From 6d7260d14935a457f814d52c02f05031a44c8b9a Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Wed, 12 Mar 2025 15:35:18 -0700 Subject: [PATCH 01/15] DynamoDbEncryption module --- DynamoDbEncryption/Makefile | 88 +++++ .../InternalLegacyOverride/extern.go | 51 +++ .../dbesdkmiddleware/middleware.go | 319 ++++++++++++++++++ .../go/ImplementationFromDafny-go/go.mod | 41 +++ .../go/ImplementationFromDafny-go/go.sum | 48 +++ .../runtimes/go/TestsFromDafny-go/go.mod | 43 +++ 6 files changed, 590 insertions(+) create mode 100644 DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/InternalLegacyOverride/extern.go create mode 100644 DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/dbesdkmiddleware/middleware.go create mode 100644 DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/go.mod create mode 100644 DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/go.sum create mode 100644 DynamoDbEncryption/runtimes/go/TestsFromDafny-go/go.mod diff --git a/DynamoDbEncryption/Makefile b/DynamoDbEncryption/Makefile index ec52ca43d..d0b35f925 100644 --- a/DynamoDbEncryption/Makefile +++ b/DynamoDbEncryption/Makefile @@ -4,6 +4,7 @@ CORES=2 TRANSPILE_TESTS_IN_RUST=1 +ENABLE_EXTERN_PROCESSING=1 include ../SharedMakefile.mk @@ -99,3 +100,90 @@ SERVICE_DEPS_DynamoDbEncryptionTransforms := \ DynamoDbEncryption/dafny/DynamoDbEncryption \ DynamoDbEncryption/dafny/StructuredEncryption \ DynamoDbEncryption/dafny/DynamoDbItemEncryptor + +# Go +GO_MODULE_NAME="github.com/aws/aws-database-encryption-sdk-dynamodb" + +GO_DEPENDENCY_MODULE_NAMES := \ + --dependency-library-name=aws.cryptography.primitives=github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives \ + --dependency-library-name=com.amazonaws.kms=github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms \ + --dependency-library-name=com.amazonaws.dynamodb=github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb \ + --dependency-library-name=aws.cryptography.materialProviders=github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl \ + --dependency-library-name=aws.cryptography.keyStore=github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl \ + --dependency-library-name=sdk.com.amazonaws.dynamodb=github.com/aws/aws-sdk-go-v2/service/dynamodb \ + --dependency-library-name=sdk.com.amazonaws.kms=github.com/aws/aws-sdk-go-v2/service/kms \ + --dependency-library-name=aws.cryptography.dbEncryptionSdk.structuredEncryption=github.com/aws/aws-database-encryption-sdk-dynamodb \ + --dependency-library-name=aws.cryptography.dbEncryptionSdk.dynamoDb=github.com/aws/aws-database-encryption-sdk-dynamodb \ + --dependency-library-name=aws.cryptography.dbEncryptionSdk.dynamoDb.itemEncryptor=github.com/aws/aws-database-encryption-sdk-dynamodb \ + --dependency-library-name=aws.cryptography.dbEncryptionSdk.dynamoDb.transforms=github.com/aws/aws-database-encryption-sdk-dynamodb + +TRANSLATION_RECORD_GO := \ + submodules/MaterialProviders/StandardLibrary/runtimes/go/ImplementationFromDafny-go/ImplementationFromDafny-go.dtr \ + submodules/MaterialProviders/ComAmazonawsKms/runtimes/go/ImplementationFromDafny-go/ImplementationFromDafny-go.dtr \ + submodules/MaterialProviders/ComAmazonawsDynamodb/runtimes/go/ImplementationFromDafny-go/ImplementationFromDafny-go.dtr \ + submodules/MaterialProviders/AwsCryptographyPrimitives/runtimes/go/ImplementationFromDafny-go/ImplementationFromDafny-go.dtr \ + submodules/MaterialProviders/AwsCryptographicMaterialProviders/runtimes/go/ImplementationFromDafny-go/ImplementationFromDafny-go.dtr + +# Constants for languages that drop extern names (Python, Go) + +DYNAMODB_TYPES_FILE_PATH=dafny/DynamoDbEncryption/Model/AwsCryptographyDbEncryptionSdkDynamoDbTypes.dfy +DYNAMODB_TYPES_FILE_WITH_EXTERN_STRING="module {:extern \"software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types\" } AwsCryptographyDbEncryptionSdkDynamoDbTypes" +DYNAMODB_TYPES_FILE_WITHOUT_EXTERN_STRING="module AwsCryptographyDbEncryptionSdkDynamoDbTypes" + +DYNAMODB_INDEX_FILE_PATH=dafny/DynamoDbEncryption/src/Index.dfy +DYNAMODB_INDEX_FILE_WITH_EXTERN_STRING="module {:extern \"software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny\" } DynamoDbEncryption" +DYNAMODB_INDEX_FILE_WITHOUT_EXTERN_STRING="module DynamoDbEncryption" + +ITEMENCRYPTOR_TYPES_FILE_PATH=dafny/DynamoDbItemEncryptor/Model/AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorTypes.dfy +ITEMENCRYPTOR_TYPES_FILE_WITH_EXTERN_STRING="module {:extern \"software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.internaldafny.types\" } AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorTypes" +ITEMENCRYPTOR_TYPES_FILE_WITHOUT_EXTERN_STRING="module AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorTypes" + +ITEMENCRYPTOR_INDEX_FILE_PATH=dafny/DynamoDbItemEncryptor/src/Index.dfy +ITEMENCRYPTOR_INDEX_FILE_WITH_EXTERN_STRING="module {:extern \"software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.internaldafny\" } DynamoDbItemEncryptor" +ITEMENCRYPTOR_INDEX_FILE_WITHOUT_EXTERN_STRING="module DynamoDbItemEncryptor" + +ITEMENCRYPTOR_LEGACY_FILE_PATH=dafny/DynamoDbItemEncryptor/src/InternalLegacyOverride.dfy +ITEMENCRYPTOR_LEGACY_FILE_WITH_EXTERN_STRING="module {:extern \"software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.internaldafny.legacy\"} InternalLegacyOverride {" +ITEMENCRYPTOR_LEGACY_FILE_WITHOUT_EXTERN_STRING="module InternalLegacyOverride {" + +TRANSFORMS_TYPES_FILE_PATH=dafny/DynamoDbEncryptionTransforms/Model/AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.dfy +TRANSFORMS_TYPES_FILE_WITH_EXTERN_STRING="module {:extern \"software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types\" } AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes" +TRANSFORMS_TYPES_FILE_WITHOUT_EXTERN_STRING="module AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes" + +TRANSFORMS_INDEX_FILE_PATH=dafny/DynamoDbEncryptionTransforms/src/Index.dfy +TRANSFORMS_INDEX_FILE_WITH_EXTERN_STRING="module {:extern \"software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny\" } DynamoDbEncryptionTransforms" +TRANSFORMS_INDEX_FILE_WITHOUT_EXTERN_STRING="module DynamoDbEncryptionTransforms" + +STRUCTUREDENCRYPTION_TYPES_FILE_PATH=dafny/StructuredEncryption/Model/AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes.dfy +STRUCTUREDENCRYPTION_TYPES_FILE_WITH_EXTERN_STRING="module {:extern \"software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types\" } AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes" +STRUCTUREDENCRYPTION_TYPES_FILE_WITHOUT_EXTERN_STRING="module AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes" + +STRUCTUREDENCRYPTION_INDEX_FILE_PATH=dafny/StructuredEncryption/src/Index.dfy +STRUCTUREDENCRYPTION_INDEX_FILE_WITH_EXTERN_STRING="module {:extern \"software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny\" } StructuredEncryption" +STRUCTUREDENCRYPTION_INDEX_FILE_WITHOUT_EXTERN_STRING="module StructuredEncryption" + +_sed_types_file_remove_extern: + $(MAKE) _sed_file SED_FILE_PATH=$(DYNAMODB_TYPES_FILE_PATH) SED_BEFORE_STRING=$(DYNAMODB_TYPES_FILE_WITH_EXTERN_STRING) SED_AFTER_STRING=$(DYNAMODB_TYPES_FILE_WITHOUT_EXTERN_STRING) + $(MAKE) _sed_file SED_FILE_PATH=$(ITEMENCRYPTOR_TYPES_FILE_PATH) SED_BEFORE_STRING=$(ITEMENCRYPTOR_TYPES_FILE_WITH_EXTERN_STRING) SED_AFTER_STRING=$(ITEMENCRYPTOR_TYPES_FILE_WITHOUT_EXTERN_STRING) + $(MAKE) _sed_file SED_FILE_PATH=$(TRANSFORMS_TYPES_FILE_PATH) SED_BEFORE_STRING=$(TRANSFORMS_TYPES_FILE_WITH_EXTERN_STRING) SED_AFTER_STRING=$(TRANSFORMS_TYPES_FILE_WITHOUT_EXTERN_STRING) + $(MAKE) _sed_file SED_FILE_PATH=$(STRUCTUREDENCRYPTION_TYPES_FILE_PATH) SED_BEFORE_STRING=$(STRUCTUREDENCRYPTION_TYPES_FILE_WITH_EXTERN_STRING) SED_AFTER_STRING=$(STRUCTUREDENCRYPTION_TYPES_FILE_WITHOUT_EXTERN_STRING) + +_sed_index_file_remove_extern: + $(MAKE) _sed_file SED_FILE_PATH=$(DYNAMODB_INDEX_FILE_PATH) SED_BEFORE_STRING=$(DYNAMODB_INDEX_FILE_WITH_EXTERN_STRING) SED_AFTER_STRING=$(DYNAMODB_INDEX_FILE_WITHOUT_EXTERN_STRING) + $(MAKE) _sed_file SED_FILE_PATH=$(ITEMENCRYPTOR_INDEX_FILE_PATH) SED_BEFORE_STRING=$(ITEMENCRYPTOR_INDEX_FILE_WITH_EXTERN_STRING) SED_AFTER_STRING=$(ITEMENCRYPTOR_INDEX_FILE_WITHOUT_EXTERN_STRING) + $(MAKE) _sed_file SED_FILE_PATH=$(ITEMENCRYPTOR_LEGACY_FILE_PATH) SED_BEFORE_STRING=$(ITEMENCRYPTOR_LEGACY_FILE_WITH_EXTERN_STRING) SED_AFTER_STRING=$(ITEMENCRYPTOR_LEGACY_FILE_WITHOUT_EXTERN_STRING) + $(MAKE) _sed_file SED_FILE_PATH=$(TRANSFORMS_INDEX_FILE_PATH) SED_BEFORE_STRING=$(TRANSFORMS_INDEX_FILE_WITH_EXTERN_STRING) SED_AFTER_STRING=$(TRANSFORMS_INDEX_FILE_WITHOUT_EXTERN_STRING) + $(MAKE) _sed_file SED_FILE_PATH=$(STRUCTUREDENCRYPTION_INDEX_FILE_PATH) SED_BEFORE_STRING=$(STRUCTUREDENCRYPTION_INDEX_FILE_WITH_EXTERN_STRING) SED_AFTER_STRING=$(STRUCTUREDENCRYPTION_INDEX_FILE_WITHOUT_EXTERN_STRING) + +_sed_types_file_add_extern: + $(MAKE) _sed_file SED_FILE_PATH=$(DYNAMODB_TYPES_FILE_PATH) SED_BEFORE_STRING=$(DYNAMODB_TYPES_FILE_WITHOUT_EXTERN_STRING) SED_AFTER_STRING=$(DYNAMODB_TYPES_FILE_WITH_EXTERN_STRING) + $(MAKE) _sed_file SED_FILE_PATH=$(ITEMENCRYPTOR_TYPES_FILE_PATH) SED_BEFORE_STRING=$(ITEMENCRYPTOR_TYPES_FILE_WITHOUT_EXTERN_STRING) SED_AFTER_STRING=$(ITEMENCRYPTOR_TYPES_FILE_WITH_EXTERN_STRING) + $(MAKE) _sed_file SED_FILE_PATH=$(TRANSFORMS_TYPES_FILE_PATH) SED_BEFORE_STRING=$(TRANSFORMS_TYPES_FILE_WITHOUT_EXTERN_STRING) SED_AFTER_STRING=$(TRANSFORMS_TYPES_FILE_WITH_EXTERN_STRING) + $(MAKE) _sed_file SED_FILE_PATH=$(STRUCTUREDENCRYPTION_TYPES_FILE_PATH) SED_BEFORE_STRING=$(STRUCTUREDENCRYPTION_TYPES_FILE_WITHOUT_EXTERN_STRING) SED_AFTER_STRING=$(STRUCTUREDENCRYPTION_TYPES_FILE_WITH_EXTERN_STRING) + +_sed_index_file_add_extern: + $(MAKE) _sed_file SED_FILE_PATH=$(DYNAMODB_INDEX_FILE_PATH) SED_BEFORE_STRING=$(DYNAMODB_INDEX_FILE_WITHOUT_EXTERN_STRING) SED_AFTER_STRING=$(DYNAMODB_INDEX_FILE_WITH_EXTERN_STRING) + $(MAKE) _sed_file SED_FILE_PATH=$(ITEMENCRYPTOR_INDEX_FILE_PATH) SED_BEFORE_STRING=$(ITEMENCRYPTOR_INDEX_FILE_WITHOUT_EXTERN_STRING) SED_AFTER_STRING=$(ITEMENCRYPTOR_INDEX_FILE_WITH_EXTERN_STRING) + $(MAKE) _sed_file SED_FILE_PATH=$(ITEMENCRYPTOR_LEGACY_FILE_PATH) SED_BEFORE_STRING=$(ITEMENCRYPTOR_LEGACY_FILE_WITHOUT_EXTERN_STRING) SED_AFTER_STRING=$(ITEMENCRYPTOR_LEGACY_FILE_WITH_EXTERN_STRING) + $(MAKE) _sed_file SED_FILE_PATH=$(TRANSFORMS_INDEX_FILE_PATH) SED_BEFORE_STRING=$(TRANSFORMS_INDEX_FILE_WITHOUT_EXTERN_STRING) SED_AFTER_STRING=$(TRANSFORMS_INDEX_FILE_WITH_EXTERN_STRING) + $(MAKE) _sed_file SED_FILE_PATH=$(STRUCTUREDENCRYPTION_INDEX_FILE_PATH) SED_BEFORE_STRING=$(STRUCTUREDENCRYPTION_INDEX_FILE_WITHOUT_EXTERN_STRING) SED_AFTER_STRING=$(STRUCTUREDENCRYPTION_INDEX_FILE_WITH_EXTERN_STRING) diff --git a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/InternalLegacyOverride/extern.go b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/InternalLegacyOverride/extern.go new file mode 100644 index 000000000..487b1145a --- /dev/null +++ b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/InternalLegacyOverride/extern.go @@ -0,0 +1,51 @@ +package InternalLegacyOverride + +import ( + "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + "github.com/aws/aws-database-encryption-sdk-dynamodb/AwsCryptographyDbEncryptionSdkDynamoDbTypes" + "github.com/aws/aws-database-encryption-sdk-dynamodb/awscryptographydbencryptionsdkdynamodbitemencryptorsmithygeneratedtypes" +) + +var policy = AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_LegacyPolicy_.Create_FORBID__LEGACY__ENCRYPT__FORBID__LEGACY__DECRYPT_() + +func (InternalLegacyOverride) Policy() AwsCryptographyDbEncryptionSdkDynamoDbTypes.LegacyPolicy { + return policy +} + +func (CompanionStruct_InternalLegacyOverride_) Build(config interface{}) Wrappers.Result { + // Go does not support the Legacy DDB-EC + if policy.Is_FORBID__LEGACY__ENCRYPT__FORBID__LEGACY__DECRYPT() { + return Wrappers.Companion_Result_.Create_Success_(Wrappers.Companion_Option_.Create_None_()) + } + err := &awscryptographydbencryptionsdkdynamodbitemencryptorsmithygeneratedtypes.DynamoDbItemEncryptorException{ + Message: "Legacy configuration unsupported.", + } + return Wrappers.Companion_Result_.Create_Failure_(err) +} + +func (InternalLegacyOverride) EncryptItem(config interface{}) Wrappers.Result { + // Go does not support the Legacy DDB-EC + if policy.Is_FORBID__LEGACY__ENCRYPT__FORBID__LEGACY__DECRYPT() { + return Wrappers.Companion_Result_.Create_Success_(Wrappers.Companion_Option_.Create_None_()) + } + err := &awscryptographydbencryptionsdkdynamodbitemencryptorsmithygeneratedtypes.DynamoDbItemEncryptorException{ + Message: "Legacy configuration unsupported.", + } + return Wrappers.Companion_Result_.Create_Failure_(err) +} + +func (InternalLegacyOverride) DecryptItem(config interface{}) Wrappers.Result { + // Go does not support the Legacy DDB-EC + if policy.Is_FORBID__LEGACY__ENCRYPT__FORBID__LEGACY__DECRYPT() { + return Wrappers.Companion_Result_.Create_Success_(Wrappers.Companion_Option_.Create_None_()) + } + err := &awscryptographydbencryptionsdkdynamodbitemencryptorsmithygeneratedtypes.DynamoDbItemEncryptorException{ + Message: "Legacy configuration unsupported.", + } + return Wrappers.Companion_Result_.Create_Failure_(err) +} + +func (InternalLegacyOverride) IsLegacyInput(config interface{}) bool { + // Go does not support the Legacy DDB-EC + return false +} diff --git a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/dbesdkmiddleware/middleware.go b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/dbesdkmiddleware/middleware.go new file mode 100644 index 000000000..5823d2bc5 --- /dev/null +++ b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/dbesdkmiddleware/middleware.go @@ -0,0 +1,319 @@ +package dbesdkmiddleware + +import ( + "context" + + "github.com/aws/aws-database-encryption-sdk-dynamodb/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes" + "github.com/aws/aws-database-encryption-sdk-dynamodb/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated" + "github.com/aws/aws-database-encryption-sdk-dynamodb/awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/service/dynamodb" + "github.com/aws/smithy-go/middleware" +) + +type DBEsdkMiddleware struct { + client *awscryptographydbencryptionsdkdynamodbtransformssmithygenerated.Client +} + +func NewDBEsdkMiddleware(config awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.DynamoDbTablesEncryptionConfig) (*DBEsdkMiddleware, error) { + client, err := awscryptographydbencryptionsdkdynamodbtransformssmithygenerated.NewClient(config) + if err != nil { + return nil, err + } + return &DBEsdkMiddleware{ + client: client, + }, nil +} + +func (m DBEsdkMiddleware) CreateMiddleware() func(options *dynamodb.Options) { + return func(options *dynamodb.Options) { + options.APIOptions = append(options.APIOptions, func(stack *middleware.Stack) error { + // Add request interceptor at the beginning of Initialize step + requestIntercetor := m.createRequestInterceptor() + if err := stack.Initialize.Add(requestIntercetor, middleware.Before); err != nil { + return err + } + // Add response interceptor at the end of Finalize step + return stack.Finalize.Add(m.createResponseInterceptor(), middleware.After) + }) + } +} + +func (m DBEsdkMiddleware) createRequestInterceptor() middleware.InitializeMiddleware { + return middleware.InitializeMiddlewareFunc("RequestInterceptor", func( + ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler, + ) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, + ) { + ctx, err = m.handleRequestInterception(ctx, in.Parameters) + if err != nil { + return middleware.InitializeOutput{}, middleware.Metadata{}, err + } + return next.HandleInitialize(ctx, in) + }) +} + +// handleRequestInterception handles the interception logic before the DynamoDB operation +func (m DBEsdkMiddleware) handleRequestInterception(ctx context.Context, request interface{}) (context.Context, error) { + switch v := request.(type) { + case *dynamodb.PutItemInput: + ctx = middleware.WithStackValue(ctx, "originalInput", *v) + transformedRequest, err := m.client.PutItemInputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.PutItemInputTransformInput{ + SdkInput: *v, + }) + if err != nil { + return nil, err + } + *v = transformedRequest.TransformedInput + case *dynamodb.GetItemInput: + ctx = middleware.WithStackValue(ctx, "originalInput", *v) + transformedRequest, err := m.client.GetItemInputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.GetItemInputTransformInput{ + SdkInput: *v, + }) + if err != nil { + return nil, err + } + *v = transformedRequest.TransformedInput + case *dynamodb.BatchGetItemInput: + ctx = middleware.WithStackValue(ctx, "originalInput", *v) + transformedRequest, err := m.client.BatchGetItemInputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.BatchGetItemInputTransformInput{ + SdkInput: *v, + }) + if err != nil { + return nil, err + } + *v = transformedRequest.TransformedInput + case *dynamodb.BatchWriteItemInput: + ctx = middleware.WithStackValue(ctx, "originalInput", *v) + transformedRequest, err := m.client.BatchWriteItemInputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.BatchWriteItemInputTransformInput{ + SdkInput: *v, + }) + if err != nil { + return nil, err + } + *v = transformedRequest.TransformedInput + case *dynamodb.BatchExecuteStatementInput: + ctx = middleware.WithStackValue(ctx, "originalInput", *v) + transformedRequest, err := m.client.BatchExecuteStatementInputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.BatchExecuteStatementInputTransformInput{ + SdkInput: *v, + }) + if err != nil { + return nil, err + } + *v = transformedRequest.TransformedInput + case *dynamodb.DeleteItemInput: + ctx = middleware.WithStackValue(ctx, "originalInput", *v) + transformedRequest, err := m.client.DeleteItemInputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.DeleteItemInputTransformInput{ + SdkInput: *v, + }) + if err != nil { + return nil, err + } + *v = transformedRequest.TransformedInput + case *dynamodb.ExecuteStatementInput: + ctx = middleware.WithStackValue(ctx, "originalInput", *v) + transformedRequest, err := m.client.ExecuteStatementInputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.ExecuteStatementInputTransformInput{ + SdkInput: *v, + }) + if err != nil { + return nil, err + } + *v = transformedRequest.TransformedInput + case *dynamodb.ExecuteTransactionInput: + ctx = middleware.WithStackValue(ctx, "originalInput", *v) + transformedRequest, err := m.client.ExecuteTransactionInputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.ExecuteTransactionInputTransformInput{ + SdkInput: *v, + }) + if err != nil { + return nil, err + } + *v = transformedRequest.TransformedInput + case *dynamodb.QueryInput: + ctx = middleware.WithStackValue(ctx, "originalInput", *v) + transformedRequest, err := m.client.QueryInputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.QueryInputTransformInput{ + SdkInput: *v, + }) + if err != nil { + return nil, err + } + *v = transformedRequest.TransformedInput + case *dynamodb.ScanInput: + ctx = middleware.WithStackValue(ctx, "originalInput", *v) + transformedRequest, err := m.client.ScanInputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.ScanInputTransformInput{ + SdkInput: *v, + }) + if err != nil { + return nil, err + } + *v = transformedRequest.TransformedInput + case *dynamodb.TransactGetItemsInput: + ctx = middleware.WithStackValue(ctx, "originalInput", *v) + transformedRequest, err := m.client.TransactGetItemsInputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.TransactGetItemsInputTransformInput{ + SdkInput: *v, + }) + if err != nil { + return nil, err + } + *v = transformedRequest.TransformedInput + case *dynamodb.TransactWriteItemsInput: + ctx = middleware.WithStackValue(ctx, "originalInput", *v) + transformedRequest, err := m.client.TransactWriteItemsInputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.TransactWriteItemsInputTransformInput{ + SdkInput: *v, + }) + if err != nil { + return nil, err + } + *v = transformedRequest.TransformedInput + case *dynamodb.UpdateItemInput: + ctx = middleware.WithStackValue(ctx, "originalInput", *v) + transformedRequest, err := m.client.UpdateItemInputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.UpdateItemInputTransformInput{ + SdkInput: *v, + }) + if err != nil { + return nil, err + } + *v = transformedRequest.TransformedInput + } + return ctx, nil +} + +// createResponseInterceptor creates and returns the middleware interceptor for responses +func (m DBEsdkMiddleware) createResponseInterceptor() middleware.FinalizeMiddleware { + return middleware.FinalizeMiddlewareFunc("ResponseInterceptor", func( + ctx context.Context, in middleware.FinalizeInput, next middleware.FinalizeHandler, + ) ( + out middleware.FinalizeOutput, metadata middleware.Metadata, err error, + ) { + // First let the request complete + result, metadata, err := next.HandleFinalize(ctx, in) + if err != nil { + return result, metadata, err + } + // Then intercept the response + m.handleResponseInterception(ctx, result.Result) + return result, metadata, err + }) +} + +// handleResponseInterception handles the interception logic after the DynamoDB operation +func (m DBEsdkMiddleware) handleResponseInterception(ctx context.Context, response interface{}) error { + switch v := response.(type) { + case *dynamodb.PutItemOutput: + transformedRequest, err := m.client.PutItemOutputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.PutItemOutputTransformInput{ + OriginalInput: middleware.GetStackValue(ctx, "originalInput").(dynamodb.PutItemInput), + SdkOutput: *v, + }) + if err != nil { + return err + } + *v = transformedRequest.TransformedOutput + case *dynamodb.GetItemOutput: + transformedRequest, err := m.client.GetItemOutputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.GetItemOutputTransformInput{ + OriginalInput: middleware.GetStackValue(ctx, "originalInput").(dynamodb.GetItemInput), + SdkOutput: *v, + }) + if err != nil { + return err + } + *v = transformedRequest.TransformedOutput + case *dynamodb.BatchGetItemOutput: + transformedRequest, err := m.client.BatchGetItemOutputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.BatchGetItemOutputTransformInput{ + OriginalInput: middleware.GetStackValue(ctx, "originalInput").(dynamodb.BatchGetItemInput), + SdkOutput: *v, + }) + if err != nil { + return err + } + *v = transformedRequest.TransformedOutput + case *dynamodb.BatchWriteItemOutput: + transformedRequest, err := m.client.BatchWriteItemOutputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.BatchWriteItemOutputTransformInput{ + OriginalInput: middleware.GetStackValue(ctx, "originalInput").(dynamodb.BatchWriteItemInput), + SdkOutput: *v, + }) + if err != nil { + return err + } + *v = transformedRequest.TransformedOutput + case *dynamodb.BatchExecuteStatementOutput: + transformedRequest, err := m.client.BatchExecuteStatementOutputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.BatchExecuteStatementOutputTransformInput{ + OriginalInput: middleware.GetStackValue(ctx, "originalInput").(dynamodb.BatchExecuteStatementInput), + SdkOutput: *v, + }) + if err != nil { + return err + } + *v = transformedRequest.TransformedOutput + case *dynamodb.DeleteItemOutput: + transformedRequest, err := m.client.DeleteItemOutputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.DeleteItemOutputTransformInput{ + OriginalInput: middleware.GetStackValue(ctx, "originalInput").(dynamodb.DeleteItemInput), + SdkOutput: *v, + }) + if err != nil { + return err + } + *v = transformedRequest.TransformedOutput + case *dynamodb.ExecuteStatementOutput: + transformedRequest, err := m.client.ExecuteStatementOutputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.ExecuteStatementOutputTransformInput{ + OriginalInput: middleware.GetStackValue(ctx, "originalInput").(dynamodb.ExecuteStatementInput), + SdkOutput: *v, + }) + if err != nil { + return err + } + *v = transformedRequest.TransformedOutput + case *dynamodb.ExecuteTransactionOutput: + transformedRequest, err := m.client.ExecuteTransactionOutputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.ExecuteTransactionOutputTransformInput{ + OriginalInput: middleware.GetStackValue(ctx, "originalInput").(dynamodb.ExecuteTransactionInput), + SdkOutput: *v, + }) + if err != nil { + return err + } + *v = transformedRequest.TransformedOutput + case *dynamodb.QueryOutput: + transformedRequest, err := m.client.QueryOutputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.QueryOutputTransformInput{ + OriginalInput: middleware.GetStackValue(ctx, "originalInput").(dynamodb.QueryInput), + SdkOutput: *v, + }) + if err != nil { + return err + } + *v = transformedRequest.TransformedOutput + case *dynamodb.ScanOutput: + transformedRequest, err := m.client.ScanOutputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.ScanOutputTransformInput{ + OriginalInput: middleware.GetStackValue(ctx, "originalInput").(dynamodb.ScanInput), + SdkOutput: *v, + }) + if err != nil { + return err + } + *v = transformedRequest.TransformedOutput + case *dynamodb.TransactGetItemsOutput: + transformedRequest, err := m.client.TransactGetItemsOutputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.TransactGetItemsOutputTransformInput{ + OriginalInput: middleware.GetStackValue(ctx, "originalInput").(dynamodb.TransactGetItemsInput), + SdkOutput: *v, + }) + if err != nil { + return err + } + *v = transformedRequest.TransformedOutput + case *dynamodb.TransactWriteItemsOutput: + transformedRequest, err := m.client.TransactWriteItemsOutputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.TransactWriteItemsOutputTransformInput{ + OriginalInput: middleware.GetStackValue(ctx, "originalInput").(dynamodb.TransactWriteItemsInput), + SdkOutput: *v, + }) + if err != nil { + return err + } + *v = transformedRequest.TransformedOutput + case *dynamodb.UpdateItemOutput: + transformedRequest, err := m.client.UpdateItemOutputTransform(context.TODO(), awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.UpdateItemOutputTransformInput{ + OriginalInput: middleware.GetStackValue(ctx, "originalInput").(dynamodb.UpdateItemInput), + SdkOutput: *v, + }) + if err != nil { + return err + } + *v = transformedRequest.TransformedOutput + } + return nil +} diff --git a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/go.mod b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/go.mod new file mode 100644 index 000000000..92b5de4db --- /dev/null +++ b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/go.mod @@ -0,0 +1,41 @@ +module github.com/aws/aws-database-encryption-sdk-dynamodb + +go 1.23.2 + +replace ( + github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb => ../../../../submodules/MaterialProviders/ComAmazonawsDynamodb/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms => ../../../../submodules/MaterialProviders/ComAmazonawsKms/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl => ../../../../submodules/MaterialProviders/AwsCryptographicMaterialProviders/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives => ../../../../submodules/MaterialProviders/AwsCryptographyPrimitives/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library => ../../../../submodules/MaterialProviders/StandardLibrary/runtimes/go/ImplementationFromDafny-go/ +) + +require ( + github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb v0.0.0 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms v0.0.0 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl v0.0.0 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives v0.0.0 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library v0.1.0 + github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.2 + github.com/aws/smithy-go v1.22.1 + github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2 +) + +require ( + github.com/aws/aws-sdk-go-v2 v1.32.8 // indirect + github.com/aws/aws-sdk-go-v2/config v1.28.10 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.51 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.8 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.8 // indirect + github.com/aws/aws-sdk-go-v2/service/kms v1.36.0 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.9 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.6 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect +) diff --git a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/go.sum b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/go.sum new file mode 100644 index 000000000..e1dec03ac --- /dev/null +++ b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/go.sum @@ -0,0 +1,48 @@ +github.com/aws/aws-sdk-go-v2 v1.32.8 h1:cZV+NUS/eGxKXMtmyhtYPJ7Z4YLoI/V8bkTdRZfYhGo= +github.com/aws/aws-sdk-go-v2 v1.32.8/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2/config v1.28.10 h1:fKODZHfqQu06pCzR69KJ3GuttraRJkhlC8g80RZ0Dfg= +github.com/aws/aws-sdk-go-v2/config v1.28.10/go.mod h1:PvdxRYZ5Um9QMq9PQ0zHHNdtKK+he2NHtFCUFMXWXeg= +github.com/aws/aws-sdk-go-v2/credentials v1.17.51 h1:F/9Sm6Y6k4LqDesZDPJCLxQGXNNHd/ZtJiWd0lCZKRk= +github.com/aws/aws-sdk-go-v2/credentials v1.17.51/go.mod h1:TKbzCHm43AoPyA+iLGGcruXd4AFhF8tOmLex2R9jWNQ= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23 h1:IBAoD/1d8A8/1aA8g4MBVtTRHhXRiNAgwdbo/xRM2DI= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23/go.mod h1:vfENuCM7dofkgKpYzuzf1VT1UKkA/YL3qanfBn7HCaA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27 h1:jSJjSBzw8VDIbWv+mmvBSP8ezsztMYJGH+eKqi9AmNs= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27/go.mod h1:/DAhLbFRgwhmvJdOfSm+WwikZrCuUJiA4WgJG0fTNSw= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27 h1:l+X4K77Dui85pIj5foXDhPlnqcNRG2QUyvca300lXh8= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27/go.mod h1:KvZXSFEXm6x84yE8qffKvT3x8J5clWnVFXphpohhzJ8= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.2 h1:XcdIh35yg1J8bAiUOLtL/PoPMSGsD72Zanwmim8jEXc= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.2/go.mod h1:516U/KQM3zdcahNBjHUZKGWNfNnIYyt7sxLeqOx78b0= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.8 h1:h56mLNgpqWIL7RZOIQO634Xr569bXGTlIE83t/a0LSE= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.8/go.mod h1:kK04550Xx95KI0sNmwoB7ciS9QkRwt9TojhoTMXyJdo= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.8 h1:cWno7lefSH6Pp+mSznagKCgfDGeZRin66UvYUqAkyeA= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.8/go.mod h1:tPD+VjU3ABTBoEJ3nctu5Nyg4P4yjqSH5bJGGkY4+XE= +github.com/aws/aws-sdk-go-v2/service/kms v1.36.0 h1:jwWMpQ/1obJRdHaix9k10zWSnSMZGdDTZIDiS5CGzq8= +github.com/aws/aws-sdk-go-v2/service/kms v1.36.0/go.mod h1:OHmlX4+o0XIlJAQGAHPIy0N9yZcYS/vNG+T7geSNcFw= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.9 h1:YqtxripbjWb2QLyzRK9pByfEDvgg95gpC2AyDq4hFE8= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.9/go.mod h1:lV8iQpg6OLOfBnqbGMBKYjilBlf633qwHnBEiMSPoHY= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8 h1:6dBT1Lz8fK11m22R+AqfRsFn8320K0T5DTGxxOQBSMw= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8/go.mod h1:/kiBvRQXBc6xeJTYzhSdGvJ5vm1tjaDEjH+MSeRJnlY= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.6 h1:VwhTrsTuVn52an4mXx29PqRzs2Dvu921NpGk7y43tAM= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.6/go.mod h1:+8h7PZb3yY5ftmVLD7ocEoE98hdc8PoKS0H3wfx1dlc= +github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= +github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2 h1:g/xAj4F7Zt9wXJ6QjfbfocVi/ZYlAFpNddHCFyfzRDg= +github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2/go.mod h1:l2Tm4N2DKuq3ljONC2vOATeM9PUpXbIc8SgXdwwqEto= +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/go.mod b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/go.mod new file mode 100644 index 000000000..fb1333db3 --- /dev/null +++ b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/go.mod @@ -0,0 +1,43 @@ +module github.com/aws/aws-database-encryption-sdk-dynamodb/test + +go 1.23.2 + +replace ( + github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb v0.0.0 => ../../../../submodules/MaterialProviders/ComAmazonawsDynamodb/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms v0.0.0 => ../../../../submodules/MaterialProviders/ComAmazonawsKms/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl v0.0.0 => ../../../../submodules/MaterialProviders/AwsCryptographicMaterialProviders/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives v0.0.0 => ../../../../submodules/MaterialProviders/AwsCryptographyPrimitives/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library => ../../../../submodules/MaterialProviders/StandardLibrary/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-database-encryption-sdk-dynamodb => ../ImplementationFromDafny-go +) + +require ( + github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb v0.1.0 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms v0.0.1 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl v0.1.0 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives v0.0.1 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library v0.1.0 + github.com/aws/aws-database-encryption-sdk-dynamodb v0.0.0 + github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.2 + github.com/aws/smithy-go v1.22.1 + github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2 +) + +require ( + github.com/aws/aws-sdk-go-v2 v1.32.8 // indirect + github.com/aws/aws-sdk-go-v2/config v1.28.10 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.51 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.8 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.8 // indirect + github.com/aws/aws-sdk-go-v2/service/kms v1.36.0 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.9 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.6 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect +) From 1a23e65172e616025d997421310402dbffa62f76 Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Wed, 12 Mar 2025 15:39:25 -0700 Subject: [PATCH 02/15] submodules --- submodules/MaterialProviders | 2 +- submodules/smithy-dafny | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/submodules/MaterialProviders b/submodules/MaterialProviders index 70e580991..6067d3e31 160000 --- a/submodules/MaterialProviders +++ b/submodules/MaterialProviders @@ -1 +1 @@ -Subproject commit 70e580991678387ce897a286c4f7f449aa616785 +Subproject commit 6067d3e31be5e4c973ae306627e6c381bb5fba48 diff --git a/submodules/smithy-dafny b/submodules/smithy-dafny index 186339f25..c246146a3 160000 --- a/submodules/smithy-dafny +++ b/submodules/smithy-dafny @@ -1 +1 @@ -Subproject commit 186339f258f9116a3c25cc781c747ab0e94e9dc6 +Subproject commit c246146a32b4e8255078698ce081fd824e42714c From 744e6ae1dc5099bdf40794b2650e5f96c59220aa Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Wed, 12 Mar 2025 15:41:12 -0700 Subject: [PATCH 03/15] Workflow --- .github/workflows/ci_test_go.yml | 117 +++++++++++++++++++++++++++++++ .github/workflows/push.yml | 110 +++++++++++++++-------------- 2 files changed, 175 insertions(+), 52 deletions(-) create mode 100644 .github/workflows/ci_test_go.yml diff --git a/.github/workflows/ci_test_go.yml b/.github/workflows/ci_test_go.yml new file mode 100644 index 000000000..eab1de3e3 --- /dev/null +++ b/.github/workflows/ci_test_go.yml @@ -0,0 +1,117 @@ +# This workflow performs tests in Go. +name: Library Go tests + +on: + workflow_call: + inputs: + dafny: + description: "The Dafny version to run" + required: true + type: string + regenerate-code: + description: "Regenerate code using smithy-dafny" + required: false + default: false + type: boolean + mpl-version: + description: "MPL version to use" + required: false + type: string + mpl-head: + description: "Running on MPL HEAD" + required: false + default: false + type: boolean + +jobs: + testGo: + strategy: + matrix: + library: [DynamoDbEncryption] + os: [ubuntu-22.04] + go-version: ["1.23"] + runs-on: ${{ matrix.os }} + permissions: + id-token: write + contents: read + steps: + - name: Support longpaths + run: | + git config --global core.longpaths true + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-DDBEC-Dafny-Role-us-west-2 + role-session-name: DDBEC-Dafny-Java-Tests + + - uses: actions/checkout@v3 + with: + submodules: recursive + + - name: Setup Dafny + uses: dafny-lang/setup-dafny-action@v1.8.0 + with: + dafny-version: ${{ inputs.dafny }} + + - name: Create temporary global.json + run: echo '{"sdk":{"rollForward":"latestFeature","version":"6.0.0"}}' > ./global.json + + - name: Setup Java 17 for codegen + uses: actions/setup-java@v3 + with: + distribution: "corretto" + java-version: "17" + + - name: Update MPL submodule if using MPL HEAD + if: ${{ inputs.mpl-head == true }} + working-directory: submodules/MaterialProviders + run: | + git checkout main + git pull + git submodule update --init --recursive + git rev-parse HEAD + + - name: Update project.properties if using MPL HEAD + if: ${{ inputs.mpl-head == true }} + run: | + sed "s/mplDependencyJavaVersion=.*/mplDependencyJavaVersion=${{inputs.mpl-version}}/g" project.properties > project.properties2; mv project.properties2 project.properties + + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ matrix.go-version }} + + - name: Install Go imports + run: | + go install golang.org/x/tools/cmd/goimports@latest + + - uses: actions/checkout@v3 + - name: Init Submodules + shell: bash + run: | + git submodule update --init --recursive submodules/smithy-dafny + git submodule update --init --recursive submodules/MaterialProviders + + - name: Install Smithy-Dafny codegen dependencies + uses: ./.github/actions/install_smithy_dafny_codegen_dependencies + + - name: Regenerate code using smithy-dafny + shell: bash + working-directory: ./${{ matrix.library }} + run: | + make polymorph_go + + - name: Build ${{ matrix.library }} implementation + shell: bash + working-directory: ./${{ matrix.library }} + run: | + # This works because `node` is installed by default on GHA runners + CORES=$(node -e 'console.log(os.cpus().length)') + make transpile_go CORES=$CORES + + - name: Test ${{ matrix.library }} + working-directory: ./${{ matrix.library }} + run: | + make test_go diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 9e49cf133..a6e1670c2 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -5,64 +5,70 @@ on: push: branches: - main + - Golang/* jobs: getVersion: uses: ./.github/workflows/dafny_version.yml getVerifyVersion: uses: ./.github/workflows/dafny_verify_version.yml - push-ci-format: + # push-ci-format: + # needs: getVersion + # uses: ./.github/workflows/library_format.yml + # with: + # dafny: ${{needs.getVersion.outputs.version}} + # push-ci-codegen: + # needs: getVersion + # uses: ./.github/workflows/ci_codegen.yml + # with: + # dafny: ${{needs.getVersion.outputs.version}} + # push-ci-verification: + # needs: getVerifyVersion + # uses: ./.github/workflows/library_dafny_verification.yml + # with: + # dafny: ${{needs.getVerifyVersion.outputs.version}} + # push-ci-test-vector-verification: + # needs: getVerifyVersion + # uses: ./.github/workflows/test_vector_verification.yml + # with: + # dafny: ${{needs.getVerifyVersion.outputs.version}} + # pr-ci-java: + # needs: getVersion + # uses: ./.github/workflows/ci_test_java.yml + # with: + # dafny: ${{needs.getVersion.outputs.version}} + # pr-ci-java-test-vectors: + # needs: getVersion + # uses: ./.github/workflows/ci_test_vector_java.yml + # with: + # dafny: ${{needs.getVersion.outputs.version}} + # pr-ci-java-examples: + # needs: getVersion + # uses: ./.github/workflows/ci_examples_java.yml + # with: + # dafny: ${{needs.getVersion.outputs.version}} + # pr-ci-net: + # needs: getVersion + # uses: ./.github/workflows/ci_test_net.yml + # with: + # dafny: ${{needs.getVersion.outputs.version}} + # pr-ci-rust: + # needs: getVersion + # uses: ./.github/workflows/library_rust_tests.yml + # with: + # dafny: ${{needs.getVersion.outputs.version}} + pr-ci-go: needs: getVersion - uses: ./.github/workflows/library_format.yml - with: - dafny: ${{needs.getVersion.outputs.version}} - push-ci-codegen: - needs: getVersion - uses: ./.github/workflows/ci_codegen.yml - with: - dafny: ${{needs.getVersion.outputs.version}} - push-ci-verification: - needs: getVerifyVersion - uses: ./.github/workflows/library_dafny_verification.yml - with: - dafny: ${{needs.getVerifyVersion.outputs.version}} - push-ci-test-vector-verification: - needs: getVerifyVersion - uses: ./.github/workflows/test_vector_verification.yml - with: - dafny: ${{needs.getVerifyVersion.outputs.version}} - pr-ci-java: - needs: getVersion - uses: ./.github/workflows/ci_test_java.yml - with: - dafny: ${{needs.getVersion.outputs.version}} - pr-ci-java-test-vectors: - needs: getVersion - uses: ./.github/workflows/ci_test_vector_java.yml - with: - dafny: ${{needs.getVersion.outputs.version}} - pr-ci-java-examples: - needs: getVersion - uses: ./.github/workflows/ci_examples_java.yml - with: - dafny: ${{needs.getVersion.outputs.version}} - pr-ci-net: - needs: getVersion - uses: ./.github/workflows/ci_test_net.yml - with: - dafny: ${{needs.getVersion.outputs.version}} - pr-ci-rust: - needs: getVersion - uses: ./.github/workflows/library_rust_tests.yml - with: - dafny: ${{needs.getVersion.outputs.version}} - pr-ci-net-test-vectors: - needs: getVersion - uses: ./.github/workflows/ci_test_vector_net.yml - with: - dafny: ${{needs.getVersion.outputs.version}} - pr-ci-net-examples: - needs: getVersion - uses: ./.github/workflows/ci_examples_net.yml + uses: ./.github/workflows/ci_test_go.yml with: dafny: ${{needs.getVersion.outputs.version}} + # pr-ci-net-test-vectors: + # needs: getVersion + # uses: ./.github/workflows/ci_test_vector_net.yml + # with: + # dafny: ${{needs.getVersion.outputs.version}} + # pr-ci-net-examples: + # needs: getVersion + # uses: ./.github/workflows/ci_examples_net.yml + # with: + # dafny: ${{needs.getVersion.outputs.version}} From 4507efd058d22c45592fa60550f21acc02c9eba4 Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Wed, 12 Mar 2025 15:52:48 -0700 Subject: [PATCH 04/15] Index.dfy --- DynamoDbEncryption/dafny/DynamoDbEncryption/src/Index.dfy | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/Index.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/Index.dfy index 8faa05326..d4dc6e5ff 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/Index.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/Index.dfy @@ -16,9 +16,8 @@ include "UpdateExpr.dfy" include "Util.dfy" include "Virtual.dfy" -module - {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny" } - DynamoDbEncryption refines AbstractAwsCryptographyDbEncryptionSdkDynamoDbService +module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny" } DynamoDbEncryption + refines AbstractAwsCryptographyDbEncryptionSdkDynamoDbService { import Operations = AwsCryptographyDbEncryptionSdkDynamoDbOperations From 71282196da7a7bd256e8b262975c7ad0862ecb72 Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Wed, 12 Mar 2025 16:02:20 -0700 Subject: [PATCH 05/15] Index.dfy --- DynamoDbEncryption/dafny/DynamoDbItemEncryptor/src/Index.dfy | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/DynamoDbEncryption/dafny/DynamoDbItemEncryptor/src/Index.dfy b/DynamoDbEncryption/dafny/DynamoDbItemEncryptor/src/Index.dfy index 1ee469bab..e6a6c53da 100644 --- a/DynamoDbEncryption/dafny/DynamoDbItemEncryptor/src/Index.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbItemEncryptor/src/Index.dfy @@ -4,9 +4,8 @@ include "AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations.dfy" include "Util.dfy" -module - {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.internaldafny" } - DynamoDbItemEncryptor refines AbstractAwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorService +module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.internaldafny" } DynamoDbItemEncryptor + refines AbstractAwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorService { import opened DynamoDbItemEncryptorUtil import StructuredEncryption From 083bed57cbe090f36c4b01c43e89a7ccbda51b11 Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Wed, 12 Mar 2025 16:03:19 -0700 Subject: [PATCH 06/15] Index.dfy --- .../dafny/DynamoDbEncryptionTransforms/src/Index.dfy | 9 +++------ .../dafny/StructuredEncryption/src/Index.dfy | 5 ++--- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/Index.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/Index.dfy index 77f3b7aab..d83fca373 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/Index.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/Index.dfy @@ -5,9 +5,8 @@ include "DdbMiddlewareConfig.dfy" include "AwsCryptographyDbEncryptionSdkDynamoDbTransformsOperations.dfy" include "../../DynamoDbEncryption/src/ConfigToInfo.dfy" -module - {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny" } - DynamoDbEncryptionTransforms refines AbstractAwsCryptographyDbEncryptionSdkDynamoDbTransformsService +module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny" } DynamoDbEncryptionTransforms + refines AbstractAwsCryptographyDbEncryptionSdkDynamoDbTransformsService { import opened DdbMiddlewareConfig import opened StandardLibrary @@ -130,7 +129,6 @@ module (if tableConfig.keyring.Some? then tableConfig.keyring.value.Modifies else {}) + (if tableConfig.cmm.Some? then tableConfig.cmm.value.Modifies else {}) + (if tableConfig.legacyOverride.Some? then tableConfig.legacyOverride.value.encryptor.Modifies else {}) - + (if tableConfig.search.Some? then tableConfig.search.value.versions[0].keyStore.Modifies else {}) ) :: o; @@ -151,11 +149,10 @@ module var tableName: string := tableNamesSeq[i]; var inputConfig := config.tableEncryptionConfigs[tableName]; - :- Need(inputConfig.logicalTableName !in allLogicalTableNames, E("Duplicate logical table mapped to multiple physical tables: " + inputConfig.logicalTableName)); + :- Need(inputConfig.logicalTableName !in allLogicalTableNames, E("Duplicate logical table maped to multipule physical tables: " + inputConfig.logicalTableName)); assert SearchConfigToInfo.ValidSearchConfig(inputConfig.search); SearchInModifies(config, tableName); - reveal SearchConfigToInfo.ValidSharedCache(); var searchR := SearchConfigToInfo.Convert(inputConfig); var search :- searchR.MapFailure(e => AwsCryptographyDbEncryptionSdkDynamoDb(e)); assert search.None? || search.value.ValidState(); diff --git a/DynamoDbEncryption/dafny/StructuredEncryption/src/Index.dfy b/DynamoDbEncryption/dafny/StructuredEncryption/src/Index.dfy index 19533014a..2279441ea 100644 --- a/DynamoDbEncryption/dafny/StructuredEncryption/src/Index.dfy +++ b/DynamoDbEncryption/dafny/StructuredEncryption/src/Index.dfy @@ -3,9 +3,8 @@ include "AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations.dfy" -module - {:extern "software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny" } - StructuredEncryption refines AbstractAwsCryptographyDbEncryptionSdkStructuredEncryptionService +module {:extern "software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny" } StructuredEncryption + refines AbstractAwsCryptographyDbEncryptionSdkStructuredEncryptionService { import Operations = AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations From 50ad62c6b6da2b6f5659d338ec6ac4b4c03c4f18 Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Wed, 12 Mar 2025 16:20:06 -0700 Subject: [PATCH 07/15] Not Go's TODO --- .github/workflows/ci_todos.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci_todos.yml b/.github/workflows/ci_todos.yml index 63a5622b7..1b34c9f00 100644 --- a/.github/workflows/ci_todos.yml +++ b/.github/workflows/ci_todos.yml @@ -17,7 +17,7 @@ jobs: shell: bash # TODOs may be committed as long as the same line contains a link to a Github Issue or refers to a CrypTool SIM. run: | - ALL_TODO_COUNT=$( { grep -r "TODO" . --exclude-dir=./releases --exclude-dir=./TestVectors/runtimes --exclude-dir=./submodules --exclude-dir=./.git --exclude=./.github/workflows/ci_todos.yml || true; } | wc -l) + ALL_TODO_COUNT=$( { grep -r "TODO" . -P "(? Date: Wed, 12 Mar 2025 16:23:03 -0700 Subject: [PATCH 08/15] Just run Go --- .github/workflows/pull.yml | 153 +++++++++++++++++++------------------ 1 file changed, 79 insertions(+), 74 deletions(-) diff --git a/.github/workflows/pull.yml b/.github/workflows/pull.yml index 3f237ee0d..9941a8713 100644 --- a/.github/workflows/pull.yml +++ b/.github/workflows/pull.yml @@ -9,80 +9,85 @@ jobs: uses: ./.github/workflows/dafny_version.yml getVerifyVersion: uses: ./.github/workflows/dafny_verify_version.yml - pr-ci-format: + # pr-ci-format: + # needs: getVersion + # uses: ./.github/workflows/library_format.yml + # with: + # dafny: ${{needs.getVersion.outputs.version}} + # pr-ci-codegen: + # needs: getVersion + # uses: ./.github/workflows/ci_codegen.yml + # with: + # dafny: ${{needs.getVersion.outputs.version}} + # pr-ci-verification: + # needs: getVerifyVersion + # uses: ./.github/workflows/library_dafny_verification.yml + # with: + # dafny: ${{needs.getVerifyVersion.outputs.version}} + # pr-ci-test-vector-verification: + # needs: getVerifyVersion + # uses: ./.github/workflows/test_vector_verification.yml + # with: + # dafny: ${{needs.getVerifyVersion.outputs.version}} + # pr-ci-java: + # needs: getVersion + # uses: ./.github/workflows/ci_test_java.yml + # with: + # dafny: ${{needs.getVersion.outputs.version}} + # pr-ci-java-test-vectors: + # needs: getVersion + # uses: ./.github/workflows/ci_test_vector_java.yml + # with: + # dafny: ${{needs.getVersion.outputs.version}} + # pr-ci-java-examples: + # needs: getVersion + # uses: ./.github/workflows/ci_examples_java.yml + # with: + # dafny: ${{needs.getVersion.outputs.version}} + # pr-ci-net: + # needs: getVersion + # uses: ./.github/workflows/ci_test_net.yml + # with: + # dafny: ${{needs.getVersion.outputs.version}} + # pr-ci-rust: + # needs: getVersion + # uses: ./.github/workflows/library_rust_tests.yml + # with: + # dafny: ${{needs.getVersion.outputs.version}} + pr-ci-go: needs: getVersion - uses: ./.github/workflows/library_format.yml + uses: ./.github/workflows/ci_test_go.yml with: dafny: ${{needs.getVersion.outputs.version}} - pr-ci-codegen: - needs: getVersion - uses: ./.github/workflows/ci_codegen.yml - with: - dafny: ${{needs.getVersion.outputs.version}} - pr-ci-verification: - needs: getVerifyVersion - uses: ./.github/workflows/library_dafny_verification.yml - with: - dafny: ${{needs.getVerifyVersion.outputs.version}} - pr-ci-test-vector-verification: - needs: getVerifyVersion - uses: ./.github/workflows/test_vector_verification.yml - with: - dafny: ${{needs.getVerifyVersion.outputs.version}} - pr-ci-java: - needs: getVersion - uses: ./.github/workflows/ci_test_java.yml - with: - dafny: ${{needs.getVersion.outputs.version}} - pr-ci-java-test-vectors: - needs: getVersion - uses: ./.github/workflows/ci_test_vector_java.yml - with: - dafny: ${{needs.getVersion.outputs.version}} - pr-ci-java-examples: - needs: getVersion - uses: ./.github/workflows/ci_examples_java.yml - with: - dafny: ${{needs.getVersion.outputs.version}} - pr-ci-net: - needs: getVersion - uses: ./.github/workflows/ci_test_net.yml - with: - dafny: ${{needs.getVersion.outputs.version}} - pr-ci-rust: - needs: getVersion - uses: ./.github/workflows/library_rust_tests.yml - with: - dafny: ${{needs.getVersion.outputs.version}} - pr-ci-net-test-vectors: - needs: getVersion - uses: ./.github/workflows/ci_test_vector_net.yml - with: - dafny: ${{needs.getVersion.outputs.version}} - pr-ci-net-examples: - needs: getVersion - uses: ./.github/workflows/ci_examples_net.yml - with: - dafny: ${{needs.getVersion.outputs.version}} - pr-ci-all-required: - if: always() - needs: - - getVersion - - getVerifyVersion - - pr-ci-format - - pr-ci-codegen - - pr-ci-verification - - pr-ci-test-vector-verification - - pr-ci-java - - pr-ci-java-test-vectors - - pr-ci-java-examples - - pr-ci-net - - pr-ci-rust - - pr-ci-net-test-vectors - - pr-ci-net-examples - runs-on: ubuntu-22.04 - steps: - - name: Verify all required jobs passed - uses: re-actors/alls-green@release/v1 - with: - jobs: ${{ toJSON(needs) }} + # pr-ci-net-test-vectors: + # needs: getVersion + # uses: ./.github/workflows/ci_test_vector_net.yml + # with: + # dafny: ${{needs.getVersion.outputs.version}} + # pr-ci-net-examples: + # needs: getVersion + # uses: ./.github/workflows/ci_examples_net.yml + # with: + # dafny: ${{needs.getVersion.outputs.version}} + # pr-ci-all-required: + # if: always() + # needs: + # - getVersion + # - getVerifyVersion + # - pr-ci-format + # - pr-ci-codegen + # - pr-ci-verification + # - pr-ci-test-vector-verification + # - pr-ci-java + # - pr-ci-java-test-vectors + # - pr-ci-java-examples + # - pr-ci-net + # - pr-ci-rust + # - pr-ci-net-test-vectors + # - pr-ci-net-examples + # runs-on: ubuntu-22.04 + # steps: + # - name: Verify all required jobs passed + # uses: re-actors/alls-green@release/v1 + # with: + # jobs: ${{ toJSON(needs) }} From 07c1492c21c8e7f91afa353690fed6b7d2e45543 Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Wed, 12 Mar 2025 16:23:36 -0700 Subject: [PATCH 09/15] Revert push ci changes --- .github/workflows/push.yml | 110 ++++++++++++++++++------------------- 1 file changed, 52 insertions(+), 58 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index a6e1670c2..9e49cf133 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -5,70 +5,64 @@ on: push: branches: - main - - Golang/* jobs: getVersion: uses: ./.github/workflows/dafny_version.yml getVerifyVersion: uses: ./.github/workflows/dafny_verify_version.yml - # push-ci-format: - # needs: getVersion - # uses: ./.github/workflows/library_format.yml - # with: - # dafny: ${{needs.getVersion.outputs.version}} - # push-ci-codegen: - # needs: getVersion - # uses: ./.github/workflows/ci_codegen.yml - # with: - # dafny: ${{needs.getVersion.outputs.version}} - # push-ci-verification: - # needs: getVerifyVersion - # uses: ./.github/workflows/library_dafny_verification.yml - # with: - # dafny: ${{needs.getVerifyVersion.outputs.version}} - # push-ci-test-vector-verification: - # needs: getVerifyVersion - # uses: ./.github/workflows/test_vector_verification.yml - # with: - # dafny: ${{needs.getVerifyVersion.outputs.version}} - # pr-ci-java: - # needs: getVersion - # uses: ./.github/workflows/ci_test_java.yml - # with: - # dafny: ${{needs.getVersion.outputs.version}} - # pr-ci-java-test-vectors: - # needs: getVersion - # uses: ./.github/workflows/ci_test_vector_java.yml - # with: - # dafny: ${{needs.getVersion.outputs.version}} - # pr-ci-java-examples: - # needs: getVersion - # uses: ./.github/workflows/ci_examples_java.yml - # with: - # dafny: ${{needs.getVersion.outputs.version}} - # pr-ci-net: - # needs: getVersion - # uses: ./.github/workflows/ci_test_net.yml - # with: - # dafny: ${{needs.getVersion.outputs.version}} - # pr-ci-rust: - # needs: getVersion - # uses: ./.github/workflows/library_rust_tests.yml - # with: - # dafny: ${{needs.getVersion.outputs.version}} - pr-ci-go: + push-ci-format: needs: getVersion - uses: ./.github/workflows/ci_test_go.yml + uses: ./.github/workflows/library_format.yml + with: + dafny: ${{needs.getVersion.outputs.version}} + push-ci-codegen: + needs: getVersion + uses: ./.github/workflows/ci_codegen.yml + with: + dafny: ${{needs.getVersion.outputs.version}} + push-ci-verification: + needs: getVerifyVersion + uses: ./.github/workflows/library_dafny_verification.yml + with: + dafny: ${{needs.getVerifyVersion.outputs.version}} + push-ci-test-vector-verification: + needs: getVerifyVersion + uses: ./.github/workflows/test_vector_verification.yml + with: + dafny: ${{needs.getVerifyVersion.outputs.version}} + pr-ci-java: + needs: getVersion + uses: ./.github/workflows/ci_test_java.yml + with: + dafny: ${{needs.getVersion.outputs.version}} + pr-ci-java-test-vectors: + needs: getVersion + uses: ./.github/workflows/ci_test_vector_java.yml + with: + dafny: ${{needs.getVersion.outputs.version}} + pr-ci-java-examples: + needs: getVersion + uses: ./.github/workflows/ci_examples_java.yml + with: + dafny: ${{needs.getVersion.outputs.version}} + pr-ci-net: + needs: getVersion + uses: ./.github/workflows/ci_test_net.yml + with: + dafny: ${{needs.getVersion.outputs.version}} + pr-ci-rust: + needs: getVersion + uses: ./.github/workflows/library_rust_tests.yml + with: + dafny: ${{needs.getVersion.outputs.version}} + pr-ci-net-test-vectors: + needs: getVersion + uses: ./.github/workflows/ci_test_vector_net.yml + with: + dafny: ${{needs.getVersion.outputs.version}} + pr-ci-net-examples: + needs: getVersion + uses: ./.github/workflows/ci_examples_net.yml with: dafny: ${{needs.getVersion.outputs.version}} - # pr-ci-net-test-vectors: - # needs: getVersion - # uses: ./.github/workflows/ci_test_vector_net.yml - # with: - # dafny: ${{needs.getVersion.outputs.version}} - # pr-ci-net-examples: - # needs: getVersion - # uses: ./.github/workflows/ci_examples_net.yml - # with: - # dafny: ${{needs.getVersion.outputs.version}} From 8cb3e4f4c1b347c340183abb161236090c529002 Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Wed, 12 Mar 2025 16:29:42 -0700 Subject: [PATCH 10/15] auto commit --- .github/workflows/ci_todos.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci_todos.yml b/.github/workflows/ci_todos.yml index 1b34c9f00..430023ff8 100644 --- a/.github/workflows/ci_todos.yml +++ b/.github/workflows/ci_todos.yml @@ -17,8 +17,8 @@ jobs: shell: bash # TODOs may be committed as long as the same line contains a link to a Github Issue or refers to a CrypTool SIM. run: | - ALL_TODO_COUNT=$( { grep -r "TODO" . -P "(? Date: Wed, 12 Mar 2025 16:30:37 -0700 Subject: [PATCH 11/15] Add TODO in workflow --- .github/workflows/pull.yml | 1 + .github/workflows/push.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/pull.yml b/.github/workflows/pull.yml index 9941a8713..be78c655c 100644 --- a/.github/workflows/pull.yml +++ b/.github/workflows/pull.yml @@ -1,4 +1,5 @@ # This workflow runs for every pull request +# TODO: CI for Go name: PR CI on: diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 9e49cf133..87e339c11 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -1,4 +1,5 @@ # This workflow runs for every push to main +# TODO: CI for Go name: Push CI on: From d330d63ecce236ea96eb628a36ef10a023c4ed00 Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Wed, 12 Mar 2025 16:32:48 -0700 Subject: [PATCH 12/15] auto commit --- DynamoDbEncryption/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/DynamoDbEncryption/Makefile b/DynamoDbEncryption/Makefile index d0b35f925..ef50a1295 100644 --- a/DynamoDbEncryption/Makefile +++ b/DynamoDbEncryption/Makefile @@ -102,6 +102,8 @@ SERVICE_DEPS_DynamoDbEncryptionTransforms := \ DynamoDbEncryption/dafny/DynamoDbItemEncryptor # Go +# TODO: Define the name later +# This will probably get changes to */releases/go/* but I will bring this to the team later. GO_MODULE_NAME="github.com/aws/aws-database-encryption-sdk-dynamodb" GO_DEPENDENCY_MODULE_NAMES := \ From 6f57ad4354f5dc9e8aec4b5af49db52b4a7f38db Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Thu, 13 Mar 2025 09:41:37 -0700 Subject: [PATCH 13/15] go mods --- .../runtimes/go/TestsFromDafny-go/go.mod | 2 +- .../runtimes/go/TestsFromDafny-go/go.sum | 56 +++++++++++++++++++ 2 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 DynamoDbEncryption/runtimes/go/TestsFromDafny-go/go.sum diff --git a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/go.mod b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/go.mod index fb1333db3..f00dd3905 100644 --- a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/go.mod +++ b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/go.mod @@ -13,7 +13,6 @@ replace ( require ( github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb v0.1.0 - github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms v0.0.1 github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl v0.1.0 github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives v0.0.1 github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library v0.1.0 @@ -24,6 +23,7 @@ require ( ) require ( + github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms v0.0.1 // indirect github.com/aws/aws-sdk-go-v2 v1.32.8 // indirect github.com/aws/aws-sdk-go-v2/config v1.28.10 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.17.51 // indirect diff --git a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/go.sum b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/go.sum new file mode 100644 index 000000000..ab437b3f2 --- /dev/null +++ b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/go.sum @@ -0,0 +1,56 @@ +github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb v0.1.0 h1:IG/0PJjc5lIgy4J+eiFK05hzCGRTDVEfgHNn0YhNUqk= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb v0.1.0/go.mod h1:8mHZUqK00Oga2z7H6Kp8LZGkEBKSWUUT/nkeoIR8GiM= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms v0.0.1 h1:jvMM4fgVZ116L8VPfdEa3GxJiU7ic/krHCAIyeIcPJY= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms v0.0.1/go.mod h1:6QCmXRQJNf1XId129cnFqpWK9DHamyyqmC7GKxHmcEE= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl v0.1.0 h1:Xop0OVxbrkbcGZnyy/QbNduzZxvij34IStEYowN8IlA= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl v0.1.0/go.mod h1:+QLHsXYeIZqA4WDjQBXNDm5r5T3zyIxE0q/k2l76apc= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives v0.0.1 h1:Iy8Va/0Aa43JQkzGKlTjOvBlecTyZCIOg1JqRRyWH9g= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives v0.0.1/go.mod h1:aPCFt/cDDuUlg6aWLSTPW6ZPqivNt3pNzDWCsBFRQtE= +github.com/aws/aws-sdk-go-v2 v1.32.8 h1:cZV+NUS/eGxKXMtmyhtYPJ7Z4YLoI/V8bkTdRZfYhGo= +github.com/aws/aws-sdk-go-v2 v1.32.8/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2/config v1.28.10 h1:fKODZHfqQu06pCzR69KJ3GuttraRJkhlC8g80RZ0Dfg= +github.com/aws/aws-sdk-go-v2/config v1.28.10/go.mod h1:PvdxRYZ5Um9QMq9PQ0zHHNdtKK+he2NHtFCUFMXWXeg= +github.com/aws/aws-sdk-go-v2/credentials v1.17.51 h1:F/9Sm6Y6k4LqDesZDPJCLxQGXNNHd/ZtJiWd0lCZKRk= +github.com/aws/aws-sdk-go-v2/credentials v1.17.51/go.mod h1:TKbzCHm43AoPyA+iLGGcruXd4AFhF8tOmLex2R9jWNQ= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23 h1:IBAoD/1d8A8/1aA8g4MBVtTRHhXRiNAgwdbo/xRM2DI= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23/go.mod h1:vfENuCM7dofkgKpYzuzf1VT1UKkA/YL3qanfBn7HCaA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27 h1:jSJjSBzw8VDIbWv+mmvBSP8ezsztMYJGH+eKqi9AmNs= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27/go.mod h1:/DAhLbFRgwhmvJdOfSm+WwikZrCuUJiA4WgJG0fTNSw= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27 h1:l+X4K77Dui85pIj5foXDhPlnqcNRG2QUyvca300lXh8= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27/go.mod h1:KvZXSFEXm6x84yE8qffKvT3x8J5clWnVFXphpohhzJ8= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.2 h1:XcdIh35yg1J8bAiUOLtL/PoPMSGsD72Zanwmim8jEXc= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.2/go.mod h1:516U/KQM3zdcahNBjHUZKGWNfNnIYyt7sxLeqOx78b0= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.8 h1:h56mLNgpqWIL7RZOIQO634Xr569bXGTlIE83t/a0LSE= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.8/go.mod h1:kK04550Xx95KI0sNmwoB7ciS9QkRwt9TojhoTMXyJdo= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.8 h1:cWno7lefSH6Pp+mSznagKCgfDGeZRin66UvYUqAkyeA= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.8/go.mod h1:tPD+VjU3ABTBoEJ3nctu5Nyg4P4yjqSH5bJGGkY4+XE= +github.com/aws/aws-sdk-go-v2/service/kms v1.36.0 h1:jwWMpQ/1obJRdHaix9k10zWSnSMZGdDTZIDiS5CGzq8= +github.com/aws/aws-sdk-go-v2/service/kms v1.36.0/go.mod h1:OHmlX4+o0XIlJAQGAHPIy0N9yZcYS/vNG+T7geSNcFw= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.9 h1:YqtxripbjWb2QLyzRK9pByfEDvgg95gpC2AyDq4hFE8= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.9/go.mod h1:lV8iQpg6OLOfBnqbGMBKYjilBlf633qwHnBEiMSPoHY= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8 h1:6dBT1Lz8fK11m22R+AqfRsFn8320K0T5DTGxxOQBSMw= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8/go.mod h1:/kiBvRQXBc6xeJTYzhSdGvJ5vm1tjaDEjH+MSeRJnlY= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.6 h1:VwhTrsTuVn52an4mXx29PqRzs2Dvu921NpGk7y43tAM= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.6/go.mod h1:+8h7PZb3yY5ftmVLD7ocEoE98hdc8PoKS0H3wfx1dlc= +github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= +github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2 h1:g/xAj4F7Zt9wXJ6QjfbfocVi/ZYlAFpNddHCFyfzRDg= +github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2/go.mod h1:l2Tm4N2DKuq3ljONC2vOATeM9PUpXbIc8SgXdwwqEto= +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= From 7b8699fda5cd5018fa473dd22f235ab7023171d5 Mon Sep 17 00:00:00 2001 From: Rishav karanjit Date: Mon, 17 Mar 2025 10:31:10 -0700 Subject: [PATCH 14/15] chore(Go): Add interop test with CI (#1721) --- .github/workflows/ci_test_go.yml | 32 +++++++--- TestVectors/Makefile | 53 ++++++++++++++++ TestVectors/dafny/DDBEncryption/src/Index.dfy | 4 +- .../CreateInterceptedDDBClient/extern.go | 61 +++++++++++++++++++ .../go/ImplementationFromDafny-go/go.mod | 45 ++++++++++++++ .../go/ImplementationFromDafny-go/go.sum | 48 +++++++++++++++ .../runtimes/go/TestsFromDafny-go/go.mod | 47 ++++++++++++++ .../runtimes/go/TestsFromDafny-go/go.sum | 48 +++++++++++++++ submodules/MaterialProviders | 2 +- submodules/smithy-dafny | 2 +- 10 files changed, 331 insertions(+), 11 deletions(-) create mode 100644 TestVectors/runtimes/go/ImplementationFromDafny-go/CreateInterceptedDDBClient/extern.go create mode 100644 TestVectors/runtimes/go/ImplementationFromDafny-go/go.mod create mode 100644 TestVectors/runtimes/go/ImplementationFromDafny-go/go.sum create mode 100644 TestVectors/runtimes/go/TestsFromDafny-go/go.mod create mode 100644 TestVectors/runtimes/go/TestsFromDafny-go/go.sum diff --git a/.github/workflows/ci_test_go.yml b/.github/workflows/ci_test_go.yml index eab1de3e3..683720c2e 100644 --- a/.github/workflows/ci_test_go.yml +++ b/.github/workflows/ci_test_go.yml @@ -27,7 +27,7 @@ jobs: testGo: strategy: matrix: - library: [DynamoDbEncryption] + library: [DynamoDbEncryption, TestVectors] os: [ubuntu-22.04] go-version: ["1.23"] runs-on: ${{ matrix.os }} @@ -35,6 +35,17 @@ jobs: id-token: write contents: read steps: + - name: Setup Docker + if: matrix.os == 'macos-13' && matrix.library == 'TestVectors' + uses: douglascamata/setup-docker-macos-action@v1-alpha + + - name: Setup DynamoDB Local + if: matrix.library == 'TestVectors' + uses: rrainn/dynamodb-action@v4.0.0 + with: + port: 8000 + cors: "*" + - name: Support longpaths run: | git config --global core.longpaths true @@ -97,12 +108,6 @@ jobs: - name: Install Smithy-Dafny codegen dependencies uses: ./.github/actions/install_smithy_dafny_codegen_dependencies - - name: Regenerate code using smithy-dafny - shell: bash - working-directory: ./${{ matrix.library }} - run: | - make polymorph_go - - name: Build ${{ matrix.library }} implementation shell: bash working-directory: ./${{ matrix.library }} @@ -111,6 +116,19 @@ jobs: CORES=$(node -e 'console.log(os.cpus().length)') make transpile_go CORES=$CORES + - name: Regenerate code using smithy-dafny + shell: bash + working-directory: ./${{ matrix.library }} + run: | + make polymorph_go + + - name: Copy ${{ matrix.library }} Vector Files + if: ${{ matrix.library == 'TestVectors' }} + shell: bash + working-directory: ./${{ matrix.library }} + run: | + cp runtimes/java/*.json runtimes/go/TestsFromDafny-go/ + - name: Test ${{ matrix.library }} working-directory: ./${{ matrix.library }} run: | diff --git a/TestVectors/Makefile b/TestVectors/Makefile index 467c1947e..8934f5793 100644 --- a/TestVectors/Makefile +++ b/TestVectors/Makefile @@ -2,6 +2,7 @@ # SPDX-License-Identifier: Apache-2.0 CORES=2 +ENABLE_EXTERN_PROCESSING=1 TRANSPILE_TESTS_IN_RUST=1 include ../SharedMakefile.mk @@ -90,3 +91,55 @@ transpile_implementation_rust: _remove_wrapped_client_rust _remove_wrapped_client_rust: $(MAKE) _sed_file SED_FILE_PATH="runtimes/rust/src/deps/aws_cryptography_materialProviders.rs" \ SED_BEFORE_STRING=' \#\[cfg(feature = "wrapped-client")\]' SED_AFTER_STRING='\/\/ Removed cfg(feature = "wrapped-client")' + +# Go +GO_MODULE_NAME="github.com/aws/aws-database-encryption-sdk-dynamodb/testvectors" + +GO_DEPENDENCY_MODULE_NAMES := \ + --dependency-library-name=aws.cryptography.primitives=github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives \ + --dependency-library-name=com.amazonaws.kms=github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms \ + --dependency-library-name=com.amazonaws.dynamodb=github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb \ + --dependency-library-name=aws.cryptography.materialProviders=github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl \ + --dependency-library-name=aws.cryptography.keyStore=github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl \ + --dependency-library-name=sdk.com.amazonaws.dynamodb=github.com/aws/aws-sdk-go-v2/service/dynamodb \ + --dependency-library-name=sdk.com.amazonaws.kms=github.com/aws/aws-sdk-go-v2/service/kms \ + --dependency-library-name=aws.cryptography.dbEncryptionSdk.structuredEncryption=github.com/aws/aws-database-encryption-sdk-dynamodb \ + --dependency-library-name=aws.cryptography.dbEncryptionSdk.dynamoDb=github.com/aws/aws-database-encryption-sdk-dynamodb \ + --dependency-library-name=aws.cryptography.dbEncryptionSdk.dynamoDb.itemEncryptor=github.com/aws/aws-database-encryption-sdk-dynamodb \ + --dependency-library-name=aws.cryptography.dbEncryptionSdk.dynamoDb.transforms=github.com/aws/aws-database-encryption-sdk-dynamodb + +TRANSLATION_RECORD_GO := \ + DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/ImplementationFromDafny-go.dtr \ + submodules/MaterialProviders/StandardLibrary/runtimes/go/ImplementationFromDafny-go/ImplementationFromDafny-go.dtr \ + submodules/MaterialProviders/ComAmazonawsKms/runtimes/go/ImplementationFromDafny-go/ImplementationFromDafny-go.dtr \ + submodules/MaterialProviders/ComAmazonawsDynamodb/runtimes/go/ImplementationFromDafny-go/ImplementationFromDafny-go.dtr \ + submodules/MaterialProviders/AwsCryptographyPrimitives/runtimes/go/ImplementationFromDafny-go/ImplementationFromDafny-go.dtr \ + submodules/MaterialProviders/AwsCryptographicMaterialProviders/runtimes/go/ImplementationFromDafny-go/ImplementationFromDafny-go.dtr \ + submodules/MaterialProviders/TestVectorsAwsCryptographicMaterialProviders/runtimes/go/ImplementationFromDafny-go/ImplementationFromDafny-go.dtr + +# Constants for languages that drop extern names (Python, Go) + +INDEX_FILE_PATH=dafny/DDBEncryption/src/LibraryIndex.dfy +INDEX_FILE_WITH_EXTERN_STRING="module {:extern \"software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.wrapped\"} WrappedDynamoDbEncryption refines WrappedAbstractAwsCryptographyDynamoDbEncryptionService" +INDEX_FILE_WITHOUT_EXTERN_STRING="module WrappedDynamoDbEncryption refines WrappedAbstractAwsCryptographyDynamoDbEncryptionService" + +_sed_types_file_remove_extern: + echo "no types file" + +_sed_types_file_add_extern: + echo "no types file" + +_polymorph_go: purge_polymorph_code + +# Smithy-dafny generated shim needs a long term fix. +# TODO: Remove this commands once smithy-dafny is fixed +# This commands does not work on windows +# https://taskei.amazon.dev/tasks/CrypTool-5283 +purge_polymorph_code: + find .. -name "shim.go" | xargs sed -i $(SED_PARAMETER) 's/(_static \*CompanionStruct_Default___)//g' + rm -rf runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated \ + runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes \ + runtimes/go/ImplementationFromDafny-go/WrappedAwsCryptographyDbEncryptionSdkDynamoDbService \ + runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated \ + runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes \ + runtimes/go/TestsFromDafny-go/WrappedAwsCryptographyDbEncryptionSdkDynamoDbService diff --git a/TestVectors/dafny/DDBEncryption/src/Index.dfy b/TestVectors/dafny/DDBEncryption/src/Index.dfy index 77e49e3db..ba536836a 100644 --- a/TestVectors/dafny/DDBEncryption/src/Index.dfy +++ b/TestVectors/dafny/DDBEncryption/src/Index.dfy @@ -17,8 +17,8 @@ module WrappedDDBEncryptionMain { import KeyVectors import KeyVectorsTypes = AwsCryptographyMaterialProvidersTestVectorKeysTypes - - const DEFAULT_KEYS : string := "../../../submodules/MaterialProviders/TestVectorsAwsCryptographicMaterialProviders/dafny/TestVectorsAwsCryptographicMaterialProviders/test/keys.json" + // TODO: Add extern for DEFAULT_KEYS + const DEFAULT_KEYS : string := "../../../../submodules/MaterialProviders/TestVectorsAwsCryptographicMaterialProviders/dafny/TestVectorsAwsCryptographicMaterialProviders/test/keys.json" method AddJson(prev : TestVectorConfig, file : string, keyVectors: KeyVectors.KeyVectorsClient) returns (output : Result) diff --git a/TestVectors/runtimes/go/ImplementationFromDafny-go/CreateInterceptedDDBClient/extern.go b/TestVectors/runtimes/go/ImplementationFromDafny-go/CreateInterceptedDDBClient/extern.go new file mode 100644 index 000000000..f2bea8ce6 --- /dev/null +++ b/TestVectors/runtimes/go/ImplementationFromDafny-go/CreateInterceptedDDBClient/extern.go @@ -0,0 +1,61 @@ +package CreateInterceptedDDBClient + +import ( + "context" + "net/url" + + "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/DynamoDBwrapped" + "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + "github.com/aws/aws-database-encryption-sdk-dynamodb/AwsCryptographyDbEncryptionSdkDynamoDbTypes" + "github.com/aws/aws-database-encryption-sdk-dynamodb/awscryptographydbencryptionsdkdynamodbsmithygenerated" + "github.com/aws/aws-database-encryption-sdk-dynamodb/dbesdkmiddleware" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/dynamodb" + smithyendpoints "github.com/aws/smithy-go/endpoints" +) + +type resolverV2 struct { +} + +func (*resolverV2) ResolveEndpoint(ctx context.Context, params dynamodb.EndpointParameters) ( + smithyendpoints.Endpoint, error, +) { + u, err := url.Parse("http://localhost:8000") + if err != nil { + return smithyendpoints.Endpoint{}, err + } + return smithyendpoints.Endpoint{ + URI: *u, + }, nil +} + +func CreateVanillaDDBClient() Wrappers.Result { + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + ddbClient := dynamodb.NewFromConfig(cfg, func(o *dynamodb.Options) { + o.EndpointResolverV2 = &resolverV2{} + }) + return Wrappers.Companion_Result_.Create_Success_(&DynamoDBwrapped.Shim{ + Client: ddbClient, + }) +} + +func CreateInterceptedDDBClient(ddbEncryptionConfig AwsCryptographyDbEncryptionSdkDynamoDbTypes.DynamoDbTablesEncryptionConfig) Wrappers.Result { + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + nativeConfig := awscryptographydbencryptionsdkdynamodbsmithygenerated.DynamoDbTablesEncryptionConfig_FromDafny(ddbEncryptionConfig) + dbEsdkMiddleware, err := dbesdkmiddleware.NewDBEsdkMiddleware(nativeConfig) + if err != nil { + panic(err) + } + ddbClient := dynamodb.NewFromConfig(cfg, dbEsdkMiddleware.CreateMiddleware(), func(o *dynamodb.Options) { + o.EndpointResolverV2 = &resolverV2{} + }) + return Wrappers.Companion_Result_.Create_Success_(&DynamoDBwrapped.Shim{ + Client: ddbClient, + }) +} diff --git a/TestVectors/runtimes/go/ImplementationFromDafny-go/go.mod b/TestVectors/runtimes/go/ImplementationFromDafny-go/go.mod new file mode 100644 index 000000000..6091faced --- /dev/null +++ b/TestVectors/runtimes/go/ImplementationFromDafny-go/go.mod @@ -0,0 +1,45 @@ +module github.com/aws/aws-database-encryption-sdk-dynamodb/testvectors + +go 1.23.2 + +replace ( + github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb => ../../../../submodules/MaterialProviders/ComAmazonawsDynamodb/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms => ../../../../submodules/MaterialProviders/ComAmazonawsKms/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl => ../../../../submodules/MaterialProviders/AwsCryptographicMaterialProviders/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives => ../../../../submodules/MaterialProviders/AwsCryptographyPrimitives/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library => ../../../../submodules/MaterialProviders/StandardLibrary/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-cryptographic-material-providers-library/testvectors => ../../../../submodules/MaterialProviders/TestVectorsAwsCryptographicMaterialProviders/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-database-encryption-sdk-dynamodb => ../../../../DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/ +) + +require ( + github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb v0.1.0 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms v0.0.1 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl v0.1.0 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives v0.0.1 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library v0.1.0 + github.com/aws/aws-cryptographic-material-providers-library/testvectors v0.0.0 + github.com/aws/aws-database-encryption-sdk-dynamodb v0.0.0 + github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2 +) + +require ( + github.com/aws/aws-sdk-go-v2 v1.32.8 // indirect + github.com/aws/aws-sdk-go-v2/config v1.28.10 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.51 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect + github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.8 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.8 // indirect + github.com/aws/aws-sdk-go-v2/service/kms v1.37.10 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.9 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.6 // indirect + github.com/aws/smithy-go v1.22.1 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect +) \ No newline at end of file diff --git a/TestVectors/runtimes/go/ImplementationFromDafny-go/go.sum b/TestVectors/runtimes/go/ImplementationFromDafny-go/go.sum new file mode 100644 index 000000000..0e726f608 --- /dev/null +++ b/TestVectors/runtimes/go/ImplementationFromDafny-go/go.sum @@ -0,0 +1,48 @@ +github.com/aws/aws-sdk-go-v2 v1.32.8 h1:cZV+NUS/eGxKXMtmyhtYPJ7Z4YLoI/V8bkTdRZfYhGo= +github.com/aws/aws-sdk-go-v2 v1.32.8/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2/config v1.28.10 h1:fKODZHfqQu06pCzR69KJ3GuttraRJkhlC8g80RZ0Dfg= +github.com/aws/aws-sdk-go-v2/config v1.28.10/go.mod h1:PvdxRYZ5Um9QMq9PQ0zHHNdtKK+he2NHtFCUFMXWXeg= +github.com/aws/aws-sdk-go-v2/credentials v1.17.51 h1:F/9Sm6Y6k4LqDesZDPJCLxQGXNNHd/ZtJiWd0lCZKRk= +github.com/aws/aws-sdk-go-v2/credentials v1.17.51/go.mod h1:TKbzCHm43AoPyA+iLGGcruXd4AFhF8tOmLex2R9jWNQ= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23 h1:IBAoD/1d8A8/1aA8g4MBVtTRHhXRiNAgwdbo/xRM2DI= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23/go.mod h1:vfENuCM7dofkgKpYzuzf1VT1UKkA/YL3qanfBn7HCaA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27 h1:jSJjSBzw8VDIbWv+mmvBSP8ezsztMYJGH+eKqi9AmNs= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27/go.mod h1:/DAhLbFRgwhmvJdOfSm+WwikZrCuUJiA4WgJG0fTNSw= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27 h1:l+X4K77Dui85pIj5foXDhPlnqcNRG2QUyvca300lXh8= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27/go.mod h1:KvZXSFEXm6x84yE8qffKvT3x8J5clWnVFXphpohhzJ8= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.2 h1:XcdIh35yg1J8bAiUOLtL/PoPMSGsD72Zanwmim8jEXc= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.2/go.mod h1:516U/KQM3zdcahNBjHUZKGWNfNnIYyt7sxLeqOx78b0= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.8 h1:h56mLNgpqWIL7RZOIQO634Xr569bXGTlIE83t/a0LSE= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.8/go.mod h1:kK04550Xx95KI0sNmwoB7ciS9QkRwt9TojhoTMXyJdo= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.8 h1:cWno7lefSH6Pp+mSznagKCgfDGeZRin66UvYUqAkyeA= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.8/go.mod h1:tPD+VjU3ABTBoEJ3nctu5Nyg4P4yjqSH5bJGGkY4+XE= +github.com/aws/aws-sdk-go-v2/service/kms v1.37.10 h1:nqYgJ+twjn6hrhTS97j3tlpNXrw4E9N2zQBgw2FAQMg= +github.com/aws/aws-sdk-go-v2/service/kms v1.37.10/go.mod h1:wHYtyttsH+A6d2MzXYl8cIf4O2Kw1Kg0qzromSX/wOs= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.9 h1:YqtxripbjWb2QLyzRK9pByfEDvgg95gpC2AyDq4hFE8= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.9/go.mod h1:lV8iQpg6OLOfBnqbGMBKYjilBlf633qwHnBEiMSPoHY= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8 h1:6dBT1Lz8fK11m22R+AqfRsFn8320K0T5DTGxxOQBSMw= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8/go.mod h1:/kiBvRQXBc6xeJTYzhSdGvJ5vm1tjaDEjH+MSeRJnlY= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.6 h1:VwhTrsTuVn52an4mXx29PqRzs2Dvu921NpGk7y43tAM= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.6/go.mod h1:+8h7PZb3yY5ftmVLD7ocEoE98hdc8PoKS0H3wfx1dlc= +github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= +github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2 h1:g/xAj4F7Zt9wXJ6QjfbfocVi/ZYlAFpNddHCFyfzRDg= +github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2/go.mod h1:l2Tm4N2DKuq3ljONC2vOATeM9PUpXbIc8SgXdwwqEto= +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/TestVectors/runtimes/go/TestsFromDafny-go/go.mod b/TestVectors/runtimes/go/TestsFromDafny-go/go.mod new file mode 100644 index 000000000..f59b0c482 --- /dev/null +++ b/TestVectors/runtimes/go/TestsFromDafny-go/go.mod @@ -0,0 +1,47 @@ +module github.com/aws/aws-database-encryption-sdk-dynamodb/testvectors/test + +go 1.23.2 + +replace ( + github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb => ../../../../submodules/MaterialProviders/ComAmazonawsDynamodb/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms => ../../../../submodules/MaterialProviders/ComAmazonawsKms/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl => ../../../../submodules/MaterialProviders/AwsCryptographicMaterialProviders/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives => ../../../../submodules/MaterialProviders/AwsCryptographyPrimitives/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library => ../../../../submodules/MaterialProviders/StandardLibrary/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-cryptographic-material-providers-library/testvectors => ../../../../submodules/MaterialProviders/TestVectorsAwsCryptographicMaterialProviders/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-database-encryption-sdk-dynamodb => ../../../../DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/ + github.com/aws/aws-database-encryption-sdk-dynamodb/testvectors => ../ImplementationFromDafny-go/ +) + +require ( + github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb v0.1.0 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms v0.0.1 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl v0.1.0 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives v0.0.1 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library v0.1.0 + github.com/aws/aws-cryptographic-material-providers-library/testvectors v0.0.0 + github.com/aws/aws-database-encryption-sdk-dynamodb v0.0.0 + github.com/aws/aws-database-encryption-sdk-dynamodb/testvectors v0.0.0 + github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2 +) + +require ( + github.com/aws/aws-sdk-go-v2 v1.32.8 // indirect + github.com/aws/aws-sdk-go-v2/config v1.28.10 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.51 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect + github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.8 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.8 // indirect + github.com/aws/aws-sdk-go-v2/service/kms v1.37.10 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.9 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.6 // indirect + github.com/aws/smithy-go v1.22.1 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect +) diff --git a/TestVectors/runtimes/go/TestsFromDafny-go/go.sum b/TestVectors/runtimes/go/TestsFromDafny-go/go.sum new file mode 100644 index 000000000..0e726f608 --- /dev/null +++ b/TestVectors/runtimes/go/TestsFromDafny-go/go.sum @@ -0,0 +1,48 @@ +github.com/aws/aws-sdk-go-v2 v1.32.8 h1:cZV+NUS/eGxKXMtmyhtYPJ7Z4YLoI/V8bkTdRZfYhGo= +github.com/aws/aws-sdk-go-v2 v1.32.8/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2/config v1.28.10 h1:fKODZHfqQu06pCzR69KJ3GuttraRJkhlC8g80RZ0Dfg= +github.com/aws/aws-sdk-go-v2/config v1.28.10/go.mod h1:PvdxRYZ5Um9QMq9PQ0zHHNdtKK+he2NHtFCUFMXWXeg= +github.com/aws/aws-sdk-go-v2/credentials v1.17.51 h1:F/9Sm6Y6k4LqDesZDPJCLxQGXNNHd/ZtJiWd0lCZKRk= +github.com/aws/aws-sdk-go-v2/credentials v1.17.51/go.mod h1:TKbzCHm43AoPyA+iLGGcruXd4AFhF8tOmLex2R9jWNQ= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23 h1:IBAoD/1d8A8/1aA8g4MBVtTRHhXRiNAgwdbo/xRM2DI= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23/go.mod h1:vfENuCM7dofkgKpYzuzf1VT1UKkA/YL3qanfBn7HCaA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27 h1:jSJjSBzw8VDIbWv+mmvBSP8ezsztMYJGH+eKqi9AmNs= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27/go.mod h1:/DAhLbFRgwhmvJdOfSm+WwikZrCuUJiA4WgJG0fTNSw= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27 h1:l+X4K77Dui85pIj5foXDhPlnqcNRG2QUyvca300lXh8= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27/go.mod h1:KvZXSFEXm6x84yE8qffKvT3x8J5clWnVFXphpohhzJ8= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.2 h1:XcdIh35yg1J8bAiUOLtL/PoPMSGsD72Zanwmim8jEXc= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.2/go.mod h1:516U/KQM3zdcahNBjHUZKGWNfNnIYyt7sxLeqOx78b0= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.8 h1:h56mLNgpqWIL7RZOIQO634Xr569bXGTlIE83t/a0LSE= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.8/go.mod h1:kK04550Xx95KI0sNmwoB7ciS9QkRwt9TojhoTMXyJdo= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.8 h1:cWno7lefSH6Pp+mSznagKCgfDGeZRin66UvYUqAkyeA= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.8/go.mod h1:tPD+VjU3ABTBoEJ3nctu5Nyg4P4yjqSH5bJGGkY4+XE= +github.com/aws/aws-sdk-go-v2/service/kms v1.37.10 h1:nqYgJ+twjn6hrhTS97j3tlpNXrw4E9N2zQBgw2FAQMg= +github.com/aws/aws-sdk-go-v2/service/kms v1.37.10/go.mod h1:wHYtyttsH+A6d2MzXYl8cIf4O2Kw1Kg0qzromSX/wOs= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.9 h1:YqtxripbjWb2QLyzRK9pByfEDvgg95gpC2AyDq4hFE8= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.9/go.mod h1:lV8iQpg6OLOfBnqbGMBKYjilBlf633qwHnBEiMSPoHY= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8 h1:6dBT1Lz8fK11m22R+AqfRsFn8320K0T5DTGxxOQBSMw= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8/go.mod h1:/kiBvRQXBc6xeJTYzhSdGvJ5vm1tjaDEjH+MSeRJnlY= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.6 h1:VwhTrsTuVn52an4mXx29PqRzs2Dvu921NpGk7y43tAM= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.6/go.mod h1:+8h7PZb3yY5ftmVLD7ocEoE98hdc8PoKS0H3wfx1dlc= +github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= +github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2 h1:g/xAj4F7Zt9wXJ6QjfbfocVi/ZYlAFpNddHCFyfzRDg= +github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2/go.mod h1:l2Tm4N2DKuq3ljONC2vOATeM9PUpXbIc8SgXdwwqEto= +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/submodules/MaterialProviders b/submodules/MaterialProviders index 6067d3e31..f5eb0c0f1 160000 --- a/submodules/MaterialProviders +++ b/submodules/MaterialProviders @@ -1 +1 @@ -Subproject commit 6067d3e31be5e4c973ae306627e6c381bb5fba48 +Subproject commit f5eb0c0f1a979b400fcc5e152a2f671cafc7fe11 diff --git a/submodules/smithy-dafny b/submodules/smithy-dafny index c246146a3..58dcf1e66 160000 --- a/submodules/smithy-dafny +++ b/submodules/smithy-dafny @@ -1 +1 @@ -Subproject commit c246146a32b4e8255078698ce081fd824e42714c +Subproject commit 58dcf1e66f1a115a92a8c3e8c6a2a5368a308b98 From 1f0b8f48781f8b9e7aab254485ea048d9b3feebd Mon Sep 17 00:00:00 2001 From: Rishav karanjit Date: Wed, 19 Mar 2025 09:56:48 -0700 Subject: [PATCH 15/15] chore(Go): Add KMS and raw AES keyring example with CI (#1726) --- .github/workflows/ci_test_go.yml | 6 + Examples/runtimes/go/go.mod | 46 ++++ Examples/runtimes/go/go.sum | 50 +++++ Examples/runtimes/go/keyring/awskmskeyring.go | 179 ++++++++++++++++ Examples/runtimes/go/keyring/rawaeskeyring.go | 197 ++++++++++++++++++ Examples/runtimes/go/main.go | 11 + Examples/runtimes/go/utils/exampleUtils.go | 31 +++ 7 files changed, 520 insertions(+) create mode 100644 Examples/runtimes/go/go.mod create mode 100644 Examples/runtimes/go/go.sum create mode 100644 Examples/runtimes/go/keyring/awskmskeyring.go create mode 100644 Examples/runtimes/go/keyring/rawaeskeyring.go create mode 100644 Examples/runtimes/go/main.go create mode 100644 Examples/runtimes/go/utils/exampleUtils.go diff --git a/.github/workflows/ci_test_go.yml b/.github/workflows/ci_test_go.yml index 683720c2e..30fd1d363 100644 --- a/.github/workflows/ci_test_go.yml +++ b/.github/workflows/ci_test_go.yml @@ -133,3 +133,9 @@ jobs: working-directory: ./${{ matrix.library }} run: | make test_go + + - name: Test Examples + if: matrix.library == 'DynamoDbEncryption' + working-directory: ./Examples/runtimes/go + run: | + go run main.go diff --git a/Examples/runtimes/go/go.mod b/Examples/runtimes/go/go.mod new file mode 100644 index 000000000..02a5e12ed --- /dev/null +++ b/Examples/runtimes/go/go.mod @@ -0,0 +1,46 @@ +module github.com/aws/aws-database-encryption-sdk-dynamodb/examples + +go 1.23.2 + +replace github.com/aws/aws-database-encryption-sdk-dynamodb => ../../../DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go + +replace github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl => ../../../submodules/MaterialProviders/AwsCryptographicMaterialProviders/runtimes/go/ImplementationFromDafny-go/ + +replace github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives => ../../../submodules/MaterialProviders/AwsCryptographyPrimitives/runtimes/go/ImplementationFromDafny-go/ + +replace github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb => ../../../submodules/MaterialProviders/ComAmazonawsDynamodb/runtimes/go/ImplementationFromDafny-go/ + +replace github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms => ../../../submodules/MaterialProviders/ComAmazonawsKms/runtimes/go/ImplementationFromDafny-go/ + +replace github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library => ../../../submodules/MaterialProviders/StandardLibrary/runtimes/go/ImplementationFromDafny-go/ + +require ( + github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl v0.0.0 + github.com/aws/aws-database-encryption-sdk-dynamodb v0.0.0 + github.com/aws/aws-sdk-go-v2 v1.32.8 + github.com/aws/aws-sdk-go-v2/config v1.28.10 + github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.2 + github.com/aws/aws-sdk-go-v2/service/kms v1.36.0 +) + +require ( + github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb v0.1.0 // indirect + github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms v0.0.1 // indirect + github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives v0.0.1 // indirect + github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library v0.1.0 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.51 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.8 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.8 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.9 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.6 // indirect + github.com/aws/smithy-go v1.22.1 // indirect + github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect +) diff --git a/Examples/runtimes/go/go.sum b/Examples/runtimes/go/go.sum new file mode 100644 index 000000000..213ca1d92 --- /dev/null +++ b/Examples/runtimes/go/go.sum @@ -0,0 +1,50 @@ +github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library v0.1.0 h1:Nw3zDK7jQ/ylj1isG91PdsEKdojIlI+iX3I43h6uj1I= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library v0.1.0/go.mod h1:m3mzHKiNiSC0LWeWX6ZAxSe6mKbJHgliux1Yu/sjCYI= +github.com/aws/aws-sdk-go-v2 v1.32.8 h1:cZV+NUS/eGxKXMtmyhtYPJ7Z4YLoI/V8bkTdRZfYhGo= +github.com/aws/aws-sdk-go-v2 v1.32.8/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2/config v1.28.10 h1:fKODZHfqQu06pCzR69KJ3GuttraRJkhlC8g80RZ0Dfg= +github.com/aws/aws-sdk-go-v2/config v1.28.10/go.mod h1:PvdxRYZ5Um9QMq9PQ0zHHNdtKK+he2NHtFCUFMXWXeg= +github.com/aws/aws-sdk-go-v2/credentials v1.17.51 h1:F/9Sm6Y6k4LqDesZDPJCLxQGXNNHd/ZtJiWd0lCZKRk= +github.com/aws/aws-sdk-go-v2/credentials v1.17.51/go.mod h1:TKbzCHm43AoPyA+iLGGcruXd4AFhF8tOmLex2R9jWNQ= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23 h1:IBAoD/1d8A8/1aA8g4MBVtTRHhXRiNAgwdbo/xRM2DI= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23/go.mod h1:vfENuCM7dofkgKpYzuzf1VT1UKkA/YL3qanfBn7HCaA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27 h1:jSJjSBzw8VDIbWv+mmvBSP8ezsztMYJGH+eKqi9AmNs= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27/go.mod h1:/DAhLbFRgwhmvJdOfSm+WwikZrCuUJiA4WgJG0fTNSw= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27 h1:l+X4K77Dui85pIj5foXDhPlnqcNRG2QUyvca300lXh8= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27/go.mod h1:KvZXSFEXm6x84yE8qffKvT3x8J5clWnVFXphpohhzJ8= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.2 h1:XcdIh35yg1J8bAiUOLtL/PoPMSGsD72Zanwmim8jEXc= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.2/go.mod h1:516U/KQM3zdcahNBjHUZKGWNfNnIYyt7sxLeqOx78b0= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.8 h1:h56mLNgpqWIL7RZOIQO634Xr569bXGTlIE83t/a0LSE= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.8/go.mod h1:kK04550Xx95KI0sNmwoB7ciS9QkRwt9TojhoTMXyJdo= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.8 h1:cWno7lefSH6Pp+mSznagKCgfDGeZRin66UvYUqAkyeA= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.8/go.mod h1:tPD+VjU3ABTBoEJ3nctu5Nyg4P4yjqSH5bJGGkY4+XE= +github.com/aws/aws-sdk-go-v2/service/kms v1.36.0 h1:jwWMpQ/1obJRdHaix9k10zWSnSMZGdDTZIDiS5CGzq8= +github.com/aws/aws-sdk-go-v2/service/kms v1.36.0/go.mod h1:OHmlX4+o0XIlJAQGAHPIy0N9yZcYS/vNG+T7geSNcFw= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.9 h1:YqtxripbjWb2QLyzRK9pByfEDvgg95gpC2AyDq4hFE8= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.9/go.mod h1:lV8iQpg6OLOfBnqbGMBKYjilBlf633qwHnBEiMSPoHY= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8 h1:6dBT1Lz8fK11m22R+AqfRsFn8320K0T5DTGxxOQBSMw= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8/go.mod h1:/kiBvRQXBc6xeJTYzhSdGvJ5vm1tjaDEjH+MSeRJnlY= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.6 h1:VwhTrsTuVn52an4mXx29PqRzs2Dvu921NpGk7y43tAM= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.6/go.mod h1:+8h7PZb3yY5ftmVLD7ocEoE98hdc8PoKS0H3wfx1dlc= +github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= +github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2 h1:g/xAj4F7Zt9wXJ6QjfbfocVi/ZYlAFpNddHCFyfzRDg= +github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2/go.mod h1:l2Tm4N2DKuq3ljONC2vOATeM9PUpXbIc8SgXdwwqEto= +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/Examples/runtimes/go/keyring/awskmskeyring.go b/Examples/runtimes/go/keyring/awskmskeyring.go new file mode 100644 index 000000000..f7d1a11cb --- /dev/null +++ b/Examples/runtimes/go/keyring/awskmskeyring.go @@ -0,0 +1,179 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package keyring + +import ( + "context" + "fmt" + "reflect" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + dbesdkdynamodbencryptiontypes "github.com/aws/aws-database-encryption-sdk-dynamodb/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes" + dbesdkstructuredencryptiontypes "github.com/aws/aws-database-encryption-sdk-dynamodb/awscryptographydbencryptionsdkstructuredencryptionsmithygeneratedtypes" + "github.com/aws/aws-database-encryption-sdk-dynamodb/dbesdkmiddleware" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/dynamodb" + "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +/* +This example sets up DynamoDb Encryption for the AWS SDK client +and uses the low level PutItem and GetItem DDB APIs to demonstrate +putting a client-side encrypted item into DynamoDb +and then retrieving and decrypting that item from DynamoDb. + +Running this example requires access to the DDB Table whose name +is provided in CLI arguments. +This table must be configured with the following +primary key configuration: + - Partition key is named "partition_key" with type (S) + - Sort key is named "sort_key" with type (N) +*/ +func AwsKmsKeyringExample(kmsKeyID, ddbTableName string) { + // 1. Create a Keyring. This Keyring will be responsible for protecting the data keys that protect your data. + // For this example, we will create a AWS KMS Keyring with the AWS KMS Key we want to use. + // We will use the `CreateMrkMultiKeyring` method to create this keyring, + // as it will correctly handle both single region and Multi-Region KMS Keys. + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + // Create KMS client + kmsClient := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = "us-west-2" + }) + // Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Create the Aws Kms Keyring + awsKmsKeyringInput := mpltypes.CreateAwsKmsKeyringInput{ + KmsClient: kmsClient, + KmsKeyId: kmsKeyID, + } + keyring, err := matProv.CreateAwsKmsKeyring(context.Background(), awsKmsKeyringInput) + if err != nil { + panic(err) + } + + // 2. Configure which attributes are encrypted and/or signed when writing new items. + // For each attribute that may exist on the items we plan to write to our DynamoDbTable, + // we must explicitly configure how they should be treated during item encryption: + // - ENCRYPT_AND_SIGN: The attribute is encrypted and included in the signature + // - SIGN_ONLY: The attribute not encrypted, but is still included in the signature + // - DO_NOTHING: The attribute is not encrypted and not included in the signature + attributeActions := map[string]dbesdkstructuredencryptiontypes.CryptoAction{ + "partition_key": dbesdkstructuredencryptiontypes.CryptoActionSignOnly, // Partition key must be SIGN_ONLY + "sort_key": dbesdkstructuredencryptiontypes.CryptoActionSignOnly, // Sort key must be SIGN_ONLY + "attribute1": dbesdkstructuredencryptiontypes.CryptoActionEncryptAndSign, + "attribute2": dbesdkstructuredencryptiontypes.CryptoActionSignOnly, + ":attribute3": dbesdkstructuredencryptiontypes.CryptoActionDoNothing, + } + + // 3. Configure which attributes we expect to be included in the signature + // when reading items. There are two options for configuring this: + // + // - (Recommended) Configure `allowedUnsignedAttributesPrefix`: + // When defining your DynamoDb schema and deciding on attribute names, + // choose a distinguishing prefix (such as ":") for all attributes that + // you do not want to include in the signature. + // This has two main benefits: + // - It is easier to reason about the security and authenticity of data within your item + // when all unauthenticated data is easily distinguishable by their attribute name. + // - If you need to add new unauthenticated attributes in the future, + // you can easily make the corresponding update to your `attributeActionsOnEncrypt` + // and immediately start writing to that new attribute, without + // any other configuration update needed. + // Once you configure this field, it is not safe to update it. + // + // - Configure `allowedUnsignedAttributes`: You may also explicitly list + // a set of attributes that should be considered unauthenticated when encountered + // on read. Be careful if you use this configuration. Do not remove an attribute + // name from this configuration, even if you are no longer writing with that attribute, + // as old items may still include this attribute, and our configuration needs to know + // to continue to exclude this attribute from the signature scope. + // If you add new attribute names to this field, you must first deploy the update to this + // field to all readers in your host fleet before deploying the update to start writing + // with that new attribute. + // + // For this example, we have designed our DynamoDb table such that any attribute name with + // the ":" prefix should be considered unauthenticated. + allowedUnsignedAttributePrefix := ":" + + // 4. Create the DynamoDb Encryption configuration for the table we will be writing to. + partitionKey := "partition_key" + sortKeyName := "sort_key" + algorithmSuiteId := mpltypes.DBEAlgorithmSuiteIdAlgAes256GcmHkdfSha512CommitKeyEcdsaP384SymsigHmacSha384 + tableConfig := dbesdkdynamodbencryptiontypes.DynamoDbTableEncryptionConfig{ + LogicalTableName: ddbTableName, + PartitionKeyName: partitionKey, + SortKeyName: &sortKeyName, + AttributeActionsOnEncrypt: attributeActions, + Keyring: keyring, + AllowedUnsignedAttributePrefix: &allowedUnsignedAttributePrefix, + AlgorithmSuiteId: &algorithmSuiteId, + } + tableConfigsMap := make(map[string]dbesdkdynamodbencryptiontypes.DynamoDbTableEncryptionConfig) + tableConfigsMap[ddbTableName] = tableConfig + listOfTableConfigs := dbesdkdynamodbencryptiontypes.DynamoDbTablesEncryptionConfig{ + TableEncryptionConfigs: tableConfigsMap, + } + // 5. Create a new AWS SDK DynamoDb client using the TableEncryptionConfigs + dbEsdkMiddleware, err := dbesdkmiddleware.NewDBEsdkMiddleware(listOfTableConfigs) + if err != nil { + panic(err) + } + ddb := dynamodb.NewFromConfig(cfg, dbEsdkMiddleware.CreateMiddleware()) + + // 6. Put an item into our table using the above client. + // Before the item gets sent to DynamoDb, it will be encrypted + // client-side, according to our configuration. + item := map[string]types.AttributeValue{ + "partition_key": &types.AttributeValueMemberS{Value: "BasicPutGetExample"}, + "sort_key": &types.AttributeValueMemberN{Value: "0"}, + "attribute1": &types.AttributeValueMemberS{Value: "encrypt and sign me!"}, + "attribute2": &types.AttributeValueMemberS{Value: "sign me!"}, + ":attribute3": &types.AttributeValueMemberS{Value: "ignore me!"}, + } + putInput := &dynamodb.PutItemInput{ + TableName: aws.String(ddbTableName), + Item: item, + } + _, err = ddb.PutItem(context.TODO(), putInput) + if err != nil { + panic(err) + } + + // 7. Get the item back from our table using the same client. + // The client will decrypt the item client-side, and return + // back the original item. + key := map[string]types.AttributeValue{ + "partition_key": &types.AttributeValueMemberS{Value: "BasicPutGetExample"}, + "sort_key": &types.AttributeValueMemberN{Value: "0"}, + } + getInput := &dynamodb.GetItemInput{ + TableName: aws.String(ddbTableName), + Key: key, + // In this example we configure a strongly consistent read + // because we perform a read immediately after a write (for demonstrative purposes). + // By default, reads are only eventually consistent. + // Read our docs to determine which read consistency to use for your application: + // https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadConsistency.html + ConsistentRead: aws.Bool(true), + } + result, err := ddb.GetItem(context.TODO(), getInput) + if err != nil { + panic(err) + } + // Verify the decrypted item + if !reflect.DeepEqual(item, result.Item) { + panic("Decrypted item does not match original item") + } + fmt.Println("Aws Kms Keyring Example successful.") +} diff --git a/Examples/runtimes/go/keyring/rawaeskeyring.go b/Examples/runtimes/go/keyring/rawaeskeyring.go new file mode 100644 index 000000000..eac292994 --- /dev/null +++ b/Examples/runtimes/go/keyring/rawaeskeyring.go @@ -0,0 +1,197 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package keyring + +import ( + "context" + "crypto/rand" + "fmt" + "reflect" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + dbesdkdynamodbencryptiontypes "github.com/aws/aws-database-encryption-sdk-dynamodb/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes" + dbesdkstructuredencryptiontypes "github.com/aws/aws-database-encryption-sdk-dynamodb/awscryptographydbencryptionsdkstructuredencryptionsmithygeneratedtypes" + "github.com/aws/aws-database-encryption-sdk-dynamodb/dbesdkmiddleware" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/dynamodb" + "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" +) + +/* + This example sets up DynamoDb Encryption for the AWS SDK client + using the raw AES Keyring. This keyring takes in an AES key + and uses that key to protect the data keys that encrypt and + decrypt DynamoDb table items. + + This example takes in an `aesKeyBytes` parameter. This parameter + should be a ByteBuffer representing a 256-bit AES key. If this example + is run through the class' main method, it will create a new key. + In practice, users of this library should not randomly generate a key, + and should instead retrieve an existing key from a secure key + management system (e.g. an HSM). + + This example encrypts a test item using the provided AES key and puts the + encrypted item to the provided DynamoDb table. Then, it gets the + item from the table and decrypts it. + + Running this example requires access to the DDB Table whose name + is provided in CLI arguments. + This table must be configured with the following + primary key configuration: + - Partition key is named "partition_key" with type (S) + - Sort key is named "sort_key" with type (S) +*/ + +func RawAesExample(ddbTableName string) { + aesKeyBytes, err := generateAes256KeyBytes() + if err != nil { + panic(err) + } + // 1. Create the keyring. + // The DynamoDb encryption client uses this to encrypt and decrypt items. + + // Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Create the Raw Aes Keyring + var keyNamespace = "my-key-namespace" + var keyName = "my-aes-key-name" + rawAesKeyRingInput := mpltypes.CreateRawAesKeyringInput{ + KeyName: keyName, + KeyNamespace: keyNamespace, + WrappingKey: aesKeyBytes, + WrappingAlg: mpltypes.AesWrappingAlgAlgAes256GcmIv12Tag16, + } + rawAesKeyring, err := matProv.CreateRawAesKeyring(context.Background(), rawAesKeyRingInput) + if err != nil { + panic(err) + } + // 2. Configure which attributes are encrypted and/or signed when writing new items. + // For each attribute that may exist on the items we plan to write to our DynamoDbTable, + // we must explicitly configure how they should be treated during item encryption: + // - ENCRYPT_AND_SIGN: The attribute is encrypted and included in the signature + // - SIGN_ONLY: The attribute not encrypted, but is still included in the signature + // - DO_NOTHING: The attribute is not encrypted and not included in the signature + attributeActionsOnEncrypt := map[string]dbesdkstructuredencryptiontypes.CryptoAction{ + "partition_key": dbesdkstructuredencryptiontypes.CryptoActionSignOnly, // Partition key must be SIGN_ONLY + "sort_key": dbesdkstructuredencryptiontypes.CryptoActionSignOnly, // Sort key must be SIGN_ONLY + "sensitive_data": dbesdkstructuredencryptiontypes.CryptoActionEncryptAndSign, + } + // 3. Configure which attributes we expect to be included in the signature + // when reading items. There are two options for configuring this: + // + // - (Recommended) Configure `allowedUnsignedAttributesPrefix`: + // When defining your DynamoDb schema and deciding on attribute names, + // choose a distinguishing prefix (such as ":") for all attributes that + // you do not want to include in the signature. + // This has two main benefits: + // - It is easier to reason about the security and authenticity of data within your item + // when all unauthenticated data is easily distinguishable by their attribute name. + // - If you need to add new unauthenticated attributes in the future, + // you can easily make the corresponding update to your `attributeActionsOnEncrypt` + // and immediately start writing to that new attribute, without + // any other configuration update needed. + // Once you configure this field, it is not safe to update it. + // + // - Configure `allowedUnsignedAttributes`: You may also explicitly list + // a set of attributes that should be considered unauthenticated when encountered + // on read. Be careful if you use this configuration. Do not remove an attribute + // name from this configuration, even if you are no longer writing with that attribute, + // as old items may still include this attribute, and our configuration needs to know + // to continue to exclude this attribute from the signature scope. + // If you add new attribute names to this field, you must first deploy the update to this + // field to all readers in your host fleet before deploying the update to start writing + // with that new attribute. + // + // For this example, we currently authenticate all attributes. To make it easier to + // add unauthenticated attributes in the future, we define a prefix ":" for such attributes. + unsignedAttrPrefix := ":" + + // 4. Create the DynamoDb Encryption configuration for the table we will be writing to. + partitionKey := "partition_key" + sortKeyName := "sort_key" + tableConfig := dbesdkdynamodbencryptiontypes.DynamoDbTableEncryptionConfig{ + LogicalTableName: ddbTableName, + PartitionKeyName: partitionKey, + SortKeyName: &sortKeyName, + AttributeActionsOnEncrypt: attributeActionsOnEncrypt, + Keyring: rawAesKeyring, + AllowedUnsignedAttributePrefix: &unsignedAttrPrefix, + } + tableConfigsMap := make(map[string]dbesdkdynamodbencryptiontypes.DynamoDbTableEncryptionConfig) + tableConfigsMap[ddbTableName] = tableConfig + listOfTableConfigs := dbesdkdynamodbencryptiontypes.DynamoDbTablesEncryptionConfig{ + TableEncryptionConfigs: tableConfigsMap, + } + // 5. Create a new AWS SDK DynamoDb client using the Config above + + // Create DBESDK middleware + dbEsdkMiddleware, err := dbesdkmiddleware.NewDBEsdkMiddleware(listOfTableConfigs) + if err != nil { + panic(err) + } + // Create aws config + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + ddb := dynamodb.NewFromConfig(cfg, dbEsdkMiddleware.CreateMiddleware()) + + // 6. Put an item into our table using the above client. + // Before the item gets sent to DynamoDb, it will be encrypted + // client-side, according to our configuration. + item := map[string]types.AttributeValue{ + "partition_key": &types.AttributeValueMemberS{Value: "rawAesKeyringItem"}, + "sort_key": &types.AttributeValueMemberN{Value: "0"}, + "sensitive_data": &types.AttributeValueMemberS{Value: "encrypt and sign me!"}, + } + putInput := &dynamodb.PutItemInput{ + TableName: aws.String(ddbTableName), + Item: item, + } + _, err = ddb.PutItem(context.TODO(), putInput) + if err != nil { + panic(err) + } + // 7. Get the item back from our table using the same client. + // The client will decrypt the item client-side, and return + // back the original item. + key := map[string]types.AttributeValue{ + "partition_key": &types.AttributeValueMemberS{Value: "rawAesKeyringItem"}, + "sort_key": &types.AttributeValueMemberN{Value: "0"}, + } + getInput := &dynamodb.GetItemInput{ + TableName: aws.String(ddbTableName), + Key: key, + // In this example we configure a strongly consistent read + // because we perform a read immediately after a write (for demonstrative purposes). + // By default, reads are only eventually consistent. + // Read our docs to determine which read consistency to use for your application: + // https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadConsistency.html + ConsistentRead: aws.Bool(true), + } + result, err := ddb.GetItem(context.TODO(), getInput) + if err != nil { + panic(err) + } + // Verify the decrypted item + if !reflect.DeepEqual(item, result.Item) { + panic("Decrypted item does not match original item") + } + fmt.Println("Raw Aes Example successful.") +} + +func generateAes256KeyBytes() ([]byte, error) { + key := make([]byte, 32) // 256 bits = 32 bytes + // Use crypto/rand for cryptographically secure random numbers + _, err := rand.Read(key) + if err != nil { + return nil, err + } + return key, nil +} diff --git a/Examples/runtimes/go/main.go b/Examples/runtimes/go/main.go new file mode 100644 index 000000000..88aaefd33 --- /dev/null +++ b/Examples/runtimes/go/main.go @@ -0,0 +1,11 @@ +package main + +import ( + "github.com/aws/aws-database-encryption-sdk-dynamodb/examples/keyring" + "github.com/aws/aws-database-encryption-sdk-dynamodb/examples/utils" +) + +func main() { + keyring.AwsKmsKeyringExample(utils.KmsKeyID(), utils.DdbTableName()) + keyring.RawAesExample(utils.DdbTableName()) +} diff --git a/Examples/runtimes/go/utils/exampleUtils.go b/Examples/runtimes/go/utils/exampleUtils.go new file mode 100644 index 000000000..f11dc14d0 --- /dev/null +++ b/Examples/runtimes/go/utils/exampleUtils.go @@ -0,0 +1,31 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package utils + +const ( + kmsKeyID = "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f" + ddbTableName = "DynamoDbEncryptionInterceptorTestTableCS" +) + +func KmsKeyID() string { + return kmsKeyID +} + +func DdbTableName() string { + return ddbTableName +} + +func AreMapsEqual(map1, map2 map[string]string) bool { + if len(map1) != len(map2) { + return false + } + + for key, value1 := range map1 { + value2, exists := map2[key] + if !exists || value1 != value2 { + return false + } + } + return true +}