m

Author: ajewellamz

DynamoDbEncryption/dafny/DynamoDbEncryption/Model/AwsCryptographyDbEncryptionSdkDynamoDbTypes.dfy

@@ -168,11 +168,9 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.internald
     ghost constructor() {
       CreateDynamoDbEncryptionBranchKeyIdSupplier := [];
       GetEncryptedDataKeyDescription := [];
-      GetNumberOfQueries := [];
     }
     ghost var CreateDynamoDbEncryptionBranchKeyIdSupplier: seq<DafnyCallEvent<CreateDynamoDbEncryptionBranchKeyIdSupplierInput, Result<CreateDynamoDbEncryptionBranchKeyIdSupplierOutput, Error>>>
     ghost var GetEncryptedDataKeyDescription: seq<DafnyCallEvent<GetEncryptedDataKeyDescriptionInput, Result<GetEncryptedDataKeyDescriptionOutput, Error>>>
-    ghost var GetNumberOfQueries: seq<DafnyCallEvent<GetNumberOfQueriesInput, Result<GetNumberOfQueriesOutput, Error>>>
   }
   trait {:termination false} IDynamoDbEncryptionClient
   {
@@ -242,21 +240,6 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.internald
       ensures GetEncryptedDataKeyDescriptionEnsuresPublicly(input, output)
       ensures History.GetEncryptedDataKeyDescription == old(History.GetEncryptedDataKeyDescription) + [DafnyCallEvent(input, output)]
 
-    predicate GetNumberOfQueriesEnsuresPublicly(input: GetNumberOfQueriesInput , output: Result<GetNumberOfQueriesOutput, Error>)
-    // The public method to be called by library consumers
-    method GetNumberOfQueries ( input: GetNumberOfQueriesInput )
-      returns (output: Result<GetNumberOfQueriesOutput, Error>)
-      requires
-        && ValidState()
-      modifies Modifies - {History} ,
-               History`GetNumberOfQueries
-      // Dafny will skip type parameters when generating a default decreases clause.
-      decreases Modifies - {History}
-      ensures
-        && ValidState()
-      ensures GetNumberOfQueriesEnsuresPublicly(input, output)
-      ensures History.GetNumberOfQueries == old(History.GetNumberOfQueries) + [DafnyCallEvent(input, output)]
-
   }
   datatype DynamoDbEncryptionConfig = | DynamoDbEncryptionConfig (
 
@@ -381,12 +364,6 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.internald
   datatype GetEncryptedDataKeyDescriptionUnion =
     | header(header: seq<uint8>)
     | item(item: ComAmazonawsDynamodbTypes.AttributeMap)
-  datatype GetNumberOfQueriesInput = | GetNumberOfQueriesInput (
-    nameonly input: ComAmazonawsDynamodbTypes.QueryInput
-  )
-  datatype GetNumberOfQueriesOutput = | GetNumberOfQueriesOutput (
-    nameonly numberOfQueries: BucketCount
-  )
   datatype GetPrefix = | GetPrefix (
     nameonly length: int32
   )
@@ -686,26 +663,6 @@ abstract module AbstractAwsCryptographyDbEncryptionSdkDynamoDbService
       History.GetEncryptedDataKeyDescription := History.GetEncryptedDataKeyDescription + [DafnyCallEvent(input, output)];
     }
 
-    predicate GetNumberOfQueriesEnsuresPublicly(input: GetNumberOfQueriesInput , output: Result<GetNumberOfQueriesOutput, Error>)
-    {Operations.GetNumberOfQueriesEnsuresPublicly(input, output)}
-    // The public method to be called by library consumers
-    method GetNumberOfQueries ( input: GetNumberOfQueriesInput )
-      returns (output: Result<GetNumberOfQueriesOutput, Error>)
-      requires
-        && ValidState()
-      modifies Modifies - {History} ,
-               History`GetNumberOfQueries
-      // Dafny will skip type parameters when generating a default decreases clause.
-      decreases Modifies - {History}
-      ensures
-        && ValidState()
-      ensures GetNumberOfQueriesEnsuresPublicly(input, output)
-      ensures History.GetNumberOfQueries == old(History.GetNumberOfQueries) + [DafnyCallEvent(input, output)]
-    {
-      output := Operations.GetNumberOfQueries(config, input);
-      History.GetNumberOfQueries := History.GetNumberOfQueries + [DafnyCallEvent(input, output)];
-    }
-
   }
 }
 abstract module AbstractAwsCryptographyDbEncryptionSdkDynamoDbOperations {
@@ -755,20 +712,4 @@ abstract module AbstractAwsCryptographyDbEncryptionSdkDynamoDbOperations {
     ensures
       && ValidInternalConfig?(config)
     ensures GetEncryptedDataKeyDescriptionEnsuresPublicly(input, output)
-
-
-  predicate GetNumberOfQueriesEnsuresPublicly(input: GetNumberOfQueriesInput , output: Result<GetNumberOfQueriesOutput, Error>)
-  // The private method to be refined by the library developer
-
-
-  method GetNumberOfQueries ( config: InternalConfig , input: GetNumberOfQueriesInput )
-    returns (output: Result<GetNumberOfQueriesOutput, Error>)
-    requires
-      && ValidInternalConfig?(config)
-    modifies ModifiesInternalConfig(config)
-    // Dafny will skip type parameters when generating a default decreases clause.
-    decreases ModifiesInternalConfig(config)
-    ensures
-      && ValidInternalConfig?(config)
-    ensures GetNumberOfQueriesEnsuresPublicly(input, output)
 }

DynamoDbEncryption/dafny/DynamoDbEncryption/Model/DynamoDbEncryption.smithy

@@ -21,7 +21,6 @@ use aws.cryptography.dbEncryptionSdk.structuredEncryption#CryptoAction
 
 use com.amazonaws.dynamodb#DynamoDB_20120810
 use com.amazonaws.dynamodb#AttributeMap
-use com.amazonaws.dynamodb#QueryInput
 use com.amazonaws.dynamodb#TableName
 use com.amazonaws.dynamodb#AttributeName
 use com.amazonaws.dynamodb#Key
@@ -46,7 +45,7 @@ use aws.cryptography.materialProviders#AwsCryptographicMaterialProviders
 )
 service DynamoDbEncryption {
     version: "2024-04-02",
-    operations: [ CreateDynamoDbEncryptionBranchKeyIdSupplier, GetEncryptedDataKeyDescription, GetNumberOfQueries],
+    operations: [ CreateDynamoDbEncryptionBranchKeyIdSupplier, GetEncryptedDataKeyDescription],
     errors: [ DynamoDbEncryptionException ]
 }
 
@@ -74,20 +73,6 @@ structure GetBucketNumberOutput {
   bucketNumber: BucketNumber
 }
 
-@javadoc("Return the necessary number of query operations for this query, based on bucket usage.")
-operation GetNumberOfQueries {
-    input: GetNumberOfQueriesInput,
-    output: GetNumberOfQueriesOutput,
-}
-structure GetNumberOfQueriesInput {
-    @required
-    input: QueryInput
-}
-structure GetNumberOfQueriesOutput {
-    @required
-    numberOfQueries: BucketCount
-}
-
 @javadoc("Returns encrypted data key description.")
 operation GetEncryptedDataKeyDescription {
     input: GetEncryptedDataKeyDescriptionInput,

DynamoDbEncryption/dafny/DynamoDbEncryption/src/AwsCryptographyDbEncryptionSdkDynamoDbOperations.dfy

@@ -43,16 +43,6 @@ module AwsCryptographyDbEncryptionSdkDynamoDbOperations refines AbstractAwsCrypt
         )
       );
   }
-  predicate GetNumberOfQueriesEnsuresPublicly(input: GetNumberOfQueriesInput , output: Result<GetNumberOfQueriesOutput, Error>)
-  {true}
-
-  method GetNumberOfQueries(config: InternalConfig, input: GetNumberOfQueriesInput)
-    returns (output: Result<GetNumberOfQueriesOutput, Error>)
-    ensures GetNumberOfQueriesEnsuresPublicly(input, output)
-  {
-    return Success(GetNumberOfQueriesOutput(numberOfQueries := 1));
-  }
-
 
   predicate GetEncryptedDataKeyDescriptionEnsuresPublicly(input: GetEncryptedDataKeyDescriptionInput , output: Result<GetEncryptedDataKeyDescriptionOutput, Error>)
   {true}

DynamoDbEncryption/dafny/DynamoDbEncryption/src/DDBSupport.dfy

@@ -32,6 +32,18 @@ module DynamoDBSupport {
   import SET = AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes
   import NN = DynamoDbNormalizeNumber
 
+  method GetNumberOfQueries(search : SearchableEncryptionInfo.BeaconVersion, actions : AttributeActions, query : DDB.QueryInput)
+    returns (output : Result<BucketCount, Error>)
+  {
+    var numberOfQueries :- Filter.GetNumQueries(
+      actions,
+      query.FilterExpression,
+      query.ExpressionAttributeNames,
+      search
+    );
+    return Success(numberOfQueries);
+  }
+
   // IsWritable examines an AttributeMap and fails if it is unsuitable for writing.
   // At the moment, this means that no attribute names starts with "aws_dbe_",
   // as all other attribute names would need to be configured, and all the

DynamoDbEncryption/dafny/DynamoDbEncryption/src/FilterExpr.dfy

@@ -1756,18 +1756,17 @@ module DynamoDBFilterExpr {
   }
 
   // try different prefixes on `prev` until something is found that is not in `values`
-  method MakeNewName(prev : string, values : DDB.ExpressionAttributeValueMap) returns (output : Result<string, Error>)
+  method MakeNewName(prev : string, values : DDB.ExpressionAttributeValueMap, value : DDB.AttributeValue) returns (output : Result<string, Error>)
     requires 0 < |prev|
     ensures output.Success? ==>
               && 0 < |output.value|
               && prev < output.value
-              && output.value !in values
   {
     var ch : char := 'A';
     for i : uint32 := 0 to 26 {
       for j : uint32 := 0 to 26 {
         var new_str := prev + [AsChar(i), AsChar(j)];
-        if new_str !in values {
+        if new_str !in values || values[new_str] == value {
           return Success(new_str);
         }
       }
@@ -1785,8 +1784,6 @@ module DynamoDBFilterExpr {
     if old_context.filterExpr.None? || new_context.filterExpr.None? || old_context.values.None? || new_context.values.None? || new_context.values == old_context.values {
       return Success(old_context);
     }
-    var result_values := old_context.values.value;
-    var result_filter := old_context.filterExpr.value;
     var new_values := SortedSets.ComputeSetToSequence(new_context.values.value.Keys);
     SequenceIsSafeBecauseItIsInMemory(new_values);
     var allUnchanged := true;
@@ -1805,6 +1802,8 @@ module DynamoDBFilterExpr {
       return Success(old_context);
     }
 
+    var result_values := old_context.values.value;
+    var result_filter := new_context.filterExpr.value;
     for i : uint64 := 0 to |new_values| as uint64
     {
       var key := new_values[i];
@@ -1818,12 +1817,12 @@ module DynamoDBFilterExpr {
         if 0 == |key| {
           return Failure(E("Unexpected zero length key in ExpressionAttributeValueMap"));
         }
-        var new_key :- MakeNewName(key, result_values);
+        var new_key :- MakeNewName(key, result_values, new_context.values.value[key]);
         result_values := result_values[new_key := new_context.values.value[key]];
-        var nFilter := String.SearchAndReplaceAll(new_context.filterExpr.value, key, new_key);
-        result_filter := result_filter + " OR (" + nFilter + ")";
+        result_filter := String.SearchAndReplaceAll(result_filter, key, new_key);
       }
     }
+    result_filter := old_context.filterExpr.value + " OR (" + result_filter + ")";
     return Success(old_context.(filterExpr := Some(result_filter), values := Some(result_values)));
   }
 
@@ -1863,6 +1862,9 @@ module DynamoDBFilterExpr {
           curr_bucket := curr_bucket + queries;
         }
       }
+      print "\nDoBeaconize ", bucket, " ", queries, "\n";
+      print "input : ", context, "\n";
+      print "output : ", tmpOutput, "\n";
       return Success(tmpOutput);
     }
   }

DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/Model/AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.dfy

@@ -103,6 +103,7 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.transform
       ExecuteTransactionInputTransform := [];
       ExecuteTransactionOutputTransform := [];
       ResolveAttributes := [];
+      GetNumberOfQueries := [];
     }
     ghost var PutItemInputTransform: seq<DafnyCallEvent<PutItemInputTransformInput, Result<PutItemInputTransformOutput, Error>>>
     ghost var PutItemOutputTransform: seq<DafnyCallEvent<PutItemOutputTransformInput, Result<PutItemOutputTransformOutput, Error>>>
@@ -131,6 +132,7 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.transform
     ghost var ExecuteTransactionInputTransform: seq<DafnyCallEvent<ExecuteTransactionInputTransformInput, Result<ExecuteTransactionInputTransformOutput, Error>>>
     ghost var ExecuteTransactionOutputTransform: seq<DafnyCallEvent<ExecuteTransactionOutputTransformInput, Result<ExecuteTransactionOutputTransformOutput, Error>>>
     ghost var ResolveAttributes: seq<DafnyCallEvent<ResolveAttributesInput, Result<ResolveAttributesOutput, Error>>>
+    ghost var GetNumberOfQueries: seq<DafnyCallEvent<GetNumberOfQueriesInput, Result<GetNumberOfQueriesOutput, Error>>>
   }
   trait {:termination false} IDynamoDbEncryptionTransformsClient
   {
@@ -564,6 +566,21 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.transform
       ensures ResolveAttributesEnsuresPublicly(input, output)
       ensures History.ResolveAttributes == old(History.ResolveAttributes) + [DafnyCallEvent(input, output)]
 
+    predicate GetNumberOfQueriesEnsuresPublicly(input: GetNumberOfQueriesInput , output: Result<GetNumberOfQueriesOutput, Error>)
+    // The public method to be called by library consumers
+    method GetNumberOfQueries ( input: GetNumberOfQueriesInput )
+      returns (output: Result<GetNumberOfQueriesOutput, Error>)
+      requires
+        && ValidState()
+      modifies Modifies - {History} ,
+               History`GetNumberOfQueries
+      // Dafny will skip type parameters when generating a default decreases clause.
+      decreases Modifies - {History}
+      ensures
+        && ValidState()
+      ensures GetNumberOfQueriesEnsuresPublicly(input, output)
+      ensures History.GetNumberOfQueries == old(History.GetNumberOfQueries) + [DafnyCallEvent(input, output)]
+
   }
   datatype ExecuteStatementInputTransformInput = | ExecuteStatementInputTransformInput (
     nameonly sdkInput: ComAmazonawsDynamodbTypes.ExecuteStatementInput
@@ -604,6 +621,12 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.transform
   datatype GetItemOutputTransformOutput = | GetItemOutputTransformOutput (
     nameonly transformedOutput: ComAmazonawsDynamodbTypes.GetItemOutput
   )
+  datatype GetNumberOfQueriesInput = | GetNumberOfQueriesInput (
+    nameonly input: ComAmazonawsDynamodbTypes.QueryInput
+  )
+  datatype GetNumberOfQueriesOutput = | GetNumberOfQueriesOutput (
+    nameonly numberOfQueries: AwsCryptographyDbEncryptionSdkDynamoDbTypes.BucketCount
+  )
   datatype PutItemInputTransformInput = | PutItemInputTransformInput (
     nameonly sdkInput: ComAmazonawsDynamodbTypes.PutItemInput
   )
@@ -1482,6 +1505,26 @@ abstract module AbstractAwsCryptographyDbEncryptionSdkDynamoDbTransformsService
       History.ResolveAttributes := History.ResolveAttributes + [DafnyCallEvent(input, output)];
     }
 
+    predicate GetNumberOfQueriesEnsuresPublicly(input: GetNumberOfQueriesInput , output: Result<GetNumberOfQueriesOutput, Error>)
+    {Operations.GetNumberOfQueriesEnsuresPublicly(input, output)}
+    // The public method to be called by library consumers
+    method GetNumberOfQueries ( input: GetNumberOfQueriesInput )
+      returns (output: Result<GetNumberOfQueriesOutput, Error>)
+      requires
+        && ValidState()
+      modifies Modifies - {History} ,
+               History`GetNumberOfQueries
+      // Dafny will skip type parameters when generating a default decreases clause.
+      decreases Modifies - {History}
+      ensures
+        && ValidState()
+      ensures GetNumberOfQueriesEnsuresPublicly(input, output)
+      ensures History.GetNumberOfQueries == old(History.GetNumberOfQueries) + [DafnyCallEvent(input, output)]
+    {
+      output := Operations.GetNumberOfQueries(config, input);
+      History.GetNumberOfQueries := History.GetNumberOfQueries + [DafnyCallEvent(input, output)];
+    }
+
   }
 }
 abstract module AbstractAwsCryptographyDbEncryptionSdkDynamoDbTransformsOperations {
@@ -1922,4 +1965,20 @@ abstract module AbstractAwsCryptographyDbEncryptionSdkDynamoDbTransformsOperatio
     ensures
       && ValidInternalConfig?(config)
     ensures ResolveAttributesEnsuresPublicly(input, output)
+
+
+  predicate GetNumberOfQueriesEnsuresPublicly(input: GetNumberOfQueriesInput , output: Result<GetNumberOfQueriesOutput, Error>)
+  // The private method to be refined by the library developer
+
+
+  method GetNumberOfQueries ( config: InternalConfig , input: GetNumberOfQueriesInput )
+    returns (output: Result<GetNumberOfQueriesOutput, Error>)
+    requires
+      && ValidInternalConfig?(config)
+    modifies ModifiesInternalConfig(config)
+    // Dafny will skip type parameters when generating a default decreases clause.
+    decreases ModifiesInternalConfig(config)
+    ensures
+      && ValidInternalConfig?(config)
+    ensures GetNumberOfQueriesEnsuresPublicly(input, output)
 }

DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/Model/DynamoDbEncryptionTransforms.smithy

@@ -7,12 +7,14 @@ use aws.cryptography.dbEncryptionSdk.dynamoDb#DynamoDbTablesEncryptionConfig
 use com.amazonaws.dynamodb#DynamoDB_20120810
 use com.amazonaws.dynamodb#TableName
 use com.amazonaws.dynamodb#AttributeMap
+use com.amazonaws.dynamodb#QueryInput
 
 use aws.cryptography.dbEncryptionSdk.dynamoDb#DynamoDbEncryption
 use aws.cryptography.dbEncryptionSdk.dynamoDb.itemEncryptor#DynamoDbItemEncryptor
 use aws.cryptography.dbEncryptionSdk.dynamoDb#VersionNumber
 use aws.cryptography.dbEncryptionSdk.structuredEncryption#StructuredEncryption
 use aws.cryptography.materialProviders#AwsCryptographicMaterialProviders
+use aws.cryptography.dbEncryptionSdk.dynamoDb#BucketCount
 
 use aws.polymorph#localService
 use aws.polymorph#javadoc
@@ -58,6 +60,7 @@ service DynamoDbEncryptionTransforms {
       ExecuteTransactionInputTransform,
       ExecuteTransactionOutputTransform,
       ResolveAttributes,
+      GetNumberOfQueries,
     ],
     errors: [ DynamoDbEncryptionTransformsException ]
 }
@@ -73,6 +76,21 @@ map StringMap {
   value : String
 }
 
+@javadoc("Return the necessary number of query operations for this query, based on bucket usage.")
+operation GetNumberOfQueries {
+    input: GetNumberOfQueriesInput,
+    output: GetNumberOfQueriesOutput,
+}
+structure GetNumberOfQueriesInput {
+    @required
+    input: QueryInput
+}
+structure GetNumberOfQueriesOutput {
+    @required
+    numberOfQueries: BucketCount
+}
+
+
 structure ResolveAttributesInput {
     @required
     @javadoc("Use the config for this Table.")