m

ajewellamz · ajewellamz · commit 91f67cfef1c2 · 2025-08-05T21:02:38.000-07:00
diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/DDBSupport.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/DDBSupport.dfy
@@ -224,7 +224,6 @@ module DynamoDBSupport {
     Success(DoRemoveBeacons(item))
   }
   const BucketName : string := ":aws_dbe_bucket"
-  const BucketQueriesName : string := ":aws_dbe_bucket_queries"
 
   function method GetNumber(val : DDB.AttributeValue, name : string) : Result<uint32, Error>
   {
@@ -236,16 +235,14 @@ module DynamoDBSupport {
       Failure(E("Value of " + name + " is not numeric (i.e. 'N')"))
   }
 
-  // Unlike Query, Scan must not specify BucketName nor BucketQueriesName
+  // Unlike Query, Scan must not specify BucketName
   function method TestBucketForScan(names : Option<DDB.ExpressionAttributeValueMap>)
     : Result<bool, Error>
   {
     if names.None? then
       Success(true)
     else if BucketName in names.value then
       Failure(E("A value for " + BucketName + " must not be specified for Scan operations."))
-    else if BucketQueriesName in names.value then
-      Failure(E("A value for " + BucketQueriesName + " must not be specified for Scan operations."))
     else
       Success(true)
   }
@@ -267,60 +264,31 @@ module DynamoDBSupport {
       Success((None, None))
   }
 
-  function method ExtractBucketQueries(names : Option<DDB.ExpressionAttributeValueMap>)
-    : Result<(Option<DDB.ExpressionAttributeValueMap>, Option<uint32>), Error>
-  {
-    if names.None? then
-      Success((None, None))
-    else if BucketQueriesName in names.value then
-      var val :- GetNumber(names.value[BucketQueriesName], BucketQueriesName);
-      if |names.value| == 1 then
-        Success((None, Some(val)))
-      else
-        Success((Some(names.value - {BucketQueriesName}), Some(val)))
-    else
-      Success((None, None))
-  }
-
   // Extract aws_dbe_bucket = NN from filterExpr and return bucket
   method ExtractBucket(search : SearchableEncryptionInfo.BeaconVersion, keyExpr : Option<string>, filterExpr : Option<string>, names : Option<DDB.ExpressionAttributeNameMap>, values : Option<DDB.ExpressionAttributeValueMap>, actions : AttributeActions)
-    returns (output : Result<(Option<DDB.ExpressionAttributeValueMap>, BucketNumber, Option<BucketCount>), Error>)
+    returns (output : Result<(Option<DDB.ExpressionAttributeValueMap>, BucketNumber), Error>)
     ensures output.Success? ==> output.value.1 < search.numBuckets
-    ensures output.Success? && output.value.2.Some? ==> output.value.1 < output.value.2.value <= search.numBuckets
   {
     if search.numBuckets <= 1 {
-      :- Need(values.None? || BucketName !in values.value, E(""));
-      :- Need(values.None? || BucketQueriesName !in values.value, E(""));
-      return Success((values, 0, None));
+      :- Need(values.None? || BucketName !in values.value, E("If no buckets are configured, do not specify " + BucketName));
+      return Success((values, 0));
     }
 
     var foo :- ExtractBucketNumber(values);
     var (values2, bucket) := foo;
     if bucket.Some? {
       :- Need(bucket.value < search.numBuckets as uint32, E(BucketName + " specified in FilterExpression was " + String.Base10Int2String(bucket.value as int) + " must be less than the number of buckets: " + String.Base10Int2String(search.numBuckets as int)));
       var nBucket := (bucket.value as nat) as BucketNumber;
-
-      var bar :- ExtractBucketQueries(values2);
-      var (values3, queries) := bar;
-      if queries.Some? {
-        :- Need(0 < queries.value <= search.numBuckets as uint32, E(BucketQueriesName + " specified in FilterExpression was " + String.Base10Int2String(queries.value as int) + " must be greater than zero and less than or equal to the number of buckets: " + String.Base10Int2String(search.numBuckets as int)));
-        :- Need(bucket.value < queries.value, E(BucketName + " value of " + String.Base10Int2String(bucket.value as int) + " should have been less than the " + BucketQueriesName + " value  of " + String.Base10Int2String(queries.value as int)));
-        var nQueries := (queries.value as nat) as BucketCount;
-        return Success((values3, nBucket, Some(nQueries)));
-      } else {
-        return Success((values2, nBucket, None));
-      }
+      return Success((values2, nBucket));
     }
 
-    :- Need(values.None? || BucketQueriesName !in values.value, E(""));
-
     // No bucket specified is OK if no encrypted fields are searched
     var filterHasEncField := Filter.UsesEncryptedField(Filter.ParseExprOpt(filterExpr), actions, names);
     var keyHasEncField := Filter.UsesEncryptedField(Filter.ParseExprOpt(keyExpr), actions, names);
     if keyHasEncField.Some? || filterHasEncField.Some? {
-      return Failure(E("When numberOfBuckets is greater than one, FilterExpression must start with 'aws_dbe_bucket = NN && '"));
+      return Failure(E("When numberOfBuckets is greater than one, XXXValues must contain " + BucketName));
     } else {
-      return Success((values, 0, None));
+      return Success((values, 0));
     }
   }
 
@@ -341,18 +309,13 @@ module DynamoDBSupport {
       var keyId :- Filter.GetBeaconKeyId(search.value.curr(), req.KeyConditionExpression, req.FilterExpression, req.ExpressionAttributeValues, req.ExpressionAttributeNames);
 
       var foo :- ExtractBucket(search.value.curr(), req.FilterExpression, req.KeyConditionExpression, req.ExpressionAttributeNames, req.ExpressionAttributeValues, actions);
-      var (newValues, bucket, bucket_queries) := foo;
+      var (newValues, bucket) := foo;
       var numQueries :- Filter.GetNumQueries(actions, req.KeyConditionExpression, req.ExpressionAttributeNames, search.value.curr());
-      if numQueries < bucket {
+      if numQueries <= bucket {
         return Failure(E("Bucket number was " + String.Base10Int2String(bucket as int) + " but should have been less than number of queries : " + String.Base10Int2String(numQueries as int)));
       }
-      if bucket_queries.Some? {
-        if numQueries != bucket_queries.value {
-          return Failure(E("Number of queries was " + String.Base10Int2String(numQueries as int) + " but should have been " + String.Base10Int2String(bucket_queries.value as int)));
-        }
-      }
       var oldContext := Filter.ExprContext(req.KeyConditionExpression, req.FilterExpression, newValues, req.ExpressionAttributeNames);
-      var newContext :- Filter.DoBeaconize(search.value.curr(), oldContext, keyId, bucket, bucket_queries);
+      var newContext :- Filter.DoBeaconize(search.value.curr(), oldContext, keyId, bucket, numQueries);
       return Success(req.(
                      KeyConditionExpression := newContext.keyExpr,
                      FilterExpression := newContext.filterExpr,
@@ -424,9 +387,7 @@ module DynamoDBSupport {
       var keyId :- Filter.GetBeaconKeyId(search.value.curr(), None, req.FilterExpression, req.ExpressionAttributeValues, req.ExpressionAttributeNames);
       var _ :- TestBucketForScan(req.ExpressionAttributeValues);
       var context := Filter.ExprContext(None, req.FilterExpression, req.ExpressionAttributeValues, req.ExpressionAttributeNames);
-      // For Scan, we always treat it as {:aws_dbe_bucket := 0, :aws_dbe_bucket_queries := 1}
-      var numQueries := if search.value.curr().numBuckets == 1 then None else Some(1);
-      var newContext :- Filter.DoBeaconize(search.value.curr(), context, keyId, 0, Some(1));
+      var newContext :- Filter.DoBeaconize(search.value.curr(), context, keyId, 0, 1);
       return Success(req.(
                      FilterExpression := newContext.filterExpr,
                      ExpressionAttributeNames := newContext.names,
diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/FilterExpr.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/FilterExpr.dfy
@@ -1833,16 +1833,16 @@ module DynamoDBFilterExpr {
     context : ExprContext,
     keyId : MaybeKeyId,
     bucket : BucketNumber,
-    queries : Option<BucketCount>
+    queries : BucketCount
   )
     returns (output : Result<ExprContext, Error>)
     requires b.ValidState()
     requires bucket < b.numBuckets
-    requires queries.Some? ==> bucket < queries.value <= b.numBuckets
+    requires bucket < queries <= b.numBuckets
     ensures b.ValidState()
     modifies b.Modifies()
   {
-    if queries.None? || queries.value == b.numBuckets || (b.numBuckets - bucket) <= queries.value || context.filterExpr.None? {
+    if queries == b.numBuckets || (b.numBuckets - bucket) <= queries || context.filterExpr.None? {
       output := Beaconize(b, context, keyId, bucket);
     } else {
       var curr_bucket : BucketNumber := bucket;
@@ -1857,10 +1857,10 @@ module DynamoDBFilterExpr {
         } else {
           tmpOutput :- AddContext(tmpOutput, localOut);
         }
-        if (b.numBuckets - curr_bucket) <= queries.value {
+        if (b.numBuckets - curr_bucket) <= queries {
           break;
         } else {
-          curr_bucket := curr_bucket + queries.value;
+          curr_bucket := curr_bucket + queries;
         }
       }
       return Success(tmpOutput);
diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/test/Beacon.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/test/Beacon.dfy
@@ -27,7 +27,7 @@ module TestBaseBeacon {
     var primitives :- expect Primitives.AtomicPrimitives();
 
     var bb := BeaconBase(client := primitives, name := "foo", beaconName := "aws_dbe_b_foo");
-    var b := StandardBeacon(bb, 8, TermLocMap("foo"), false, false, None, 0);
+    var b := StandardBeacon(bb, 8, TermLocMap("foo"), false, false, None, 1);
     var bytes :- expect bb.getHmac([1,2,3], key := [1,2]);
     expect bytes == [0x27, 0x93, 0x93, 0x8b, 0x26, 0xe9, 0x52, 0x7e];
     var str :- expect b.hash([1,2,3], key := [1,2], bucket := 0);
diff --git a/TestVectors/dafny/DDBEncryption/src/TestVectors.dfy b/TestVectors/dafny/DDBEncryption/src/TestVectors.dfy
@@ -185,7 +185,7 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors {
       ]
     }
 
-    method DoBucketQuery(client : DDB.IDynamoDBClient, bucket : nat, query : DDB.QueryInput, counts : array<int>, queryName : string, custom : bool, filtered : bool, numQueries : nat)
+    method DoBucketQuery(client : DDB.IDynamoDBClient, bucket : nat, query : DDB.QueryInput, counts : array<int>, queryName : string, custom : bool, numQueries : nat)
       requires counts.Length == 100
       requires client.ValidState()
       requires client.Modifies !! {counts}
@@ -203,10 +203,6 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors {
         var bucketNumber := DDB.AttributeValue.N(String.Base10Int2String(bucket));
         var values : DDB.ExpressionAttributeValueMap := query.ExpressionAttributeValues.UnwrapOr(map[]);
         values := values[":aws_dbe_bucket" := bucketNumber];
-        if filtered {
-          var bucketQueries := DDB.AttributeValue.N(String.Base10Int2String(numQueries));
-          values := values[":aws_dbe_bucket_queries" := bucketQueries];
-        }
         var q := query.(ExclusiveStartKey := lastKey, ExpressionAttributeValues := Some(values));
         var result :- expect client.Query(q);
         if result.Items.Some? {
@@ -242,7 +238,7 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors {
       }
     }
 
-    method TestBucketQueryFailure(client : DDB.IDynamoDBClient, bucket : nat, query : DDB.QueryInput, counts : array<int>, queryName : string, custom : bool, filtered : bool, numQueries : nat)
+    method TestBucketQueryFailure(client : DDB.IDynamoDBClient, bucket : nat, query : DDB.QueryInput, counts : array<int>, queryName : string, custom : bool, numQueries : nat)
       requires counts.Length == 100
       requires client.ValidState()
       requires client.Modifies !! {counts}
@@ -254,28 +250,24 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors {
       var bucketNumber := DDB.AttributeValue.N(String.Base10Int2String(bucket));
       var values : DDB.ExpressionAttributeValueMap := query.ExpressionAttributeValues.UnwrapOr(map[]);
       values := values[":aws_dbe_bucket" := bucketNumber];
-      if filtered {
-        var bucketQueries := DDB.AttributeValue.N(String.Base10Int2String(numQueries));
-        values := values[":aws_dbe_bucket_queries" := bucketQueries];
-      }
       var q := query.(ExpressionAttributeValues := Some(values));
       var result := client.Query(q);
-      // expect result.Failure?;
+      expect result.Failure?;
     }
 
 
-    method TestBucketQueries(client : DDB.IDynamoDBClient, numQueries : nat, q : DDB.QueryInput, queryName : string, custom : bool := false, filtered : bool := false)
+    method TestBucketQueries(client : DDB.IDynamoDBClient, numQueries : nat, q : DDB.QueryInput, queryName : string, custom : bool := false)
       requires 0 < numQueries <= 5
       requires client.ValidState()
       ensures client.ValidState()
       modifies client.Modifies
     {
       var counts: array<int> := new int[100](i => 0);
       for i := 0 to numQueries {
-        DoBucketQuery(client, i, q, counts, queryName, custom, filtered, numQueries);
+        DoBucketQuery(client, i, q, counts, queryName, custom, numQueries);
       }
       for i := numQueries to 5 {
-        TestBucketQueryFailure(client, i, q, counts, queryName, custom, filtered, numQueries);
+        TestBucketQueryFailure(client, i, q, counts, queryName, custom, numQueries);
       }
 
       var wasBad : bool := false;
@@ -414,6 +406,7 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors {
 
     method BucketTests()
     {
+      print "BucketTests\n";
       BucketTest1();
       BucketTest2();
     }
@@ -447,10 +440,10 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors {
       TestBucketQueries(rClient, 5, GetBucketQuery51(), "bucket query 51");
       TestBucketQueries(rClient, 5, GetBucketQuery23(), "bucket query 23");
 
-      TestBucketQueries(rClient, 1, GetBucketQuery15F(), "bucket query 15F", false, true);
-      TestBucketQueries(rClient, 2, GetBucketQuery25F(), "bucket query 25F", false, true);
-      TestBucketQueries(rClient, 3, GetBucketQuery35F(), "bucket query 35F", false, true);
-      TestBucketQueries(rClient, 4, GetBucketQuery45F(), "bucket query 45F", false, true);
+      TestBucketQueries(rClient, 1, GetBucketQuery15F(), "bucket query 15F", false);
+      TestBucketQueries(rClient, 2, GetBucketQuery25F(), "bucket query 25F", false);
+      TestBucketQueries(rClient, 3, GetBucketQuery35F(), "bucket query 35F", false);
+      TestBucketQueries(rClient, 4, GetBucketQuery45F(), "bucket query 45F", false);
     }
 
     // As BucketTest1, but with custom bucket selector
@@ -482,10 +475,10 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors {
       TestBucketQueries(rClient, 5, GetBucketQuery51(), "bucket query 51a", true);
       TestBucketQueries(rClient, 5, GetBucketQuery23(), "bucket query 23a", true);
 
-      TestBucketQueries(rClient, 1, GetBucketQuery15F(), "bucket query 15Fa", true, true);
-      TestBucketQueries(rClient, 2, GetBucketQuery25F(), "bucket query 25Fa", true, true);
-      TestBucketQueries(rClient, 3, GetBucketQuery35F(), "bucket query 35Fa", true, true);
-      TestBucketQueries(rClient, 4, GetBucketQuery45F(), "bucket query 45Fa", true, true);
+      TestBucketQueries(rClient, 1, GetBucketQuery15F(), "bucket query 15Fa", true);
+      TestBucketQueries(rClient, 2, GetBucketQuery25F(), "bucket query 25Fa", true);
+      TestBucketQueries(rClient, 3, GetBucketQuery35F(), "bucket query 35Fa", true);
+      TestBucketQueries(rClient, 4, GetBucketQuery45F(), "bucket query 45Fa", true);
     }
 
     function NewOrderRecord(i : nat, str : string) : Record
