key path

rishav-karanjit · rishav-karanjit · commit 43e38a26da3d · 2025-03-13T14:13:07.000-07:00
diff --git a/TestVectors/dafny/DDBEncryption/src/JsonConfig.dfy b/TestVectors/dafny/DDBEncryption/src/JsonConfig.dfy
@@ -32,6 +32,8 @@ module {:options "-functionSyntax:4"} JsonConfig {
   import CreateInterceptedDDBClient
   import DynamoDbItemEncryptor
 
+  // TODO: Add extern for DEFAULT_KEYS
+  const DEFAULT_KEYS : string := "../../../../submodules/MaterialProviders/TestVectorsAwsCryptographicMaterialProviders/dafny/TestVectorsAwsCryptographicMaterialProviders/test/keys.json"
 
   predicate IsValidInt32(x: int)  { -0x8000_0000 <= x < 0x8000_0000}
   type ConfigName = string
@@ -128,11 +130,7 @@ module {:options "-functionSyntax:4"} JsonConfig {
     }
   }
 
-  method GetRoundTripTests(data : JSON, keys: KeyVectors.KeyVectorsClient)
-    returns (output : Result<seq<RoundTripTest>, string>)
-    requires keys.ValidState()
-    modifies keys.Modifies
-    ensures keys.ValidState()
+  method GetRoundTripTests(data : JSON) returns (output : Result<seq<RoundTripTest>, string>)
   {
     :- Need(data.Object?, "RoundTripTest Test must be an object.");
     var configs : map<string, TableConfig> := map[];
@@ -141,34 +139,26 @@ module {:options "-functionSyntax:4"} JsonConfig {
     for i := 0 to |data.obj| {
       var obj := data.obj[i];
       match obj.0 {
-        case "Configs" => var src :- GetTableConfigs(obj.1, keys); configs := src;
+        case "Configs" => var src :- GetTableConfigs(obj.1); configs := src;
         case "Records" => var src :- GetRecords(obj.1); records := src;
         case _ => return Failure("Unexpected part of a write test : '" + obj.0 + "'");
       }
     }
     return Success([RoundTripTest(configs, records)]);
   }
 
-  method GetWriteTests(data : JSON, keys: KeyVectors.KeyVectorsClient)
-    returns (output : Result<seq<WriteTest> , string>)
-    requires keys.ValidState()
-    modifies keys.Modifies
-    ensures keys.ValidState()
+  method GetWriteTests(data : JSON) returns (output : Result<seq<WriteTest> , string>)
   {
     :- Need(data.Array?, "Write Test list must be an array.");
     var results : seq<WriteTest> := [];
     for i := 0 to |data.arr| {
       var obj := data.arr[i];
-      var item :- GetOneWriteTest(obj, keys);
+      var item :- GetOneWriteTest(obj);
       results := results + [item];
     }
     return Success(results);
   }
-  method GetOneWriteTest(data : JSON, keys: KeyVectors.KeyVectorsClient)
-    returns (output : Result<WriteTest, string>)
-    requires keys.ValidState()
-    modifies keys.Modifies
-    ensures keys.ValidState()
+  method GetOneWriteTest(data : JSON) returns (output : Result<WriteTest, string>)
   {
     :- Need(data.Object?, "A Write Test must be an object.");
     var config : Option<TableConfig> := None;
@@ -178,7 +168,7 @@ module {:options "-functionSyntax:4"} JsonConfig {
     for i := 0 to |data.obj| {
       var obj := data.obj[i];
       match obj.0 {
-        case "Config" => var src :- GetOneTableConfig("foo", obj.1, keys); config := Some(src);
+        case "Config" => var src :- GetOneTableConfig("foo", obj.1); config := Some(src);
         case "FileName" =>
           :- Need(obj.1.String?, "Write Test file name must be a string.");
           fileName := obj.1.str;
@@ -191,26 +181,18 @@ module {:options "-functionSyntax:4"} JsonConfig {
     return Success(WriteTest(config.value, records, fileName));
   }
 
-  method GetDecryptTests(data : JSON, keys: KeyVectors.KeyVectorsClient)
-    returns (output : Result<seq<DecryptTest> , string>)
-    requires keys.ValidState()
-    modifies keys.Modifies
-    ensures keys.ValidState()
+  method GetDecryptTests(data : JSON) returns (output : Result<seq<DecryptTest> , string>)
   {
     :- Need(data.Array?, "Decrypt Test list must be an array.");
     var results : seq<DecryptTest> := [];
     for i := 0 to |data.arr| {
       var obj := data.arr[i];
-      var item :- GetOneDecryptTest(obj, keys);
+      var item :- GetOneDecryptTest(obj);
       results := results + [item];
     }
     return Success(results);
   }
-  method GetOneDecryptTest(data : JSON, keys: KeyVectors.KeyVectorsClient)
-    returns (output : Result<DecryptTest, string>)
-    requires keys.ValidState()
-    modifies keys.Modifies
-    ensures keys.ValidState()
+  method GetOneDecryptTest(data : JSON) returns (output : Result<DecryptTest, string>)
   {
     :- Need(data.Object?, "A Decrypt Test must be an object.");
     var config : Option<TableConfig> := None;
@@ -220,7 +202,7 @@ module {:options "-functionSyntax:4"} JsonConfig {
     for i := 0 to |data.obj| {
       var obj := data.obj[i];
       match obj.0 {
-        case "Config" => var src :- GetOneTableConfig("foo", obj.1, keys); config := Some(src);
+        case "Config" => var src :- GetOneTableConfig("foo", obj.1); config := Some(src);
         case "EncryptedRecords" => encRecords :- GetRecords(obj.1);
         case "PlainTextRecords" => plainRecords :- GetRecords(obj.1);
         case _ => return Failure("Unexpected part of a encrypt test : '" + obj.0 + "'");
@@ -232,27 +214,20 @@ module {:options "-functionSyntax:4"} JsonConfig {
     return Success(DecryptTest(config.value, encRecords, plainRecords));
   }
 
-  method GetTableConfigs(data : JSON, keys: KeyVectors.KeyVectorsClient)
-    returns (output : Result<map<string, TableConfig> , string>)
-    requires keys.ValidState()
-    modifies keys.Modifies
-    ensures keys.ValidState()
+  method GetTableConfigs(data : JSON) returns (output : Result<map<string, TableConfig> , string>)
   {
     :- Need(data.Object?, "Search Config list must be an object.");
     var results : map<string, TableConfig> := map[];
     for i := 0 to |data.obj| {
       var obj := data.obj[i];
-      var item :- GetOneTableConfig(obj.0, obj.1, keys);
+      var item :- GetOneTableConfig(obj.0, obj.1);
       results := results[obj.0 := item];
     }
     return Success(results);
   }
 
-  method GetItemEncryptor(name : string, data : JSON, keys: KeyVectors.KeyVectorsClient)
+  method GetItemEncryptor(name : string, data : JSON)
     returns (encryptor : Result<DynamoDbItemEncryptor.DynamoDbItemEncryptorClient, string>)
-    requires keys.ValidState()
-    modifies keys.Modifies
-    ensures keys.ValidState()
     ensures encryptor.Success? ==>
               && encryptor.value.ValidState()
               && fresh(encryptor.value)
@@ -321,6 +296,11 @@ module {:options "-functionSyntax:4"} JsonConfig {
       }
     }
 
+    var keys :- expect KeyVectors.KeyVectors(
+      KeyVectorsTypes.KeyVectorsConfig(
+        keyManifestPath := DEFAULT_KEYS
+      )
+    );
     var keyDescription :-
       if |key| == 0 then
         Success(KeyVectorsTypes.Hierarchy(KeyVectorsTypes.HierarchyKeyring(
@@ -353,11 +333,7 @@ module {:options "-functionSyntax:4"} JsonConfig {
     return Success(encr);
   }
 
-  method GetOneTableConfig(name : string, data : JSON, keys: KeyVectors.KeyVectorsClient)
-    returns (output : Result<TableConfig, string>)
-    requires keys.ValidState()
-    modifies keys.Modifies
-    ensures keys.ValidState()
+  method GetOneTableConfig(name : string, data : JSON) returns (output : Result<TableConfig, string>)
   {
     :- Need(data.Object?, "A Table Config must be an object.");
     var logicalTableName := TableName;
@@ -424,6 +400,11 @@ module {:options "-functionSyntax:4"} JsonConfig {
       }
     }
 
+    var keys :- expect KeyVectors.KeyVectors(
+      KeyVectorsTypes.KeyVectorsConfig(
+        keyManifestPath := DEFAULT_KEYS
+      )
+    );
     var keyDescription :-
       if |key| == 0 then
         Success(KeyVectorsTypes.Hierarchy(KeyVectorsTypes.HierarchyKeyring(
@@ -543,22 +524,7 @@ module {:options "-functionSyntax:4"} JsonConfig {
     var cache :- expect mpl.CreateCryptographicMaterialsCache(input);
 
     var client :- expect Primitives.AtomicPrimitives();
-
-    // Create a test partitionIdBytes
-    var partitionIdBytes : seq<uint8> :- expect SI.GenerateUuidBytes();
-
-    // Create a random logicalKeyStoreNameBytes
-    // Ideally, this should be taken from the KeyStore store,
-    // but logicalKeyStoreName variable doesn't exist in the
-    // trait AwsCryptographyKeyStoreTypes.IKeyStoreClient
-    // Therefore, the only way to get logicalKeyStoreName is
-    // to call GetKeyStoreInfo, which we don't need to do here
-    // since this method does NOT test the shared cache
-    // which is the only place logicalKeyStoreName is used
-    // (in the cache identifier)
-    var logicalKeyStoreNameBytes : seq<uint8> :- expect SI.GenerateUuidBytes();
-
-    var src := SI.KeySource(client, store, SI.SingleLoc("foo"), cache, 100 as uint32, partitionIdBytes, logicalKeyStoreNameBytes);
+    var src := SI.KeySource(client, store, SI.SingleLoc("foo"), cache, 100 as uint32);
 
     var bv :- expect SI.MakeBeaconVersion(1, src, map[], map[], map[]);
     return Success(bv);
@@ -1148,27 +1114,19 @@ module {:options "-functionSyntax:4"} JsonConfig {
                    ));
   }
 
-  method GetIoTests(data : JSON, keys: KeyVectors.KeyVectorsClient)
-    returns (output : Result<seq<IoTest> , string>)
-    requires keys.ValidState()
-    modifies keys.Modifies
-    ensures keys.ValidState()
+  method GetIoTests(data : JSON) returns (output : Result<seq<IoTest> , string>)
   {
     :- Need(data.Object?, "IoTests must be an object.");
     var results : seq<IoTest> := [];
     for i := 0 to |data.obj| {
       var obj := data.obj[i];
-      var item :- GetOneIoTest(obj.0, obj.1, keys);
+      var item :- GetOneIoTest(obj.0, obj.1);
       results := results + [item];
     }
     return Success(results);
   }
 
-  method GetOneIoTest(name : string, data : JSON, keys: KeyVectors.KeyVectorsClient)
-    returns (output : Result<IoTest, string>)
-    requires keys.ValidState()
-    modifies keys.Modifies
-    ensures keys.ValidState()
+  method GetOneIoTest(name : string, data : JSON) returns (output : Result<IoTest, string>)
   {
     :- Need(data.Object?, "IoTest must be an object.");
     var readConfig : Option<TableConfig> := None;
@@ -1180,8 +1138,8 @@ module {:options "-functionSyntax:4"} JsonConfig {
     for i := 0 to |data.obj| {
       var obj := data.obj[i];
       match obj.0 {
-        case "WriteConfig" => var config :- GetOneTableConfig(obj.0, obj.1, keys); writeConfig := Some(config);
-        case "ReadConfig" => var config :- GetOneTableConfig(obj.0, obj.1, keys); readConfig := Some(config);
+        case "WriteConfig" => var config :- GetOneTableConfig(obj.0, obj.1); writeConfig := Some(config);
+        case "ReadConfig" => var config :- GetOneTableConfig(obj.0, obj.1); readConfig := Some(config);
         case "Records" => records :- GetRecords(obj.1);
         case "Values" => values :- GetValueMap(data.obj[i].1);
         case "Queries" => queries :- GetSimpleQueries(data.obj[i].1);
