Skip to content

Commit 1d801ef

Browse files
rishav-karanjitrishav-karanjit
committed
Assign Salt, IV and Version length constant
1 parent f804374 commit 1d801ef

File tree

2 files changed

+6
-3
lines changed

2 files changed

+6
-3
lines changed

DynamoDbEncryption/dafny/DynamoDbEncryption/src/AwsCryptographyDbEncryptionSdkDynamoDbOperations.dfy

+6-2
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,10 @@ module AwsCryptographyDbEncryptionSdkDynamoDbOperations refines AbstractAwsCrypt
1212
import Header = StructuredEncryptionHeader
1313
import opened DynamoDbEncryptionUtil
1414

15+
const SALT_LENGTH := 16
16+
const IV_LENGTH := 12
17+
const VERSION_LENGTH := 16
18+
1519
predicate ValidInternalConfig?(config: InternalConfig)
1620
{true}
1721

@@ -91,8 +95,8 @@ module AwsCryptographyDbEncryptionSdkDynamoDbOperations refines AbstractAwsCrypt
9195
// The ciphertext structure in the hierarchy keyring contains Salt and IV before Version.
9296
// The length of Salt is 16 and IV is 12 bytes. The length of Version is 16 bytes.
9397
// https://github.com/awslabs/aws-encryption-sdk-specification/blob/master/framework/aws-kms/aws-kms-hierarchical-keyring.md#ciphertext
94-
var EDK_CIPHERTEXT_BRANCH_KEY_VERSION_INDEX := 12 + 16;
95-
var EDK_CIPHERTEXT_VERSION_INDEX := EDK_CIPHERTEXT_BRANCH_KEY_VERSION_INDEX + 16;
98+
var EDK_CIPHERTEXT_BRANCH_KEY_VERSION_INDEX := SALT_LENGTH + IV_LENGTH;
99+
var EDK_CIPHERTEXT_VERSION_INDEX := EDK_CIPHERTEXT_BRANCH_KEY_VERSION_INDEX + VERSION_LENGTH;
96100
:- Need(EDK_CIPHERTEXT_BRANCH_KEY_VERSION_INDEX < EDK_CIPHERTEXT_VERSION_INDEX, E("Wrong branch key version index."));
97101
:- Need(|providerWrappedMaterial| >= EDK_CIPHERTEXT_VERSION_INDEX, E("Incorrect ciphertext structure length."));
98102
var branchKeyVersionUuid := providerWrappedMaterial[EDK_CIPHERTEXT_BRANCH_KEY_VERSION_INDEX .. EDK_CIPHERTEXT_VERSION_INDEX];

DynamoDbEncryption/dafny/DynamoDbEncryption/test/DynamoDbGetEncryptedDataKeyDescriptionTest.dfy

-1
Original file line numberDiff line numberDiff line change
@@ -263,7 +263,6 @@ module DynamoDbGetEncryptedDataKeyDescriptionTest {
263263
);
264264
var actualDataKeyDescription :- expect ddbEncResources.GetEncryptedDataKeyDescription(inputVariable);
265265

266-
267266
expect |actualDataKeyDescription.EncryptedDataKeyDescriptionOutput| == |expectedHead.dataKeys|;
268267
expect |actualDataKeyDescription.EncryptedDataKeyDescriptionOutput| > 0;
269268

0 commit comments

Comments
 (0)