feat(dafny): support decrypt/encrypt strategy for mutation to hv2 #1466
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rishav-karanjit
changed the title
…thub.com/aws/aws-cryptographic-material-providers-library into rishav/hv-2/M2/refactorForDecryptEncrypt
rishav-karanjit
changed the title
rishav-karanjit
changed the title
rishav-karanjit
changed the title
rishav-karanjit
changed the title
rishav-karanjit
changed the title
rishav-karanjit
changed the title
rishav-karanjit
commented
Apr 22, 2025
| requires mutationToApply.Terminal.hierarchyVersion.v2? | ||
| modifies keyManagerStrategy.Modifies | ||
| ensures keyManagerStrategy.ValidState() | ||
| { |
Member
Author
There was a problem hiding this comment.
We don't need :- Need(keyManagerStrategy.kmsSimple?, Types.UnsupportedFeatureException(message:=KeyStoreAdminErrorMessages.UNSUPPORTED_KEY_MANAGEMENT_STRATEGY_HV_2)); because its already done by upstream method.
Post Pre condition requires KmsUtils.IsSupportedKeyManagerStrategy(mutationToApply.Terminal.hierarchyVersion, keyManagerStrategy) requires it to be done
rishav-karanjit
changed the title
imabhichow
reviewed
Apr 23, 2025
AwsCryptographicMaterialProviders/dafny/AwsCryptographyKeyStoreAdmin/src/Mutations.dfy
Show resolved
Hide resolved
Member
Author
rishav-karanjit
changed the title
rishav-karanjit
changed the title
texastony
requested changes
Apr 24, 2025
Contributor
texastony
left a comment
texastony
left a comment
There was a problem hiding this comment.
99%.
I am a bad engineer and started this "string" for control trend.
But we can use formal verification to bound the possible values for the string,
which makes it marginally better.
So, let's do that.
AwsCryptographicMaterialProviders/dafny/AwsCryptographyKeyStoreAdmin/src/KmsUtils.dfy
Show resolved
Hide resolved
AwsCryptographicMaterialProviders/dafny/AwsCryptographyKeyStoreAdmin/src/Mutations.dfy
Show resolved
Hide resolved
Comment on lines
188
to
192
| if localOperation == "ApplyMutation" { | ||
| KMSTuple := KmsUtils.getEncryptKMSTuple(keyManagerStrategy); | ||
| } else { | ||
| KMSTuple := KmsUtils.getDecryptKMSTuple(keyManagerStrategy); | ||
| } |
Contributor
There was a problem hiding this comment.
Using a string for control is a little fragile... I know I started this trend, but it would be better to create a type.
Member
Author
There was a problem hiding this comment.
Added if..else-if..else with else having failing case.
|
|
||
| requires item.KmsArn == mutationToApply.Original.kmsArn | ||
| requires Structure.EncryptedHierarchicalKeyFromStorage?(item) | ||
| requires localOperation == "ApplyMutation" || localOperation == "InitializeMutation" |
Contributor
There was a problem hiding this comment.
This is what I am saying for above, or we could replace all of these with a type.
texastony
approved these changes
Apr 25, 2025
| const INVALID_COMMITMENT_UTF8 := "Mutation Commitment read from storage contains invalid UTF-8." | ||
| const INVALID_INDEX_UTF8 := "Mutation Index read from storage contains invalid UTF-8." | ||
| const INVALID_COMMITMENT_UUID := "Mutation Commitment read from storage has an invalid UUID." | ||
| function UnsupportedLocalOperation ( |
Contributor
There was a problem hiding this comment.
Praise:
- I like how you moved the constants up
- I like this function
texastony
pushed a commit
that referenced
this pull request
May 21, 2025
texastony
pushed a commit
that referenced
this pull request
May 21, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
Description of changes:
Squash/merge commit message, if applicable:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.