feat: Update config param names (#209)

Author: lavaleri

DynamoDbEncryption/dafny/DynamoDbEncryption/Model/AwsCryptographyDbEncryptionSdkDynamoDbTypes.dfy

@@ -209,14 +209,14 @@ include "../../../../submodules/MaterialProviders/StandardLibrary/src/Index.dfy"
  nameonly partitionKeyName: ComAmazonawsDynamodbTypes.KeySchemaAttributeName ,
  nameonly sortKeyName: Option<ComAmazonawsDynamodbTypes.KeySchemaAttributeName> ,
  nameonly search: Option<SearchConfig> ,
- nameonly attributeActions: AttributeActions ,
- nameonly allowedUnauthenticatedAttributes: Option<ComAmazonawsDynamodbTypes.AttributeNameList> ,
- nameonly allowedUnauthenticatedAttributePrefix: Option<string> ,
+ nameonly attributeActionsOnEncrypt: AttributeActions ,
+ nameonly allowedUnsignedAttributes: Option<ComAmazonawsDynamodbTypes.AttributeNameList> ,
+ nameonly allowedUnsignedAttributePrefix: Option<string> ,
  nameonly algorithmSuiteId: Option<AwsCryptographyMaterialProvidersTypes.DBEAlgorithmSuiteId> ,
  nameonly keyring: Option<AwsCryptographyMaterialProvidersTypes.IKeyring> ,
  nameonly cmm: Option<AwsCryptographyMaterialProvidersTypes.ICryptographicMaterialsManager> ,
- nameonly legacyConfig: Option<LegacyConfig> ,
- nameonly plaintextPolicy: Option<PlaintextPolicy>
+ nameonly legacyOverride: Option<LegacyOverride> ,
+ nameonly plaintextOverride: Option<PlaintextOverride>
  )
  type DynamoDbTableEncryptionConfigList = map<ComAmazonawsDynamodbTypes.TableName, DynamoDbTableEncryptionConfig>
  datatype DynamoDbTablesEncryptionConfig = | DynamoDbTablesEncryptionConfig (
@@ -258,12 +258,6 @@ include "../../../../submodules/MaterialProviders/StandardLibrary/src/Index.dfy"
  datatype Insert = | Insert (
  nameonly literal: string
  )
- datatype LegacyConfig = | LegacyConfig (
- nameonly policy: LegacyPolicy ,
- nameonly encryptor: ILegacyDynamoDbEncryptor ,
- nameonly attributeFlags: AttributeActions ,
- nameonly defaultAttributeFlag: Option<AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes.CryptoAction>
- )
  class ILegacyDynamoDbEncryptorCallHistory {
  ghost constructor() {
 
@@ -299,10 +293,16 @@ include "../../../../submodules/MaterialProviders/StandardLibrary/src/Index.dfy"
   ghost const History: ILegacyDynamoDbEncryptorCallHistory
 
 }
+ datatype LegacyOverride = | LegacyOverride (
+ nameonly policy: LegacyPolicy ,
+ nameonly encryptor: ILegacyDynamoDbEncryptor ,
+ nameonly attributeActionsOnEncrypt: AttributeActions ,
+ nameonly defaultAttributeFlag: Option<AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes.CryptoAction>
+ )
  datatype LegacyPolicy =
-	| REQUIRE_ENCRYPT_ALLOW_DECRYPT
-	| FORBID_ENCRYPT_ALLOW_DECRYPT
-	| FORBID_ENCRYPT_FORBID_DECRYPT
+	| FORCE_LEGACY_ENCRYPT_ALLOW_LEGACY_DECRYPT
+	| FORBID_LEGACY_ENCRYPT_ALLOW_LEGACY_DECRYPT
+	| FORBID_LEGACY_ENCRYPT_FORBID_LEGACY_DECRYPT
  datatype Lower = | Lower (
 
  )
@@ -311,10 +311,10 @@ include "../../../../submodules/MaterialProviders/StandardLibrary/src/Index.dfy"
  nameonly cacheTTL: int32 ,
  nameonly maxCacheSize: int32
  )
- datatype PlaintextPolicy =
-	| REQUIRE_WRITE_ALLOW_READ
-	| FORBID_WRITE_ALLOW_READ
-	| FORBID_WRITE_FORBID_READ
+ datatype PlaintextOverride =
+	| FORCE_PLAINTEXT_WRITE_ALLOW_PLAINTEXT_READ
+	| FORBID_PLAINTEXT_WRITE_ALLOW_PLAINTEXT_READ
+	| FORBID_PLAINTEXT_WRITE_FORBID_PLAINTEXT_READ
  type Prefix = x: string | IsValid_Prefix(x) witness *
  predicate method IsValid_Prefix(x: string) {
  ( 1 <= |x|  )

DynamoDbEncryption/dafny/DynamoDbEncryption/Model/DynamoDbEncryption.smithy

@@ -116,9 +116,9 @@ structure DynamoDbTableEncryptionConfig {
     search: SearchConfig,
 
     @required
-    attributeActions: AttributeActions,
-    allowedUnauthenticatedAttributes: AttributeNameList,
-    allowedUnauthenticatedAttributePrefix: String,
+    attributeActionsOnEncrypt: AttributeActions,
+    allowedUnsignedAttributes: AttributeNameList,
+    allowedUnsignedAttributePrefix: String,
     //= specification/dynamodb-encryption-client/ddb-table-encryption-config.md#algorithm-suite
     //= type=implication
     //# This algorithm suite MUST be a [Structured Encryption Library Supported algorithm suite](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/algorithm-suites.md).
@@ -128,8 +128,8 @@ structure DynamoDbTableEncryptionConfig {
     keyring: KeyringReference,
     cmm: CryptographicMaterialsManagerReference,
 
-    legacyConfig: LegacyConfig,
-    plaintextPolicy: PlaintextPolicy
+    legacyOverride: LegacyOverride,
+    plaintextOverride: PlaintextOverride
 }
 
 map AttributeActions {
@@ -139,16 +139,16 @@ map AttributeActions {
 
 @enum([
   {
-    name: "REQUIRE_ENCRYPT_ALLOW_DECRYPT",
-    value: "REQUIRE_ENCRYPT_ALLOW_DECRYPT",
+    name: "FORCE_LEGACY_ENCRYPT_ALLOW_LEGACY_DECRYPT",
+    value: "FORCE_LEGACY_ENCRYPT_ALLOW_LEGACY_DECRYPT",
   },
   {
-    name: "FORBID_ENCRYPT_ALLOW_DECRYPT",
-    value: "FORBID_ENCRYPT_ALLOW_DECRYPT",
+    name: "FORBID_LEGACY_ENCRYPT_ALLOW_LEGACY_DECRYPT",
+    value: "FORBID_LEGACY_ENCRYPT_ALLOW_LEGACY_DECRYPT",
   },
   {
-    name: "FORBID_ENCRYPT_FORBID_DECRYPT",
-    value: "FORBID_ENCRYPT_FORBID_DECRYPT",
+    name: "FORBID_LEGACY_ENCRYPT_FORBID_LEGACY_DECRYPT",
+    value: "FORBID_LEGACY_ENCRYPT_FORBID_LEGACY_DECRYPT",
   },
 ])
 string LegacyPolicy
@@ -167,7 +167,7 @@ structure LegacyDynamoDbEncryptorReference {}
 //# - [Legacy Encryptor](#legacy-encryptor)
 //# - [Attributes Flags](#attribute-flags)
 //# - [Legacy Policy](#legacy-policy)
-structure LegacyConfig {
+structure LegacyOverride {
     @required
     policy: LegacyPolicy,
     @required
@@ -177,26 +177,26 @@ structure LegacyConfig {
     //= type=implication
     //# This map MAY be different from the top level [Attribute Actions](#attribute-actions).
     @required
-    attributeFlags: AttributeActions,
+    attributeActionsOnEncrypt: AttributeActions,
 
     defaultAttributeFlag: CryptoAction,
 }
 
 @enum([
   {
-    name: "REQUIRE_WRITE_ALLOW_READ",
-    value: "REQUIRE_WRITE_ALLOW_READ",
+    name: "FORCE_PLAINTEXT_WRITE_ALLOW_PLAINTEXT_READ",
+    value: "FORCE_PLAINTEXT_WRITE_ALLOW_PLAINTEXT_READ",
   },
   {
-    name: "FORBID_WRITE_ALLOW_READ",
-    value: "FORBID_WRITE_ALLOW_READ",
+    name: "FORBID_PLAINTEXT_WRITE_ALLOW_PLAINTEXT_READ",
+    value: "FORBID_PLAINTEXT_WRITE_ALLOW_PLAINTEXT_READ",
   },
   {
-    name: "FORBID_WRITE_FORBID_READ",
-    value: "FORBID_WRITE_FORBID_READ",
+    name: "FORBID_PLAINTEXT_WRITE_FORBID_PLAINTEXT_READ",
+    value: "FORBID_PLAINTEXT_WRITE_FORBID_PLAINTEXT_READ",
   },
 ])
-string PlaintextPolicy
+string PlaintextOverride
 
 @range(min: 1, max: 63)
 integer BeaconBitLength

DynamoDbEncryption/dafny/DynamoDbEncryption/src/ConfigToInfo.dfy

@@ -77,14 +77,14 @@ module SearchConfigToInfo {
   function method ShouldDeleteKeyField(outer : DynamoDbTableEncryptionConfig, keyFieldName : string)
     : (ret : Result<bool, Error>)
     ensures
-      && keyFieldName in outer.attributeActions
-      && outer.attributeActions[keyFieldName] == SE.ENCRYPT_AND_SIGN
+      && keyFieldName in outer.attributeActionsOnEncrypt
+      && outer.attributeActionsOnEncrypt[keyFieldName] == SE.ENCRYPT_AND_SIGN
       ==> ret.Failure?
   {
-    if keyFieldName !in outer.attributeActions then
+    if keyFieldName !in outer.attributeActionsOnEncrypt then
       Success(true)
     else
-      match outer.attributeActions[keyFieldName] {
+      match outer.attributeActionsOnEncrypt[keyFieldName] {
         case DO_NOTHING => Success(true)
         case SIGN_ONLY => Success(false)
         case ENCRYPT_AND_SIGN => Failure(E("Beacon key field name " + keyFieldName + " is configured as ENCRYPT_AND_SIGN which is not allowed."))
@@ -114,8 +114,8 @@ module SearchConfigToInfo {
     //# with [ENCRYPT_AND_SIGN](../structured-encryption/structures.md#encrypt_and_sign).
     ensures
       && config.multi?
-      && config.multi.keyFieldName in outer.attributeActions
-      && outer.attributeActions[config.multi.keyFieldName] == SE.ENCRYPT_AND_SIGN
+      && config.multi.keyFieldName in outer.attributeActionsOnEncrypt
+      && outer.attributeActionsOnEncrypt[config.multi.keyFieldName] == SE.ENCRYPT_AND_SIGN
       ==> output.Failure?
   {
     var mplR := MaterialProviders.MaterialProviders();
@@ -214,7 +214,7 @@ module SearchConfigToInfo {
         source,
         beacons,
         virtualFields,
-        outer.attributeActions
+        outer.attributeActionsOnEncrypt
       );
   }
 
@@ -232,24 +232,24 @@ module SearchConfigToInfo {
   predicate method IsSigned(outer : DynamoDbTableEncryptionConfig, loc : TermLoc)
   {
     && var name := loc[0].key;
-    && name in outer.attributeActions
-    && outer.attributeActions[name] != SE.DO_NOTHING
+    && name in outer.attributeActionsOnEncrypt
+    && outer.attributeActionsOnEncrypt[name] != SE.DO_NOTHING
   }
 
   // is this terminal location signed, but not encrypted
   predicate method IsSignOnly(outer : DynamoDbTableEncryptionConfig, loc : TermLoc)
   {
     && var name := loc[0].key;
-    && name in outer.attributeActions
-    && outer.attributeActions[name] == SE.SIGN_ONLY
+    && name in outer.attributeActionsOnEncrypt
+    && outer.attributeActionsOnEncrypt[name] == SE.SIGN_ONLY
   }
 
   // is this terminal location encrypted
   predicate method IsEncrypted(outer : DynamoDbTableEncryptionConfig, loc : TermLoc)
   {
     && var name := loc[0].key;
-    && name in outer.attributeActions
-    && outer.attributeActions[name] == SE.ENCRYPT_AND_SIGN
+    && name in outer.attributeActionsOnEncrypt
+    && outer.attributeActionsOnEncrypt[name] == SE.ENCRYPT_AND_SIGN
   }
 
   // is this terminal location encrypted, OR does it refer to an encrypted virtual field
@@ -267,15 +267,15 @@ module SearchConfigToInfo {
     context : string,
     isSignedBeacon : bool := false)
     : (ret : Result<bool, Error>)
-    ensures name in outer.attributeActions && outer.attributeActions[name] != SE.ENCRYPT_AND_SIGN ==> ret.Failure?
+    ensures name in outer.attributeActionsOnEncrypt && outer.attributeActionsOnEncrypt[name] != SE.ENCRYPT_AND_SIGN ==> ret.Failure?
   {
-    if name in outer.attributeActions && outer.attributeActions[name] != SE.ENCRYPT_AND_SIGN then
+    if name in outer.attributeActionsOnEncrypt && outer.attributeActionsOnEncrypt[name] != SE.ENCRYPT_AND_SIGN then
       Failure(E(name + " not allowed as a " + context + " because it is already an unencrypted attribute."))
-    else if isSignedBeacon && name in outer.attributeActions then
+    else if isSignedBeacon && name in outer.attributeActionsOnEncrypt then
       Failure(E(name + " not allowed as a " + context + " because a fully signed beacon cannot have the same name as an existing attribute."))
-    else if outer.allowedUnauthenticatedAttributes.Some? && name in outer.allowedUnauthenticatedAttributes.value then
+    else if outer.allowedUnsignedAttributes.Some? && name in outer.allowedUnsignedAttributes.value then
       Failure(E(name + " not allowed as a " + context + " because it is already an allowed unauthenticated attribute."))
-    else if outer.allowedUnauthenticatedAttributePrefix.Some? && outer.allowedUnauthenticatedAttributePrefix.value <= name then
+    else if outer.allowedUnsignedAttributePrefix.Some? && outer.allowedUnsignedAttributePrefix.value <= name then
       Failure(E(name + " not allowed as a " + context + " because it begins with the allowed unauthenticated prefix."))
     else if ReservedPrefix <= name then
       Failure(E(name + " not allowed as a " + context + " because it begins with the reserved prefix."))
@@ -287,11 +287,11 @@ module SearchConfigToInfo {
   function method VirtualFieldNameAllowed(outer : DynamoDbTableEncryptionConfig, name : string)
     : Result<bool, Error>
   {
-    if name in outer.attributeActions then
+    if name in outer.attributeActionsOnEncrypt then
       Failure(E(name + " not allowed as a Virtual Field because it is already a configured attribute."))
-    else if outer.allowedUnauthenticatedAttributes.Some? && name in outer.allowedUnauthenticatedAttributes.value then
+    else if outer.allowedUnsignedAttributes.Some? && name in outer.allowedUnsignedAttributes.value then
       Failure(E(name + " not allowed as a Virtual Field because it is already an allowed unauthenticated attribute."))
-    else if outer.allowedUnauthenticatedAttributePrefix.Some? && outer.allowedUnauthenticatedAttributePrefix.value <= name then
+    else if outer.allowedUnsignedAttributePrefix.Some? && outer.allowedUnsignedAttributePrefix.value <= name then
       Failure(E(name + " not allowed as a Virtual Field because it begins with the allowed unauthenticated prefix."))
     else if ReservedPrefix <= name then
       Failure(E(name + " not allowed as a Virtual Field because it begins with the reserved prefix."))
@@ -402,7 +402,7 @@ module SearchConfigToInfo {
     //= type=implication
     //# Initialization MUST fail if the name of any [standard beacon](beacons.md#standard-beacon)
     //# matches that of any unencrypted [configured field](#configured-field).
-    ensures 0 < |beacons| && beacons[0].name in outer.attributeActions && outer.attributeActions[beacons[0].name] != SE.ENCRYPT_AND_SIGN ==> output.Failure?
+    ensures 0 < |beacons| && beacons[0].name in outer.attributeActionsOnEncrypt && outer.attributeActionsOnEncrypt[beacons[0].name] != SE.ENCRYPT_AND_SIGN ==> output.Failure?
 
     ensures output.Success? && 0 < |beacons| ==>
               && beacons[0].name !in converted
@@ -786,7 +786,7 @@ module SearchConfigToInfo {
     //= type=implication
     //# Initialization MUST fail if the name of any [compound beacon](beacons.md#compound-beacon)
     //# matches that of any unencrypted [configured field](#configured-field).
-    ensures 0 < |beacons| && beacons[0].name in outer.attributeActions && outer.attributeActions[beacons[0].name] != SE.ENCRYPT_AND_SIGN ==> output.Failure?
+    ensures 0 < |beacons| && beacons[0].name in outer.attributeActionsOnEncrypt && outer.attributeActionsOnEncrypt[beacons[0].name] != SE.ENCRYPT_AND_SIGN ==> output.Failure?
   {
     if |beacons| == 0 {
       return Success(converted);

DynamoDbEncryption/dafny/DynamoDbEncryption/test/BeaconTestFixtures.dfy

@@ -178,17 +178,17 @@ module BeaconTestFixtures {
                               partitionKeyName := "foo",
                               sortKeyName := None,
                               search := None,
-                              attributeActions := map[],
-                              allowedUnauthenticatedAttributes := None,
-                              allowedUnauthenticatedAttributePrefix := None,
+                              attributeActionsOnEncrypt := map[],
+                              allowedUnsignedAttributes := None,
+                              allowedUnsignedAttributePrefix := None,
                               algorithmSuiteId := None,
                               keyring := None,
                               cmm := None,
-                              legacyConfig := None,
-                              plaintextPolicy := None
+                              legacyOverride := None,
+                              plaintextOverride := None
                             );
   const FullTableConfig := EmptyTableConfig.(
-                           attributeActions := map[
+                           attributeActionsOnEncrypt := map[
                              "std2" := SE.ENCRYPT_AND_SIGN,
                              "std4" := SE.ENCRYPT_AND_SIGN,
                              "std6" := SE.ENCRYPT_AND_SIGN,

DynamoDbEncryption/dafny/DynamoDbEncryption/test/FilterExpr.dfy

@@ -147,10 +147,10 @@ module TestDynamoDBFilterExpr {
     expect newContext.Failure?;
     expect newContext.error == E("Field std4 is encrypted, and cannot be searched without a beacon.");
 
-    var badBeacon := TestBeaconize(FullTableConfig.attributeActions, None, Some("std2 <> :A AND #Field4 = :B"), None);
+    var badBeacon := TestBeaconize(FullTableConfig.attributeActionsOnEncrypt, None, Some("std2 <> :A AND #Field4 = :B"), None);
     expect badBeacon.Failure?;
     expect badBeacon.error == E("Query is using encrypted field : std2.");
-    badBeacon := TestBeaconize(FullTableConfig.attributeActions, Some("std2 = :A AND #Field4 = :B"), None, None);
+    badBeacon := TestBeaconize(FullTableConfig.attributeActionsOnEncrypt, Some("std2 = :A AND #Field4 = :B"), None, None);
     expect badBeacon.Failure?;
     expect badBeacon.error == E("Query is using encrypted field : std2.");
   }

DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/Model/AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.dfy

@@ -860,8 +860,8 @@ include "../../../../submodules/MaterialProviders/StandardLibrary/src/Index.dfy"
  tmp1.cmm.value.ValidState()
  requires var tmps2 := set t2 | t2 in config.tableEncryptionConfigs.Values;
  forall tmp2 :: tmp2 in tmps2 ==>
- tmp2.legacyConfig.Some? ==>
- tmp2.legacyConfig.value.encryptor.ValidState()
+ tmp2.legacyOverride.Some? ==>
+ tmp2.legacyOverride.value.encryptor.ValidState()
  requires var tmps3 := set t3 | t3 in config.tableEncryptionConfigs.Values;
  forall tmp3 :: tmp3 in tmps3 ==>
  tmp3.search.Some? ==>
@@ -887,8 +887,8 @@ include "../../../../submodules/MaterialProviders/StandardLibrary/src/Index.dfy"
  && tmp8ModifyEntry in tmp8Modifies 
  :: tmp8ModifyEntry)
  modifies var tmps9 := set t9 | t9 in config.tableEncryptionConfigs.Values
-  && t9.legacyConfig.Some? 
-  :: t9.legacyConfig.value.encryptor;
+  && t9.legacyOverride.Some? 
+  :: t9.legacyOverride.value.encryptor;
  var tmps9FlattenedModifiesSet: set<set<object>> := set t0
  | t0 in tmps9 :: t0.Modifies;
  (set tmp10ModifyEntry, tmp10Modifies | 
@@ -926,8 +926,8 @@ include "../../../../submodules/MaterialProviders/StandardLibrary/src/Index.dfy"
  && tmp17ModifyEntry in tmp17Modifies 
  :: tmp17ModifyEntry)
  ) - ( var tmps18 := set t18 | t18 in config.tableEncryptionConfigs.Values
-  && t18.legacyConfig.Some? 
-  :: t18.legacyConfig.value.encryptor;
+  && t18.legacyOverride.Some? 
+  :: t18.legacyOverride.value.encryptor;
  var tmps18FlattenedModifiesSet: set<set<object>> := set t0
  | t0 in tmps18 :: t0.Modifies;
  (set tmp19ModifyEntry, tmp19Modifies | 
@@ -956,8 +956,8 @@ include "../../../../submodules/MaterialProviders/StandardLibrary/src/Index.dfy"
  tmp24.cmm.value.ValidState()
  ensures var tmps25 := set t25 | t25 in config.tableEncryptionConfigs.Values;
  forall tmp25 :: tmp25 in tmps25 ==>
- tmp25.legacyConfig.Some? ==>
- tmp25.legacyConfig.value.encryptor.ValidState()
+ tmp25.legacyOverride.Some? ==>
+ tmp25.legacyOverride.value.encryptor.ValidState()
  ensures var tmps26 := set t26 | t26 in config.tableEncryptionConfigs.Values;
  forall tmp26 :: tmp26 in tmps26 ==>
  tmp26.search.Some? ==>