m

Author: ajewellamz

DynamoDbEncryption/dafny/DynamoDbEncryption/src/ConfigToInfo.dfy

@@ -23,7 +23,7 @@ module SearchConfigToInfo {
   import opened DynamoDbEncryptionUtil
   import opened TermLoc
   import opened StandardLibrary.String
-  import opened MemoryMath
+  import opened StandardLibrary.MemoryMath
   import MaterialProviders
   import SortedSets
 

DynamoDbEncryption/dafny/DynamoDbEncryption/src/DynamoToStruct.dfy

@@ -20,7 +20,7 @@ module DynamoToStruct {
   import SE = StructuredEncryptionUtil
   import StandardLibrary.Sequence
   import DafnyLibraries
-  import opened MemoryMath
+  import opened StandardLibrary.MemoryMath
 
   type Error = Types.Error
 
@@ -126,7 +126,7 @@ module DynamoToStruct {
       var badNames := set k <- s | !IsValid_AttributeName(k) :: k;
       OneBadKey(s, badNames, IsValid_AttributeName);
       // We happen to order these values, but this ordering MUST NOT be relied upon.
-      var orderedAttrNames := SetToOrderedSequence(badNames, CharLess);
+      var orderedAttrNames := SortedSets.ComputeSetToOrderedSequence2(badNames, CharLess);
       var attrNameList := Join(orderedAttrNames, ",");
       MakeError("Not valid attribute names : " + attrNameList)
   }
@@ -1369,7 +1369,7 @@ module DynamoToStruct {
       var badValues := FlattenErrors(m);
       assert(|badValues| > 0);
       // We happen to order these values, but this ordering MUST NOT be relied upon.
-      var badValueSeq := SetToOrderedSequence(badValues, CharLess);
+      var badValueSeq := SortedSets.ComputeSetToOrderedSequence2(badValues, CharLess);
       Failure(Join(badValueSeq, "\n"))
   }
 }

DynamoDbEncryption/dafny/DynamoDbEncryption/src/TermLoc.dfy

@@ -26,11 +26,38 @@ module TermLoc {
   import opened StandardLibrary.UInt
   import opened AwsCryptographyDbEncryptionSdkDynamoDbTypes
   import opened DynamoDbEncryptionUtil
+  import opened StandardLibrary.MemoryMath
   import StandardLibrary.String
   import DDB = ComAmazonawsDynamodbTypes
   import Seq
   import DynamoToStruct
 
+  // function method {:tailrecursion} CountEven(x : seq<uint8>, pos : nat) : nat
+  //   requires pos <= |x|
+  //   decreases |x| - pos
+  // {
+  //   if pos == |x| then
+  //     0
+  //   else if x[0] % 2 == 0 then
+  //     1 + CountEven(x, pos+1)
+  //   else
+  //     CountEven(x, pos+1)
+  // }
+
+  function method {:tailrecursion} CountEven(x : seq<uint8>, pos : uint64 := 0) : (ret : uint64)
+    requires pos as nat <= |x|
+    ensures ret as nat <= |x| - pos as nat
+    decreases |x| - pos as nat
+  {
+    SequenceIsSafeBecauseItIsInMemory(x);
+    if pos == |x| as uint64 then
+      0
+    else if x[0] % 2 == 0 then
+      1 + CountEven(x, pos+1)
+    else
+      CountEven(x, pos+1)
+  }
+
   datatype Selector =
     | List(pos : uint64)
     | Map(key : string)
@@ -175,9 +202,9 @@ module TermLoc {
   // return the number of characters until the next part begins
   // that is, '[' or '.'
   function method  {:opaque} FindStartOfNext(s : string)
-    : (index : Option<nat>)
+    : (index : Option<uint64>)
     ensures index.Some? ==>
-              && index.value < |s|
+              && index.value as nat < |s|
               && (s[index.value] == '.' || s[index.value] == '[')
               && '.' !in s[..index.value]
               && '[' !in s[..index.value]
@@ -199,13 +226,20 @@ module TermLoc {
   }
 
   // read an unsigned decimal number, return value and length
-  function method {:opaque} GetNumber(s : string, acc : nat := 0)
-    : Result<nat, Error>
+  // error if value exceeds 2^64
+  function method {:opaque} GetNumber(s : string, acc : uint64 := 0, pos : uint64 := 0)
+    : Result<uint64, Error>
+    requires pos as nat <= |s|
+    decreases |s| - pos as nat
   {
-    if |s| == 0 then
+    SequenceIsSafeBecauseItIsInMemory(s);
+    if |s| as uint64 == pos then
       Success(acc)
     else if '0' <= s[0] <= '9' then
-      GetNumber(s[1..], acc * 10 + s[0] as nat - '0' as nat)
+      if acc < 0xfff_ffff_ffff_ffff then
+        GetNumber(s, acc * 10 + s[0] as uint64 - '0' as uint64, Add(pos, 1))
+      else
+        Failure(E("Number is too big for list index : " + s))
     else
       Failure(E("Unexpected character in number : " + [s[0]]))
   }
@@ -231,18 +265,18 @@ module TermLoc {
     if s[|s|-1] != ']' then
       Failure(E("List index must end with ]"))
     else
-      var num :- GetNumber(s[1..|s|-1]);
-      :- Need(HasUint64Size(num), E("Array selector exceeds maximum."));
-      Success(List(num as uint64))
+      var num : uint64 :- GetNumber(s[1..|s|-1]);
+      Success(List(num))
   }
 
   // convert string to SelectorList
   function method {:tailrecursion} {:opaque} GetSelectors(s : string, acc : SelectorList := [])
     : Result<SelectorList, Error>
     requires |s| > 0 && (s[0] == '.' || s[0] == '[')
   {
+    SequenceIsSafeBecauseItIsInMemory(s);
     var pos := FindStartOfNext(s[1..]);
-    var end := if pos.None? then |s| else pos.value + 1;
+    var end := if pos.None? then |s| as uint64 else Add(pos.value, 1);
     var sel : Selector :- GetSelector(s[..end]);
     :- Need(HasUint64Size(|acc|+1), E("Selector Overflow"));
     if pos.None? then

DynamoDbEncryption/dafny/DynamoDbItemEncryptor/src/AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations.dfy

@@ -251,7 +251,7 @@ module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations refines Abs
               SORT_NAME !in ret.value
   {
     UTF8.EncodeAsciiUnique();
-    :- Need(config.partitionKeyName in item, DDBError("Partition key " + config.partitionKeyName + " not found in Item to be encrypted or decrypted"));
+    :- FNeed(config.partitionKeyName in item, () => DDBError("Partition key " + config.partitionKeyName + " not found in Item to be encrypted or decrypted"));
     var logicalTableName : ValidUTF8Bytes :- DDBEncode(config.logicalTableName);
     var partitionName : ValidUTF8Bytes :- DDBEncode(config.partitionKeyName);
     var partitionKeyName : ValidUTF8Bytes :- EncodeName(config.partitionKeyName);

DynamoDbEncryption/dafny/DynamoDbItemEncryptor/src/Util.dfy

@@ -8,7 +8,7 @@ module DynamoDbItemEncryptorUtil {
   import opened Wrappers
   import opened StandardLibrary
   import opened StandardLibrary.UInt
-  import opened MemoryMath
+  import opened StandardLibrary.MemoryMath
 
   import UTF8
   import MPL = AwsCryptographyMaterialProvidersTypes

DynamoDbEncryption/dafny/StructuredEncryption/src/AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations.dfy

@@ -13,7 +13,7 @@ include "Canonize.dfy"
 module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines AbstractAwsCryptographyDbEncryptionSdkStructuredEncryptionOperations {
   import opened StructuredEncryptionUtil
   import opened AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes
-  import opened MemoryMath
+  import opened StandardLibrary.MemoryMath
 
   import Base64
   import CMP = AwsCryptographyMaterialProvidersTypes

DynamoDbEncryption/dafny/StructuredEncryption/src/Canonize.dfy

@@ -11,7 +11,7 @@ module {:options "/functionSyntax:4" } Canonize {
   import opened Wrappers
   import opened StandardLibrary
   import opened StandardLibrary.UInt
-  import opened MemoryMath
+  import opened StandardLibrary.MemoryMath
   import Header = StructuredEncryptionHeader
   import Paths = StructuredEncryptionPaths
   import SortCanon

DynamoDbEncryption/dafny/StructuredEncryption/src/Footer.dfy

@@ -23,7 +23,7 @@ module StructuredEncryptionFooter {
   import opened StandardLibrary.UInt
   import opened AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes
   import opened StructuredEncryptionUtil
-  import opened MemoryMath
+  import opened StandardLibrary.MemoryMath
   import Primitives = AtomicPrimitives
   import Materials
   import Header = StructuredEncryptionHeader

DynamoDbEncryption/dafny/StructuredEncryption/src/Header.dfy

@@ -13,7 +13,7 @@ module StructuredEncryptionHeader {
   import opened StandardLibrary.UInt
   import opened AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes
   import opened StructuredEncryptionUtil
-  import opened MemoryMath
+  import opened StandardLibrary.MemoryMath
 
   import CMP = AwsCryptographyMaterialProvidersTypes
   import Prim = AwsCryptographyPrimitivesTypes

DynamoDbEncryption/dafny/StructuredEncryption/src/OptimizedMergeSort.dfy

@@ -8,7 +8,7 @@ module {:options "-functionSyntax:4"} OptimizedMergeSort {
   import Relations
   import BoundedInts
   import InternalModule = Seq.MergeSort
-  import MemoryMath
+  import StandardLibrary.MemoryMath
 
   predicate HasUint64Len<T>(s: seq<T>) {
     |s| < BoundedInts.TWO_TO_THE_64