Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(Duvet): Fix Duvet for Hierarchical Keyring Caching #760

Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

chore(Duvet): Fix Duvet for Hierarchical Keyring Caching #760

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ab424c1
feat(HierarchyKeyring; CMC): Shared cache across Hierarchy Keyrings (…
RitvikKapila Sep 16, 2024
6c1d58d
unlink Duvet annotations for making CI green
RitvikKapila Sep 20, 2024
1e9cff4
Merge branch 'main' into rkapila/hkeyring-caching-ga
RitvikKapila Sep 20, 2024
14a1fe2
fix Duvet
RitvikKapila Sep 23, 2024
22ebb82
Merge branch 'main' into rkapila/hkeyring-caching-fix-duvet
RitvikKapila Sep 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions ...afny/AwsCryptographicMaterialProviders/src/AwsCryptographyMaterialProvidersOperations.dfy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -261,8 +261,8 @@ module AwsCryptographyMaterialProvidersOperations refines AbstractAwsCryptograph
method CreateAwsKmsHierarchicalKeyring (config: InternalConfig, input: CreateAwsKmsHierarchicalKeyringInput)
returns (output: Result<IKeyring, Error>)
{
// //= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#initialization
// //= type=implication
//= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#initialization
//= type=implication
//# If the Hierarchical Keyring does NOT get a `Shared` cache on initialization,
//# it MUST initialize a [cryptographic-materials-cache](../local-cryptographic-materials-cache.md)
//# with the user provided cache limit TTL and the entry capacity.
Expand Down Expand Up @@ -291,8 +291,8 @@ module AwsCryptographyMaterialProvidersOperations refines AbstractAwsCryptograph
);
}

// //= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#partition-id
// //= type=implication
//= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#partition-id
//= type=implication
//# PartitionId can be a string provided by the user. If provided, it MUST be interpreted as UTF8 bytes.
//# If the PartitionId is NOT provided by the user, it MUST be set to the 16 byte representation of a v4 UUID.
var partitionIdBytes : seq<uint8>;
Expand All @@ -314,8 +314,8 @@ module AwsCryptographyMaterialProvidersOperations refines AbstractAwsCryptograph
.MapFailure(e => Types.AwsCryptographicMaterialProvidersException(message := e));
}

// //= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#logical-key-store-name
// //= type=implication
//= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#logical-key-store-name
//= type=implication
//# Logical Key Store Name is set by the user when configuring the Key Store for
//# the Hierarchical Keyring. This is a logical name for the key store.
//# Logical Key Store Name MUST be converted to UTF8 Bytes to be used in
Expand Down
8 changes: 4 additions & 4 deletions ...dafny/AwsCryptographicMaterialProviders/src/Keyrings/AwsKms/AwsKmsHierarchicalKeyring.dfy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -423,7 +423,7 @@ module AwsKmsHierarchicalKeyring {
&& 0 <= |branchKeyId| < UINT32_LIMIT,
E("Invalid Branch Key ID Length")
);
// //= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#encryption-materials
//= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#encryption-materials
//# When the hierarchical keyring receives an OnEncrypt request,
//# the cache entry identifier MUST be calculated as the
//# SHA-384 hash of the following byte strings, in the order listed:
Expand Down Expand Up @@ -484,7 +484,7 @@ module AwsKmsHierarchicalKeyring {

var now := Time.GetCurrent();

// //= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#onencrypt
//= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#onencrypt
//# If using a `Shared` cache across multiple Hierarchical Keyrings,
//# different keyrings having the same `branchKey` can have different TTLs.
//# In such a case, the expiry time in the cache is set according to the Keyring that populated the cache.
Expand Down Expand Up @@ -796,7 +796,7 @@ module AwsKmsHierarchicalKeyring {
&& 0 <= |branchKeyId| < UINT32_LIMIT,
E("Invalid Branch Key ID Length")
);
// //= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#decryption-materials
//= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#decryption-materials
//# When the hierarchical keyring receives an OnDecrypt request,
//# it MUST calculate the cache entry identifier as the
//# SHA-384 hash of the following byte strings, in the order listed:
Expand Down Expand Up @@ -866,7 +866,7 @@ module AwsKmsHierarchicalKeyring {

var now := Time.GetCurrent();

// //= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#ondecrypt
//= aws-encryption-sdk-specification/framework/aws-kms/aws-kms-hierarchical-keyring.md#ondecrypt
//# If using a `Shared` cache across multiple Hierarchical Keyrings,
//# different keyrings having the same `branchKey` can have different TTLs.
//# In such a case, the expiry time in the cache is set according to the Keyring that populated the cache.
Expand Down
Loading