-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathCreateWrappedItemEncryptor.dfy
66 lines (61 loc) · 3.65 KB
/
CreateWrappedItemEncryptor.dfy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
include "../Model/AwsCryptographyDynamoDbEncryptionTypesWrapped.dfy"
include "../../../../DynamoDbEncryption/dafny/DynamoDbItemEncryptor/src/Index.dfy"
module {:extern} CreateWrappedItemEncryptor {
import opened Wrappers
import AwsCryptographyDbEncryptionSdkDynamoDbTypes
import ENC = AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorTypes
import DynamoDbItemEncryptor
import Operations = AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations
// The `ensures` clause is copy-pasted from the DynamoDbItemEncryptor client method's `ensures` clause.
method {:extern} CreateWrappedItemEncryptor(config: ENC.DynamoDbItemEncryptorConfig)
returns (output: Result<ENC.IDynamoDbItemEncryptorClient, ENC.Error>)
// requires config.keyring.Some? ==>
// config.keyring.value.ValidState()
// requires config.cmm.Some? ==>
// config.cmm.value.ValidState()
// requires config.legacyOverride.Some? ==>
// config.legacyOverride.value.encryptor.ValidState()
// modifies if config.keyring.Some? then
// config.keyring.value.Modifies
// else {}
// modifies if config.cmm.Some? then
// config.cmm.value.Modifies
// else {}
// modifies if config.legacyOverride.Some? then
// config.legacyOverride.value.encryptor.Modifies
// else {}
ensures output.Success? ==>
&& output.value is DynamoDbItemEncryptor.DynamoDbItemEncryptorClient
&& fresh(output.value)
&& fresh(output.value.History)
&& output.value.ValidState()
&& var rconfig := (output.value as DynamoDbItemEncryptor.DynamoDbItemEncryptorClient).config;
&& fresh(output.value.Modifies)
&& rconfig.logicalTableName == config.logicalTableName
&& rconfig.partitionKeyName == config.partitionKeyName
&& rconfig.sortKeyName == config.sortKeyName
&& rconfig.attributeActionsOnEncrypt == config.attributeActionsOnEncrypt
&& rconfig.allowedUnsignedAttributes == config.allowedUnsignedAttributes
&& rconfig.allowedUnsignedAttributePrefix == config.allowedUnsignedAttributePrefix
&& rconfig.algorithmSuiteId == config.algorithmSuiteId
//= specification/dynamodb-encryption-client/ddb-table-encryption-config.md#attribute-actions
//= type=implication
//# The [Key Action](#key-action)
//# MUST be configured to the partition attribute and, if present, sort attribute.
&& rconfig.version == Operations.VersionFromActions(config.attributeActionsOnEncrypt)
&& config.partitionKeyName in config.attributeActionsOnEncrypt
&& config.attributeActionsOnEncrypt[config.partitionKeyName] == Operations.KeyActionFromVersion(rconfig.version)
&& (config.sortKeyName.Some? ==>
&& config.sortKeyName.value in config.attributeActionsOnEncrypt
&& config.attributeActionsOnEncrypt[config.sortKeyName.value] == Operations.KeyActionFromVersion(rconfig.version))
//= specification/dynamodb-encryption-client/ddb-table-encryption-config.md#plaintext-policy
//# If not specified, encryption and decryption MUST behave according to `FORBID_PLAINTEXT_WRITE_FORBID_PLAINTEXT_READ`.
ensures
&& output.Success?
&& config.plaintextOverride.None?
==>
&& var config := (output.value as DynamoDbItemEncryptor.DynamoDbItemEncryptorClient).config;
&& config.plaintextOverride.FORBID_PLAINTEXT_WRITE_FORBID_PLAINTEXT_READ?
}