hash cache id

RitvikKapila · RitvikKapila · commit ccb525dc4c08 · 2025-01-13T16:23:21.000-08:00
diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/Model/DynamoDbEncryption.smithy b/DynamoDbEncryption/dafny/DynamoDbEncryption/Model/DynamoDbEncryption.smithy
@@ -708,6 +708,8 @@ structure KeyStoreReference {}
 //# On initialization of a Single Key Store, the caller MUST provide:
 //#  - [Beacon Key Id](#beacon-key-id)
 //#  - [cacheTTL](#cachettl)
+//#  - [cache](#key-store-cache)
+//#  - [partition-id](#partition-id)
 
 @javadoc("The configuration for using a single Beacon Key.")
 structure SingleKeyStore {
@@ -728,7 +730,8 @@ structure SingleKeyStore {
 //# On initialization of a Multi Key Store, the caller MUST provide:
 //#  - [Beacon Key Field Name](#beacon-key-field-name)
 //#  - [cacheTTL](#cachettl)
-//#  - [max cache size](#max-cache-size)
+//#  - [cache](#key-store-cache)
+//#  - [partition-id](#partition-id)
 
 @javadoc("The configuration for using multiple Beacon Keys.")
 structure MultiKeyStore {
diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/SearchInfo.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/SearchInfo.dfy
@@ -28,6 +28,7 @@ module SearchableEncryptionInfo {
   import SE = AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes
   import opened CacheConstants
   import UUID
+  import Digest
 
   //= specification/searchable-encryption/search-config.md#version-number
   //= type=implication
@@ -175,7 +176,7 @@ module SearchableEncryptionInfo {
       if keyLoc.SingleLoc? {
         :- Need(keyId.DontUseKeyId?, E("KeyID should not be supplied with a SingleKeyStore"));
         var now := Time.GetCurrent();
-        var theMap :- getKeysCache(stdNames, keyLoc.keyId, cacheTTL as MP.PositiveLong, partitionIdBytes, logicalKeyStoreNameBytes, now as MP.PositiveLong);
+        var theMap :- getKeysCache(client, stdNames, keyLoc.keyId, cacheTTL as MP.PositiveLong, partitionIdBytes, logicalKeyStoreNameBytes, now as MP.PositiveLong);
         return Success(Keys(theMap));
       } else if keyLoc.LiteralLoc? {
         :- Need(keyId.DontUseKeyId?, E("KeyID should not be supplied with a LiteralKeyStore"));
@@ -185,7 +186,7 @@ module SearchableEncryptionInfo {
         match keyId {
           case DontUseKeyId => return Failure(E("KeyID must be supplied with a MultiKeyStore"));
           case ShouldHaveKeyId => return Success(ShouldHaveKeys);
-          case KeyId(id) => var now := Time.GetCurrent(); var theMap :- getKeysCache(stdNames, id, cacheTTL as MP.PositiveLong, partitionIdBytes, logicalKeyStoreNameBytes, now as MP.PositiveLong); return Success(Keys(theMap));
+          case KeyId(id) => var now := Time.GetCurrent(); var theMap :- getKeysCache(client, stdNames, id, cacheTTL as MP.PositiveLong, partitionIdBytes, logicalKeyStoreNameBytes, now as MP.PositiveLong); return Success(Keys(theMap));
         }
       }
     }
@@ -215,6 +216,7 @@ module SearchableEncryptionInfo {
     }
 
     method getKeysCache(
+      client : Primitives.AtomicPrimitivesClient,
       stdNames : seq<string>,
       keyId : string,
       cacheTTL : MP.PositiveLong,
@@ -240,7 +242,8 @@ module SearchableEncryptionInfo {
                 && var cacheInput := Seq.Last(newHistory).input;
                 && var cacheOutput := Seq.Last(newHistory).output;
                 && UTF8.Encode(keyId).Success?
-                && cacheInput.identifier == RESOURCE_ID_HIERARCHICAL_KEYRING + NULL_BYTE + SCOPE_ID_SEARCHABLE_ENCRYPTION + NULL_BYTE + partitionIdBytes + NULL_BYTE + logicalKeyStoreNameBytes + NULL_BYTE + UTF8.Encode(keyId).value
+                // This is no longer true since we're taking a SHA384 of the identifier
+                // && cacheInput.identifier == RESOURCE_ID_HIERARCHICAL_KEYRING + NULL_BYTE + SCOPE_ID_SEARCHABLE_ENCRYPTION + NULL_BYTE + partitionIdBytes + NULL_BYTE + logicalKeyStoreNameBytes + NULL_BYTE + UTF8.Encode(keyId).value
 
                 //= specification/searchable-encryption/search-config.md#get-beacon-key-materials
                 //= type=implication
@@ -304,7 +307,23 @@ module SearchableEncryptionInfo {
       // Append Resource Id, Scope Id, Partition Id, and Suffix to create the cache identifier
       var identifier := resourceId + NULL_BYTE + scopeId + NULL_BYTE + partitionIdBytes + NULL_BYTE + suffix;
 
-      var getCacheInput := MP.GetCacheEntryInput(identifier := identifier, bytesUsed := None);
+      // Take a SHA384 of the cache identifier
+      var hashAlgorithm := Prim.DigestAlgorithm.SHA_384;
+
+      var identifierDigestInput := Prim.DigestInput(
+        digestAlgorithm := hashAlgorithm, message := identifier
+      );
+      var maybeCacheDigest := Digest.Digest(identifierDigestInput);
+      var cacheDigest :- maybeCacheDigest.MapFailure(e => AwsCryptographyPrimitives(e));
+
+      :- Need(
+        |cacheDigest| == Digest.Length(hashAlgorithm),
+        Error.DynamoDbEncryptionException(
+          message := "Digest generated a message not equal to the expected length.")
+      );
+
+      // Use the SHA384 of the identifier as the cache identifier
+      var getCacheInput := MP.GetCacheEntryInput(identifier := cacheDigest, bytesUsed := None);
       verifyValidStateCache(cache);
       var getCacheOutput := cache.GetCacheEntry(getCacheInput);
       // If error is not EntryDoesNotExist, return failure
