Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit f6d6e37

Browse files
ajewellamzajewellamz
committedApr 23, 2024
verify
1 parent 313555c commit f6d6e37

File tree

1 file changed

+42
-0
lines changed

1 file changed

+42
-0
lines changed
 

‎DynamoDbEncryption/dafny/StructuredEncryption/src/AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations.dfy

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,7 @@ module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines Abst
8989
{
9090
&& x.origKey == y.key
9191
&& x.data == y.data
92+
&& x.action == y.action
9293
}
9394

9495
function method UnCanon(input : CanonCryptoList) : (ret : CryptoList)
@@ -810,21 +811,61 @@ module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines Abst
810811
// this assert can be an implication, because it is explicitly ensuring an intermediate state.
811812
assert forall i | 0 <= i < |encryptedItems| :: encryptedItems[i].key == canonData[i].key;
812813

814+
assert forall x | 0 <= x < |encryptedItems| :: (encryptedItems[x].action == ENCRYPT_AND_SIGN ==> encryptedItems[x].data.typeId == BYTES_TYPE_ID);
815+
assert forall x | 0 <= x < |encryptedItems| :: (encryptedItems[x].action == ENCRYPT_AND_SIGN || encryptedItems[x].data == canonData[x].data);
816+
817+
assume {:axiom} forall k <- input.plaintextStructure ::
818+
(exists x ::
819+
&& x in encryptedItems
820+
&& x.origKey == k.key
821+
&& (
822+
|| k.action == ENCRYPT_AND_SIGN
823+
|| x.data == k.data
824+
));
825+
813826
var footer :- Footer.CreateFooter(config.primitives, mat, encryptedItems, headerSerialized);
814827
var footerAttribute := footer.makeTerminal();
815828

816829
assert forall k <- input.plaintextStructure :: (exists x :: x in encryptedItems && x.origKey == k.key);
817830
var smallResult : CryptoList := UnCanon(encryptedItems);
818831
assert forall k <- input.plaintextStructure :: (exists x :: x in smallResult && x.key == k.key);
832+
assert forall x | 0 <= x < |smallResult| :: (smallResult[x].action == ENCRYPT_AND_SIGN ==> smallResult[x].data.typeId == BYTES_TYPE_ID) by {
833+
assert |smallResult| == |encryptedItems|;
834+
assert forall x | 0 <= x < |smallResult| :: SameUnCanon(encryptedItems[x], smallResult[x]);
835+
assert forall x | 0 <= x < |smallResult| :: (smallResult[x].action == encryptedItems[x].action && smallResult[x].data == encryptedItems[x].data);
836+
assert forall x | 0 <= x < |encryptedItems| :: (encryptedItems[x].action == ENCRYPT_AND_SIGN || encryptedItems[x].data == canonData[x].data);
837+
}
819838

820839
var headItem := CryptoItem(key := HeaderPath, data := headerAttribute, action := DO_NOTHING);
821840
var footItem := CryptoItem(key := FooterPath, data := footerAttribute, action := DO_NOTHING);
822841
var largeResult := smallResult + [headItem, footItem];
842+
assert |largeResult| == |smallResult| + 2;
823843
assert largeResult[|largeResult|-2] == headItem;
824844
assert largeResult[|largeResult|-2].key == HeaderPath;
825845
assert largeResult[|largeResult|-1] == footItem;
826846
assert largeResult[|largeResult|-1].key == FooterPath;
827847
assert forall k <- input.plaintextStructure :: (exists x :: x in largeResult && x.key == k.key);
848+
assert forall x | 0 <= x < |largeResult| :: (largeResult[x].action == ENCRYPT_AND_SIGN ==> largeResult[x].data.typeId == BYTES_TYPE_ID) by {
849+
assert forall x | 0 <= x < |smallResult| :: (smallResult[x].action == ENCRYPT_AND_SIGN ==> smallResult[x].data.typeId == BYTES_TYPE_ID);
850+
assert forall x | 0 <= x < |smallResult| :: smallResult[x] == largeResult[x];
851+
assert forall x | 0 <= x < |smallResult| :: (largeResult[x].action == ENCRYPT_AND_SIGN ==> largeResult[x].data.typeId == BYTES_TYPE_ID);
852+
assert largeResult[|smallResult|] == headItem;
853+
assert largeResult[|smallResult|].key == HeaderPath;
854+
assert largeResult[|smallResult|+1] == footItem;
855+
assert largeResult[|smallResult|+1].key == FooterPath;
856+
assert largeResult[|smallResult|].action == DO_NOTHING;
857+
assert largeResult[|smallResult|+1].action == DO_NOTHING;
858+
assert forall x | |smallResult| <= x < |largeResult| :: largeResult[x].action == DO_NOTHING;
859+
}
860+
861+
assert forall k <- input.plaintextStructure ::
862+
(exists x ::
863+
&& x in largeResult
864+
&& x.key == k.key
865+
&& (
866+
|| k.action == ENCRYPT_AND_SIGN
867+
|| x.data == k.data
868+
));
828869

829870
var headerAlgorithmSuite :- head.GetAlgorithmSuite(config.materialProviders);
830871
var parsedHeader := ParsedHeader (
@@ -838,6 +879,7 @@ module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines Abst
838879
encryptedStructure := largeResult,
839880
parsedHeader := parsedHeader
840881
);
882+
assert encryptOutput.encryptedStructure[|encryptOutput.encryptedStructure|-1].key == FooterPath;
841883

842884
return Success(encryptOutput);
843885
}

0 commit comments

Comments
 (0)
Please sign in to comment.