m

ajewellamz · ajewellamz · commit dbbd44d4fc90 · 2025-04-25T11:30:05.000-04:00
diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/DynamoToStruct.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/DynamoToStruct.dfy
@@ -25,7 +25,12 @@ module DynamoToStruct {
 
   type TerminalDataMap = map<AttributeName, StructuredDataTerminal>
 
+  // This file exists for ItemToStructured and StructuredToItem and their variants,
+  // which provide conversion between an AttributeMap and a StructuredDataMap
+
 
+  // Identical to ItemToStructured, except that the result does not include any attributes configured as DO_NOTHING\
+  // Such attributes are unneeded, as they do not partake in signing nor encryption
   function method ItemToStructured2(item : AttributeMap, actions : Types.AttributeActions) : (ret : Result<TerminalDataMap, Error>)
   {
     // var m := new DafnyLibraries.MutableMap<AttributeName, StructuredDataTerminal>();
@@ -36,6 +41,9 @@ module DynamoToStruct {
     MapError(SimplifyMapValue(structuredMap))
   }
 
+  // Identical to StructuredToItem, except that any non encrypted fields in the original are passed through unchanged
+  // and only encrypted fields are run through StructuredToAttr
+  // This one is used for encryption, and so anything in s but not in orig is also kept
   function method StructuredToItemEncrypt(s : TerminalDataMap, orig : AttributeMap, actions : CryptoSchemaMap) : (ret : Result<AttributeMap, Error>)
   {
     var ddbMap := map k <- orig :: k := if (k in s && k in actions && actions[k] == ENCRYPT_AND_SIGN) then StructuredToAttr(s[k]) else Success(orig[k]);
@@ -49,16 +57,16 @@ module DynamoToStruct {
     Success(oldMap + newMap)
   }
 
+  // Identical to StructuredToItem, except that any non encrypted fields in the original are passed through unchanged
+  // and only encrypted fields are run through StructuredToAttr\
+  // This one is used for decryption, and so anything in s but not in orig is ignored
   function method StructuredToItemDecrypt(s : TerminalDataMap, orig : AttributeMap, actions : CryptoSchemaMap) : (ret : Result<AttributeMap, Error>)
   {
     var ddbMap := map k <- orig | !(ReservedPrefix <= k) :: k := if (k in s && k in actions && actions[k] == ENCRYPT_AND_SIGN) then StructuredToAttr(s[k]) else Success(orig[k]);
     MapKeysMatchItems(orig);
     MapError(SimplifyMapValue(ddbMap))
   }
 
-  // This file exists for these two functions : ItemToStructured and StructuredToItem
-  // which provide conversion between an AttributeMap and a StructuredDataMap
-
   // Convert AttributeMap to StructuredDataMap
   function method {:opaque} ItemToStructured(item : AttributeMap) : (ret : Result<TerminalDataMap, Error>)
 
@@ -146,6 +154,7 @@ module DynamoToStruct {
       Success(SeqPosToUInt32(x, pos))
   }
 
+  // This is safe because are dealing with DynamoDB items, and so no numbers wil exceed 400K
   function method {:opaque} Add32(x : uint32, y : uint32) : (ret : uint32)
     ensures x as uint64 + y as uint64 <= UINT32_MAX as uint64
     ensures ret == x + y
@@ -155,6 +164,7 @@ module DynamoToStruct {
     value as uint32
   }
 
+  // This is safe because are dealing with DynamoDB items, and so no numbers will exceed 400K
   function method {:opaque} Add32_3(x : uint32, y : uint32, z : uint32) : (ret : uint32)
     ensures x as uint64 + y as uint64 + z as uint64 <= UINT32_MAX as uint64
     ensures ret == x + y + z
diff --git a/TestVectors/dafny/DDBEncryption/src/DecryptManifest.dfy b/TestVectors/dafny/DDBEncryption/src/DecryptManifest.dfy
@@ -111,12 +111,12 @@ module {:options "-functionSyntax:4"} DecryptManifest {
     }
   }
 
-  function LogFileName() : string
+  function LogFileName() : Option<string>
   {
-    if OsLang.GetOsShort() == "Windows" && OsLang.GetLanguageShort() == "Dotnet" then
-      "..\\..\\PerfLog.txt"
-    else
-      "../../PerfLog.txt"
+    // if OsLang.GetOsShort() == "Windows" && OsLang.GetLanguageShort() == "Dotnet" then
+    //   "..\\..\\PerfLog.txt"
+    // else
+    Some("../../PerfLog.txt")
   }
 
   method Decrypt(inFile : string, keyVectors: KeyVectors.KeyVectorsClient)
@@ -182,7 +182,7 @@ module {:options "-functionSyntax:4"} DecryptManifest {
       :- Need(obj.1.Object?, "Value of test '" + obj.0 + "' must be an Object.");
       var _ :- OneTest(obj.0, obj.1, keyVectors);
     }
-    Time.PrintTimeSinceLong(time, "DB-ESDK-TV-Decrypt-" + inFile, Some(LogFileName()));
+    Time.PrintTimeSinceLong(time, "DB-ESDK-TV-Decrypt-" + inFile, LogFileName());
 
     timeStamp :- expect Time.GetCurrentTimeStamp();
     print timeStamp + " Tests Complete.\n";
diff --git a/TestVectors/dafny/DDBEncryption/src/JsonConfig.dfy b/TestVectors/dafny/DDBEncryption/src/JsonConfig.dfy
@@ -48,7 +48,6 @@ module {:options "-functionSyntax:4"} JsonConfig {
 
   datatype LargeRecord = LargeRecord (
     name : string,
-    count : nat,
     item : DDB.AttributeMap
   )
 
@@ -1433,25 +1432,18 @@ module {:options "-functionSyntax:4"} JsonConfig {
   method GetLarge(name : string, data : JSON) returns (output : Result<LargeRecord, string>)
   {
     :- Need(data.Object?, "LargeRecord must be a JSON object.");
-    var count := 0;
     var item : DDB.AttributeMap := map[];
     for i := 0 to |data.obj| {
       var obj := data.obj[i];
       match obj.0 {
-        case "Count" =>
-          :- Need(obj.1.Number?, "GetPrefix length must be a number");
-          count :- DecimalToInt(obj.1.num);
         case "Item" => var src :- JsonToDdbItem(obj.1); item := src;
         case _ => return Failure("Unexpected part of a LargeRecord : '" + obj.0 + "'");
       }
     }
-    if (count <= 0) {
-      return Failure("Missing or invalid Count in LargeRecord : '" + name + "'");
-    }
     if (|item| == 0) {
       return Failure("Missing or Empty LargeRecord : '" + name + "'");
     }
-    var record := LargeRecord(name, count, item);
+    var record := LargeRecord(name, item);
     return Success(record);
   }
 
diff --git a/TestVectors/dafny/DDBEncryption/src/TestVectors.dfy b/TestVectors/dafny/DDBEncryption/src/TestVectors.dfy
@@ -13,7 +13,6 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors {
   import opened Wrappers
   import opened StandardLibrary
   import opened StandardLibrary.UInt
-  import opened StandardLibrary.String
   import JSON.API
   import opened JSON.Values
   import JSON.Errors
@@ -46,7 +45,9 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors {
   import TransOp = AwsCryptographyDbEncryptionSdkDynamoDbTransformsOperations
   import DdbMiddlewareConfig
   import DynamoDbEncryptionTransforms
+  import OsLang
 
+  const PerfIterations : uint32 := 1000
 
   datatype TestVectorConfig = TestVectorConfig (
     schemaOnEncrypt : DDB.CreateTableInput,
@@ -73,60 +74,60 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors {
       modifies keyVectors.Modifies
       ensures keyVectors.ValidState()
     {
-      print "DBE Test Vectors\n";
-      print |globalRecords|, " records.\n";
-      print |tableEncryptionConfigs|, " tableEncryptionConfigs.\n";
-      print |largeEncryptionConfigs|, " largeEncryptionConfigs.\n";
-      print |queries|, " queries.\n";
-      print |names|, " names.\n";
-      print |values|, " values.\n";
-      print |failingQueries|, " failingQueries.\n";
-      print |complexTests|, " complexTests.\n";
-      print |ioTests|, " ioTests.\n";
-      print |configsForIoTest|, " configsForIoTest.\n";
-      print |configsForModTest|, " configsForModTest.\n";
-      print |strings|, " strings.\n";
-      print |large|, " large.\n";
-      if |roundTripTests| != 0 {
-        print |roundTripTests[0].configs|, " configs and ", |roundTripTests[0].records|, " records for round trip.\n";
-      }
-      if |roundTripTests| > 1 {
-        print |roundTripTests[1].configs|, " configs and ", |roundTripTests[1].records|, " records for round trip.\n";
-      }
-
-      var _ :- expect DecryptManifest.Decrypt("decrypt_dotnet_32.json", keyVectors);
-      var _ :- expect DecryptManifest.Decrypt("decrypt_java_32.json", keyVectors);
-      var _ :- expect DecryptManifest.Decrypt("decrypt_dotnet_33.json", keyVectors);
-      var _ :- expect DecryptManifest.Decrypt("decrypt_java_33.json", keyVectors);
-      var _ :- expect DecryptManifest.Decrypt("decrypt_dotnet_33a.json", keyVectors);
-      var _ :- expect DecryptManifest.Decrypt("decrypt_java_33a.json", keyVectors);
-      var _ :- expect DecryptManifest.Decrypt("decrypt_rust_38.json", keyVectors);
-      var _ :- expect WriteManifest.Write("encrypt.json");
-      var _ :- expect EncryptManifest.Encrypt("encrypt.json", "decrypt.json", "java", "3.3", keyVectors);
-      var _ :- expect DecryptManifest.Decrypt("decrypt.json", keyVectors);
-      if |globalRecords| + |tableEncryptionConfigs| + |queries| == 0 {
-        print "\nRunning no tests\n";
-        return;
-      }
-      Validate();
-      // Because of Dafny-Rust's lack of modules, there is no way to mae an interceptor for the wrapped DB-ESDK client.
-      // So we create runtimes/rust/SkipLocal.txt to skip those tests that need the wrapped client.
-      var skipLocal := FileIO.ReadBytesFromFile("SkipLocal.txt");
-      if skipLocal.Success? {
-        return;
-      }
-      StringOrdering();
+      // print "DBE Test Vectors\n";
+      // print |globalRecords|, " records.\n";
+      // print |tableEncryptionConfigs|, " tableEncryptionConfigs.\n";
+      // print |largeEncryptionConfigs|, " largeEncryptionConfigs.\n";
+      // print |queries|, " queries.\n";
+      // print |names|, " names.\n";
+      // print |values|, " values.\n";
+      // print |failingQueries|, " failingQueries.\n";
+      // print |complexTests|, " complexTests.\n";
+      // print |ioTests|, " ioTests.\n";
+      // print |configsForIoTest|, " configsForIoTest.\n";
+      // print |configsForModTest|, " configsForModTest.\n";
+      // print |strings|, " strings.\n";
+      // print |large|, " large.\n";
+      // if |roundTripTests| != 0 {
+      //   print |roundTripTests[0].configs|, " configs and ", |roundTripTests[0].records|, " records for round trip.\n";
+      // }
+      // if |roundTripTests| > 1 {
+      //   print |roundTripTests[1].configs|, " configs and ", |roundTripTests[1].records|, " records for round trip.\n";
+      // }
+
+      // var _ :- expect DecryptManifest.Decrypt("decrypt_dotnet_32.json", keyVectors);
+      // var _ :- expect DecryptManifest.Decrypt("decrypt_java_32.json", keyVectors);
+      // var _ :- expect DecryptManifest.Decrypt("decrypt_dotnet_33.json", keyVectors);
+      // var _ :- expect DecryptManifest.Decrypt("decrypt_java_33.json", keyVectors);
+      // var _ :- expect DecryptManifest.Decrypt("decrypt_dotnet_33a.json", keyVectors);
+      // var _ :- expect DecryptManifest.Decrypt("decrypt_java_33a.json", keyVectors);
+      // var _ :- expect DecryptManifest.Decrypt("decrypt_rust_38.json", keyVectors);
+      // var _ :- expect WriteManifest.Write("encrypt.json");
+      // var _ :- expect EncryptManifest.Encrypt("encrypt.json", "decrypt.json", "java", "3.3", keyVectors);
+      // var _ :- expect DecryptManifest.Decrypt("decrypt.json", keyVectors);
+      // if |globalRecords| + |tableEncryptionConfigs| + |queries| == 0 {
+      //   print "\nRunning no tests\n";
+      //   return;
+      // }
+      // Validate();
+      // // Because of Dafny-Rust's lack of modules, there is no way to make an interceptor for the wrapped DB-ESDK client.
+      // // So we create runtimes/rust/SkipLocal.txt to skip those tests that need the wrapped client.
+      // var skipLocal := FileIO.ReadBytesFromFile("SkipLocal.txt");
+      // if skipLocal.Success? {
+      //   return;
+      // }
+      // StringOrdering();
       LargeTests();
-      BasicIoTest();
-      RunIoTests();
-      BasicQueryTest();
-      ConfigModTest();
-      ComplexTests();
-      WriteTests();
-      RoundTripTests();
-      DecryptTests();
-      var client :- expect CreateInterceptedDDBClient.CreateVanillaDDBClient();
-      DeleteTable(client);
+      // BasicIoTest();
+      // RunIoTests();
+      // BasicQueryTest();
+      // ConfigModTest();
+      // ComplexTests();
+      // WriteTests();
+      // RoundTripTests();
+      // DecryptTests();
+      // var client :- expect CreateInterceptedDDBClient.CreateVanillaDDBClient();
+      // DeleteTable(client);
     }
 
     function NewOrderRecord(i : nat, str : string) : Record
@@ -494,8 +495,8 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors {
       }
     }
 
-    const TestConfigs : set<string> := {"all"}
-    const TestRecords : set<string> := {"all"}
+    const TestConfigs : set<string> := {"full_sign_nosign"}
+    const TestRecords : set<string> := {"flat"}
 
     predicate DoTestConfig(name : string)
     {
@@ -554,25 +555,23 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors {
       }
 
       var time := Time.GetAbsoluteTime();
-      for i := 0 to record.count {
+      for i : uint32 := 0 to PerfIterations {
         var put_input_input := Trans.PutItemInputTransformInput ( sdkInput := DDB.PutItemInput (TableName := TableName, Item := record.item));
         var put_input_output :- expect client.PutItemInputTransform(put_input_input);
       }
-      var elapsed := Time.TimeSince(time);
-      Time.PrintTimeLong(elapsed, "Large Encrypt " + record.name + "(" + Base10Int2String(record.count) + ") " + config);
+      Time.PrintTimeSinceLong(time, "Large Encrypt " + record.name + config, DecryptManifest.LogFileName());
 
       var put_input_input := Trans.PutItemInputTransformInput ( sdkInput := DDB.PutItemInput (TableName := TableName, Item := record.item));
       var put_input_output :- expect client.PutItemInputTransform(put_input_input);
       time := Time.GetAbsoluteTime();
-      for i := 0 to record.count {
+      for i : uint32 := 0 to PerfIterations {
         var orig_get_input := DDB.GetItemInput(TableName := TableName, Key := map[]);
         var get_output := DDB.GetItemOutput(Item := Some(put_input_output.transformedInput.Item));
         var trans_get_input := Trans.GetItemOutputTransformInput(sdkOutput := get_output, originalInput := orig_get_input);
         var put_output :- expect client.GetItemOutputTransform(trans_get_input);
 
       }
-      elapsed := Time.TimeSince(time);
-      Time.PrintTimeLong(elapsed, "Large Decrypt " + record.name + "(" + Base10Int2String(record.count) + ") " + config);
+      Time.PrintTimeSinceLong(time, "Large Decrypt " + record.name + config, DecryptManifest.LogFileName());
     }
 
     method RoundTripTests()
diff --git a/TestVectors/runtimes/java/large_records.json b/TestVectors/runtimes/java/large_records.json
@@ -846,14 +846,12 @@
   },
   "Large": {
     "tiny": {
-      "Count": 1000,
       "Item": {
         "PK": "012345678900123456789001234567890",
         "00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
       }
     },
     "flat": {
-      "Count": 1000,
       "Item": {
         "PK": "012345678900123456789001234567890",
         "00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
@@ -957,7 +955,6 @@
       }
     },
     "nested_map": {
-      "Count": 1000,
       "Item": {
         "PK": "012345678900123456789001234567890",
         "00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA": {
@@ -1065,7 +1062,6 @@
       }
     },
     "nested_list": {
-      "Count": 1000,
       "Item": {
         "PK": "012345678900123456789001234567890",
         "00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA": {

Original file line number	Diff line number	Diff line change
`@@ -111,12 +111,12 @@ module {:options "-functionSyntax:4"} DecryptManifest {`
`111`	`111`	`}`
`112`	`112`	`}`
`113`	`113`
`114`		`- function LogFileName() : string`
	`114`	`+ function LogFileName() : Option<string>`
`115`	`115`	`{`
`116`		`- if OsLang.GetOsShort() == "Windows" && OsLang.GetLanguageShort() == "Dotnet" then`
`117`		`- "..\\..\\PerfLog.txt"`
`118`		`- else`
`119`		`- "../../PerfLog.txt"`
	`116`	`+ // if OsLang.GetOsShort() == "Windows" && OsLang.GetLanguageShort() == "Dotnet" then`
	`117`	`+ // "..\\..\\PerfLog.txt"`
	`118`	`+ // else`
	`119`	`+ Some("../../PerfLog.txt")`
`120`	`120`	`}`
`121`	`121`
`122`	`122`	`method Decrypt(inFile : string, keyVectors: KeyVectors.KeyVectorsClient)`
`@@ -182,7 +182,7 @@ module {:options "-functionSyntax:4"} DecryptManifest {`
`182`	`182`	`:- Need(obj.1.Object?, "Value of test '" + obj.0 + "' must be an Object.");`
`183`	`183`	`var _ :- OneTest(obj.0, obj.1, keyVectors);`
`184`	`184`	`}`
`185`		`- Time.PrintTimeSinceLong(time, "DB-ESDK-TV-Decrypt-" + inFile, Some(LogFileName()));`
	`185`	`+ Time.PrintTimeSinceLong(time, "DB-ESDK-TV-Decrypt-" + inFile, LogFileName());`
`186`	`186`
`187`	`187`	`timeStamp :- expect Time.GetCurrentTimeStamp();`
`188`	`188`	`print timeStamp + " Tests Complete.\n";`
Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,6 @@ module {:options "-functionSyntax:4"} JsonConfig {`
`48`	`48`
`49`	`49`	`datatype LargeRecord = LargeRecord (`
`50`	`50`	`name : string,`
`51`		`- count : nat,`
`52`	`51`	`item : DDB.AttributeMap`
`53`	`52`	`)`
`54`	`53`
`@@ -1433,25 +1432,18 @@ module {:options "-functionSyntax:4"} JsonConfig {`
`1433`	`1432`	`method GetLarge(name : string, data : JSON) returns (output : Result<LargeRecord, string>)`
`1434`	`1433`	`{`
`1435`	`1434`	`:- Need(data.Object?, "LargeRecord must be a JSON object.");`
`1436`		`- var count := 0;`
`1437`	`1435`	`var item : DDB.AttributeMap := map[];`
`1438`	`1436`	`for i := 0 to \|data.obj\| {`
`1439`	`1437`	`var obj := data.obj[i];`
`1440`	`1438`	`match obj.0 {`
`1441`		`- case "Count" =>`
`1442`		`- :- Need(obj.1.Number?, "GetPrefix length must be a number");`
`1443`		`- count :- DecimalToInt(obj.1.num);`
`1444`	`1439`	`case "Item" => var src :- JsonToDdbItem(obj.1); item := src;`
`1445`	`1440`	`case _ => return Failure("Unexpected part of a LargeRecord : '" + obj.0 + "'");`
`1446`	`1441`	`}`
`1447`	`1442`	`}`
`1448`		`- if (count <= 0) {`
`1449`		`- return Failure("Missing or invalid Count in LargeRecord : '" + name + "'");`
`1450`		`- }`
`1451`	`1443`	`if (\|item\| == 0) {`
`1452`	`1444`	`return Failure("Missing or Empty LargeRecord : '" + name + "'");`
`1453`	`1445`	`}`
`1454`		`- var record := LargeRecord(name, count, item);`
	`1446`	`+ var record := LargeRecord(name, item);`
`1455`	`1447`	`return Success(record);`
`1456`	`1448`	`}`
`1457`	`1449`