schema) +- [Cryptographic Materials Manager (CMM)](encrypt-path-structure.md#cmm) The following inputs to this behavior MUST be OPTIONAL: -- [Algorithm Suite](#algorithm-suite) -- [Encryption Context](#encryption-context) - -### Table Name - -The logical name for the structure. -This can be the same as the physical name. -For example the name of the table to hold the encrypted record. - -### Structured Data - -The [Structured Data](./structures.md#structured-data) to be encrypted. - -This Structured Data MUST be a [Structured Data Map](./structures.md#structured-data-map). -This Structured Data MUST NOT already contain data located at the [header index](./header.md#header-index) -or the [footer index](./footer.md#footer-index). - -### Crypto Schema - -The [Crypto Schema](./structures.md#crypto-schema) that describes how [Terminal Data](./structures.md#terminal-data) -within the [input Structured Data](#structured-data) should be treated during encryption. - -The Crypto Schema MUST explicitly configure a [Crypto Action](./structures.md#crypto-action) for every -[Terminal Data](./structures.md#terminal-data) that exists on the [input Structured Data](#structured-data), -and MUST NOT describe Crypto Actions for locations within the input Structured Data that either -do not exist, or contain non-Terminal Data structures; -otherwise, this operation operation MUST yield an error. - -The Crypto Schema MUST include at least one [ENCRYPT_AND_SIGN Crypto Action](./structures.md#encryptandsign) or -[SIGN_ONLY Crypto Action](./structures.md#signonly); -otherwise, this operation MUST yield an error. - -### CMM - -A CMM that implements the [CMM interface](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/cmm-interface.md). - -### Algorithm Suite - -The [algorithm suite](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md) that SHOULD be used for encryption. - -This algorithm suite MUST be a -[supported suite for Database Encryption (DBE)](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#supported-algorithm-suites-enum); -otherwise, this operation MUST yield an error. - -### Encryption Context - -See [encryption context](./structures.md#encryption-context). - -The prefix `aws-crypto-` is reserved for internal use by the AWS Encryption SDK; see the -[the Default CMM spec](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/default-cmm.md) -for one such use. +- [Algorithm Suite](encrypt-path-structure.md#algorithm-suite) +- [Encryption Context](encrypt-path-structure.md#encryption-context) ## Output This operation MUST output the following: -- [Encrypted Structured Data](#encrypted-structured-data) +- [Encrypted Structured Data](encrypt-path-structure.md#encrypted-structured-data) +- [Crypto Schema](./structures.md#crypto-schema): The Crypto Schema for each signed Terminal - [Parsed Header](./decrypt-structure.md#parsed-header) -### Encrypted Structured Data - -An encrypted form of the [input Structured Data](#structured-data), -encrypted according to the [behavior specified below](#behavior). - ## Behavior -All inputs MUST adhere to their requirements; -otherwise this operation MUST immediately yield an error. - -Given valid inputs, -the Encrypt Structure operation is divided into several distinct steps: - -1. [Retrieve Encryption Materials](#retrieve-encryption-materials) -1. [Calculate Intermediate Encrypted Structured Data](#construct-encrypted-structured-data) -1. [Construct Encrypted Structured Data](#construct-encrypted-structured-data) - -This operation MUST perform all the above steps, -and it MUST perform them in the above order. - -If any of these steps fails, this operation MUST halt and indicate a failure to the caller. - -### Retrieve Encryption Materials - -This operation MUST [calculate the appropriate CMM and encryption context](#create-new-encryption-context-and-cmm). - -This operation MUST obtain a set of encryption materials by calling -[Get Encryption Materials](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/cmm-interface.md#get-encryption-materials) -on the [CMM](#cmm) calculated above. - -This operation MUST call Get Encryption Materials on the CMM as follows. -- Encryption Context: This MUST be the encryption context calculated above. -- Commitment Policy: This MUST be - [REQUIRE_ENCRYPT_REQUIRE_DECRYPT](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/commitment-policy.md#esdkrequire_encrypt_require_decrypt). -- Algorithm Suite: If provided, this is the [input algorithm suite](#algorithm-suite); - otherwise, this field MUST be the algorithm suite corresponding to the enum - [DBE.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384_SYMSIG_HMAC_SHA384](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#supported-algorithm-suites-enum). -- Max Plaintext Length: This field MUST be the result of the calculation `encryptedTerminalDataNum * 2 + totalEncryptedTerminalValuesSize` - - `encryptedTerminalDataNum` is the number of [Terminal Data](./structures.md#terminal-data) - in the [input Structured Data](#structured-data) being encrypted, - as defined by the [input Crypto Schema](#crypto-schema). - - `totalEncryptedTerminalValuesSize` is the sum of the length of all [Terminal Values](./structures.md#terminal-value) - in the [input Structured Data](#structured-data) being encrypted, - as defined by the [input Crypto Schema](#crypto-schema). -../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/structures.md -The algorithm suite used in all aspects of this operation MUST be -the algorithm suite in the -[encryption materials](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/structures.md#encryption-materials) -returned from the Get Encryption Materials call. -Note that the algorithm suite in the retrieved encryption materials MAY be different from the input algorithm suite. -If this algorithm suite is not a -[supported suite for Database Encryption (DBE)](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#supported-algorithm-suites-enum), -this operation MUST yield an error. - -#### Create New Encryption Context and CMM - -If no [Crypto Action](./structures.md#crypto-action) is configured to be -[SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT Crypto Action](./structures.md#sign_and_include_in_encryption_context) -then the input cmm and encryption context MUST be used unchanged. - -Otherwise, this operation MUST add an [entry](../dynamodb-encryption-client/encrypt-item.md#base-context-value-version-2) to the encryption context for every -[SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT Crypto Action](./structures.md#sign_and_include_in_encryption_context) -[Terminal Data](./structures.md#terminal-data) -in the input record, plus the Legend. - -An error MUST be returned if any of the entries added to the encryption context in this step -have the same key as any entry already in the encryption context. - -The Legend MUST be named "aws-crypto-legend" and be a string with one character per attribute added above, -with a one-to-one correspondence with the attributes sorted by their UTF8 encoding, -each character designating the original type of the attribute, -to allow reversing of the [encoding](../dynamodb-encryption-client/encrypt-item.md#base-context-value-version-2). -- 'S' if the attribute was of type String -- 'N' if the attribute was of type Number -- 'L' if the attribute was of type Null or Boolean -- 'B' otherwise - -Then, this operation MUST create a [Required Encryption Context CMM](https://github.com/awslabs/private-aws-encryption-sdk-specification-staging/blob/dafny-verified/framework/required-encryption-context-cmm.md) -with the following inputs: -- This input [CMM](./ddb-table-encryption-config.md#cmm) as the underlying CMM. -- The name of every entry added above. - -### Calculate Intermediate Encrypted Structured Data - -To construct the final Encrypted Structured Data, -a pre-signature version of this Encrypted Structured Data -must first be calculated. -This will be referred to as the Intermediate Encryption Structured Data. - -The calculations below REQUIRE generating a unique [Message ID](./header.md#message-id) for this Encrypted Structured Data. -The process used to generate this identifier MUST use a good source of randomness -to make the chance of duplicate identifiers negligible. - -The Intermediate Encryption Structured Data has the following specifics: - -For every [input Terminal Data](./structures.md#terminal-data) -in the [input Structured Data](#structured-data), -a Terminal Data MUST exist with the same [canonical path](./header.md#canonical-path) -in Intermediate Encrypted Structured Data, -if the [Crypto Schema](#crypto-schema) -indicates a [Crypto Action](./structures.md#crypto-action) -other than [DO_NOTHING](./structures.md#DO_NOTHING). - -For each of these Terminal Data in the Intermediate Encrypted Structured Data: - -If the [Crypto Schema](#crypto-schema) -indicates a [Crypto Action](./structures.md#crypto-action) -of [SIGN_ONLY](./structures.md#signonly) for this Terminal Data, -this Terminal Data MUST have [Terminal Type ID](./structures.md#terminal-type-id) -and [Terminal Value](./structures.md#terminal-value) equal to the input Terminal Data's. - -If the [Crypto Schema](#crypto-schema) -indicates a [Crypto Action](./structures.md#crypto-action) -of [ENCRYPT_AND_SIGN](./structures.md#encryptandsign) for this Terminal Data, -this Terminal Data MUST have [Terminal Type ID](./structures.md#terminal-type-id) -equal to 0xff and the value MUST be -the [encryption](#terminal-data-encryption) -of the input's Terminal Data. - -For every [Terminal Data](./structures.md#terminal-data) -in the Intermediate Encrypted Structured Data -a Terminal Data MUST exist with the same [canonical path](./header.md#canonical-path) -in the [input Structured Data](#structured-data). - - -### Calculate Info - -The `info` used for the HKDF function MUST be -| Field | Length | -| -------------------- | -------- | -| "AWS_DBE_DERIVE_KEY" | 18 | -| Message ID | 32 | - -### Calculate Cipherkey and Nonce - -The HKDF algorithm used to calculate the Field Root Key MUST be the -[Encryption Key KDF](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#algorithm-suites-encryption-key-derivation-settings) -indicated by the algorithm suite, using a provided plaintext data key, no salt, -and an info as calculated [above](#calculate-info) - -The `FieldRootKey` MUST be generated with the plaintext data key in the encryption materials -and the Message ID generated for this Encrypted Structured Data. - -The `FieldRootKey` is combined with the ordinal position of a field within a record -to generate a unique `FieldKey` for encrypting that field. - -The ordinal position is calculated by sorting the -[canonical path](./header.md#canonical-path) -of all of the [ENCRYPT_AND_SIGN](./structures.md#encryptandsign) fields, -sorting those paths in ascending order, -and taking the zero-based position of the field in that sorted list. - -The calculated Field Root MUST have length equal to the - [algorithm suite's encryption key length](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#algorithm-suites-encryption-settings). - - -The `FieldKeyNonce` for a given offset MUST be 16 bytes comprised of -| Field | Length | Interpretation | -| ------------- | -------- | -------------- | -| "AwsDbeField" | 11 | Literal Ascii String | -| 0x2c | 1 | 44, the length of the eventual FieldKey | -| offset | 4 | 32 bit integer representation of offset | - -The `FieldKey` for a given key and offset MUST be the first 44 bytes -of the aes256ctr_stream -of the `FieldRootKey` and the `FieldKeyNonce` of three times the given offset. -The `FieldKey` is used to derive a specific Cipherkey for each specific TerminalData to be encrypted, and the nonces that are used for that encryption" - -The `Cipherkey` MUST be the first 32 bytes of the `FieldKey` - -The `Nonce` MUST be the remaining 12 bytes of the `FieldKey` - -#### Terminal Data Encryption - -Encryption of [Terminal Data](./structures.md#terminal-data) takes a -Terminal Data as input, and returns an encrypted Terminal Data. - -The output encrypted Terminal Data MUST have a [Terminal Type Id](./structures.md#terminal-type-id) -equal `0xFFFF`. - -The output encrypted Terminal Data MUST have a [Terminal Value](./structures.md#terminal-value) -with the following serialization: - -| Field | Length | -| -------------------------- | -------- | -| Terminal Type Id | 2 | -| Encrypted Terminal Value | Variable | - -##### Terminal Type Id - -Terminal Type Id MUST equal the input Terminal Data's Terminal Type Id. - -##### Encrypted Terminal Value - -The Encrypted Terminal Value MUST be derived according to the following encryption: -- The encryption algorithm used is the - [encryption algorithm](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#algorithm-suites-encryption-settings) - indicated in the algorithm suite. -- The AAD is the [canonical path](./header.md#canonical-path) for this Terminal Data. -- The [Cipherkey and Nonce](#calculate-cipherkey-and-nonce) are as calculated above. -- The plaintext is the [Terminal Value](./structures.md#terminal-value) for this Terminal Data. - -### Construct Encrypted Structured Data - -Given an Intermediate Encrypted Structured Data, -the signatures over this Structured Data may be calculated, -and the final Encrypted Structured Data outputted. - -#### Header Field - -The Header Field name MUST be `aws_dbe_head` - -The Header Field TypeID MUST be 0xFFFF - -The Header Field Value MUST be the full serialized [header](header.md) with commitment. - -The encryption context field serialized in the header MUST contain all key-value -pairs of the encryption context in the [encryption materials](#retrieve-encryption-materials) -that are not included in the -[required encryption context keys](../framework/structures.md#required-encryption-context-keys) list. - -#### Footer Field - -The Footer Field name MUST be `aws_dbe_foot` +The input [Structured Data](encrypt-path-structure.md#structured-data) and [Crypto Schema](encrypt-path-structure.md#crypto-schema) +MUST refer to the same set of locations. -The Footer Field TypeID MUST be 0xFFFF +The input [Structured Data](encrypt-path-structure.md#structured-data) and [Crypto Schema](encrypt-path-structure.md#crypto-schema) +MUST be combined into a single [Crypto List](encrypt-path-structure.md#crypto-list). -The Footer Field Value MUST be the serialized [footer](footer.md). +Encrypt Structure MUST then behave as [Encrypt Path Structure](encrypt-path-structure.md) -#### Encrypted Structured Data -The Encrypted Structured Data created by this operation MUST be a Structured Data such that: -- for every [Terminal Data](./structures.md#terminal-data) in the - [Intermediate Structured Data](#calculate-intermediate-encrypted-structured-data), - a Terminal Data MUST exist with the same [canonical path](./header.md#canonical-path) in the final Encrypted Structured Data. -- for every [Terminal Data](./structures.md#terminal-data) in the final Encrypted Structured Data - if the [Crypto Schema](#crypto-schema) - indicates a [Crypto Action](./structures.md#crypto-action) - other than [DO_NOTHING](./structures.md#DO_NOTHING), - a Terminal Data MUST exist with the same [canonical path](./header.md#canonical-path) in the - [Intermediate Structured Data](#calculate-intermediate-encrypted-structured-data). -- The [Header Field](#header-field) MUST exist in the Encrypted Structured Data -- The [Footer Field](#footer-field) MUST exist in the Encrypted Structured Data +The output [Crypto List](encrypt-path-structure.md#crypto-list) produced by [Encrypt Path Structure](encrypt-path-structure.md) +MUST be split into [Structured Data](encrypt-path-structure.md#structured-data) and [Crypto Schema](encrypt-path-structure.md#crypto-schema) +maps. diff --git a/specification/structured-encryption/footer.md b/specification/structured-encryption/footer.md index b3dfc0444..194aa0420 100644 --- a/specification/structured-encryption/footer.md +++ b/specification/structured-encryption/footer.md @@ -15,7 +15,7 @@ When encrypting, `signed fields` refers to all fields for which the [Crypto Schema](./structures.md#crypto-schema) indicates `ENCRYPT_AND_SIGN` or `SIGN_ONLY`. When decrypting `signed fields` refers to all fields for which the -the [Authenticate Schema](#authenticate-schema) indicates `SIGN` +the [Authenticate Schema](./structures.md#authenticate-schema) indicates `SIGN` ## Footer Format @@ -108,7 +108,7 @@ indicated by the algorithm suite. ## Footer Verification -The footer is verified before it's record is decrypted. +The footer is verified before it's record is decrypted. ### Recipient Tag Verification @@ -121,4 +121,3 @@ Recipient Tag comparisons MUST be constant time operations. If the footer contains a signature, this signature MUST be verified using the [asymmetric signature algorithm](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md#algorithm-suites-signature-settings) indicated by the algorithm suite. - diff --git a/specification/structured-encryption/header.md b/specification/structured-encryption/header.md index 7ed0d30b1..b7cc44257 100644 --- a/specification/structured-encryption/header.md +++ b/specification/structured-encryption/header.md @@ -24,7 +24,7 @@ The Partial Header MUST be | Variable | [Encryption Context](#encryption-context) | | Variable | [Encrypted Data Keys](#encrypted-data-keys) | -### Header Value +### Full Header Value The value of the header MUST be @@ -231,7 +231,7 @@ The Header Commitment MUST be calculated as a the first 32 bytes of an HmacSha38 with the serialized partial header as the message, and the Commit Key as the key. For example -``` +```python def GetHeaderCommitment(Header, CommitKey): # Truncate to 256 bits (32 bytes; returning only the leftmost bits) return HmacSha384(Header, CommitKey)[0:32] @@ -249,11 +249,10 @@ compare it to the stored [Header Commitment](#header-commitment). Header commitment comparisons MUST be constant time operations. -## Notes +## Notes While the Header Commitment does produce a distinct 256-bit hash output per header and commitment key, it does not provide any integrity guarantees over the encrypted attributes. Integrity over the encrypted attributes is ensured by the signatures in the -[footer](#footer.md). - +[footer](footer.md). diff --git a/specification/structured-encryption/resolve-auth-actions.md b/specification/structured-encryption/resolve-auth-actions.md new file mode 100644 index 000000000..ea35ade5a --- /dev/null +++ b/specification/structured-encryption/resolve-auth-actions.md @@ -0,0 +1,67 @@ +[//]: # "Copyright Amazon.com Inc. or its affiliates. All Rights Reserved." +[//]: # "SPDX-License-Identifier: CC-BY-SA-4.0" + +# Resolve Auth Actions + +## Version + +1.0.0 + +### Changelog + +- 1.0.0 + + - Initial record + +## Definitions + +### Conventions used in this document + +The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" +in this document are to be interpreted as described in [RFC 2119](https://tools.ietf.org/html/rfc2119). + +## Overview + +ResolveAuthActions takes an encrypted record and determines the CryptoActions originally used for encryption. + +It makes no network calls and does no encryption nor decryption. + +## Input + +The following inputs to this behavior are REQUIRED: + +- [Table Name](#table-name) +- [Auth List](#auth-list) +- [Header Bytes](#header-bytes) + +### Table Name + +The logical name for the structure. +This can be the same as the physical name. +For example the name of the table to hold the encrypted record. + +### Auth List + +The [Auth List](./structures.md#auth-list) describes how each [Terminal Data](./structures.md#terminal-data) would be treated during decryption. + +The header and footer fields (aws_dbe_head and aws_dbe_foot) can be present, but they need not be present. + +Data members need not contain any particular values. + +### Header Bytes + +The sequence of bytes representing the serialized header, as is usually found in the `aws_dbe_head` attribute. + +## Output + +This operation MUST output the following: + +[Crypto List](./structures.md#crypto-list): Input terminal data and the Crypto Schema for each Terminal, + calculated using the Crypto Legend in the header, the signature scope used for decryption, and the data in the input structure. + +## Behavior + +Resolve Auth Actions examines the configuration and the provided header to determine +the [Crypto Actions](structures.md#crypto-action) originally use for encryption. + +The data members are returned unchanged and unexamined. diff --git a/specification/structured-encryption/structures.md b/specification/structured-encryption/structures.md index a294789d3..36ed47a3f 100644 --- a/specification/structured-encryption/structures.md +++ b/specification/structured-encryption/structures.md @@ -5,12 +5,14 @@ ## Version -1.0.0 +1.1.0 ### Changelog -- 1.0.0 +- 1.1.0 + - Update for simplified structured encryption +- 1.0.0 - Initial record ## Definitions @@ -42,8 +44,13 @@ Structures defined in this document: - [Encrypt Action](#encrypt-action) - [Encryption Context](#encryption-context) - [Structured Data](#structured-data) -- [Structured Data Attributes](#structured-data-attributes) - [Terminal Data](#terminal-data) +- [Path Segment](#path-segment) +- [Path](#path) +- [Crypto Item](#crypto-item) +- [Crypto List](#crypto-list) +- [Auth Item](#auth-item) +- [Auth List](#auth-list) ### Authenticate Action @@ -93,13 +100,13 @@ ENCRYPT_AND_SIGN indicates that the following actions apply to a [Terminal Data] ##### SIGN_ONLY SIGN_ONLY indicates that the following actions apply to a [Terminal Data](#terminal-data): -- [DO_NOT_ENCRYPT](#donotencrypt) +- [DO_NOT_ENCRYPT](#do_not_encrypt) - [SIGN](#sign) ##### SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT indicates that the following actions apply to a [Terminal Data](#terminal-data): -- [DO_NOT_ENCRYPT](#donotencrypt) +- [DO_NOT_ENCRYPT](#do_not_encrypt) - [SIGN](#sign) and further that the [Terminal Data](#terminal-data) MUST be included in the encryption context. @@ -107,8 +114,8 @@ and further that the [Terminal Data](#terminal-data) MUST be included in the enc ##### DO_NOTHING DO_NOTHING indicates that the following actions apply to a [Terminal Data](#terminal-data): -- [DO_NOT_ENCRYPT](#donotencrypt) -- [DO_NOT_SIGN](#donotsign) +- [DO_NOT_ENCRYPT](#do_not_encrypt) +- [DO_NOT_SIGN](#do_not_sign) ### Crypto Schema @@ -147,40 +154,18 @@ No encryption or decryption is performed on the Terminal Data. [The Encryption Context as defined by the Material Providers Library specification.](https://github.com/awslabs/private-aws-encryption-sdk-specification-staging/blob/master/framework/structures.md#encryption-context) -### Structured Data Content +### Structured Data -Structured Data Content is a recursively defined structure that is intended to support +Structured Data is intended to support the expression of most [JSON](https://datatracker.ietf.org/doc/html/rfc7159) and [XML](https://www.w3.org/TR/xml/) data. -Structured Data Content is a union of one of three separate structures; -Structured Data Content MUST be one of: -- [Terminal Data](#terminal-data) -- [Structured Data Map](#structured-data-map) -- [Structured Data List](#structured-data-list) - -#### Structured Data - -A Structured Data MUST consist of: -- a [Structured Data Content](#structured-data-content) -- an OPTIONAL map of [Attributes](#structured-data-attributes) +Structured Data is expressed as a [Structured Data Map](#structured-data-map) #### Structured Data Map A Structured Data Map MUST consist of: -- A map strings to [Structured Data](#structured-data) - - This map MUST NOT allow duplicate key values - -#### Structured Data List - -A Structured Data List MUST consist of: - -- A numerical-indexed array of [Structured Data](#structured-data). - - The max length of this list MUST be 2^64 - 1 - -### Structured Data Attributes - -Structured Data Attributes MUST be map of strings to [Terminal Data](#terminal-data). -This data is intended to be an equivalent to XML-like attributes. +- A map strings to [Terminal Data](#terminal-data) + - This map MUST NOT allow duplicate key values ### Terminal Data @@ -205,3 +190,39 @@ and how those types should be serialized and deserialized. Terminal Value MUST be a sequence of bytes, and MAY be empty (zero-length). If these bytes are to be deserialized, these bytes MUST be interpreted as the type indicated in this Terminal Data's [Terminal Type ID](#terminal-type-id).D + +### Path Segment + +A path segment MUST be a string, designating the name of a member of a structure. + +In the future, a path segment might also refer to an index into a list, or to an attribute name. + +### Path + +A path is a sequence of [path segments](#path-segment) that refer to a location within a structure. + +### Crypto Item + +A crypto item MUST consist of +- a [Path](#path) +- a [Crypto Action](#crypto-action) +- a [Terminal Data](#terminal-data) + +and indicates that this data exists at this location, and should be handled with this action. + +### Crypto List + +A crypto list MUST be a sequence of [crypto item](#crypto-item) + +### Auth Item + +An auth item MUST consist of +- a [Path](#path) +- an [Authenticate Action](#authenticate-action) +- a [Terminal Data](#terminal-data) + +and indicates that this data exists at this location, and should be handled with this action. + +### Auth List + +An auth list MUST be a sequence of [auth item](#auth-item)