feat: Adding Caching CMM

AwsCryptographicMaterialProviders/dafny/AwsCryptographicMaterialProviders/Model/AwsCryptographyMaterialProvidersTypes.dfy

@@ -59,6 +59,7 @@ module {:extern "software.amazon.cryptography.materialproviders.internaldafny.ty
       CreateRawEcdhKeyring := [];
       CreateDefaultCryptographicMaterialsManager := [];
       CreateRequiredEncryptionContextCMM := [];
+      CreateCachingCMM := [];
       CreateCryptographicMaterialsCache := [];
       CreateDefaultClientSupplier := [];
       InitializeEncryptionMaterials := [];
@@ -89,6 +90,7 @@ module {:extern "software.amazon.cryptography.materialproviders.internaldafny.ty
     ghost var CreateRawEcdhKeyring: seq<DafnyCallEvent<CreateRawEcdhKeyringInput, Result<IKeyring, Error>>>
     ghost var CreateDefaultCryptographicMaterialsManager: seq<DafnyCallEvent<CreateDefaultCryptographicMaterialsManagerInput, Result<ICryptographicMaterialsManager, Error>>>
     ghost var CreateRequiredEncryptionContextCMM: seq<DafnyCallEvent<CreateRequiredEncryptionContextCMMInput, Result<ICryptographicMaterialsManager, Error>>>
+    ghost var CreateCachingCMM: seq<DafnyCallEvent<CreateCachingCMMInput, Result<ICryptographicMaterialsManager, Error>>>
     ghost var CreateCryptographicMaterialsCache: seq<DafnyCallEvent<CreateCryptographicMaterialsCacheInput, Result<ICryptographicMaterialsCache, Error>>>
     ghost var CreateDefaultClientSupplier: seq<DafnyCallEvent<CreateDefaultClientSupplierInput, Result<IClientSupplier, Error>>>
     ghost var InitializeEncryptionMaterials: seq<DafnyCallEvent<InitializeEncryptionMaterialsInput, Result<EncryptionMaterials, Error>>>
@@ -604,6 +606,44 @@ module {:extern "software.amazon.cryptography.materialproviders.internaldafny.ty
       ensures CreateRequiredEncryptionContextCMMEnsuresPublicly(input, output)
       ensures History.CreateRequiredEncryptionContextCMM == old(History.CreateRequiredEncryptionContextCMM) + [DafnyCallEvent(input, output)]
 
+    predicate CreateCachingCMMEnsuresPublicly(input: CreateCachingCMMInput , output: Result<ICryptographicMaterialsManager, Error>)
+    // The public method to be called by library consumers
+    method CreateCachingCMM ( input: CreateCachingCMMInput )
+      returns (output: Result<ICryptographicMaterialsManager, Error>)
+      requires
+        && ValidState()
+        && input.underlyingCMC.ValidState()
+        && input.underlyingCMC.Modifies !! {History} && ( input.underlyingCMM.Some? ==>
+                                                            && input.underlyingCMM.value.ValidState()
+                                                            && input.underlyingCMM.value.Modifies !! {History}
+           ) && ( input.keyring.Some? ==>
+                    && input.keyring.value.ValidState()
+                    && input.keyring.value.Modifies !! {History}
+           )
+      modifies Modifies - {History} ,
+               input.underlyingCMC.Modifies ,
+               (if input.underlyingCMM.Some? then input.underlyingCMM.value.Modifies else {}) ,
+               (if input.keyring.Some? then input.keyring.value.Modifies else {}) ,
+               History`CreateCachingCMM
+      // Dafny will skip type parameters when generating a default decreases clause.
+      decreases Modifies - {History} ,
+                input.underlyingCMC.Modifies ,
+                (if input.underlyingCMM.Some? then input.underlyingCMM.value.Modifies else {}) ,
+                (if input.keyring.Some? then input.keyring.value.Modifies else {})
+      ensures
+        && ValidState()
+        && ( output.Success? ==>
+               && output.value.ValidState()
+               && output.value.Modifies !! {History}
+               && fresh(output.value)
+               && fresh ( output.value.Modifies
+                          - Modifies - {History}
+                          - input.underlyingCMC.Modifies
+                          - (if input.underlyingCMM.Some? then input.underlyingCMM.value.Modifies else {})
+                          - (if input.keyring.Some? then input.keyring.value.Modifies else {}) ) )
+      ensures CreateCachingCMMEnsuresPublicly(input, output)
+      ensures History.CreateCachingCMM == old(History.CreateCachingCMM) + [DafnyCallEvent(input, output)]
+
     predicate CreateCryptographicMaterialsCacheEnsuresPublicly(input: CreateCryptographicMaterialsCacheInput , output: Result<ICryptographicMaterialsCache, Error>)
     // The public method to be called by library consumers
     method CreateCryptographicMaterialsCache ( input: CreateCryptographicMaterialsCacheInput )
@@ -951,6 +991,15 @@ module {:extern "software.amazon.cryptography.materialproviders.internaldafny.ty
     nameonly kmsClient: Option<ComAmazonawsKmsTypes.IKMSClient> := Option.None ,
     nameonly grantTokens: Option<GrantTokenList> := Option.None
   )
+  datatype CreateCachingCMMInput = | CreateCachingCMMInput (
+    nameonly underlyingCMC: ICryptographicMaterialsCache ,
+    nameonly cacheLimitTtlSeconds: PositiveInteger ,
+    nameonly underlyingCMM: Option<ICryptographicMaterialsManager> := Option.None ,
+    nameonly keyring: Option<IKeyring> := Option.None ,
+    nameonly partitionKey: Option<Utf8Bytes> := Option.None ,
+    nameonly limitBytes: Option<int64> := Option.None ,
+    nameonly limitMessages: Option<int32> := Option.None
+  )
   datatype CreateCryptographicMaterialsCacheInput = | CreateCryptographicMaterialsCacheInput (
     nameonly cache: CacheType
   )
@@ -1376,14 +1425,14 @@ module {:extern "software.amazon.cryptography.materialproviders.internaldafny.ty
   )
   datatype GetCacheEntryInput = | GetCacheEntryInput (
     nameonly identifier: seq<uint8> ,
-    nameonly bytesUsed: Option<int64> := Option.None
+    nameonly bytesUsed: Option<PositiveLong> := Option.None
   )
   datatype GetCacheEntryOutput = | GetCacheEntryOutput (
     nameonly materials: Materials ,
     nameonly creationTime: PositiveLong ,
     nameonly expiryTime: PositiveLong ,
     nameonly messagesUsed: PositiveInteger ,
-    nameonly bytesUsed: PositiveInteger
+    nameonly bytesUsed: PositiveLong
   )
   datatype GetClientInput = | GetClientInput (
     nameonly region: Region
@@ -1593,7 +1642,7 @@ module {:extern "software.amazon.cryptography.materialproviders.internaldafny.ty
     nameonly creationTime: PositiveLong ,
     nameonly expiryTime: PositiveLong ,
     nameonly messagesUsed: Option<PositiveInteger> := Option.None ,
-    nameonly bytesUsed: Option<PositiveInteger> := Option.None
+    nameonly bytesUsed: Option<PositiveLong> := Option.None
   )
   datatype RawEcdhStaticConfigurations =
     | PublicKeyDiscovery(PublicKeyDiscovery: PublicKeyDiscoveryInput)
@@ -1635,7 +1684,7 @@ module {:extern "software.amazon.cryptography.materialproviders.internaldafny.ty
     | Milliseconds
   datatype UpdateUsageMetadataInput = | UpdateUsageMetadataInput (
     nameonly identifier: seq<uint8> ,
-    nameonly bytesUsed: PositiveInteger
+    nameonly bytesUsed: PositiveLong
   )
   type Utf8Bytes = ValidUTF8Bytes
   datatype ValidateCommitmentPolicyOnDecryptInput = | ValidateCommitmentPolicyOnDecryptInput (
@@ -2328,6 +2377,49 @@ abstract module AbstractAwsCryptographyMaterialProvidersService
       History.CreateRequiredEncryptionContextCMM := History.CreateRequiredEncryptionContextCMM + [DafnyCallEvent(input, output)];
     }
 
+    predicate CreateCachingCMMEnsuresPublicly(input: CreateCachingCMMInput , output: Result<ICryptographicMaterialsManager, Error>)
+    {Operations.CreateCachingCMMEnsuresPublicly(input, output)}
+    // The public method to be called by library consumers
+    method CreateCachingCMM ( input: CreateCachingCMMInput )
+      returns (output: Result<ICryptographicMaterialsManager, Error>)
+      requires
+        && ValidState()
+        && input.underlyingCMC.ValidState()
+        && input.underlyingCMC.Modifies !! {History} && ( input.underlyingCMM.Some? ==>
+                                                            && input.underlyingCMM.value.ValidState()
+                                                            && input.underlyingCMM.value.Modifies !! {History}
+           ) && ( input.keyring.Some? ==>
+                    && input.keyring.value.ValidState()
+                    && input.keyring.value.Modifies !! {History}
+           )
+      modifies Modifies - {History} ,
+               input.underlyingCMC.Modifies ,
+               (if input.underlyingCMM.Some? then input.underlyingCMM.value.Modifies else {}) ,
+               (if input.keyring.Some? then input.keyring.value.Modifies else {}) ,
+               History`CreateCachingCMM
+      // Dafny will skip type parameters when generating a default decreases clause.
+      decreases Modifies - {History} ,
+                input.underlyingCMC.Modifies ,
+                (if input.underlyingCMM.Some? then input.underlyingCMM.value.Modifies else {}) ,
+                (if input.keyring.Some? then input.keyring.value.Modifies else {})
+      ensures
+        && ValidState()
+        && ( output.Success? ==>
+               && output.value.ValidState()
+               && output.value.Modifies !! {History}
+               && fresh(output.value)
+               && fresh ( output.value.Modifies
+                          - Modifies - {History}
+                          - input.underlyingCMC.Modifies
+                          - (if input.underlyingCMM.Some? then input.underlyingCMM.value.Modifies else {})
+                          - (if input.keyring.Some? then input.keyring.value.Modifies else {}) ) )
+      ensures CreateCachingCMMEnsuresPublicly(input, output)
+      ensures History.CreateCachingCMM == old(History.CreateCachingCMM) + [DafnyCallEvent(input, output)]
+    {
+      output := Operations.CreateCachingCMM(config, input);
+      History.CreateCachingCMM := History.CreateCachingCMM + [DafnyCallEvent(input, output)];
+    }
+
     predicate CreateCryptographicMaterialsCacheEnsuresPublicly(input: CreateCryptographicMaterialsCacheInput , output: Result<ICryptographicMaterialsCache, Error>)
     {Operations.CreateCryptographicMaterialsCacheEnsuresPublicly(input, output)}
     // The public method to be called by library consumers
@@ -2959,6 +3051,41 @@ abstract module AbstractAwsCryptographyMaterialProvidersOperations {
     ensures CreateRequiredEncryptionContextCMMEnsuresPublicly(input, output)
 
 
+  predicate CreateCachingCMMEnsuresPublicly(input: CreateCachingCMMInput , output: Result<ICryptographicMaterialsManager, Error>)
+  // The private method to be refined by the library developer
+
+
+  method CreateCachingCMM ( config: InternalConfig , input: CreateCachingCMMInput )
+    returns (output: Result<ICryptographicMaterialsManager, Error>)
+    requires
+      && ValidInternalConfig?(config)
+      && input.underlyingCMC.ValidState() && ( input.underlyingCMM.Some? ==>
+                                                 && input.underlyingCMM.value.ValidState()
+         ) && ( input.keyring.Some? ==>
+                  && input.keyring.value.ValidState()
+         )
+    modifies ModifiesInternalConfig(config) ,
+             input.underlyingCMC.Modifies ,
+             (if input.underlyingCMM.Some? then input.underlyingCMM.value.Modifies else {}) ,
+             (if input.keyring.Some? then input.keyring.value.Modifies else {})
+    // Dafny will skip type parameters when generating a default decreases clause.
+    decreases ModifiesInternalConfig(config) ,
+              input.underlyingCMC.Modifies ,
+              (if input.underlyingCMM.Some? then input.underlyingCMM.value.Modifies else {}) ,
+              (if input.keyring.Some? then input.keyring.value.Modifies else {})
+    ensures
+      && ValidInternalConfig?(config)
+      && ( output.Success? ==>
+             && output.value.ValidState()
+             && fresh(output.value)
+             && fresh ( output.value.Modifies
+                        - ModifiesInternalConfig(config)
+                        - input.underlyingCMC.Modifies
+                        - (if input.underlyingCMM.Some? then input.underlyingCMM.value.Modifies else {})
+                        - (if input.keyring.Some? then input.keyring.value.Modifies else {}) ) )
+    ensures CreateCachingCMMEnsuresPublicly(input, output)
+
+
   predicate CreateCryptographicMaterialsCacheEnsuresPublicly(input: CreateCryptographicMaterialsCacheInput , output: Result<ICryptographicMaterialsCache, Error>)
   // The private method to be refined by the library developer
 

AwsCryptographicMaterialProviders/dafny/AwsCryptographicMaterialProviders/Model/cmms.smithy

@@ -158,3 +158,58 @@ structure CreateRequiredEncryptionContextCMMInput {
   @javadoc("A list of Encryption Context keys which are required to be supplied during encryption and decryption, and correspond to Encryption Context key-value pairs which are not stored on the resulting message.")
   requiredEncryptionContextKeys: EncryptionContextKeys
 }
+
+@positional
+@javadoc("Outputs for creating a Caching Cryptographic Materials Manager.")
+structure CreateCachingCMMOutput {
+  @required
+  @javadoc("The created Caching Cryptographic Materials Manager.")
+  materialsManager: CryptographicMaterialsManagerReference
+}
+
+@javadoc("Creates a Caching Cryptographic Materials Manager.")
+operation CreateCachingCMM {
+  input: CreateCachingCMMInput,
+  output: CreateCachingCMMOutput,
+}
+
+@javadoc("Inputs for creating a Caching Cryptographic Materials Manager.")
+structure CreateCachingCMMInput {
+
+  //= aws-encryption-sdk-specification/framework/caching-cmm.md#initialization
+  //= type=implication
+  //# On caching CMM initialization,
+  //# the caller MUST provide the following values:
+  //# - [Underlying Cryptographic Materials Cache (CMC)](#underlying-cryptographic-materials-cache)
+  //# - [Cache Limit TTL](#cache-limit-ttl)
+  @required
+  @javadoc("The Cryptographic Materials Cache the Caching Cryptographic Materials Manager will use to cache requests.")
+  underlyingCMC: CryptographicMaterialsCacheReference,
+  @required
+  @javadoc("Sets the maximum lifetime for entries in the cache, for both encrypt and decrypt operations. When the specified amount of time passes after initial creation of the entry, the entry will be considered unusable, and the next operation will incur a cache miss.")
+  cacheLimitTtlSeconds: PositiveInteger,
+
+  //= aws-encryption-sdk-specification/framework/caching-cmm.md#initialization
+  //= type=implication
+  //# Additionally, the caller MUST provide one of the following values:
+  //# - [Underlying Cryptographic Materials Manager (CMM)](#underlying-cryptographic-materials-manager)
+  //# - [Keyring](keyring-interface.md)
+  @javadoc("The Cryptographic Materials Manager that the created Caching Cryptographic Materials Manager will delegate to. Either a Keyring or underlying Cryptographic Materials Manager must be specified.")
+  underlyingCMM: CryptographicMaterialsManagerReference,
+  @javadoc("The Keyring that the created Cryptographic Materials Manager will use to wrap data keys. The created Caching CMM will delegate to a Default Cryptographic Materials Manager created with this Keyring. Either a Keyring or an underlying Cryptographic Materials Manager must be specified as input.")
+  keyring: KeyringReference,
+
+  //= aws-encryption-sdk-specification/framework/caching-cmm.md#initialization
+  //= type=implication
+  //# Finally, the caching CMM MUST optionally accept the following values:
+  //# - [Partition ID](#partition-id)
+  //# - [Limit Bytes](#limit-bytes)
+  //# - [Limit Messages](#limit-messages)
+  @javadoc("Sets the partition ID for this CMM. By default, two CMMs will never use each other's cache entries. This helps ensure that CMMs with different delegates won't incorrectly use each other's encrypt and decrypt results. However, in certain special circumstances it can be useful to share entries between different CMMs - for example, if the backing CMM is constructed based on some parameters that depend on the operation, you may wish for delegates constructed with the same parameters to share the same partition. To accomplish this, set the same partition ID and backing cache on both CMMs; entries cached from one of these CMMs can then be used by the other. This should only be done with careful consideration and verification that the CMM delegates are equivalent for your application's purposes. By default, the partition ID is set to a random UUID to avoid any collisions.")
+  partitionKey: Utf8Bytes,
+  @javadoc("Sets the maximum number of plaintext bytes that can be encrypted under the same cached data key. This does not affect decrypt operations. Specifying this limit is optional; by default, the limit is set to 2^63 - 1. If this limit is set to zero, keys can only be cached if they are used for zero-length messages.")
+  limitBytes: Long,
+  @javadoc("Sets the maximum number of individual messages that can be encrypted under the same cached data key. This does not affect decrypt operations. Specifying this limit is optional; by default, the limit is set to 2^32. This is also the maximum accepted value.")
+  limitMessages: Integer,
+
+}

AwsCryptographicMaterialProviders/dafny/AwsCryptographicMaterialProviders/Model/cryptographic-materials-cache.smithy

@@ -45,7 +45,7 @@ structure PutCacheEntryInput {
   //# since this information can not be updated after the put operation.
   expiryTime: PositiveLong,
   messagesUsed: PositiveInteger,
-  bytesUsed: PositiveInteger,
+  bytesUsed: PositiveLong,
 }
 
 operation GetCacheEntry {
@@ -56,7 +56,7 @@ operation GetCacheEntry {
 structure GetCacheEntryInput {
   @required
   identifier: Blob,
-  bytesUsed: Long
+  bytesUsed: PositiveLong
 
 }
 
@@ -84,7 +84,7 @@ structure GetCacheEntryOutput {
   @required
   messagesUsed: PositiveInteger,
   @required
-  bytesUsed: PositiveInteger,
+  bytesUsed: PositiveLong,
 }
 
 union Materials {
@@ -111,7 +111,7 @@ structure UpdateUsageMetadataInput {
   @required
   identifier: Blob,
   @required
-  bytesUsed: PositiveInteger,
+  bytesUsed: PositiveLong,
 }
 
 @error("client")

AwsCryptographicMaterialProviders/dafny/AwsCryptographicMaterialProviders/Model/material-provider.smithy

@@ -50,6 +50,7 @@ service AwsCryptographicMaterialProviders {
     // CMMs
     CreateDefaultCryptographicMaterialsManager,
     CreateRequiredEncryptionContextCMM,
+    CreateCachingCMM,
 
     // CMCs
     CreateCryptographicMaterialsCache,