Merge branch 'main' into update-names

Author: kessplas

.github/workflows/library_format.yml

@@ -39,7 +39,7 @@ jobs:
       - name: Setup Dafny
         uses: dafny-lang/[email protected]
         with:
-          dafny-version: ${{ '4.2.0' }}
+          dafny-version: ${{ inputs.dafny }}
 
       - name: Check format of Java code et al
         run: |

DynamoDbEncryption/dafny/DynamoDbEncryption/Model/AwsCryptographyDbEncryptionSdkDynamoDbTypes.dfy

@@ -143,7 +143,9 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.internald
                && output.value.branchKeyIdSupplier.ValidState()
                && output.value.branchKeyIdSupplier.Modifies !! {History}
                && fresh(output.value.branchKeyIdSupplier)
-               && fresh ( output.value.branchKeyIdSupplier.Modifies - Modifies - {History} - input.ddbKeyBranchKeyIdSupplier.Modifies ) )
+               && fresh ( output.value.branchKeyIdSupplier.Modifies
+                          - Modifies - {History}
+                          - input.ddbKeyBranchKeyIdSupplier.Modifies ) )
       ensures CreateDynamoDbEncryptionBranchKeyIdSupplierEnsuresPublicly(input, output)
       ensures History.CreateDynamoDbEncryptionBranchKeyIdSupplier == old(History.CreateDynamoDbEncryptionBranchKeyIdSupplier) + [DafnyCallEvent(input, output)]
 
@@ -535,7 +537,9 @@ abstract module AbstractAwsCryptographyDbEncryptionSdkDynamoDbService
                && output.value.branchKeyIdSupplier.ValidState()
                && output.value.branchKeyIdSupplier.Modifies !! {History}
                && fresh(output.value.branchKeyIdSupplier)
-               && fresh ( output.value.branchKeyIdSupplier.Modifies - Modifies - {History} - input.ddbKeyBranchKeyIdSupplier.Modifies ) )
+               && fresh ( output.value.branchKeyIdSupplier.Modifies
+                          - Modifies - {History}
+                          - input.ddbKeyBranchKeyIdSupplier.Modifies ) )
       ensures CreateDynamoDbEncryptionBranchKeyIdSupplierEnsuresPublicly(input, output)
       ensures History.CreateDynamoDbEncryptionBranchKeyIdSupplier == old(History.CreateDynamoDbEncryptionBranchKeyIdSupplier) + [DafnyCallEvent(input, output)]
     {
@@ -592,7 +596,9 @@ abstract module AbstractAwsCryptographyDbEncryptionSdkDynamoDbOperations {
       && ( output.Success? ==>
              && output.value.branchKeyIdSupplier.ValidState()
              && fresh(output.value.branchKeyIdSupplier)
-             && fresh ( output.value.branchKeyIdSupplier.Modifies - ModifiesInternalConfig(config) - input.ddbKeyBranchKeyIdSupplier.Modifies ) )
+             && fresh ( output.value.branchKeyIdSupplier.Modifies
+                        - ModifiesInternalConfig(config)
+                        - input.ddbKeyBranchKeyIdSupplier.Modifies ) )
     ensures CreateDynamoDbEncryptionBranchKeyIdSupplierEnsuresPublicly(input, output)
 
 

DynamoDbEncryption/dafny/DynamoDbEncryption/src/Beacon.dfy

@@ -19,7 +19,7 @@ module BaseBeacon {
 
   import DDB = ComAmazonawsDynamodbTypes
   import Prim = AwsCryptographyPrimitivesTypes
-  import Aws.Cryptography.Primitives
+  import Primitives = AtomicPrimitives
   import UTF8
   import SortedSets
   import TermLoc

DynamoDbEncryption/dafny/DynamoDbEncryption/src/CompoundBeacon.dfy

@@ -16,7 +16,7 @@ module CompoundBeacon {
   import opened DdbVirtualFields
 
   import Prim = AwsCryptographyPrimitivesTypes
-  import Aws.Cryptography.Primitives
+  import Primitives = AtomicPrimitives
   import UTF8
   import Seq
   import SortedSets

DynamoDbEncryption/dafny/DynamoDbEncryption/src/ConfigToInfo.dfy

@@ -32,7 +32,7 @@ module SearchConfigToInfo {
   import CB = CompoundBeacon
   import SE = AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes
   import MPT = AwsCryptographyMaterialProvidersTypes
-  import Aws.Cryptography.Primitives
+  import Primitives = AtomicPrimitives
 
   // convert configured SearchConfig to internal SearchInfo
   method Convert(outer : DynamoDbTableEncryptionConfig)
@@ -137,14 +137,19 @@ module SearchConfigToInfo {
       else
         MPT.Default(Default := MPT.DefaultCache(entryCapacity := 1));
 
-    //= specification/searchable-encryption/search-config.md#key-store-cache
-    //# For a Beacon Key Source a [CMC](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/cryptographic-materials-cache.md)
-    //# MUST be created.
-    var input := MPT.CreateCryptographicMaterialsCacheInput(
-      cache := cacheType
-    );
-    var maybeCache := mpl.CreateCryptographicMaterialsCache(input);
-    var cache :- maybeCache.MapFailure(e => AwsCryptographyMaterialProviders(e));
+    var cache;
+    if cacheType.Shared? {
+      cache := cacheType.Shared;
+    } else {
+      //= specification/searchable-encryption/search-config.md#key-store-cache
+      //# For a Beacon Key Source a [CMC](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/cryptographic-materials-cache.md)
+      //# MUST be created.
+      var input := MPT.CreateCryptographicMaterialsCacheInput(
+        cache := cacheType
+      );
+      var maybeCache := mpl.CreateCryptographicMaterialsCache(input);
+      cache :- maybeCache.MapFailure(e => AwsCryptographyMaterialProviders(e));
+    }
 
     if config.multi? {
       :- Need(0 < config.multi.cacheTTL, E("Beacon Cache TTL must be at least 1."));

DynamoDbEncryption/dafny/DynamoDbEncryption/src/SearchInfo.dfy

@@ -21,7 +21,7 @@ module SearchableEncryptionInfo {
   import UTF8
   import opened Time
   import KeyStore = AwsCryptographyKeyStoreTypes
-  import Aws.Cryptography.Primitives
+  import Primitives = AtomicPrimitives
   import Prim = AwsCryptographyPrimitivesTypes
   import MP = AwsCryptographyMaterialProvidersTypes
   import KeyStoreTypes = AwsCryptographyKeyStoreTypes
@@ -71,11 +71,11 @@ module SearchableEncryptionInfo {
       //# MUST be generated in accordance with [HMAC Key Generation](#hmac-key-generation).
       var newKey :- GetBeaconKey(client, key, keysLeft[0]);
       reveal Seq.HasNoDuplicates();
-      //= specification/searchable-encryption/search-config.md#get-beacon-key-materials
-      //# [Beacon Key Materials](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/structures.md#beacon-key-materials) MUST be generated
-      //# with the [beacon key id](#beacon-key-id) equal to the `beacon key id`
-      //# and the [HMAC Keys](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/structures.md#hmac-keys) equal to a map
-      //# of every [standard beacons](beacons.md#standard-beacon-initialization) name to its generated HMAC key.
+             //= specification/searchable-encryption/search-config.md#get-beacon-key-materials
+             //# [Beacon Key Materials](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/structures.md#beacon-key-materials) MUST be generated
+             //# with the [beacon key id](#beacon-key-id) equal to the `beacon key id`
+             //# and the [HMAC Keys](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/structures.md#hmac-keys) equal to a map
+             //# of every [standard beacons](beacons.md#standard-beacon-initialization) name to its generated HMAC key.
       output := GetHmacKeys(client, allKeys, keysLeft[1..], key, acc[keysLeft[0] := newKey]);
     }
   }

DynamoDbEncryption/dafny/DynamoDbEncryption/test/BeaconTestFixtures.dfy

@@ -17,7 +17,7 @@ module BeaconTestFixtures {
   import DDBC = Com.Amazonaws.Dynamodb
   import KTypes = AwsCryptographyKeyStoreTypes
   import SI = SearchableEncryptionInfo
-  import Aws.Cryptography.Primitives
+  import Primitives = AtomicPrimitives
   import MaterialProviders
   import MPT = AwsCryptographyMaterialProvidersTypes
   import SortedSets
@@ -181,6 +181,9 @@ module BeaconTestFixtures {
     ensures output.keyStore.ValidState()
     ensures fresh(output.keyStore.Modifies)
     ensures output.version == 1
+    ensures
+      && output.keySource.multi?
+      && output.keySource.multi.cache.None?
   {
     var store := GetKeyStore();
     return BeaconVersion (

DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/Model/AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.dfy

@@ -759,62 +759,98 @@ abstract module AbstractAwsCryptographyDbEncryptionSdkDynamoDbTransformsService
                                 var tmps4 := set t4 | t4 in tmp3.search.value.versions;
                                 forall tmp4 :: tmp4 in tmps4 ==>
                                                  tmp4.keyStore.ValidState()
-    modifies set tmps5 <- set t5 <- config.tableEncryptionConfigs.Values | true
-                                                                           && t5.keyring.Some?
-                            :: t5.keyring.value,
-               obj <- tmps5.Modifies | obj in tmps5.Modifies :: obj
-    modifies set tmps6 <- set t6 <- config.tableEncryptionConfigs.Values | true
-                                                                           && t6.cmm.Some?
-                            :: t6.cmm.value,
-               obj <- tmps6.Modifies | obj in tmps6.Modifies :: obj
+    requires var tmps5 := set t5 | t5 in config.tableEncryptionConfigs.Values;
+             forall tmp5 :: tmp5 in tmps5 ==>
+                              tmp5.search.Some? ==>
+                                var tmps6 := set t6 | t6 in tmp5.search.value.versions;
+                                forall tmp6 :: tmp6 in tmps6 ==>
+                                                 tmp6.keySource.multi? ==>
+                                                   tmp6.keySource.multi.cache.Some? ==>
+                                                     tmp6.keySource.multi.cache.value.Shared? ==>
+                                                       tmp6.keySource.multi.cache.value.Shared.ValidState()
     modifies set tmps7 <- set t7 <- config.tableEncryptionConfigs.Values | true
-                                                                           && t7.legacyOverride.Some?
-                            :: t7.legacyOverride.value.encryptor,
+                                                                           && t7.keyring.Some?
+                            :: t7.keyring.value,
                obj <- tmps7.Modifies | obj in tmps7.Modifies :: obj
     modifies set tmps8 <- set t8 <- config.tableEncryptionConfigs.Values | true
-                                                                           && t8.search.Some?
-                            , t9 <- t8.search.value.versions :: t9.keyStore,
+                                                                           && t8.cmm.Some?
+                            :: t8.cmm.value,
                obj <- tmps8.Modifies | obj in tmps8.Modifies :: obj
+    modifies set tmps9 <- set t9 <- config.tableEncryptionConfigs.Values | true
+                                                                           && t9.legacyOverride.Some?
+                            :: t9.legacyOverride.value.encryptor,
+               obj <- tmps9.Modifies | obj in tmps9.Modifies :: obj
+    modifies set tmps10 <- set t10 <- config.tableEncryptionConfigs.Values | true
+                                                                             && t10.search.Some?
+                             , t11 <- t10.search.value.versions | true
+                             :: t11.keyStore,
+               obj <- tmps10.Modifies | obj in tmps10.Modifies :: obj
+    modifies set tmps12 <- set t12 <- config.tableEncryptionConfigs.Values | true
+                                                                             && t12.search.Some?
+                             , t13 <- t12.search.value.versions | true
+                                                                  && t13.keySource.multi?
+                                                                  && t13.keySource.multi.cache.Some?
+                                                                  && t13.keySource.multi.cache.value.Shared?
+                             :: t13.keySource.multi.cache.value.Shared,
+               obj <- tmps12.Modifies | obj in tmps12.Modifies :: obj
     ensures res.Success? ==>
               && fresh(res.value)
               && fresh(res.value.Modifies
-                       - ( set tmps10 <- set t10 <- config.tableEncryptionConfigs.Values | true
-                                                                                           && t10.keyring.Some?
-                                           :: t10.keyring.value,
-                             obj <- tmps10.Modifies | obj in tmps10.Modifies :: obj
-                       ) - ( set tmps11 <- set t11 <- config.tableEncryptionConfigs.Values | true
-                                                                                             && t11.cmm.Some?
-                                             :: t11.cmm.value,
-                               obj <- tmps11.Modifies | obj in tmps11.Modifies :: obj
-                       ) - ( set tmps12 <- set t12 <- config.tableEncryptionConfigs.Values | true
-                                                                                             && t12.legacyOverride.Some?
-                                             :: t12.legacyOverride.value.encryptor,
-                               obj <- tmps12.Modifies | obj in tmps12.Modifies :: obj
-                       ) - ( set tmps13 <- set t13 <- config.tableEncryptionConfigs.Values | true
-                                                                                             && t13.search.Some?
-                                             , t14 <- t13.search.value.versions :: t14.keyStore,
-                               obj <- tmps13.Modifies | obj in tmps13.Modifies :: obj
+                       - ( set tmps14 <- set t14 <- config.tableEncryptionConfigs.Values | true
+                                                                                           && t14.keyring.Some?
+                                           :: t14.keyring.value,
+                             obj <- tmps14.Modifies | obj in tmps14.Modifies :: obj
+                       ) - ( set tmps15 <- set t15 <- config.tableEncryptionConfigs.Values | true
+                                                                                             && t15.cmm.Some?
+                                             :: t15.cmm.value,
+                               obj <- tmps15.Modifies | obj in tmps15.Modifies :: obj
+                       ) - ( set tmps16 <- set t16 <- config.tableEncryptionConfigs.Values | true
+                                                                                             && t16.legacyOverride.Some?
+                                             :: t16.legacyOverride.value.encryptor,
+                               obj <- tmps16.Modifies | obj in tmps16.Modifies :: obj
+                       ) - ( set tmps17 <- set t17 <- config.tableEncryptionConfigs.Values | true
+                                                                                             && t17.search.Some?
+                                             , t18 <- t17.search.value.versions | true
+                                             :: t18.keyStore,
+                               obj <- tmps17.Modifies | obj in tmps17.Modifies :: obj
+                       ) - ( set tmps19 <- set t19 <- config.tableEncryptionConfigs.Values | true
+                                                                                             && t19.search.Some?
+                                             , t20 <- t19.search.value.versions | true
+                                                                                  && t20.keySource.multi?
+                                                                                  && t20.keySource.multi.cache.Some?
+                                                                                  && t20.keySource.multi.cache.value.Shared?
+                                             :: t20.keySource.multi.cache.value.Shared,
+                               obj <- tmps19.Modifies | obj in tmps19.Modifies :: obj
                        ) )
               && fresh(res.value.History)
               && res.value.ValidState()
-    ensures var tmps15 := set t15 | t15 in config.tableEncryptionConfigs.Values;
-            forall tmp15 :: tmp15 in tmps15 ==>
-                              tmp15.keyring.Some? ==>
-                                tmp15.keyring.value.ValidState()
-    ensures var tmps16 := set t16 | t16 in config.tableEncryptionConfigs.Values;
-            forall tmp16 :: tmp16 in tmps16 ==>
-                              tmp16.cmm.Some? ==>
-                                tmp16.cmm.value.ValidState()
-    ensures var tmps17 := set t17 | t17 in config.tableEncryptionConfigs.Values;
-            forall tmp17 :: tmp17 in tmps17 ==>
-                              tmp17.legacyOverride.Some? ==>
-                                tmp17.legacyOverride.value.encryptor.ValidState()
-    ensures var tmps18 := set t18 | t18 in config.tableEncryptionConfigs.Values;
-            forall tmp18 :: tmp18 in tmps18 ==>
-                              tmp18.search.Some? ==>
-                                var tmps19 := set t19 | t19 in tmp18.search.value.versions;
-                                forall tmp19 :: tmp19 in tmps19 ==>
-                                                  tmp19.keyStore.ValidState()
+    ensures var tmps21 := set t21 | t21 in config.tableEncryptionConfigs.Values;
+            forall tmp21 :: tmp21 in tmps21 ==>
+                              tmp21.keyring.Some? ==>
+                                tmp21.keyring.value.ValidState()
+    ensures var tmps22 := set t22 | t22 in config.tableEncryptionConfigs.Values;
+            forall tmp22 :: tmp22 in tmps22 ==>
+                              tmp22.cmm.Some? ==>
+                                tmp22.cmm.value.ValidState()
+    ensures var tmps23 := set t23 | t23 in config.tableEncryptionConfigs.Values;
+            forall tmp23 :: tmp23 in tmps23 ==>
+                              tmp23.legacyOverride.Some? ==>
+                                tmp23.legacyOverride.value.encryptor.ValidState()
+    ensures var tmps24 := set t24 | t24 in config.tableEncryptionConfigs.Values;
+            forall tmp24 :: tmp24 in tmps24 ==>
+                              tmp24.search.Some? ==>
+                                var tmps25 := set t25 | t25 in tmp24.search.value.versions;
+                                forall tmp25 :: tmp25 in tmps25 ==>
+                                                  tmp25.keyStore.ValidState()
+    ensures var tmps26 := set t26 | t26 in config.tableEncryptionConfigs.Values;
+            forall tmp26 :: tmp26 in tmps26 ==>
+                              tmp26.search.Some? ==>
+                                var tmps27 := set t27 | t27 in tmp26.search.value.versions;
+                                forall tmp27 :: tmp27 in tmps27 ==>
+                                                  tmp27.keySource.multi? ==>
+                                                    tmp27.keySource.multi.cache.Some? ==>
+                                                      tmp27.keySource.multi.cache.value.Shared? ==>
+                                                        tmp27.keySource.multi.cache.value.Shared.ValidState()
 
   // Helper functions for the benefit of native code to create a Success(client) without referring to Dafny internals
   function method CreateSuccessOfClient(client: IDynamoDbEncryptionTransformsClient): Result<IDynamoDbEncryptionTransformsClient, Error> {

DynamoDbEncryption/dafny/StructuredEncryption/src/AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations.dfy

@@ -19,7 +19,7 @@ module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines Abst
   import Prim = AwsCryptographyPrimitivesTypes
   import StructuredEncryptionHeader
   import Random
-  import Aws.Cryptography.Primitives
+  import Primitives = AtomicPrimitives
   import Header = StructuredEncryptionHeader
   import Footer = StructuredEncryptionFooter
   import MaterialProviders

DynamoDbEncryption/dafny/StructuredEncryption/src/Crypt.dfy

@@ -19,7 +19,7 @@ module StructuredEncryptionCrypt {
 
   import CMP = AwsCryptographyMaterialProvidersTypes
   import Prim = AwsCryptographyPrimitivesTypes
-  import Aws.Cryptography.Primitives
+  import Primitives = AtomicPrimitives
   import UTF8
   import Header = StructuredEncryptionHeader
   import HKDF

DynamoDbEncryption/dafny/StructuredEncryption/src/Footer.dfy

@@ -23,7 +23,7 @@ module StructuredEncryptionFooter {
   import opened StandardLibrary.UInt
   import opened AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes
   import opened StructuredEncryptionUtil
-  import Aws.Cryptography.Primitives
+  import Primitives = AtomicPrimitives
   import Materials
   import Header = StructuredEncryptionHeader