Added precontition for the proof and added few comments

Author: rishav-karanjit

DynamoDbEncryption/dafny/DynamoDbEncryption/src/AwsCryptographyDbEncryptionSdkDynamoDbOperations.dfy

@@ -9,6 +9,7 @@ module AwsCryptographyDbEncryptionSdkDynamoDbOperations refines AbstractAwsCrypt
   import UUID
   import AlgorithmSuites
   import DynamoToStruct
+  import opened DynamoDbEncryptionUtil
 
   import Header = StructuredEncryptionHeader
 
@@ -48,8 +49,12 @@ module AwsCryptographyDbEncryptionSdkDynamoDbOperations refines AbstractAwsCrypt
     ensures output.Success? ==> (    
       match input.input {
         case plaintextItem(item) => 
-          "aws_dbe_head" in DynamoToStruct.ItemToStructured(item).Extract().Keys
-          && Header.PartialDeserialize(DynamoToStruct.ItemToStructured(item).Extract()["aws_dbe_head"].content.Terminal.value).Success?
+          DynamoToStruct.ItemToStructured(item).Success?
+          && var extracted := DynamoToStruct.ItemToStructured(item).Extract();
+          && var keys := extracted.Keys;
+          && "aws_dbe_head" in DynamoToStruct.ItemToStructured(item).Extract()
+          && var header := DynamoToStruct.ItemToStructured(item).Extract()["aws_dbe_head"].content.Terminal.value;
+          && Header.PartialDeserialize(header).Success?
         case header(header) => 
           Header.PartialDeserialize(header).Success?
       }
@@ -59,16 +64,18 @@ module AwsCryptographyDbEncryptionSdkDynamoDbOperations refines AbstractAwsCrypt
     match input.input
     {
       case plaintextItem(plaintextItem) =>{
+        :- Need(DynamoToStruct.ItemToStructured(plaintextItem).Success?, E("error"));
+        :- Need("aws_dbe_head" in DynamoToStruct.ItemToStructured(plaintextItem).Extract(), E("error"));
         header := DynamoToStruct.ItemToStructured(plaintextItem).Extract()["aws_dbe_head"].content.Terminal.value;
       }
-      case header(headeritem) => {
+      case header(headeritem) =>
         header := headeritem;
-      } 
     }
+    :- Need(Header.PartialDeserialize(header).Success?, E("error"));
     var deserializedHeader := Header.PartialDeserialize(header);
-    print deserializedHeader;
 
     var algorithmSuite;
+    
     if deserializedHeader.Extract().flavor == 0{
       algorithmSuite := AlgorithmSuites.DBE_ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_SYMSIG_HMAC_SHA384;
     }
@@ -77,18 +84,29 @@ module AwsCryptographyDbEncryptionSdkDynamoDbOperations refines AbstractAwsCrypt
     }
 
     var datakeys := deserializedHeader.Extract().dataKeys;
-    var list : EncryptedDataKeyDescriptionList;
+    var list : EncryptedDataKeyDescriptionList := [];
     for i := 0 to |datakeys| {
       var singleDataKeyOutput : EncryptedDataKeyDescriptionOutput;
+      
+      :- Need(UTF8.Decode(datakeys[i].keyProviderId).Success?, E("error"));
+      :- Need(UTF8.Decode(datakeys[i].keyProviderInfo).Success?, E("error"));
       if UTF8.Decode(datakeys[i].keyProviderId).Extract() == "aws-kms-hierarchy" {
-
+        :- Need(EdkWrapping.GetProviderWrappedMaterial(datakeys[i].ciphertext, algorithmSuite).Success?, E("error"));
+        
         var providerWrappedMaterial := EdkWrapping.GetProviderWrappedMaterial(datakeys[i].ciphertext, algorithmSuite).Extract();
 
+        // The ciphertext structure in the hierarchy keyring contains Salt and IV before Version.
+        // The length of Salt is 16 and IV is 12 bytes.
+        // https://github.com/awslabs/aws-encryption-sdk-specification/blob/master/framework/aws-kms/aws-kms-hierarchical-keyring.md#ciphertext
+        
         var EDK_CIPHERTEXT_BRANCH_KEY_VERSION_INDEX := 12 + 16;
         var EDK_CIPHERTEXT_VERSION_INDEX := EDK_CIPHERTEXT_BRANCH_KEY_VERSION_INDEX + 16;
 
+        :- Need(EDK_CIPHERTEXT_BRANCH_KEY_VERSION_INDEX < EDK_CIPHERTEXT_VERSION_INDEX, E("error"));
+        :- Need(|providerWrappedMaterial| >= EDK_CIPHERTEXT_VERSION_INDEX, E("error"));
         var branchKeyVersionUuid := providerWrappedMaterial[EDK_CIPHERTEXT_BRANCH_KEY_VERSION_INDEX .. EDK_CIPHERTEXT_VERSION_INDEX];
-      
+        :- Need(UUID.FromByteArray(branchKeyVersionUuid).Success?, E("error"));
+
         singleDataKeyOutput := EncryptedDataKeyDescriptionOutput(
           keyProviderId := UTF8.Decode(datakeys[i].keyProviderId).Extract(),
           keyProviderInfo := UTF8.Decode(datakeys[i].keyProviderInfo).Extract(), 

DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/Model/AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.dfy

@@ -741,7 +741,6 @@ include "../../../../submodules/MaterialProviders/StandardLibrary/src/Index.dfy"
  function method DefaultDynamoDbTablesEncryptionConfig(): AwsCryptographyDbEncryptionSdkDynamoDbTypes.DynamoDbTablesEncryptionConfig
  method DynamoDbEncryptionTransforms(config: AwsCryptographyDbEncryptionSdkDynamoDbTypes.DynamoDbTablesEncryptionConfig := DefaultDynamoDbTablesEncryptionConfig())
  returns (res: Result<IDynamoDbEncryptionTransformsClient, Error>)
-// BEGIN MANUAL EDIT
  requires var tmps0 := set t0 | t0 in config.tableEncryptionConfigs.Values;
  forall tmp0 :: tmp0 in tmps0 ==>
  tmp0.keyring.Some? ==>

DynamoDbEncryption/dafny/DynamoDbItemEncryptor/test/DynamoDBItemEncryptorTest.dfy

@@ -2,11 +2,15 @@
 // SPDX-License-Identifier: Apache-2.0
 include "../../DynamoDbEncryption/src/Index.dfy"
 include "../../DynamoDbEncryptionTransforms/test/TestFixtures.dfy"
-
+include "../../../../submodules/MaterialProviders/AwsCryptographicMaterialProviders/dafny/AwsCryptographicMaterialProviders/src/KeyWrapping/EdkWrapping.dfy"
+include "../../../../submodules/MaterialProviders/StandardLibrary/src/UUID.dfy"
 module DynamoDbItemEncryptorTest {
   import opened Wrappers
   import opened StandardLibrary.UInt
   import opened DynamoDbItemEncryptorUtil
+  import StructuredEncryptionHeader
+  import EdkWrapping
+  import UUID
   import MaterialProviders
   import DynamoDbItemEncryptor
   import AwsCryptographyMaterialProvidersTypes
@@ -442,6 +446,19 @@ module DynamoDbItemEncryptorTest {
 
     var parsedHeader := decryptRes.value.parsedHeader;
     expect parsedHeader.Some?;
+    // parsedHeader.value.getSomething();
+    print "\n\n",UTF8.Decode(parsedHeader.value.encryptedDataKeys[0].keyProviderId).Extract();
+    print "\n\n",UTF8.Decode(parsedHeader.value.encryptedDataKeys[0].keyProviderInfo).Extract();
+    print "\n\n",parsedHeader.value.encryptedDataKeys[0].ciphertext;
+    var providerWrappedMaterial := EdkWrapping.GetProviderWrappedMaterial(parsedHeader.value.encryptedDataKeys[0].ciphertext, AlgorithmSuites.DBE_ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384_SYMSIG_HMAC_SHA384).Extract();
+
+    var EDK_CIPHERTEXT_BRANCH_KEY_VERSION_INDEX := 12 + 16;
+    var EDK_CIPHERTEXT_VERSION_INDEX := EDK_CIPHERTEXT_BRANCH_KEY_VERSION_INDEX + 16;
+
+    var branchKeyVersionUuid := providerWrappedMaterial[EDK_CIPHERTEXT_BRANCH_KEY_VERSION_INDEX .. EDK_CIPHERTEXT_VERSION_INDEX];
+    var version := UUID.FromByteArray(branchKeyVersionUuid).Extract();
+
+    print "\n\n",version;
     expect parsedHeader.value.algorithmSuiteId == AlgorithmSuites.DBE_ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384_SYMSIG_HMAC_SHA384.id.DBE;
     expect parsedHeader.value.attributeActionsOnEncrypt == TestFixtures.GetSignedAttributeActions();
     // Expect the verification key in the context

DynamoDbEncryption/dafny/StructuredEncryption/test/Header.dfy

@@ -33,6 +33,9 @@ module TestHeader {
     );
     var ser := head.serialize() + head.msgID; // msgID as fake commitment
     var orig :- expect PartialDeserialize(ser);
+    print "\n\n SER: ", ser , "\n\n";
+    print "\n\n keyProviderId:", Decode(orig.dataKeys[0].keyProviderId).Extract() , "\n\n";
+    print "\n\n keyProviderId:", orig.dataKeys[0].keyProviderInfo , "\n\n";
     expect orig == head;
   }
 

DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/DynamoDbEncryption.java

@@ -12,6 +12,8 @@
 import software.amazon.cryptography.dbencryptionsdk.dynamodb.model.CreateDynamoDbEncryptionBranchKeyIdSupplierInput;
 import software.amazon.cryptography.dbencryptionsdk.dynamodb.model.CreateDynamoDbEncryptionBranchKeyIdSupplierOutput;
 import software.amazon.cryptography.dbencryptionsdk.dynamodb.model.DynamoDbEncryptionConfig;
+import software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetEncryptedDataKeyDescriptionInput;
+import software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetEncryptedDataKeyDescriptionOutput;
 
 public class DynamoDbEncryption {
   private final IDynamoDbEncryptionClient _impl;
@@ -50,6 +52,16 @@ public CreateDynamoDbEncryptionBranchKeyIdSupplierOutput CreateDynamoDbEncryptio
     return ToNative.CreateDynamoDbEncryptionBranchKeyIdSupplierOutput(result.dtor_value());
   }
 
+  public GetEncryptedDataKeyDescriptionOutput GetEncryptedDataKeyDescription(
+      GetEncryptedDataKeyDescriptionInput input) {
+    software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetEncryptedDataKeyDescriptionInput dafnyValue = ToDafny.GetEncryptedDataKeyDescriptionInput(input);
+    Result<software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetEncryptedDataKeyDescriptionOutput, Error> result = this._impl.GetEncryptedDataKeyDescription(dafnyValue);
+    if (result.is_Failure()) {
+      throw ToNative.Error(result.dtor_error());
+    }
+    return ToNative.GetEncryptedDataKeyDescriptionOutput(result.dtor_value());
+  }
+
   protected IDynamoDbEncryptionClient impl() {
     return this._impl;
   }

DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/ToDafny.java

@@ -27,11 +27,15 @@
 import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.DynamoDbEncryptionConfig;
 import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.DynamoDbTableEncryptionConfig;
 import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.DynamoDbTablesEncryptionConfig;
+import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.EncryptedDataKeyDescriptionOutput;
 import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.EncryptedPart;
 import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.Error;
 import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.Error_DynamoDbEncryptionException;
 import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetBranchKeyIdFromDdbKeyInput;
 import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetBranchKeyIdFromDdbKeyOutput;
+import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetEncryptedDataKeyDescriptionInput;
+import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetEncryptedDataKeyDescriptionOutput;
+import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetEncryptedDataKeyDescriptionUnion;
 import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPrefix;
 import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetSegment;
 import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetSegments;
@@ -238,6 +242,23 @@ public static DynamoDbTablesEncryptionConfig DynamoDbTablesEncryptionConfig(
     return new DynamoDbTablesEncryptionConfig(tableEncryptionConfigs);
   }
 
+  public static EncryptedDataKeyDescriptionOutput EncryptedDataKeyDescriptionOutput(
+      software.amazon.cryptography.dbencryptionsdk.dynamodb.model.EncryptedDataKeyDescriptionOutput nativeValue) {
+    DafnySequence<? extends Character> keyProviderId;
+    keyProviderId = software.amazon.smithy.dafny.conversion.ToDafny.Simple.CharacterSequence(nativeValue.keyProviderId());
+    DafnySequence<? extends Character> keyProviderInfo;
+    keyProviderInfo = software.amazon.smithy.dafny.conversion.ToDafny.Simple.CharacterSequence(nativeValue.keyProviderInfo());
+    Option<DafnySequence<? extends Character>> branchKeyId;
+    branchKeyId = Objects.nonNull(nativeValue.branchKeyId()) ?
+        Option.create_Some(software.amazon.smithy.dafny.conversion.ToDafny.Simple.CharacterSequence(nativeValue.branchKeyId()))
+        : Option.create_None();
+    Option<DafnySequence<? extends Character>> branchKeyVersion;
+    branchKeyVersion = Objects.nonNull(nativeValue.branchKeyVersion()) ?
+        Option.create_Some(software.amazon.smithy.dafny.conversion.ToDafny.Simple.CharacterSequence(nativeValue.branchKeyVersion()))
+        : Option.create_None();
+    return new EncryptedDataKeyDescriptionOutput(keyProviderId, keyProviderInfo, branchKeyId, branchKeyVersion);
+  }
+
   public static EncryptedPart EncryptedPart(
       software.amazon.cryptography.dbencryptionsdk.dynamodb.model.EncryptedPart nativeValue) {
     DafnySequence<? extends Character> name;
@@ -261,6 +282,20 @@ public static GetBranchKeyIdFromDdbKeyOutput GetBranchKeyIdFromDdbKeyOutput(
     return new GetBranchKeyIdFromDdbKeyOutput(branchKeyId);
   }
 
+  public static GetEncryptedDataKeyDescriptionInput GetEncryptedDataKeyDescriptionInput(
+      software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetEncryptedDataKeyDescriptionInput nativeValue) {
+    GetEncryptedDataKeyDescriptionUnion input;
+    input = ToDafny.GetEncryptedDataKeyDescriptionUnion(nativeValue.input());
+    return new GetEncryptedDataKeyDescriptionInput(input);
+  }
+
+  public static GetEncryptedDataKeyDescriptionOutput GetEncryptedDataKeyDescriptionOutput(
+      software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetEncryptedDataKeyDescriptionOutput nativeValue) {
+    DafnySequence<? extends EncryptedDataKeyDescriptionOutput> encryptedDataKeyDescriptionOutput;
+    encryptedDataKeyDescriptionOutput = ToDafny.EncryptedDataKeyDescriptionList(nativeValue.EncryptedDataKeyDescriptionOutput());
+    return new GetEncryptedDataKeyDescriptionOutput(encryptedDataKeyDescriptionOutput);
+  }
+
   public static GetPrefix GetPrefix(
       software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetPrefix nativeValue) {
     Integer length;
@@ -506,6 +541,17 @@ public static BeaconStyle BeaconStyle(
     throw new IllegalArgumentException("Cannot convert " + nativeValue + " to software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.BeaconStyle.");
   }
 
+  public static GetEncryptedDataKeyDescriptionUnion GetEncryptedDataKeyDescriptionUnion(
+      software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetEncryptedDataKeyDescriptionUnion nativeValue) {
+    if (Objects.nonNull(nativeValue.header())) {
+      return GetEncryptedDataKeyDescriptionUnion.create_header(software.amazon.smithy.dafny.conversion.ToDafny.Simple.ByteSequence(nativeValue.header()));
+    }
+    if (Objects.nonNull(nativeValue.plaintextItem())) {
+      return GetEncryptedDataKeyDescriptionUnion.create_plaintextItem(software.amazon.cryptography.services.dynamodb.internaldafny.ToDafny.AttributeMap(nativeValue.plaintextItem()));
+    }
+    throw new IllegalArgumentException("Cannot convert " + nativeValue + " to software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetEncryptedDataKeyDescriptionUnion.");
+  }
+
   public static VirtualTransform VirtualTransform(
       software.amazon.cryptography.dbencryptionsdk.dynamodb.model.VirtualTransform nativeValue) {
     if (Objects.nonNull(nativeValue.upper())) {
@@ -567,6 +613,14 @@ public static DafnySequence<? extends ConstructorPart> ConstructorPartList(
         ConstructorPart._typeDescriptor());
   }
 
+  public static DafnySequence<? extends EncryptedDataKeyDescriptionOutput> EncryptedDataKeyDescriptionList(
+      List<software.amazon.cryptography.dbencryptionsdk.dynamodb.model.EncryptedDataKeyDescriptionOutput> nativeValue) {
+    return software.amazon.smithy.dafny.conversion.ToDafny.Aggregate.GenericToSequence(
+        nativeValue, 
+        software.amazon.cryptography.dbencryptionsdk.dynamodb.ToDafny::EncryptedDataKeyDescriptionOutput, 
+        EncryptedDataKeyDescriptionOutput._typeDescriptor());
+  }
+
   public static DafnySequence<? extends EncryptedPart> EncryptedPartsList(
       List<software.amazon.cryptography.dbencryptionsdk.dynamodb.model.EncryptedPart> nativeValue) {
     return software.amazon.smithy.dafny.conversion.ToDafny.Aggregate.GenericToSequence(