diff --git a/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes/AwsCryptographyEncryptionSdkTypes.go b/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes/AwsCryptographyEncryptionSdkTypes.go new file mode 100644 index 000000000..afdd9dfa5 --- /dev/null +++ b/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes/AwsCryptographyEncryptionSdkTypes.go @@ -0,0 +1,1559 @@ +// Package AwsCryptographyEncryptionSdkTypes +// Dafny module AwsCryptographyEncryptionSdkTypes compiled into Go + +package AwsCryptographyEncryptionSdkTypes + +import ( + os "os" + + m_ComAmazonawsDynamodbTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/ComAmazonawsDynamodbTypes" + m_Com_Amazonaws_Dynamodb "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/Com_Amazonaws_Dynamodb" + m_ComAmazonawsKmsTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/ComAmazonawsKmsTypes" + m_Com_Amazonaws_Kms "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/Com_Amazonaws_Kms" + m_AlgorithmSuites "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AlgorithmSuites" + m_AwsArnParsing "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsArnParsing" + m_AwsCryptographyKeyStoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreOperations" + m_AwsCryptographyKeyStoreTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreTypes" + m_AwsCryptographyMaterialProvidersOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersOperations" + m_AwsCryptographyMaterialProvidersTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + m_AwsKmsDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsDiscoveryKeyring" + m_AwsKmsEcdhKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsEcdhKeyring" + m_AwsKmsHierarchicalKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsHierarchicalKeyring" + m_AwsKmsKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsKeyring" + m_AwsKmsMrkAreUnique "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkAreUnique" + m_AwsKmsMrkDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkDiscoveryKeyring" + m_AwsKmsMrkKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkKeyring" + m_AwsKmsMrkMatchForDecrypt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkMatchForDecrypt" + m_AwsKmsRsaKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsRsaKeyring" + m_AwsKmsUtils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsUtils" + m_CMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CMM" + m_CacheConstants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CacheConstants" + m_CanonicalEncryptionContext "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CanonicalEncryptionContext" + m_Commitment "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Commitment" + m_Constants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Constants" + m_CreateKeyStoreTable "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeyStoreTable" + m_CreateKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeys" + m_DDBKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DDBKeystoreOperations" + m_DefaultCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultCMM" + m_DefaultClientSupplier "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultClientSupplier" + m_Defaults "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Defaults" + m_DiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DiscoveryMultiKeyring" + m_EcdhEdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EcdhEdkWrapping" + m_EdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EdkWrapping" + m_ErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/ErrorMessages" + m_GetKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/GetKeys" + m_IntermediateKeyWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/IntermediateKeyWrapping" + m_KMSKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KMSKeystoreOperations" + m_KeyStore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStore" + m_KeyStoreErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStoreErrorMessages" + m_Keyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Keyring" + m_KmsArn "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KmsArn" + m_LocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/LocalCMC" + m_MaterialProviders "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialProviders" + m_MaterialWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialWrapping" + m_Materials "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Materials" + m_MrkAwareDiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareDiscoveryMultiKeyring" + m_MrkAwareStrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareStrictMultiKeyring" + m_MultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MultiKeyring" + m_RawAESKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawAESKeyring" + m_RawECDHKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawECDHKeyring" + m_RawRSAKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawRSAKeyring" + m_RequiredEncryptionContextCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RequiredEncryptionContextCMM" + m_StormTracker "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTracker" + m_StormTrackingCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTrackingCMC" + m_StrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StrictMultiKeyring" + m_Structure "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Structure" + m_SynchronizedLocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/SynchronizedLocalCMC" + m_Utils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Utils" + m_AtomicPrimitives "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AtomicPrimitives" + m_AwsCryptographyPrimitivesOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesOperations" + m_AwsCryptographyPrimitivesTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesTypes" + m_Digest "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Digest" + m_HKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/HKDF" + m_KdfCtr "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/KdfCtr" + m_Random "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Random" + m_WrappedHKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHKDF" + m_WrappedHMAC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHMAC" + m_Actions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Actions" + m_Base64 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64" + m_Base64Lemmas "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64Lemmas" + m_BoundedInts "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/BoundedInts" + m_DivInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternals" + m_DivInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternalsNonlinear" + m_DivMod "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivMod" + m_FileIO "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FileIO" + m_FloatCompare "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FloatCompare" + m_Functions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Functions" + m_GeneralInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GeneralInternals" + m_GetOpt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GetOpt" + m_HexStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/HexStrings" + m_Logarithm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Logarithm" + m__Math "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Math_" + m_ModInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternals" + m_ModInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternalsNonlinear" + m_Mul "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Mul" + m_MulInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternals" + m_MulInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternalsNonlinear" + m_Power "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Power" + m_Relations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Relations" + m_Seq "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq" + m_Seq_MergeSort "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq_MergeSort" + m_Sorting "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Sorting" + m_StandardLibrary "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary" + m_StandardLibraryInterop "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibraryInterop" + m_StandardLibrary_Sequence "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_Sequence" + m_StandardLibrary_String "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_String" + m_StandardLibrary_UInt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_UInt" + m_Streams "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Streams" + m_UnicodeStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UnicodeStrings" + m__Unicode "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Unicode_" + m_Utf16EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf16EncodingForm" + m_Utf8EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf8EncodingForm" + m_Wrappers "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + m__System "github.com/dafny-lang/DafnyRuntimeGo/v4/System_" + _dafny "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +var _ = os.Args +var _ _dafny.Dummy__ +var _ m__System.Dummy__ +var _ m_Wrappers.Dummy__ +var _ m_BoundedInts.Dummy__ +var _ m_StandardLibrary_UInt.Dummy__ +var _ m_StandardLibrary_Sequence.Dummy__ +var _ m_StandardLibrary_String.Dummy__ +var _ m_StandardLibrary.Dummy__ +var _ m_AwsCryptographyPrimitivesTypes.Dummy__ +var _ m_Random.Dummy__ +var _ m_Digest.Dummy__ +var _ m_WrappedHMAC.Dummy__ +var _ m_HKDF.Dummy__ +var _ m_WrappedHKDF.Dummy__ +var _ m_KdfCtr.Dummy__ +var _ m_AwsCryptographyPrimitivesOperations.Dummy__ +var _ m_AtomicPrimitives.Dummy__ +var _ m_ComAmazonawsDynamodbTypes.Dummy__ +var _ m_ComAmazonawsKmsTypes.Dummy__ +var _ m_AwsCryptographyKeyStoreTypes.Dummy__ +var _ m_AwsCryptographyMaterialProvidersTypes.Dummy__ +var _ m_Base64.Dummy__ +var _ m_AlgorithmSuites.Dummy__ +var _ m_Materials.Dummy__ +var _ m_Keyring.Dummy__ +var _ m_Relations.Dummy__ +var _ m_Seq_MergeSort.Dummy__ +var _ m__Math.Dummy__ +var _ m_Seq.Dummy__ +var _ m_MultiKeyring.Dummy__ +var _ m_AwsArnParsing.Dummy__ +var _ m_AwsKmsMrkAreUnique.Dummy__ +var _ m_Actions.Dummy__ +var _ m_AwsKmsMrkMatchForDecrypt.Dummy__ +var _ m_AwsKmsUtils.Dummy__ +var _ m_Constants.Dummy__ +var _ m_MaterialWrapping.Dummy__ +var _ m_CanonicalEncryptionContext.Dummy__ +var _ m_IntermediateKeyWrapping.Dummy__ +var _ m_EdkWrapping.Dummy__ +var _ m_ErrorMessages.Dummy__ +var _ m_AwsKmsKeyring.Dummy__ +var _ m_StrictMultiKeyring.Dummy__ +var _ m_AwsKmsDiscoveryKeyring.Dummy__ +var _ m_Com_Amazonaws_Kms.Dummy__ +var _ m_Com_Amazonaws_Dynamodb.Dummy__ +var _ m_DiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkDiscoveryKeyring.Dummy__ +var _ m_MrkAwareDiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkKeyring.Dummy__ +var _ m_MrkAwareStrictMultiKeyring.Dummy__ +var _ m_LocalCMC.Dummy__ +var _ m_SynchronizedLocalCMC.Dummy__ +var _ m_StormTracker.Dummy__ +var _ m_StormTrackingCMC.Dummy__ +var _ m_CacheConstants.Dummy__ +var _ m_AwsKmsHierarchicalKeyring.Dummy__ +var _ m_AwsKmsRsaKeyring.Dummy__ +var _ m_EcdhEdkWrapping.Dummy__ +var _ m_RawECDHKeyring.Dummy__ +var _ m_AwsKmsEcdhKeyring.Dummy__ +var _ m_RawAESKeyring.Dummy__ +var _ m_RawRSAKeyring.Dummy__ +var _ m_CMM.Dummy__ +var _ m_Defaults.Dummy__ +var _ m_Commitment.Dummy__ +var _ m_DefaultCMM.Dummy__ +var _ m_DefaultClientSupplier.Dummy__ +var _ m_Utils.Dummy__ +var _ m_RequiredEncryptionContextCMM.Dummy__ +var _ m_AwsCryptographyMaterialProvidersOperations.Dummy__ +var _ m_MaterialProviders.Dummy__ +var _ m_KeyStoreErrorMessages.Dummy__ +var _ m_KmsArn.Dummy__ +var _ m_Structure.Dummy__ +var _ m_KMSKeystoreOperations.Dummy__ +var _ m_DDBKeystoreOperations.Dummy__ +var _ m_CreateKeys.Dummy__ +var _ m_CreateKeyStoreTable.Dummy__ +var _ m_GetKeys.Dummy__ +var _ m_AwsCryptographyKeyStoreOperations.Dummy__ +var _ m_KeyStore.Dummy__ +var _ m__Unicode.Dummy__ +var _ m_Functions.Dummy__ +var _ m_Utf8EncodingForm.Dummy__ +var _ m_Utf16EncodingForm.Dummy__ +var _ m_UnicodeStrings.Dummy__ +var _ m_FileIO.Dummy__ +var _ m_GeneralInternals.Dummy__ +var _ m_MulInternalsNonlinear.Dummy__ +var _ m_MulInternals.Dummy__ +var _ m_Mul.Dummy__ +var _ m_ModInternalsNonlinear.Dummy__ +var _ m_DivInternalsNonlinear.Dummy__ +var _ m_ModInternals.Dummy__ +var _ m_DivInternals.Dummy__ +var _ m_DivMod.Dummy__ +var _ m_Power.Dummy__ +var _ m_Logarithm.Dummy__ +var _ m_StandardLibraryInterop.Dummy__ +var _ m_Streams.Dummy__ +var _ m_Sorting.Dummy__ +var _ m_HexStrings.Dummy__ +var _ m_GetOpt.Dummy__ +var _ m_FloatCompare.Dummy__ +var _ m_Base64Lemmas.Dummy__ + +type Dummy__ struct{} + +// Definition of class Default__ +type Default__ struct { + dummy byte +} + +func New_Default___() *Default__ { + _this := Default__{} + + return &_this +} + +type CompanionStruct_Default___ struct { +} + +var Companion_Default___ = CompanionStruct_Default___{} + +func (_this *Default__) Equals(other *Default__) bool { + return _this == other +} + +func (_this *Default__) EqualsGeneric(x interface{}) bool { + other, ok := x.(*Default__) + return ok && _this.Equals(other) +} + +func (*Default__) String() string { + return "AwsCryptographyEncryptionSdkTypes.Default__" +} +func (_this *Default__) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = &Default__{} + +func (_static *CompanionStruct_Default___) IsValid__CountingNumbers(x int64) bool { + return (int64(1)) <= (x) +} +func (_static *CompanionStruct_Default___) IsValid__FrameLength(x int64) bool { + return ((int64(1)) <= (x)) && ((x) <= (int64(4294967296))) +} +func (_static *CompanionStruct_Default___) IsDummySubsetType(x _dafny.Int) bool { + return (x).Sign() == 1 +} + +// End of class Default__ + +// Definition of datatype DafnyCallEvent +type DafnyCallEvent struct { + Data_DafnyCallEvent_ +} + +func (_this DafnyCallEvent) Get_() Data_DafnyCallEvent_ { + return _this.Data_DafnyCallEvent_ +} + +type Data_DafnyCallEvent_ interface { + isDafnyCallEvent() +} + +type CompanionStruct_DafnyCallEvent_ struct { +} + +var Companion_DafnyCallEvent_ = CompanionStruct_DafnyCallEvent_{} + +type DafnyCallEvent_DafnyCallEvent struct { + Input interface{} + Output interface{} +} + +func (DafnyCallEvent_DafnyCallEvent) isDafnyCallEvent() {} + +func (CompanionStruct_DafnyCallEvent_) Create_DafnyCallEvent_(Input interface{}, Output interface{}) DafnyCallEvent { + return DafnyCallEvent{DafnyCallEvent_DafnyCallEvent{Input, Output}} +} + +func (_this DafnyCallEvent) Is_DafnyCallEvent() bool { + _, ok := _this.Get_().(DafnyCallEvent_DafnyCallEvent) + return ok +} + +func (CompanionStruct_DafnyCallEvent_) Default(_default_I interface{}, _default_O interface{}) DafnyCallEvent { + return Companion_DafnyCallEvent_.Create_DafnyCallEvent_(_default_I, _default_O) +} + +func (_this DafnyCallEvent) Dtor_input() interface{} { + return _this.Get_().(DafnyCallEvent_DafnyCallEvent).Input +} + +func (_this DafnyCallEvent) Dtor_output() interface{} { + return _this.Get_().(DafnyCallEvent_DafnyCallEvent).Output +} + +func (_this DafnyCallEvent) String() string { + switch data := _this.Get_().(type) { + case nil: + return "null" + case DafnyCallEvent_DafnyCallEvent: + { + return "AwsCryptographyEncryptionSdkTypes.DafnyCallEvent.DafnyCallEvent" + "(" + _dafny.String(data.Input) + ", " + _dafny.String(data.Output) + ")" + } + default: + { + return "" + } + } +} + +func (_this DafnyCallEvent) Equals(other DafnyCallEvent) bool { + switch data1 := _this.Get_().(type) { + case DafnyCallEvent_DafnyCallEvent: + { + data2, ok := other.Get_().(DafnyCallEvent_DafnyCallEvent) + return ok && _dafny.AreEqual(data1.Input, data2.Input) && _dafny.AreEqual(data1.Output, data2.Output) + } + default: + { + return false // unexpected + } + } +} + +func (_this DafnyCallEvent) EqualsGeneric(other interface{}) bool { + typed, ok := other.(DafnyCallEvent) + return ok && _this.Equals(typed) +} + +func Type_DafnyCallEvent_(Type_I_ _dafny.TypeDescriptor, Type_O_ _dafny.TypeDescriptor) _dafny.TypeDescriptor { + return type_DafnyCallEvent_{Type_I_, Type_O_} +} + +type type_DafnyCallEvent_ struct { + Type_I_ _dafny.TypeDescriptor + Type_O_ _dafny.TypeDescriptor +} + +func (_this type_DafnyCallEvent_) Default() interface{} { + Type_I_ := _this.Type_I_ + _ = Type_I_ + Type_O_ := _this.Type_O_ + _ = Type_O_ + return Companion_DafnyCallEvent_.Default(Type_I_.Default(), Type_O_.Default()) +} + +func (_this type_DafnyCallEvent_) String() string { + return "AwsCryptographyEncryptionSdkTypes.DafnyCallEvent" +} +func (_this DafnyCallEvent) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = DafnyCallEvent{} + +// End of datatype DafnyCallEvent + +// Definition of class IAwsEncryptionSdkClientCallHistory +type IAwsEncryptionSdkClientCallHistory struct { + dummy byte +} + +func New_IAwsEncryptionSdkClientCallHistory_() *IAwsEncryptionSdkClientCallHistory { + _this := IAwsEncryptionSdkClientCallHistory{} + + return &_this +} + +type CompanionStruct_IAwsEncryptionSdkClientCallHistory_ struct { +} + +var Companion_IAwsEncryptionSdkClientCallHistory_ = CompanionStruct_IAwsEncryptionSdkClientCallHistory_{} + +func (_this *IAwsEncryptionSdkClientCallHistory) Equals(other *IAwsEncryptionSdkClientCallHistory) bool { + return _this == other +} + +func (_this *IAwsEncryptionSdkClientCallHistory) EqualsGeneric(x interface{}) bool { + other, ok := x.(*IAwsEncryptionSdkClientCallHistory) + return ok && _this.Equals(other) +} + +func (*IAwsEncryptionSdkClientCallHistory) String() string { + return "AwsCryptographyEncryptionSdkTypes.IAwsEncryptionSdkClientCallHistory" +} + +func Type_IAwsEncryptionSdkClientCallHistory_() _dafny.TypeDescriptor { + return type_IAwsEncryptionSdkClientCallHistory_{} +} + +type type_IAwsEncryptionSdkClientCallHistory_ struct { +} + +func (_this type_IAwsEncryptionSdkClientCallHistory_) Default() interface{} { + return (*IAwsEncryptionSdkClientCallHistory)(nil) +} + +func (_this type_IAwsEncryptionSdkClientCallHistory_) String() string { + return "AwsCryptographyEncryptionSdkTypes.IAwsEncryptionSdkClientCallHistory" +} +func (_this *IAwsEncryptionSdkClientCallHistory) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = &IAwsEncryptionSdkClientCallHistory{} + +// End of class IAwsEncryptionSdkClientCallHistory + +// Definition of trait IAwsEncryptionSdkClient +type IAwsEncryptionSdkClient interface { + String() string + Encrypt(input EncryptInput) m_Wrappers.Result + Decrypt(input DecryptInput) m_Wrappers.Result +} +type CompanionStruct_IAwsEncryptionSdkClient_ struct { + TraitID_ *_dafny.TraitID +} + +var Companion_IAwsEncryptionSdkClient_ = CompanionStruct_IAwsEncryptionSdkClient_{ + TraitID_: &_dafny.TraitID{}, +} + +func (CompanionStruct_IAwsEncryptionSdkClient_) CastTo_(x interface{}) IAwsEncryptionSdkClient { + var t IAwsEncryptionSdkClient + t, _ = x.(IAwsEncryptionSdkClient) + return t +} + +// End of trait IAwsEncryptionSdkClient + +// Definition of datatype AwsEncryptionSdkConfig +type AwsEncryptionSdkConfig struct { + Data_AwsEncryptionSdkConfig_ +} + +func (_this AwsEncryptionSdkConfig) Get_() Data_AwsEncryptionSdkConfig_ { + return _this.Data_AwsEncryptionSdkConfig_ +} + +type Data_AwsEncryptionSdkConfig_ interface { + isAwsEncryptionSdkConfig() +} + +type CompanionStruct_AwsEncryptionSdkConfig_ struct { +} + +var Companion_AwsEncryptionSdkConfig_ = CompanionStruct_AwsEncryptionSdkConfig_{} + +type AwsEncryptionSdkConfig_AwsEncryptionSdkConfig struct { + CommitmentPolicy m_Wrappers.Option + MaxEncryptedDataKeys m_Wrappers.Option + NetV4__0__0__RetryPolicy m_Wrappers.Option +} + +func (AwsEncryptionSdkConfig_AwsEncryptionSdkConfig) isAwsEncryptionSdkConfig() {} + +func (CompanionStruct_AwsEncryptionSdkConfig_) Create_AwsEncryptionSdkConfig_(CommitmentPolicy m_Wrappers.Option, MaxEncryptedDataKeys m_Wrappers.Option, NetV4__0__0__RetryPolicy m_Wrappers.Option) AwsEncryptionSdkConfig { + return AwsEncryptionSdkConfig{AwsEncryptionSdkConfig_AwsEncryptionSdkConfig{CommitmentPolicy, MaxEncryptedDataKeys, NetV4__0__0__RetryPolicy}} +} + +func (_this AwsEncryptionSdkConfig) Is_AwsEncryptionSdkConfig() bool { + _, ok := _this.Get_().(AwsEncryptionSdkConfig_AwsEncryptionSdkConfig) + return ok +} + +func (CompanionStruct_AwsEncryptionSdkConfig_) Default() AwsEncryptionSdkConfig { + return Companion_AwsEncryptionSdkConfig_.Create_AwsEncryptionSdkConfig_(m_Wrappers.Companion_Option_.Default(), m_Wrappers.Companion_Option_.Default(), m_Wrappers.Companion_Option_.Default()) +} + +func (_this AwsEncryptionSdkConfig) Dtor_commitmentPolicy() m_Wrappers.Option { + return _this.Get_().(AwsEncryptionSdkConfig_AwsEncryptionSdkConfig).CommitmentPolicy +} + +func (_this AwsEncryptionSdkConfig) Dtor_maxEncryptedDataKeys() m_Wrappers.Option { + return _this.Get_().(AwsEncryptionSdkConfig_AwsEncryptionSdkConfig).MaxEncryptedDataKeys +} + +func (_this AwsEncryptionSdkConfig) Dtor_netV4__0__0__RetryPolicy() m_Wrappers.Option { + return _this.Get_().(AwsEncryptionSdkConfig_AwsEncryptionSdkConfig).NetV4__0__0__RetryPolicy +} + +func (_this AwsEncryptionSdkConfig) String() string { + switch data := _this.Get_().(type) { + case nil: + return "null" + case AwsEncryptionSdkConfig_AwsEncryptionSdkConfig: + { + return "AwsCryptographyEncryptionSdkTypes.AwsEncryptionSdkConfig.AwsEncryptionSdkConfig" + "(" + _dafny.String(data.CommitmentPolicy) + ", " + _dafny.String(data.MaxEncryptedDataKeys) + ", " + _dafny.String(data.NetV4__0__0__RetryPolicy) + ")" + } + default: + { + return "" + } + } +} + +func (_this AwsEncryptionSdkConfig) Equals(other AwsEncryptionSdkConfig) bool { + switch data1 := _this.Get_().(type) { + case AwsEncryptionSdkConfig_AwsEncryptionSdkConfig: + { + data2, ok := other.Get_().(AwsEncryptionSdkConfig_AwsEncryptionSdkConfig) + return ok && data1.CommitmentPolicy.Equals(data2.CommitmentPolicy) && data1.MaxEncryptedDataKeys.Equals(data2.MaxEncryptedDataKeys) && data1.NetV4__0__0__RetryPolicy.Equals(data2.NetV4__0__0__RetryPolicy) + } + default: + { + return false // unexpected + } + } +} + +func (_this AwsEncryptionSdkConfig) EqualsGeneric(other interface{}) bool { + typed, ok := other.(AwsEncryptionSdkConfig) + return ok && _this.Equals(typed) +} + +func Type_AwsEncryptionSdkConfig_() _dafny.TypeDescriptor { + return type_AwsEncryptionSdkConfig_{} +} + +type type_AwsEncryptionSdkConfig_ struct { +} + +func (_this type_AwsEncryptionSdkConfig_) Default() interface{} { + return Companion_AwsEncryptionSdkConfig_.Default() +} + +func (_this type_AwsEncryptionSdkConfig_) String() string { + return "AwsCryptographyEncryptionSdkTypes.AwsEncryptionSdkConfig" +} +func (_this AwsEncryptionSdkConfig) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = AwsEncryptionSdkConfig{} + +// End of datatype AwsEncryptionSdkConfig + +// Definition of class CountingNumbers +type CountingNumbers struct { +} + +func New_CountingNumbers_() *CountingNumbers { + _this := CountingNumbers{} + + return &_this +} + +type CompanionStruct_CountingNumbers_ struct { +} + +var Companion_CountingNumbers_ = CompanionStruct_CountingNumbers_{} + +func (*CountingNumbers) String() string { + return "AwsCryptographyEncryptionSdkTypes.CountingNumbers" +} + +// End of class CountingNumbers + +func Type_CountingNumbers_() _dafny.TypeDescriptor { + return type_CountingNumbers_{} +} + +type type_CountingNumbers_ struct { +} + +func (_this type_CountingNumbers_) Default() interface{} { + return int64(0) +} + +func (_this type_CountingNumbers_) String() string { + return "AwsCryptographyEncryptionSdkTypes.CountingNumbers" +} +func (_this *CompanionStruct_CountingNumbers_) Is_(__source int64) bool { + var _0_x int64 = (__source) + _ = _0_x + if true { + return Companion_Default___.IsValid__CountingNumbers(_0_x) + } + return false +} + +// Definition of datatype DecryptInput +type DecryptInput struct { + Data_DecryptInput_ +} + +func (_this DecryptInput) Get_() Data_DecryptInput_ { + return _this.Data_DecryptInput_ +} + +type Data_DecryptInput_ interface { + isDecryptInput() +} + +type CompanionStruct_DecryptInput_ struct { +} + +var Companion_DecryptInput_ = CompanionStruct_DecryptInput_{} + +type DecryptInput_DecryptInput struct { + Ciphertext _dafny.Sequence + MaterialsManager m_Wrappers.Option + Keyring m_Wrappers.Option + EncryptionContext m_Wrappers.Option +} + +func (DecryptInput_DecryptInput) isDecryptInput() {} + +func (CompanionStruct_DecryptInput_) Create_DecryptInput_(Ciphertext _dafny.Sequence, MaterialsManager m_Wrappers.Option, Keyring m_Wrappers.Option, EncryptionContext m_Wrappers.Option) DecryptInput { + return DecryptInput{DecryptInput_DecryptInput{Ciphertext, MaterialsManager, Keyring, EncryptionContext}} +} + +func (_this DecryptInput) Is_DecryptInput() bool { + _, ok := _this.Get_().(DecryptInput_DecryptInput) + return ok +} + +func (CompanionStruct_DecryptInput_) Default() DecryptInput { + return Companion_DecryptInput_.Create_DecryptInput_(_dafny.EmptySeq, m_Wrappers.Companion_Option_.Default(), m_Wrappers.Companion_Option_.Default(), m_Wrappers.Companion_Option_.Default()) +} + +func (_this DecryptInput) Dtor_ciphertext() _dafny.Sequence { + return _this.Get_().(DecryptInput_DecryptInput).Ciphertext +} + +func (_this DecryptInput) Dtor_materialsManager() m_Wrappers.Option { + return _this.Get_().(DecryptInput_DecryptInput).MaterialsManager +} + +func (_this DecryptInput) Dtor_keyring() m_Wrappers.Option { + return _this.Get_().(DecryptInput_DecryptInput).Keyring +} + +func (_this DecryptInput) Dtor_encryptionContext() m_Wrappers.Option { + return _this.Get_().(DecryptInput_DecryptInput).EncryptionContext +} + +func (_this DecryptInput) String() string { + switch data := _this.Get_().(type) { + case nil: + return "null" + case DecryptInput_DecryptInput: + { + return "AwsCryptographyEncryptionSdkTypes.DecryptInput.DecryptInput" + "(" + _dafny.String(data.Ciphertext) + ", " + _dafny.String(data.MaterialsManager) + ", " + _dafny.String(data.Keyring) + ", " + _dafny.String(data.EncryptionContext) + ")" + } + default: + { + return "" + } + } +} + +func (_this DecryptInput) Equals(other DecryptInput) bool { + switch data1 := _this.Get_().(type) { + case DecryptInput_DecryptInput: + { + data2, ok := other.Get_().(DecryptInput_DecryptInput) + return ok && data1.Ciphertext.Equals(data2.Ciphertext) && data1.MaterialsManager.Equals(data2.MaterialsManager) && data1.Keyring.Equals(data2.Keyring) && data1.EncryptionContext.Equals(data2.EncryptionContext) + } + default: + { + return false // unexpected + } + } +} + +func (_this DecryptInput) EqualsGeneric(other interface{}) bool { + typed, ok := other.(DecryptInput) + return ok && _this.Equals(typed) +} + +func Type_DecryptInput_() _dafny.TypeDescriptor { + return type_DecryptInput_{} +} + +type type_DecryptInput_ struct { +} + +func (_this type_DecryptInput_) Default() interface{} { + return Companion_DecryptInput_.Default() +} + +func (_this type_DecryptInput_) String() string { + return "AwsCryptographyEncryptionSdkTypes.DecryptInput" +} +func (_this DecryptInput) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = DecryptInput{} + +// End of datatype DecryptInput + +// Definition of datatype DecryptOutput +type DecryptOutput struct { + Data_DecryptOutput_ +} + +func (_this DecryptOutput) Get_() Data_DecryptOutput_ { + return _this.Data_DecryptOutput_ +} + +type Data_DecryptOutput_ interface { + isDecryptOutput() +} + +type CompanionStruct_DecryptOutput_ struct { +} + +var Companion_DecryptOutput_ = CompanionStruct_DecryptOutput_{} + +type DecryptOutput_DecryptOutput struct { + Plaintext _dafny.Sequence + EncryptionContext _dafny.Map + AlgorithmSuiteId m_AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId +} + +func (DecryptOutput_DecryptOutput) isDecryptOutput() {} + +func (CompanionStruct_DecryptOutput_) Create_DecryptOutput_(Plaintext _dafny.Sequence, EncryptionContext _dafny.Map, AlgorithmSuiteId m_AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId) DecryptOutput { + return DecryptOutput{DecryptOutput_DecryptOutput{Plaintext, EncryptionContext, AlgorithmSuiteId}} +} + +func (_this DecryptOutput) Is_DecryptOutput() bool { + _, ok := _this.Get_().(DecryptOutput_DecryptOutput) + return ok +} + +func (CompanionStruct_DecryptOutput_) Default() DecryptOutput { + return Companion_DecryptOutput_.Create_DecryptOutput_(_dafny.EmptySeq, _dafny.EmptyMap, m_AwsCryptographyMaterialProvidersTypes.Companion_ESDKAlgorithmSuiteId_.Default()) +} + +func (_this DecryptOutput) Dtor_plaintext() _dafny.Sequence { + return _this.Get_().(DecryptOutput_DecryptOutput).Plaintext +} + +func (_this DecryptOutput) Dtor_encryptionContext() _dafny.Map { + return _this.Get_().(DecryptOutput_DecryptOutput).EncryptionContext +} + +func (_this DecryptOutput) Dtor_algorithmSuiteId() m_AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId { + return _this.Get_().(DecryptOutput_DecryptOutput).AlgorithmSuiteId +} + +func (_this DecryptOutput) String() string { + switch data := _this.Get_().(type) { + case nil: + return "null" + case DecryptOutput_DecryptOutput: + { + return "AwsCryptographyEncryptionSdkTypes.DecryptOutput.DecryptOutput" + "(" + _dafny.String(data.Plaintext) + ", " + _dafny.String(data.EncryptionContext) + ", " + _dafny.String(data.AlgorithmSuiteId) + ")" + } + default: + { + return "" + } + } +} + +func (_this DecryptOutput) Equals(other DecryptOutput) bool { + switch data1 := _this.Get_().(type) { + case DecryptOutput_DecryptOutput: + { + data2, ok := other.Get_().(DecryptOutput_DecryptOutput) + return ok && data1.Plaintext.Equals(data2.Plaintext) && data1.EncryptionContext.Equals(data2.EncryptionContext) && data1.AlgorithmSuiteId.Equals(data2.AlgorithmSuiteId) + } + default: + { + return false // unexpected + } + } +} + +func (_this DecryptOutput) EqualsGeneric(other interface{}) bool { + typed, ok := other.(DecryptOutput) + return ok && _this.Equals(typed) +} + +func Type_DecryptOutput_() _dafny.TypeDescriptor { + return type_DecryptOutput_{} +} + +type type_DecryptOutput_ struct { +} + +func (_this type_DecryptOutput_) Default() interface{} { + return Companion_DecryptOutput_.Default() +} + +func (_this type_DecryptOutput_) String() string { + return "AwsCryptographyEncryptionSdkTypes.DecryptOutput" +} +func (_this DecryptOutput) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = DecryptOutput{} + +// End of datatype DecryptOutput + +// Definition of datatype EncryptInput +type EncryptInput struct { + Data_EncryptInput_ +} + +func (_this EncryptInput) Get_() Data_EncryptInput_ { + return _this.Data_EncryptInput_ +} + +type Data_EncryptInput_ interface { + isEncryptInput() +} + +type CompanionStruct_EncryptInput_ struct { +} + +var Companion_EncryptInput_ = CompanionStruct_EncryptInput_{} + +type EncryptInput_EncryptInput struct { + Plaintext _dafny.Sequence + EncryptionContext m_Wrappers.Option + MaterialsManager m_Wrappers.Option + Keyring m_Wrappers.Option + AlgorithmSuiteId m_Wrappers.Option + FrameLength m_Wrappers.Option +} + +func (EncryptInput_EncryptInput) isEncryptInput() {} + +func (CompanionStruct_EncryptInput_) Create_EncryptInput_(Plaintext _dafny.Sequence, EncryptionContext m_Wrappers.Option, MaterialsManager m_Wrappers.Option, Keyring m_Wrappers.Option, AlgorithmSuiteId m_Wrappers.Option, FrameLength m_Wrappers.Option) EncryptInput { + return EncryptInput{EncryptInput_EncryptInput{Plaintext, EncryptionContext, MaterialsManager, Keyring, AlgorithmSuiteId, FrameLength}} +} + +func (_this EncryptInput) Is_EncryptInput() bool { + _, ok := _this.Get_().(EncryptInput_EncryptInput) + return ok +} + +func (CompanionStruct_EncryptInput_) Default() EncryptInput { + return Companion_EncryptInput_.Create_EncryptInput_(_dafny.EmptySeq, m_Wrappers.Companion_Option_.Default(), m_Wrappers.Companion_Option_.Default(), m_Wrappers.Companion_Option_.Default(), m_Wrappers.Companion_Option_.Default(), m_Wrappers.Companion_Option_.Default()) +} + +func (_this EncryptInput) Dtor_plaintext() _dafny.Sequence { + return _this.Get_().(EncryptInput_EncryptInput).Plaintext +} + +func (_this EncryptInput) Dtor_encryptionContext() m_Wrappers.Option { + return _this.Get_().(EncryptInput_EncryptInput).EncryptionContext +} + +func (_this EncryptInput) Dtor_materialsManager() m_Wrappers.Option { + return _this.Get_().(EncryptInput_EncryptInput).MaterialsManager +} + +func (_this EncryptInput) Dtor_keyring() m_Wrappers.Option { + return _this.Get_().(EncryptInput_EncryptInput).Keyring +} + +func (_this EncryptInput) Dtor_algorithmSuiteId() m_Wrappers.Option { + return _this.Get_().(EncryptInput_EncryptInput).AlgorithmSuiteId +} + +func (_this EncryptInput) Dtor_frameLength() m_Wrappers.Option { + return _this.Get_().(EncryptInput_EncryptInput).FrameLength +} + +func (_this EncryptInput) String() string { + switch data := _this.Get_().(type) { + case nil: + return "null" + case EncryptInput_EncryptInput: + { + return "AwsCryptographyEncryptionSdkTypes.EncryptInput.EncryptInput" + "(" + _dafny.String(data.Plaintext) + ", " + _dafny.String(data.EncryptionContext) + ", " + _dafny.String(data.MaterialsManager) + ", " + _dafny.String(data.Keyring) + ", " + _dafny.String(data.AlgorithmSuiteId) + ", " + _dafny.String(data.FrameLength) + ")" + } + default: + { + return "" + } + } +} + +func (_this EncryptInput) Equals(other EncryptInput) bool { + switch data1 := _this.Get_().(type) { + case EncryptInput_EncryptInput: + { + data2, ok := other.Get_().(EncryptInput_EncryptInput) + return ok && data1.Plaintext.Equals(data2.Plaintext) && data1.EncryptionContext.Equals(data2.EncryptionContext) && data1.MaterialsManager.Equals(data2.MaterialsManager) && data1.Keyring.Equals(data2.Keyring) && data1.AlgorithmSuiteId.Equals(data2.AlgorithmSuiteId) && data1.FrameLength.Equals(data2.FrameLength) + } + default: + { + return false // unexpected + } + } +} + +func (_this EncryptInput) EqualsGeneric(other interface{}) bool { + typed, ok := other.(EncryptInput) + return ok && _this.Equals(typed) +} + +func Type_EncryptInput_() _dafny.TypeDescriptor { + return type_EncryptInput_{} +} + +type type_EncryptInput_ struct { +} + +func (_this type_EncryptInput_) Default() interface{} { + return Companion_EncryptInput_.Default() +} + +func (_this type_EncryptInput_) String() string { + return "AwsCryptographyEncryptionSdkTypes.EncryptInput" +} +func (_this EncryptInput) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = EncryptInput{} + +// End of datatype EncryptInput + +// Definition of datatype EncryptOutput +type EncryptOutput struct { + Data_EncryptOutput_ +} + +func (_this EncryptOutput) Get_() Data_EncryptOutput_ { + return _this.Data_EncryptOutput_ +} + +type Data_EncryptOutput_ interface { + isEncryptOutput() +} + +type CompanionStruct_EncryptOutput_ struct { +} + +var Companion_EncryptOutput_ = CompanionStruct_EncryptOutput_{} + +type EncryptOutput_EncryptOutput struct { + Ciphertext _dafny.Sequence + EncryptionContext _dafny.Map + AlgorithmSuiteId m_AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId +} + +func (EncryptOutput_EncryptOutput) isEncryptOutput() {} + +func (CompanionStruct_EncryptOutput_) Create_EncryptOutput_(Ciphertext _dafny.Sequence, EncryptionContext _dafny.Map, AlgorithmSuiteId m_AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId) EncryptOutput { + return EncryptOutput{EncryptOutput_EncryptOutput{Ciphertext, EncryptionContext, AlgorithmSuiteId}} +} + +func (_this EncryptOutput) Is_EncryptOutput() bool { + _, ok := _this.Get_().(EncryptOutput_EncryptOutput) + return ok +} + +func (CompanionStruct_EncryptOutput_) Default() EncryptOutput { + return Companion_EncryptOutput_.Create_EncryptOutput_(_dafny.EmptySeq, _dafny.EmptyMap, m_AwsCryptographyMaterialProvidersTypes.Companion_ESDKAlgorithmSuiteId_.Default()) +} + +func (_this EncryptOutput) Dtor_ciphertext() _dafny.Sequence { + return _this.Get_().(EncryptOutput_EncryptOutput).Ciphertext +} + +func (_this EncryptOutput) Dtor_encryptionContext() _dafny.Map { + return _this.Get_().(EncryptOutput_EncryptOutput).EncryptionContext +} + +func (_this EncryptOutput) Dtor_algorithmSuiteId() m_AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId { + return _this.Get_().(EncryptOutput_EncryptOutput).AlgorithmSuiteId +} + +func (_this EncryptOutput) String() string { + switch data := _this.Get_().(type) { + case nil: + return "null" + case EncryptOutput_EncryptOutput: + { + return "AwsCryptographyEncryptionSdkTypes.EncryptOutput.EncryptOutput" + "(" + _dafny.String(data.Ciphertext) + ", " + _dafny.String(data.EncryptionContext) + ", " + _dafny.String(data.AlgorithmSuiteId) + ")" + } + default: + { + return "" + } + } +} + +func (_this EncryptOutput) Equals(other EncryptOutput) bool { + switch data1 := _this.Get_().(type) { + case EncryptOutput_EncryptOutput: + { + data2, ok := other.Get_().(EncryptOutput_EncryptOutput) + return ok && data1.Ciphertext.Equals(data2.Ciphertext) && data1.EncryptionContext.Equals(data2.EncryptionContext) && data1.AlgorithmSuiteId.Equals(data2.AlgorithmSuiteId) + } + default: + { + return false // unexpected + } + } +} + +func (_this EncryptOutput) EqualsGeneric(other interface{}) bool { + typed, ok := other.(EncryptOutput) + return ok && _this.Equals(typed) +} + +func Type_EncryptOutput_() _dafny.TypeDescriptor { + return type_EncryptOutput_{} +} + +type type_EncryptOutput_ struct { +} + +func (_this type_EncryptOutput_) Default() interface{} { + return Companion_EncryptOutput_.Default() +} + +func (_this type_EncryptOutput_) String() string { + return "AwsCryptographyEncryptionSdkTypes.EncryptOutput" +} +func (_this EncryptOutput) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = EncryptOutput{} + +// End of datatype EncryptOutput + +// Definition of class FrameLength +type FrameLength struct { +} + +func New_FrameLength_() *FrameLength { + _this := FrameLength{} + + return &_this +} + +type CompanionStruct_FrameLength_ struct { +} + +var Companion_FrameLength_ = CompanionStruct_FrameLength_{} + +func (*FrameLength) String() string { + return "AwsCryptographyEncryptionSdkTypes.FrameLength" +} + +// End of class FrameLength + +func Type_FrameLength_() _dafny.TypeDescriptor { + return type_FrameLength_{} +} + +type type_FrameLength_ struct { +} + +func (_this type_FrameLength_) Default() interface{} { + return int64(0) +} + +func (_this type_FrameLength_) String() string { + return "AwsCryptographyEncryptionSdkTypes.FrameLength" +} +func (_this *CompanionStruct_FrameLength_) Is_(__source int64) bool { + var _1_x int64 = (__source) + _ = _1_x + if true { + return Companion_Default___.IsValid__FrameLength(_1_x) + } + return false +} + +// Definition of datatype NetV4__0__0__RetryPolicy +type NetV4__0__0__RetryPolicy struct { + Data_NetV4__0__0__RetryPolicy_ +} + +func (_this NetV4__0__0__RetryPolicy) Get_() Data_NetV4__0__0__RetryPolicy_ { + return _this.Data_NetV4__0__0__RetryPolicy_ +} + +type Data_NetV4__0__0__RetryPolicy_ interface { + isNetV4__0__0__RetryPolicy() +} + +type CompanionStruct_NetV4__0__0__RetryPolicy_ struct { +} + +var Companion_NetV4__0__0__RetryPolicy_ = CompanionStruct_NetV4__0__0__RetryPolicy_{} + +type NetV4__0__0__RetryPolicy_FORBID__RETRY struct { +} + +func (NetV4__0__0__RetryPolicy_FORBID__RETRY) isNetV4__0__0__RetryPolicy() {} + +func (CompanionStruct_NetV4__0__0__RetryPolicy_) Create_FORBID__RETRY_() NetV4__0__0__RetryPolicy { + return NetV4__0__0__RetryPolicy{NetV4__0__0__RetryPolicy_FORBID__RETRY{}} +} + +func (_this NetV4__0__0__RetryPolicy) Is_FORBID__RETRY() bool { + _, ok := _this.Get_().(NetV4__0__0__RetryPolicy_FORBID__RETRY) + return ok +} + +type NetV4__0__0__RetryPolicy_ALLOW__RETRY struct { +} + +func (NetV4__0__0__RetryPolicy_ALLOW__RETRY) isNetV4__0__0__RetryPolicy() {} + +func (CompanionStruct_NetV4__0__0__RetryPolicy_) Create_ALLOW__RETRY_() NetV4__0__0__RetryPolicy { + return NetV4__0__0__RetryPolicy{NetV4__0__0__RetryPolicy_ALLOW__RETRY{}} +} + +func (_this NetV4__0__0__RetryPolicy) Is_ALLOW__RETRY() bool { + _, ok := _this.Get_().(NetV4__0__0__RetryPolicy_ALLOW__RETRY) + return ok +} + +func (CompanionStruct_NetV4__0__0__RetryPolicy_) Default() NetV4__0__0__RetryPolicy { + return Companion_NetV4__0__0__RetryPolicy_.Create_FORBID__RETRY_() +} + +func (_ CompanionStruct_NetV4__0__0__RetryPolicy_) AllSingletonConstructors() _dafny.Iterator { + i := -1 + return func() (interface{}, bool) { + i++ + switch i { + case 0: + return Companion_NetV4__0__0__RetryPolicy_.Create_FORBID__RETRY_(), true + case 1: + return Companion_NetV4__0__0__RetryPolicy_.Create_ALLOW__RETRY_(), true + default: + return NetV4__0__0__RetryPolicy{}, false + } + } +} + +func (_this NetV4__0__0__RetryPolicy) String() string { + switch _this.Get_().(type) { + case nil: + return "null" + case NetV4__0__0__RetryPolicy_FORBID__RETRY: + { + return "AwsCryptographyEncryptionSdkTypes.NetV4_0_0_RetryPolicy.FORBID_RETRY" + } + case NetV4__0__0__RetryPolicy_ALLOW__RETRY: + { + return "AwsCryptographyEncryptionSdkTypes.NetV4_0_0_RetryPolicy.ALLOW_RETRY" + } + default: + { + return "" + } + } +} + +func (_this NetV4__0__0__RetryPolicy) Equals(other NetV4__0__0__RetryPolicy) bool { + switch _this.Get_().(type) { + case NetV4__0__0__RetryPolicy_FORBID__RETRY: + { + _, ok := other.Get_().(NetV4__0__0__RetryPolicy_FORBID__RETRY) + return ok + } + case NetV4__0__0__RetryPolicy_ALLOW__RETRY: + { + _, ok := other.Get_().(NetV4__0__0__RetryPolicy_ALLOW__RETRY) + return ok + } + default: + { + return false // unexpected + } + } +} + +func (_this NetV4__0__0__RetryPolicy) EqualsGeneric(other interface{}) bool { + typed, ok := other.(NetV4__0__0__RetryPolicy) + return ok && _this.Equals(typed) +} + +func Type_NetV4__0__0__RetryPolicy_() _dafny.TypeDescriptor { + return type_NetV4__0__0__RetryPolicy_{} +} + +type type_NetV4__0__0__RetryPolicy_ struct { +} + +func (_this type_NetV4__0__0__RetryPolicy_) Default() interface{} { + return Companion_NetV4__0__0__RetryPolicy_.Default() +} + +func (_this type_NetV4__0__0__RetryPolicy_) String() string { + return "AwsCryptographyEncryptionSdkTypes.NetV4__0__0__RetryPolicy" +} +func (_this NetV4__0__0__RetryPolicy) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = NetV4__0__0__RetryPolicy{} + +// End of datatype NetV4__0__0__RetryPolicy + +// Definition of datatype Error +type Error struct { + Data_Error_ +} + +func (_this Error) Get_() Data_Error_ { + return _this.Data_Error_ +} + +type Data_Error_ interface { + isError() +} + +type CompanionStruct_Error_ struct { +} + +var Companion_Error_ = CompanionStruct_Error_{} + +type Error_AwsEncryptionSdkException struct { + Message _dafny.Sequence +} + +func (Error_AwsEncryptionSdkException) isError() {} + +func (CompanionStruct_Error_) Create_AwsEncryptionSdkException_(Message _dafny.Sequence) Error { + return Error{Error_AwsEncryptionSdkException{Message}} +} + +func (_this Error) Is_AwsEncryptionSdkException() bool { + _, ok := _this.Get_().(Error_AwsEncryptionSdkException) + return ok +} + +type Error_AwsCryptographyMaterialProviders struct { + AwsCryptographyMaterialProviders m_AwsCryptographyMaterialProvidersTypes.Error +} + +func (Error_AwsCryptographyMaterialProviders) isError() {} + +func (CompanionStruct_Error_) Create_AwsCryptographyMaterialProviders_(AwsCryptographyMaterialProviders m_AwsCryptographyMaterialProvidersTypes.Error) Error { + return Error{Error_AwsCryptographyMaterialProviders{AwsCryptographyMaterialProviders}} +} + +func (_this Error) Is_AwsCryptographyMaterialProviders() bool { + _, ok := _this.Get_().(Error_AwsCryptographyMaterialProviders) + return ok +} + +type Error_AwsCryptographyPrimitives struct { + AwsCryptographyPrimitives m_AwsCryptographyPrimitivesTypes.Error +} + +func (Error_AwsCryptographyPrimitives) isError() {} + +func (CompanionStruct_Error_) Create_AwsCryptographyPrimitives_(AwsCryptographyPrimitives m_AwsCryptographyPrimitivesTypes.Error) Error { + return Error{Error_AwsCryptographyPrimitives{AwsCryptographyPrimitives}} +} + +func (_this Error) Is_AwsCryptographyPrimitives() bool { + _, ok := _this.Get_().(Error_AwsCryptographyPrimitives) + return ok +} + +type Error_CollectionOfErrors struct { + List _dafny.Sequence + Message _dafny.Sequence +} + +func (Error_CollectionOfErrors) isError() {} + +func (CompanionStruct_Error_) Create_CollectionOfErrors_(List _dafny.Sequence, Message _dafny.Sequence) Error { + return Error{Error_CollectionOfErrors{List, Message}} +} + +func (_this Error) Is_CollectionOfErrors() bool { + _, ok := _this.Get_().(Error_CollectionOfErrors) + return ok +} + +type Error_Opaque struct { + Obj interface{} +} + +func (Error_Opaque) isError() {} + +func (CompanionStruct_Error_) Create_Opaque_(Obj interface{}) Error { + return Error{Error_Opaque{Obj}} +} + +func (_this Error) Is_Opaque() bool { + _, ok := _this.Get_().(Error_Opaque) + return ok +} + +type Error_OpaqueWithText struct { + Obj interface{} + ObjMessage _dafny.Sequence +} + +func (Error_OpaqueWithText) isError() {} + +func (CompanionStruct_Error_) Create_OpaqueWithText_(Obj interface{}, ObjMessage _dafny.Sequence) Error { + return Error{Error_OpaqueWithText{Obj, ObjMessage}} +} + +func (_this Error) Is_OpaqueWithText() bool { + _, ok := _this.Get_().(Error_OpaqueWithText) + return ok +} + +func (CompanionStruct_Error_) Default() Error { + return Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.EmptySeq.SetString()) +} + +func (_this Error) Dtor_message() _dafny.Sequence { + switch data := _this.Get_().(type) { + case Error_AwsEncryptionSdkException: + return data.Message + default: + return data.(Error_CollectionOfErrors).Message + } +} + +func (_this Error) Dtor_AwsCryptographyMaterialProviders() m_AwsCryptographyMaterialProvidersTypes.Error { + return _this.Get_().(Error_AwsCryptographyMaterialProviders).AwsCryptographyMaterialProviders +} + +func (_this Error) Dtor_AwsCryptographyPrimitives() m_AwsCryptographyPrimitivesTypes.Error { + return _this.Get_().(Error_AwsCryptographyPrimitives).AwsCryptographyPrimitives +} + +func (_this Error) Dtor_list() _dafny.Sequence { + return _this.Get_().(Error_CollectionOfErrors).List +} + +func (_this Error) Dtor_obj() interface{} { + switch data := _this.Get_().(type) { + case Error_Opaque: + return data.Obj + default: + return data.(Error_OpaqueWithText).Obj + } +} + +func (_this Error) Dtor_objMessage() _dafny.Sequence { + return _this.Get_().(Error_OpaqueWithText).ObjMessage +} + +func (_this Error) String() string { + switch data := _this.Get_().(type) { + case nil: + return "null" + case Error_AwsEncryptionSdkException: + { + return "AwsCryptographyEncryptionSdkTypes.Error.AwsEncryptionSdkException" + "(" + _dafny.String(data.Message) + ")" + } + case Error_AwsCryptographyMaterialProviders: + { + return "AwsCryptographyEncryptionSdkTypes.Error.AwsCryptographyMaterialProviders" + "(" + _dafny.String(data.AwsCryptographyMaterialProviders) + ")" + } + case Error_AwsCryptographyPrimitives: + { + return "AwsCryptographyEncryptionSdkTypes.Error.AwsCryptographyPrimitives" + "(" + _dafny.String(data.AwsCryptographyPrimitives) + ")" + } + case Error_CollectionOfErrors: + { + return "AwsCryptographyEncryptionSdkTypes.Error.CollectionOfErrors" + "(" + _dafny.String(data.List) + ", " + _dafny.String(data.Message) + ")" + } + case Error_Opaque: + { + return "AwsCryptographyEncryptionSdkTypes.Error.Opaque" + "(" + _dafny.String(data.Obj) + ")" + } + case Error_OpaqueWithText: + { + return "AwsCryptographyEncryptionSdkTypes.Error.OpaqueWithText" + "(" + _dafny.String(data.Obj) + ", " + _dafny.String(data.ObjMessage) + ")" + } + default: + { + return "" + } + } +} + +func (_this Error) Equals(other Error) bool { + switch data1 := _this.Get_().(type) { + case Error_AwsEncryptionSdkException: + { + data2, ok := other.Get_().(Error_AwsEncryptionSdkException) + return ok && data1.Message.Equals(data2.Message) + } + case Error_AwsCryptographyMaterialProviders: + { + data2, ok := other.Get_().(Error_AwsCryptographyMaterialProviders) + return ok && data1.AwsCryptographyMaterialProviders.Equals(data2.AwsCryptographyMaterialProviders) + } + case Error_AwsCryptographyPrimitives: + { + data2, ok := other.Get_().(Error_AwsCryptographyPrimitives) + return ok && data1.AwsCryptographyPrimitives.Equals(data2.AwsCryptographyPrimitives) + } + case Error_CollectionOfErrors: + { + data2, ok := other.Get_().(Error_CollectionOfErrors) + return ok && data1.List.Equals(data2.List) && data1.Message.Equals(data2.Message) + } + case Error_Opaque: + { + data2, ok := other.Get_().(Error_Opaque) + return ok && _dafny.AreEqual(data1.Obj, data2.Obj) + } + case Error_OpaqueWithText: + { + data2, ok := other.Get_().(Error_OpaqueWithText) + return ok && _dafny.AreEqual(data1.Obj, data2.Obj) && data1.ObjMessage.Equals(data2.ObjMessage) + } + default: + { + return false // unexpected + } + } +} + +func (_this Error) EqualsGeneric(other interface{}) bool { + typed, ok := other.(Error) + return ok && _this.Equals(typed) +} + +func Type_Error_() _dafny.TypeDescriptor { + return type_Error_{} +} + +type type_Error_ struct { +} + +func (_this type_Error_) Default() interface{} { + return Companion_Error_.Default() +} + +func (_this type_Error_) String() string { + return "AwsCryptographyEncryptionSdkTypes.Error" +} +func (_this Error) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = Error{} + +// End of datatype Error + +// Definition of class OpaqueError +type OpaqueError struct { +} + +func New_OpaqueError_() *OpaqueError { + _this := OpaqueError{} + + return &_this +} + +type CompanionStruct_OpaqueError_ struct { +} + +var Companion_OpaqueError_ = CompanionStruct_OpaqueError_{} + +func (*OpaqueError) String() string { + return "AwsCryptographyEncryptionSdkTypes.OpaqueError" +} + +// End of class OpaqueError + +func Type_OpaqueError_() _dafny.TypeDescriptor { + return type_OpaqueError_{} +} + +type type_OpaqueError_ struct { +} + +func (_this type_OpaqueError_) Default() interface{} { + return Companion_Error_.Default() +} + +func (_this type_OpaqueError_) String() string { + return "AwsCryptographyEncryptionSdkTypes.OpaqueError" +} +func (_this *CompanionStruct_OpaqueError_) Is_(__source Error) bool { + var _2_e Error = (__source) + _ = _2_e + return ((_2_e).Is_Opaque()) || ((_2_e).Is_OpaqueWithText()) +} + +// Definition of class DummySubsetType +type DummySubsetType struct { +} + +func New_DummySubsetType_() *DummySubsetType { + _this := DummySubsetType{} + + return &_this +} + +type CompanionStruct_DummySubsetType_ struct { +} + +var Companion_DummySubsetType_ = CompanionStruct_DummySubsetType_{} + +func (*DummySubsetType) String() string { + return "AwsCryptographyEncryptionSdkTypes.DummySubsetType" +} +func (_this *CompanionStruct_DummySubsetType_) Witness() _dafny.Int { + return _dafny.One +} + +// End of class DummySubsetType + +func Type_DummySubsetType_() _dafny.TypeDescriptor { + return type_DummySubsetType_{} +} + +type type_DummySubsetType_ struct { +} + +func (_this type_DummySubsetType_) Default() interface{} { + return Companion_DummySubsetType_.Witness() +} + +func (_this type_DummySubsetType_) String() string { + return "AwsCryptographyEncryptionSdkTypes.DummySubsetType" +} +func (_this *CompanionStruct_DummySubsetType_) Is_(__source _dafny.Int) bool { + var _3_x _dafny.Int = (__source) + _ = _3_x + return Companion_Default___.IsDummySubsetType(_3_x) +} diff --git a/releases/go/encryption-sdk/AwsEncryptionSdkOperations/AwsEncryptionSdkOperations.go b/releases/go/encryption-sdk/AwsEncryptionSdkOperations/AwsEncryptionSdkOperations.go new file mode 100644 index 000000000..33c3961d0 --- /dev/null +++ b/releases/go/encryption-sdk/AwsEncryptionSdkOperations/AwsEncryptionSdkOperations.go @@ -0,0 +1,1006 @@ +// Package AwsEncryptionSdkOperations +// Dafny module AwsEncryptionSdkOperations compiled into Go + +package AwsEncryptionSdkOperations + +import ( + os "os" + + m_ComAmazonawsDynamodbTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/ComAmazonawsDynamodbTypes" + m_Com_Amazonaws_Dynamodb "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/Com_Amazonaws_Dynamodb" + m_ComAmazonawsKmsTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/ComAmazonawsKmsTypes" + m_Com_Amazonaws_Kms "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/Com_Amazonaws_Kms" + m_AlgorithmSuites "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AlgorithmSuites" + m_AwsArnParsing "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsArnParsing" + m_AwsCryptographyKeyStoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreOperations" + m_AwsCryptographyKeyStoreTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreTypes" + m_AwsCryptographyMaterialProvidersOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersOperations" + m_AwsCryptographyMaterialProvidersTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + m_AwsKmsDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsDiscoveryKeyring" + m_AwsKmsEcdhKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsEcdhKeyring" + m_AwsKmsHierarchicalKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsHierarchicalKeyring" + m_AwsKmsKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsKeyring" + m_AwsKmsMrkAreUnique "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkAreUnique" + m_AwsKmsMrkDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkDiscoveryKeyring" + m_AwsKmsMrkKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkKeyring" + m_AwsKmsMrkMatchForDecrypt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkMatchForDecrypt" + m_AwsKmsRsaKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsRsaKeyring" + m_AwsKmsUtils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsUtils" + m_CMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CMM" + m_CacheConstants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CacheConstants" + m_CanonicalEncryptionContext "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CanonicalEncryptionContext" + m_Commitment "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Commitment" + m_Constants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Constants" + m_CreateKeyStoreTable "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeyStoreTable" + m_CreateKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeys" + m_DDBKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DDBKeystoreOperations" + m_DefaultCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultCMM" + m_DefaultClientSupplier "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultClientSupplier" + m_Defaults "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Defaults" + m_DiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DiscoveryMultiKeyring" + m_EcdhEdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EcdhEdkWrapping" + m_EdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EdkWrapping" + m_ErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/ErrorMessages" + m_GetKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/GetKeys" + m_IntermediateKeyWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/IntermediateKeyWrapping" + m_KMSKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KMSKeystoreOperations" + m_KeyStore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStore" + m_KeyStoreErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStoreErrorMessages" + m_Keyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Keyring" + m_KmsArn "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KmsArn" + m_LocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/LocalCMC" + m_MaterialProviders "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialProviders" + m_MaterialWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialWrapping" + m_Materials "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Materials" + m_MrkAwareDiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareDiscoveryMultiKeyring" + m_MrkAwareStrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareStrictMultiKeyring" + m_MultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MultiKeyring" + m_RawAESKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawAESKeyring" + m_RawECDHKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawECDHKeyring" + m_RawRSAKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawRSAKeyring" + m_RequiredEncryptionContextCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RequiredEncryptionContextCMM" + m_StormTracker "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTracker" + m_StormTrackingCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTrackingCMC" + m_StrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StrictMultiKeyring" + m_Structure "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Structure" + m_SynchronizedLocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/SynchronizedLocalCMC" + m_Utils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Utils" + m_AtomicPrimitives "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AtomicPrimitives" + m_AwsCryptographyPrimitivesOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesOperations" + m_AwsCryptographyPrimitivesTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesTypes" + m_Digest "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Digest" + m_HKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/HKDF" + m_KdfCtr "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/KdfCtr" + m_Random "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Random" + m_WrappedHKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHKDF" + m_WrappedHMAC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHMAC" + m_Actions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Actions" + m_Base64 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64" + m_Base64Lemmas "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64Lemmas" + m_BoundedInts "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/BoundedInts" + m_DivInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternals" + m_DivInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternalsNonlinear" + m_DivMod "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivMod" + m_FileIO "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FileIO" + m_FloatCompare "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FloatCompare" + m_Functions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Functions" + m_GeneralInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GeneralInternals" + m_GetOpt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GetOpt" + m_HexStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/HexStrings" + m_Logarithm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Logarithm" + m__Math "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Math_" + m_ModInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternals" + m_ModInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternalsNonlinear" + m_Mul "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Mul" + m_MulInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternals" + m_MulInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternalsNonlinear" + m_Power "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Power" + m_Relations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Relations" + m_Seq "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq" + m_Seq_MergeSort "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq_MergeSort" + m_Sorting "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Sorting" + m_StandardLibrary "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary" + m_StandardLibraryInterop "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibraryInterop" + m_StandardLibrary_Sequence "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_Sequence" + m_StandardLibrary_String "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_String" + m_StandardLibrary_UInt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_UInt" + m_Streams "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Streams" + m_UTF8 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UTF8" + m_UnicodeStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UnicodeStrings" + m__Unicode "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Unicode_" + m_Utf16EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf16EncodingForm" + m_Utf8EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf8EncodingForm" + m_Wrappers "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + m_AwsCryptographyEncryptionSdkTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + m_EncryptDecryptHelpers "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptDecryptHelpers" + m_EncryptedDataKeys "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptedDataKeys" + m_EncryptionContext "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptionContext" + m_Frames "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/Frames" + m_Header "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/Header" + m_HeaderAuth "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderAuth" + m_HeaderTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderTypes" + m_KeyDerivation "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/KeyDerivation" + m_MessageBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/MessageBody" + m_SerializableTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializableTypes" + m_SerializeFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializeFunctions" + m_SharedHeaderFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SharedHeaderFunctions" + m_V1HeaderBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/V1HeaderBody" + m_V2HeaderBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/V2HeaderBody" + m__System "github.com/dafny-lang/DafnyRuntimeGo/v4/System_" + _dafny "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +var _ = os.Args +var _ _dafny.Dummy__ +var _ m__System.Dummy__ +var _ m_Wrappers.Dummy__ +var _ m_BoundedInts.Dummy__ +var _ m_StandardLibrary_UInt.Dummy__ +var _ m_StandardLibrary_Sequence.Dummy__ +var _ m_StandardLibrary_String.Dummy__ +var _ m_StandardLibrary.Dummy__ +var _ m_AwsCryptographyPrimitivesTypes.Dummy__ +var _ m_Random.Dummy__ +var _ m_Digest.Dummy__ +var _ m_WrappedHMAC.Dummy__ +var _ m_HKDF.Dummy__ +var _ m_WrappedHKDF.Dummy__ +var _ m_KdfCtr.Dummy__ +var _ m_AwsCryptographyPrimitivesOperations.Dummy__ +var _ m_AtomicPrimitives.Dummy__ +var _ m_ComAmazonawsDynamodbTypes.Dummy__ +var _ m_ComAmazonawsKmsTypes.Dummy__ +var _ m_AwsCryptographyKeyStoreTypes.Dummy__ +var _ m_AwsCryptographyMaterialProvidersTypes.Dummy__ +var _ m_Base64.Dummy__ +var _ m_AlgorithmSuites.Dummy__ +var _ m_Materials.Dummy__ +var _ m_Keyring.Dummy__ +var _ m_Relations.Dummy__ +var _ m_Seq_MergeSort.Dummy__ +var _ m__Math.Dummy__ +var _ m_Seq.Dummy__ +var _ m_MultiKeyring.Dummy__ +var _ m_AwsArnParsing.Dummy__ +var _ m_AwsKmsMrkAreUnique.Dummy__ +var _ m_Actions.Dummy__ +var _ m_AwsKmsMrkMatchForDecrypt.Dummy__ +var _ m_AwsKmsUtils.Dummy__ +var _ m_Constants.Dummy__ +var _ m_MaterialWrapping.Dummy__ +var _ m_CanonicalEncryptionContext.Dummy__ +var _ m_IntermediateKeyWrapping.Dummy__ +var _ m_EdkWrapping.Dummy__ +var _ m_ErrorMessages.Dummy__ +var _ m_AwsKmsKeyring.Dummy__ +var _ m_StrictMultiKeyring.Dummy__ +var _ m_AwsKmsDiscoveryKeyring.Dummy__ +var _ m_Com_Amazonaws_Kms.Dummy__ +var _ m_Com_Amazonaws_Dynamodb.Dummy__ +var _ m_DiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkDiscoveryKeyring.Dummy__ +var _ m_MrkAwareDiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkKeyring.Dummy__ +var _ m_MrkAwareStrictMultiKeyring.Dummy__ +var _ m_LocalCMC.Dummy__ +var _ m_SynchronizedLocalCMC.Dummy__ +var _ m_StormTracker.Dummy__ +var _ m_StormTrackingCMC.Dummy__ +var _ m_CacheConstants.Dummy__ +var _ m_AwsKmsHierarchicalKeyring.Dummy__ +var _ m_AwsKmsRsaKeyring.Dummy__ +var _ m_EcdhEdkWrapping.Dummy__ +var _ m_RawECDHKeyring.Dummy__ +var _ m_AwsKmsEcdhKeyring.Dummy__ +var _ m_RawAESKeyring.Dummy__ +var _ m_RawRSAKeyring.Dummy__ +var _ m_CMM.Dummy__ +var _ m_Defaults.Dummy__ +var _ m_Commitment.Dummy__ +var _ m_DefaultCMM.Dummy__ +var _ m_DefaultClientSupplier.Dummy__ +var _ m_Utils.Dummy__ +var _ m_RequiredEncryptionContextCMM.Dummy__ +var _ m_AwsCryptographyMaterialProvidersOperations.Dummy__ +var _ m_MaterialProviders.Dummy__ +var _ m_KeyStoreErrorMessages.Dummy__ +var _ m_KmsArn.Dummy__ +var _ m_Structure.Dummy__ +var _ m_KMSKeystoreOperations.Dummy__ +var _ m_DDBKeystoreOperations.Dummy__ +var _ m_CreateKeys.Dummy__ +var _ m_CreateKeyStoreTable.Dummy__ +var _ m_GetKeys.Dummy__ +var _ m_AwsCryptographyKeyStoreOperations.Dummy__ +var _ m_KeyStore.Dummy__ +var _ m__Unicode.Dummy__ +var _ m_Functions.Dummy__ +var _ m_Utf8EncodingForm.Dummy__ +var _ m_Utf16EncodingForm.Dummy__ +var _ m_UnicodeStrings.Dummy__ +var _ m_FileIO.Dummy__ +var _ m_GeneralInternals.Dummy__ +var _ m_MulInternalsNonlinear.Dummy__ +var _ m_MulInternals.Dummy__ +var _ m_Mul.Dummy__ +var _ m_ModInternalsNonlinear.Dummy__ +var _ m_DivInternalsNonlinear.Dummy__ +var _ m_ModInternals.Dummy__ +var _ m_DivInternals.Dummy__ +var _ m_DivMod.Dummy__ +var _ m_Power.Dummy__ +var _ m_Logarithm.Dummy__ +var _ m_StandardLibraryInterop.Dummy__ +var _ m_Streams.Dummy__ +var _ m_Sorting.Dummy__ +var _ m_HexStrings.Dummy__ +var _ m_GetOpt.Dummy__ +var _ m_FloatCompare.Dummy__ +var _ m_Base64Lemmas.Dummy__ +var _ m_AwsCryptographyEncryptionSdkTypes.Dummy__ +var _ m_SerializableTypes.Dummy__ +var _ m_SerializeFunctions.Dummy__ +var _ m_EncryptionContext.Dummy__ +var _ m_HeaderTypes.Dummy__ +var _ m_SharedHeaderFunctions.Dummy__ +var _ m_EncryptedDataKeys.Dummy__ +var _ m_V1HeaderBody.Dummy__ +var _ m_V2HeaderBody.Dummy__ +var _ m_HeaderAuth.Dummy__ +var _ m_Header.Dummy__ +var _ m_Frames.Dummy__ +var _ m_MessageBody.Dummy__ +var _ m_KeyDerivation.Dummy__ +var _ m_EncryptDecryptHelpers.Dummy__ + +type Dummy__ struct{} + +// Definition of class Default__ +type Default__ struct { + dummy byte +} + +func New_Default___() *Default__ { + _this := Default__{} + + return &_this +} + +type CompanionStruct_Default___ struct { +} + +var Companion_Default___ = CompanionStruct_Default___{} + +func (_this *Default__) Equals(other *Default__) bool { + return _this == other +} + +func (_this *Default__) EqualsGeneric(x interface{}) bool { + other, ok := x.(*Default__) + return ok && _this.Equals(other) +} + +func (*Default__) String() string { + return "AwsEncryptionSdkOperations.Default__" +} +func (_this *Default__) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = &Default__{} + +func (_static *CompanionStruct_Default___) Encrypt(config Config, input m_AwsCryptographyEncryptionSdkTypes.EncryptInput) m_Wrappers.Result { + var output m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(m_AwsCryptographyEncryptionSdkTypes.Companion_EncryptOutput_.Default()) + _ = output + var _0_valueOrError1 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(int64(0)) + _ = _0_valueOrError1 + if ((input).Dtor_frameLength()).Is_Some() { + var _1_valueOrError0 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need(((int64(0)) < (((input).Dtor_frameLength()).Dtor_value().(int64))) && ((((input).Dtor_frameLength()).Dtor_value().(int64)) <= (int64(4294967295))), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("FrameLength must be greater than 0 and less than 2^32"))) + _ = _1_valueOrError0 + if (_1_valueOrError0).IsFailure() { + _0_valueOrError1 = (_1_valueOrError0).PropagateFailure() + } else { + _0_valueOrError1 = m_Wrappers.Companion_Result_.Create_Success_(((input).Dtor_frameLength()).Dtor_value().(int64)) + } + } else { + _0_valueOrError1 = m_Wrappers.Companion_Result_.Create_Success_(m_EncryptDecryptHelpers.Companion_Default___.DEFAULT__FRAME__LENGTH()) + } + if (_0_valueOrError1).IsFailure() { + output = (_0_valueOrError1).PropagateFailure() + return output + } + var _2_frameLength int64 + _ = _2_frameLength + _2_frameLength = (_0_valueOrError1).Extract().(int64) + var _3_valueOrError2 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _3_valueOrError2 + _3_valueOrError2 = m_EncryptDecryptHelpers.Companion_Default___.ValidateEncryptionContext((input).Dtor_encryptionContext()) + if (_3_valueOrError2).IsFailure() { + output = (_3_valueOrError2).PropagateFailure() + return output + } + var _4_encryptionContext _dafny.Map + _ = _4_encryptionContext + if ((input).Dtor_encryptionContext()).Is_Some() { + _4_encryptionContext = ((input).Dtor_encryptionContext()).Dtor_value().(_dafny.Map) + } else { + _4_encryptionContext = _dafny.NewMapBuilder().ToMap() + } + var _5_valueOrError3 m_Wrappers.Result = m_Wrappers.Result{} + _ = _5_valueOrError3 + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = m_EncryptDecryptHelpers.Companion_Default___.CreateCmmFromInput((input).Dtor_materialsManager(), (input).Dtor_keyring()) + _5_valueOrError3 = _out0 + if (_5_valueOrError3).IsFailure() { + output = (_5_valueOrError3).PropagateFailure() + return output + } + var _6_cmm m_AwsCryptographyMaterialProvidersTypes.ICryptographicMaterialsManager + _ = _6_cmm + _6_cmm = m_AwsCryptographyMaterialProvidersTypes.Companion_ICryptographicMaterialsManager_.CastTo_((_5_valueOrError3).Extract()) + var _7_algorithmSuiteId m_Wrappers.Option + _ = _7_algorithmSuiteId + if ((input).Dtor_algorithmSuiteId()).Is_Some() { + _7_algorithmSuiteId = m_Wrappers.Companion_Option_.Create_Some_(m_AwsCryptographyMaterialProvidersTypes.Companion_AlgorithmSuiteId_.Create_ESDK_(((input).Dtor_algorithmSuiteId()).Dtor_value().(m_AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId))) + } else { + _7_algorithmSuiteId = m_Wrappers.Companion_Option_.Create_None_() + } + if (_7_algorithmSuiteId).Is_Some() { + var _8_valueOrError4 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.TupleOf()) + _ = _8_valueOrError4 + _8_valueOrError4 = (((config).Dtor_mpl()).ValidateCommitmentPolicyOnEncrypt(m_AwsCryptographyMaterialProvidersTypes.Companion_ValidateCommitmentPolicyOnEncryptInput_.Create_ValidateCommitmentPolicyOnEncryptInput_((_7_algorithmSuiteId).Dtor_value().(m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteId), m_AwsCryptographyMaterialProvidersTypes.Companion_CommitmentPolicy_.Create_ESDK_((config).Dtor_commitmentPolicy())))).MapFailure(func(coer30 func(m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg31 interface{}) interface{} { + return coer30(arg31.(m_AwsCryptographyMaterialProvidersTypes.Error)) + } + }(func(_9_e m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyMaterialProviders_(_9_e) + })) + if (_8_valueOrError4).IsFailure() { + output = (_8_valueOrError4).PropagateFailure() + return output + } + var _10___v0 _dafny.Tuple + _ = _10___v0 + _10___v0 = (_8_valueOrError4).Extract().(_dafny.Tuple) + } + var _11_valueOrError5 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _11_valueOrError5 + _11_valueOrError5 = m_Wrappers.Companion_Default___.Need((_dafny.IntOfUint32(((input).Dtor_plaintext()).Cardinality())).Cmp(m_StandardLibrary_UInt.Companion_Default___.INT64__MAX__LIMIT()) < 0, m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Plaintext exceeds maximum allowed size"))) + if (_11_valueOrError5).IsFailure() { + output = (_11_valueOrError5).PropagateFailure() + return output + } + var _12_valueOrError6 m_Wrappers.Result = m_Wrappers.Result{} + _ = _12_valueOrError6 + var _out1 m_Wrappers.Result + _ = _out1 + _out1 = m_EncryptDecryptHelpers.Companion_Default___.GetEncryptionMaterials(_6_cmm, _7_algorithmSuiteId, _4_encryptionContext, int64(((input).Dtor_plaintext()).Cardinality()), (config).Dtor_commitmentPolicy(), (config).Dtor_mpl()) + _12_valueOrError6 = _out1 + if (_12_valueOrError6).IsFailure() { + output = (_12_valueOrError6).PropagateFailure() + return output + } + var _13_materials m_AwsCryptographyMaterialProvidersTypes.EncryptionMaterials + _ = _13_materials + _13_materials = (_12_valueOrError6).Extract().(m_AwsCryptographyMaterialProvidersTypes.EncryptionMaterials) + var _14_valueOrError7 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _14_valueOrError7 + _14_valueOrError7 = m_Wrappers.Companion_Default___.Need((((_13_materials).Dtor_algorithmSuite()).Dtor_id()).Is_ESDK(), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Encryption materials contain incompatible algorithm suite for the AWS Encryption SDK."))) + if (_14_valueOrError7).IsFailure() { + output = (_14_valueOrError7).PropagateFailure() + return output + } + var _15_valueOrError8 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _15_valueOrError8 + _15_valueOrError8 = m_EncryptDecryptHelpers.Companion_Default___.ValidateMaxEncryptedDataKeys((config).Dtor_maxEncryptedDataKeys(), (_13_materials).Dtor_encryptedDataKeys()) + if (_15_valueOrError8).IsFailure() { + output = (_15_valueOrError8).PropagateFailure() + return output + } + var _16_encryptedDataKeys _dafny.Sequence + _ = _16_encryptedDataKeys + _16_encryptedDataKeys = (_13_materials).Dtor_encryptedDataKeys() + var _17_valueOrError9 m_Wrappers.Result = m_Wrappers.Result{} + _ = _17_valueOrError9 + var _out2 m_Wrappers.Result + _ = _out2 + _out2 = m_EncryptDecryptHelpers.Companion_Default___.GenerateMessageId((_13_materials).Dtor_algorithmSuite(), (config).Dtor_crypto()) + _17_valueOrError9 = _out2 + if (_17_valueOrError9).IsFailure() { + output = (_17_valueOrError9).PropagateFailure() + return output + } + var _18_messageId _dafny.Sequence + _ = _18_messageId + _18_messageId = (_17_valueOrError9).Extract().(_dafny.Sequence) + var _19_maybeDerivedDataKeys m_Wrappers.Result + _ = _19_maybeDerivedDataKeys + var _out3 m_Wrappers.Result + _ = _out3 + _out3 = m_KeyDerivation.Companion_Default___.DeriveKeys(_18_messageId, ((_13_materials).Dtor_plaintextDataKey()).Dtor_value().(_dafny.Sequence), (_13_materials).Dtor_algorithmSuite(), (config).Dtor_crypto(), (config).Dtor_netV4__0__0__RetryPolicy(), false) + _19_maybeDerivedDataKeys = _out3 + var _20_valueOrError10 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(m_KeyDerivation.Companion_ExpandedKeyMaterial_.Default()) + _ = _20_valueOrError10 + _20_valueOrError10 = (_19_maybeDerivedDataKeys).MapFailure(func(coer31 func(m_AwsCryptographyEncryptionSdkTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg32 interface{}) interface{} { + return coer31(arg32.(m_AwsCryptographyEncryptionSdkTypes.Error)) + } + }(func(_21_e m_AwsCryptographyEncryptionSdkTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Failed to derive data keys")) + })) + if (_20_valueOrError10).IsFailure() { + output = (_20_valueOrError10).PropagateFailure() + return output + } + var _22_derivedDataKeys m_KeyDerivation.ExpandedKeyMaterial + _ = _22_derivedDataKeys + _22_derivedDataKeys = (_20_valueOrError10).Extract().(m_KeyDerivation.ExpandedKeyMaterial) + var _23_maybeHeader m_Wrappers.Result + _ = _23_maybeHeader + var _out4 m_Wrappers.Result + _ = _out4 + _out4 = m_EncryptDecryptHelpers.Companion_Default___.BuildHeaderForEncrypt(_18_messageId, (_13_materials).Dtor_algorithmSuite(), (_13_materials).Dtor_encryptionContext(), (_13_materials).Dtor_requiredEncryptionContextKeys(), _16_encryptedDataKeys, uint32(_2_frameLength), _22_derivedDataKeys, (config).Dtor_crypto()) + _23_maybeHeader = _out4 + var _24_valueOrError11 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _24_valueOrError11 + _24_valueOrError11 = m_Wrappers.Companion_Default___.Need((_23_maybeHeader).Is_Success(), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Failed to build header body"))) + if (_24_valueOrError11).IsFailure() { + output = (_24_valueOrError11).PropagateFailure() + return output + } + var _25_header m_Header.HeaderInfo + _ = _25_header + _25_header = (_23_maybeHeader).Dtor_value().(m_Header.HeaderInfo) + var _26_valueOrError12 m_Wrappers.Result = m_Wrappers.Result{} + _ = _26_valueOrError12 + var _out5 m_Wrappers.Result + _ = _out5 + _out5 = m_MessageBody.Companion_Default___.EncryptMessageBody((input).Dtor_plaintext(), _25_header, (_22_derivedDataKeys).Dtor_dataKey(), (config).Dtor_crypto()) + _26_valueOrError12 = _out5 + if (_26_valueOrError12).IsFailure() { + output = (_26_valueOrError12).PropagateFailure() + return output + } + var _27_framedMessage m_MessageBody.FramedMessageBody + _ = _27_framedMessage + _27_framedMessage = (_26_valueOrError12).Extract().(m_MessageBody.FramedMessageBody) + var _28_maybeSignedMessage m_Wrappers.Result + _ = _28_maybeSignedMessage + var _out6 m_Wrappers.Result + _ = _out6 + _out6 = Companion_Default___.SignAndSerializeMessage(config, _25_header, _27_framedMessage, _13_materials) + _28_maybeSignedMessage = _out6 + output = _28_maybeSignedMessage + return output +} +func (_static *CompanionStruct_Default___) SignAndSerializeMessage(config Config, header m_Header.HeaderInfo, framedMessage m_MessageBody.FramedMessageBody, materials m_AwsCryptographyMaterialProvidersTypes.EncryptionMaterials) m_Wrappers.Result { + var output m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(m_AwsCryptographyEncryptionSdkTypes.Companion_EncryptOutput_.Default()) + _ = output + if (((((framedMessage).Dtor_finalFrame()).Dtor_header()).Dtor_suite()).Dtor_signature()).Is_ECDSA() { + var _0_valueOrError0 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.EmptySeq) + _ = _0_valueOrError0 + _0_valueOrError0 = m_EncryptDecryptHelpers.Companion_Default___.SerializeMessageWithoutSignature(framedMessage, (materials).Dtor_algorithmSuite()) + if (_0_valueOrError0).IsFailure() { + output = (_0_valueOrError0).PropagateFailure() + return output + } + var _1_msg _dafny.Sequence + _ = _1_msg + _1_msg = (_0_valueOrError0).Extract().(_dafny.Sequence) + var _2_ecdsaParams m_AwsCryptographyPrimitivesTypes.ECDSASignatureAlgorithm + _ = _2_ecdsaParams + _2_ecdsaParams = ((((((framedMessage).Dtor_finalFrame()).Dtor_header()).Dtor_suite()).Dtor_signature()).Dtor_ECDSA()).Dtor_curve() + var _3_valueOrError1 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _3_valueOrError1 + _3_valueOrError1 = m_Wrappers.Companion_Default___.Need(((materials).Dtor_signingKey()).Is_Some(), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Missing signing key."))) + if (_3_valueOrError1).IsFailure() { + output = (_3_valueOrError1).PropagateFailure() + return output + } + var _4_maybeBytes m_Wrappers.Result + _ = _4_maybeBytes + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = ((config).Dtor_crypto()).ECDSASign(m_AwsCryptographyPrimitivesTypes.Companion_ECDSASignInput_.Create_ECDSASignInput_(_2_ecdsaParams, ((materials).Dtor_signingKey()).Dtor_value().(_dafny.Sequence), _1_msg)) + _4_maybeBytes = _out0 + var _5_valueOrError2 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.EmptySeq) + _ = _5_valueOrError2 + _5_valueOrError2 = (_4_maybeBytes).MapFailure(func(coer32 func(m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg33 interface{}) interface{} { + return coer32(arg33.(m_AwsCryptographyPrimitivesTypes.Error)) + } + }(func(_6_e m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyPrimitives_(_6_e) + })) + if (_5_valueOrError2).IsFailure() { + output = (_5_valueOrError2).PropagateFailure() + return output + } + var _7_bytes _dafny.Sequence + _ = _7_bytes + _7_bytes = (_5_valueOrError2).Extract().(_dafny.Sequence) + var _8_valueOrError3 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _8_valueOrError3 + _8_valueOrError3 = m_Wrappers.Companion_Default___.Need((_dafny.IntOfUint32((_7_bytes).Cardinality())).Cmp(m_StandardLibrary_UInt.Companion_Default___.UINT16__LIMIT()) < 0, m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Length of signature bytes is larger than the uint16 limit."))) + if (_8_valueOrError3).IsFailure() { + output = (_8_valueOrError3).PropagateFailure() + return output + } + var _9_signature _dafny.Sequence + _ = _9_signature + _9_signature = _dafny.Companion_Sequence_.Concatenate(m_StandardLibrary_UInt.Companion_Default___.UInt16ToSeq(uint16((_7_bytes).Cardinality())), _7_bytes) + _1_msg = _dafny.Companion_Sequence_.Concatenate(_1_msg, _9_signature) + output = m_Wrappers.Companion_Result_.Create_Success_(m_AwsCryptographyEncryptionSdkTypes.Companion_EncryptOutput_.Create_EncryptOutput_(_1_msg, (header).Dtor_encryptionContext(), (((header).Dtor_suite()).Dtor_id()).Dtor_ESDK())) + return output + } else { + var _10_valueOrError4 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.EmptySeq) + _ = _10_valueOrError4 + _10_valueOrError4 = m_EncryptDecryptHelpers.Companion_Default___.SerializeMessageWithoutSignature(framedMessage, (materials).Dtor_algorithmSuite()) + if (_10_valueOrError4).IsFailure() { + output = (_10_valueOrError4).PropagateFailure() + return output + } + var _11_msg _dafny.Sequence + _ = _11_msg + _11_msg = (_10_valueOrError4).Extract().(_dafny.Sequence) + output = m_Wrappers.Companion_Result_.Create_Success_(m_AwsCryptographyEncryptionSdkTypes.Companion_EncryptOutput_.Create_EncryptOutput_(_11_msg, (header).Dtor_encryptionContext(), (((header).Dtor_suite()).Dtor_id()).Dtor_ESDK())) + return output + } + return output +} +func (_static *CompanionStruct_Default___) Decrypt(config Config, input m_AwsCryptographyEncryptionSdkTypes.DecryptInput) m_Wrappers.Result { + var output m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(m_AwsCryptographyEncryptionSdkTypes.Companion_DecryptOutput_.Default()) + _ = output + var _0_valueOrError0 m_Wrappers.Result = m_Wrappers.Result{} + _ = _0_valueOrError0 + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = m_EncryptDecryptHelpers.Companion_Default___.CreateCmmFromInput((input).Dtor_materialsManager(), (input).Dtor_keyring()) + _0_valueOrError0 = _out0 + if (_0_valueOrError0).IsFailure() { + output = (_0_valueOrError0).PropagateFailure() + return output + } + var _1_cmm m_AwsCryptographyMaterialProvidersTypes.ICryptographicMaterialsManager + _ = _1_cmm + _1_cmm = m_AwsCryptographyMaterialProvidersTypes.Companion_ICryptographicMaterialsManager_.CastTo_((_0_valueOrError0).Extract()) + var _2_buffer m_SerializeFunctions.ReadableBuffer + _ = _2_buffer + _2_buffer = m_SerializeFunctions.Companion_ReadableBuffer_.Create_ReadableBuffer_((input).Dtor_ciphertext(), _dafny.Zero) + var _out1 m_Wrappers.Result + _ = _out1 + _out1 = Companion_Default___.InternalDecrypt(config, _1_cmm, _2_buffer, (input).Dtor_encryptionContext()) + output = _out1 + return output +} +func (_static *CompanionStruct_Default___) InternalDecrypt(config Config, cmm m_AwsCryptographyMaterialProvidersTypes.ICryptographicMaterialsManager, buffer m_SerializeFunctions.ReadableBuffer, inputEncryptionContext m_Wrappers.Option) m_Wrappers.Result { + var output m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(m_AwsCryptographyEncryptionSdkTypes.Companion_DecryptOutput_.Default()) + _ = output + var _0_v4Retry bool + _ = _0_v4Retry + _0_v4Retry = false + var _1_valueOrError0 m_Wrappers.Result = m_Wrappers.Result{} + _ = _1_valueOrError0 + _1_valueOrError0 = (m_Header.Companion_Default___.ReadHeaderBody(buffer, (config).Dtor_maxEncryptedDataKeys(), (config).Dtor_mpl())).MapFailure(func(coer33 func(m_SerializeFunctions.ReadProblems) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg34 interface{}) interface{} { + return coer33(arg34.(m_SerializeFunctions.ReadProblems)) + } + }(m_EncryptDecryptHelpers.Companion_Default___.MapSerializeFailure(_dafny.SeqOfString(": ReadHeaderBody")))) + if (_1_valueOrError0).IsFailure() { + output = (_1_valueOrError0).PropagateFailure() + return output + } + var _2_headerBody m_SerializeFunctions.SuccessfulRead + _ = _2_headerBody + _2_headerBody = (_1_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + var _3_rawHeader _dafny.Sequence + _ = _3_rawHeader + _3_rawHeader = ((buffer).Dtor_bytes()).Subsequence(((buffer).Dtor_start()).Uint32(), (((_2_headerBody).Dtor_tail()).Dtor_start()).Uint32()) + var _4_algorithmSuite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo + _ = _4_algorithmSuite + _4_algorithmSuite = ((_2_headerBody).Dtor_data().(m_HeaderTypes.HeaderBody)).Dtor_algorithmSuite() + var _5_valueOrError1 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.TupleOf()) + _ = _5_valueOrError1 + _5_valueOrError1 = (((config).Dtor_mpl()).ValidateCommitmentPolicyOnDecrypt(m_AwsCryptographyMaterialProvidersTypes.Companion_ValidateCommitmentPolicyOnDecryptInput_.Create_ValidateCommitmentPolicyOnDecryptInput_((_4_algorithmSuite).Dtor_id(), m_AwsCryptographyMaterialProvidersTypes.Companion_CommitmentPolicy_.Create_ESDK_((config).Dtor_commitmentPolicy())))).MapFailure(func(coer34 func(m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg35 interface{}) interface{} { + return coer34(arg35.(m_AwsCryptographyMaterialProvidersTypes.Error)) + } + }(func(_6_e m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyMaterialProviders_(_6_e) + })) + if (_5_valueOrError1).IsFailure() { + output = (_5_valueOrError1).PropagateFailure() + return output + } + var _7___v1 _dafny.Tuple + _ = _7___v1 + _7___v1 = (_5_valueOrError1).Extract().(_dafny.Tuple) + var _8_valueOrError2 m_Wrappers.Result = m_Wrappers.Result{} + _ = _8_valueOrError2 + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = m_EncryptDecryptHelpers.Companion_Default___.GetDecryptionMaterials(cmm, (_4_algorithmSuite).Dtor_id(), (_2_headerBody).Dtor_data().(m_HeaderTypes.HeaderBody), inputEncryptionContext, (config).Dtor_commitmentPolicy(), (config).Dtor_mpl()) + _8_valueOrError2 = _out0 + if (_8_valueOrError2).IsFailure() { + output = (_8_valueOrError2).PropagateFailure() + return output + } + var _9_decMat m_AwsCryptographyMaterialProvidersTypes.DecryptionMaterials + _ = _9_decMat + _9_decMat = (_8_valueOrError2).Extract().(m_AwsCryptographyMaterialProvidersTypes.DecryptionMaterials) + var _10_suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo + _ = _10_suite + _10_suite = (_9_decMat).Dtor_algorithmSuite() + var _11_valueOrError3 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _11_valueOrError3 + _11_valueOrError3 = m_Wrappers.Companion_Default___.Need((_10_suite).Equals(_4_algorithmSuite), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Stored header algorithm suite does not match decryption algorithm suite."))) + if (_11_valueOrError3).IsFailure() { + output = (_11_valueOrError3).PropagateFailure() + return output + } + var _12_valueOrError4 m_Wrappers.Result = m_Wrappers.Result{} + _ = _12_valueOrError4 + _12_valueOrError4 = (m_HeaderAuth.Companion_Default___.ReadHeaderAuthTag((_2_headerBody).Dtor_tail(), _10_suite)).MapFailure(func(coer35 func(m_SerializeFunctions.ReadProblems) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg36 interface{}) interface{} { + return coer35(arg36.(m_SerializeFunctions.ReadProblems)) + } + }(m_EncryptDecryptHelpers.Companion_Default___.MapSerializeFailure(_dafny.SeqOfString(": ReadHeaderAuthTag")))) + if (_12_valueOrError4).IsFailure() { + output = (_12_valueOrError4).PropagateFailure() + return output + } + var _13_headerAuth m_SerializeFunctions.SuccessfulRead + _ = _13_headerAuth + _13_headerAuth = (_12_valueOrError4).Extract().(m_SerializeFunctions.SuccessfulRead) + var _14_maybeDerivedDataKeys m_Wrappers.Result + _ = _14_maybeDerivedDataKeys + var _out1 m_Wrappers.Result + _ = _out1 + _out1 = m_KeyDerivation.Companion_Default___.DeriveKeys(((_2_headerBody).Dtor_data().(m_HeaderTypes.HeaderBody)).Dtor_messageId(), ((_9_decMat).Dtor_plaintextDataKey()).Dtor_value().(_dafny.Sequence), _10_suite, (config).Dtor_crypto(), (config).Dtor_netV4__0__0__RetryPolicy(), false) + _14_maybeDerivedDataKeys = _out1 + var _15_valueOrError5 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _15_valueOrError5 + _15_valueOrError5 = m_Wrappers.Companion_Default___.Need((_14_maybeDerivedDataKeys).Is_Success(), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Failed to derive data keys"))) + if (_15_valueOrError5).IsFailure() { + output = (_15_valueOrError5).PropagateFailure() + return output + } + var _16_derivedDataKeys m_KeyDerivation.ExpandedKeyMaterial + _ = _16_derivedDataKeys + _16_derivedDataKeys = (_14_maybeDerivedDataKeys).Dtor_value().(m_KeyDerivation.ExpandedKeyMaterial) + var _17_valueOrError6 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _17_valueOrError6 + _17_valueOrError6 = m_Wrappers.Companion_Default___.Need(m_Header.Companion_Default___.HeaderVersionSupportsCommitment_q(_10_suite, (_2_headerBody).Dtor_data().(m_HeaderTypes.HeaderBody)), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Invalid commitment values found in header body"))) + if (_17_valueOrError6).IsFailure() { + output = (_17_valueOrError6).PropagateFailure() + return output + } + if ((_10_suite).Dtor_commitment()).Is_HKDF() { + var _18_valueOrError7 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.TupleOf()) + _ = _18_valueOrError7 + var _out2 m_Wrappers.Result + _ = _out2 + _out2 = m_EncryptDecryptHelpers.Companion_Default___.ValidateSuiteData(_10_suite, (_2_headerBody).Dtor_data().(m_HeaderTypes.HeaderBody), ((_16_derivedDataKeys).Dtor_commitmentKey()).Dtor_value().(_dafny.Sequence)) + _18_valueOrError7 = _out2 + if (_18_valueOrError7).IsFailure() { + output = (_18_valueOrError7).PropagateFailure() + return output + } + var _19___v2 _dafny.Tuple + _ = _19___v2 + _19___v2 = (_18_valueOrError7).Extract().(_dafny.Tuple) + } + var _20_headerEncryptionContext _dafny.Map + _ = _20_headerEncryptionContext + _20_headerEncryptionContext = m_EncryptionContext.Companion_Default___.GetEncryptionContext(((_2_headerBody).Dtor_data().(m_HeaderTypes.HeaderBody)).Dtor_encryptionContext()) + var _21_encryptionContextToOnlyAuthenticate _dafny.Map + _ = _21_encryptionContextToOnlyAuthenticate + _21_encryptionContextToOnlyAuthenticate = Companion_Default___.BuildEncryptionContextToOnlyAuthenticate(_9_decMat) + var _22_canonicalReqEncryptionContext _dafny.Sequence + _ = _22_canonicalReqEncryptionContext + _22_canonicalReqEncryptionContext = m_EncryptionContext.Companion_Default___.GetCanonicalEncryptionContext(_21_encryptionContextToOnlyAuthenticate) + var _23_serializedReqEncryptionContext _dafny.Sequence + _ = _23_serializedReqEncryptionContext + _23_serializedReqEncryptionContext = m_EncryptionContext.Companion_Default___.WriteEmptyEcOrWriteAAD(_22_canonicalReqEncryptionContext) + var _24_maybeHeaderAuth m_Wrappers.Result + _ = _24_maybeHeaderAuth + var _out3 m_Wrappers.Result + _ = _out3 + _out3 = ((config).Dtor_crypto()).AESDecrypt(m_AwsCryptographyPrimitivesTypes.Companion_AESDecryptInput_.Create_AESDecryptInput_(((_10_suite).Dtor_encrypt()).Dtor_AES__GCM(), (_16_derivedDataKeys).Dtor_dataKey(), _dafny.SeqOf(), ((_13_headerAuth).Dtor_data().(m_HeaderTypes.HeaderAuth)).Dtor_headerAuthTag(), ((_13_headerAuth).Dtor_data().(m_HeaderTypes.HeaderAuth)).Dtor_headerIv(), _dafny.Companion_Sequence_.Concatenate(_3_rawHeader, _23_serializedReqEncryptionContext))) + _24_maybeHeaderAuth = _out3 + if (((_24_maybeHeaderAuth).Is_Failure()) && (((config).Dtor_netV4__0__0__RetryPolicy()).Equals(m_AwsCryptographyEncryptionSdkTypes.Companion_NetV4__0__0__RetryPolicy_.Create_ALLOW__RETRY_()))) && ((_0_v4Retry) == (false)) { + _0_v4Retry = true + var _out4 m_Wrappers.Result + _ = _out4 + _out4 = m_KeyDerivation.Companion_Default___.DeriveKeys(((_2_headerBody).Dtor_data().(m_HeaderTypes.HeaderBody)).Dtor_messageId(), ((_9_decMat).Dtor_plaintextDataKey()).Dtor_value().(_dafny.Sequence), _10_suite, (config).Dtor_crypto(), (config).Dtor_netV4__0__0__RetryPolicy(), true) + _14_maybeDerivedDataKeys = _out4 + var _25_valueOrError8 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _25_valueOrError8 + _25_valueOrError8 = m_Wrappers.Companion_Default___.Need((_14_maybeDerivedDataKeys).Is_Success(), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Failed to derive data keys"))) + if (_25_valueOrError8).IsFailure() { + output = (_25_valueOrError8).PropagateFailure() + return output + } + _16_derivedDataKeys = (_14_maybeDerivedDataKeys).Dtor_value().(m_KeyDerivation.ExpandedKeyMaterial) + _23_serializedReqEncryptionContext = m_EncryptionContext.Companion_Default___.WriteAAD(_22_canonicalReqEncryptionContext) + var _out5 m_Wrappers.Result + _ = _out5 + _out5 = ((config).Dtor_crypto()).AESDecrypt(m_AwsCryptographyPrimitivesTypes.Companion_AESDecryptInput_.Create_AESDecryptInput_(((_10_suite).Dtor_encrypt()).Dtor_AES__GCM(), (_16_derivedDataKeys).Dtor_dataKey(), _dafny.SeqOf(), ((_13_headerAuth).Dtor_data().(m_HeaderTypes.HeaderAuth)).Dtor_headerAuthTag(), ((_13_headerAuth).Dtor_data().(m_HeaderTypes.HeaderAuth)).Dtor_headerIv(), _dafny.Companion_Sequence_.Concatenate(_3_rawHeader, _23_serializedReqEncryptionContext))) + _24_maybeHeaderAuth = _out5 + } + var _26_valueOrError9 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.EmptySeq) + _ = _26_valueOrError9 + _26_valueOrError9 = (_24_maybeHeaderAuth).MapFailure(func(coer36 func(m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg37 interface{}) interface{} { + return coer36(arg37.(m_AwsCryptographyPrimitivesTypes.Error)) + } + }(func(_27_e m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyPrimitives_(_27_e) + })) + if (_26_valueOrError9).IsFailure() { + output = (_26_valueOrError9).PropagateFailure() + return output + } + var _28___v3 _dafny.Sequence + _ = _28___v3 + _28___v3 = (_26_valueOrError9).Extract().(_dafny.Sequence) + var _29_header m_Header.HeaderInfo + _ = _29_header + _29_header = m_Header.Companion_HeaderInfo_.Create_HeaderInfo_((_2_headerBody).Dtor_data().(m_HeaderTypes.HeaderBody), _3_rawHeader, _20_headerEncryptionContext, _10_suite, (_13_headerAuth).Dtor_data().(m_HeaderTypes.HeaderAuth)) + var _30_key _dafny.Sequence + _ = _30_key + _30_key = (_16_derivedDataKeys).Dtor_dataKey() + var _31_plaintext _dafny.Sequence = _dafny.EmptySeq + _ = _31_plaintext + var _32_messageBodyTail m_SerializeFunctions.ReadableBuffer = m_SerializeFunctions.Companion_ReadableBuffer_.Default() + _ = _32_messageBodyTail + var _source0 m_HeaderTypes.ContentType = ((_29_header).Dtor_body()).Dtor_contentType() + _ = _source0 + { + { + if _source0.Is_NonFramed() { + var _33_valueOrError10 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.TupleOf(_dafny.EmptySeq, m_SerializeFunctions.Companion_ReadableBuffer_.Default())) + _ = _33_valueOrError10 + var _out6 m_Wrappers.Result + _ = _out6 + _out6 = m_EncryptDecryptHelpers.Companion_Default___.ReadAndDecryptNonFramedMessageBody((_13_headerAuth).Dtor_tail(), _29_header, _30_key, (config).Dtor_crypto()) + _33_valueOrError10 = _out6 + if (_33_valueOrError10).IsFailure() { + output = (_33_valueOrError10).PropagateFailure() + return output + } + var _34_decryptRes _dafny.Tuple + _ = _34_decryptRes + _34_decryptRes = (_33_valueOrError10).Extract().(_dafny.Tuple) + _31_plaintext = (*(_34_decryptRes).IndexInt(0)).(_dafny.Sequence) + _32_messageBodyTail = (*(_34_decryptRes).IndexInt(1)).(m_SerializeFunctions.ReadableBuffer) + goto Lmatch0 + } + } + { + var _35_valueOrError11 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.TupleOf(_dafny.EmptySeq, m_SerializeFunctions.Companion_ReadableBuffer_.Default())) + _ = _35_valueOrError11 + var _out7 m_Wrappers.Result + _ = _out7 + _out7 = m_EncryptDecryptHelpers.Companion_Default___.ReadAndDecryptFramedMessageBody((_13_headerAuth).Dtor_tail(), _29_header, _30_key, (config).Dtor_crypto()) + _35_valueOrError11 = _out7 + if (_35_valueOrError11).IsFailure() { + output = (_35_valueOrError11).PropagateFailure() + return output + } + var _36_decryptRes _dafny.Tuple + _ = _36_decryptRes + _36_decryptRes = (_35_valueOrError11).Extract().(_dafny.Tuple) + _31_plaintext = (*(_36_decryptRes).IndexInt(0)).(_dafny.Sequence) + _32_messageBodyTail = (*(_36_decryptRes).IndexInt(1)).(m_SerializeFunctions.ReadableBuffer) + } + goto Lmatch0 + } +Lmatch0: + var _37_valueOrError12 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(m_SerializeFunctions.Companion_ReadableBuffer_.Default()) + _ = _37_valueOrError12 + var _out8 m_Wrappers.Result + _ = _out8 + _out8 = m_EncryptDecryptHelpers.Companion_Default___.VerifySignature(_32_messageBodyTail, ((_32_messageBodyTail).Dtor_bytes()).Subsequence(((buffer).Dtor_start()).Uint32(), ((_32_messageBodyTail).Dtor_start()).Uint32()), _9_decMat, (config).Dtor_crypto()) + _37_valueOrError12 = _out8 + if (_37_valueOrError12).IsFailure() { + output = (_37_valueOrError12).PropagateFailure() + return output + } + var _38_signature m_SerializeFunctions.ReadableBuffer + _ = _38_signature + _38_signature = (_37_valueOrError12).Extract().(m_SerializeFunctions.ReadableBuffer) + var _39_valueOrError13 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _39_valueOrError13 + _39_valueOrError13 = m_Wrappers.Companion_Default___.Need(((_38_signature).Dtor_start()).Cmp(_dafny.IntOfUint32(((_38_signature).Dtor_bytes()).Cardinality())) == 0, m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Data after message footer."))) + if (_39_valueOrError13).IsFailure() { + output = (_39_valueOrError13).PropagateFailure() + return output + } + output = m_Wrappers.Companion_Result_.Create_Success_(m_AwsCryptographyEncryptionSdkTypes.Companion_DecryptOutput_.Create_DecryptOutput_(_31_plaintext, ((_29_header).Dtor_encryptionContext()).Merge(_21_encryptionContextToOnlyAuthenticate), (((_29_header).Dtor_suite()).Dtor_id()).Dtor_ESDK())) + return output +} +func (_static *CompanionStruct_Default___) BuildEncryptionContextToOnlyAuthenticate(decMat m_AwsCryptographyMaterialProvidersTypes.DecryptionMaterials) _dafny.Map { + return func() _dafny.Map { + var _coll0 = _dafny.NewMapBuilder() + _ = _coll0 + for _iter5 := _dafny.Iterate(((decMat).Dtor_encryptionContext()).Keys().Elements()); ; { + _compr_0, _ok5 := _iter5() + if !_ok5 { + break + } + var _0_k _dafny.Sequence + _0_k = interface{}(_compr_0).(_dafny.Sequence) + if m_UTF8.Companion_ValidUTF8Bytes_.Is_(_0_k) { + if (((decMat).Dtor_encryptionContext()).Contains(_0_k)) && (_dafny.Companion_Sequence_.Contains((decMat).Dtor_requiredEncryptionContextKeys(), _0_k)) { + _coll0.Add(_0_k, ((decMat).Dtor_encryptionContext()).Get(_0_k).(_dafny.Sequence)) + } + } + } + return _coll0.ToMap() + }() +} + +// End of class Default__ + +// Definition of datatype Config +type Config struct { + Data_Config_ +} + +func (_this Config) Get_() Data_Config_ { + return _this.Data_Config_ +} + +type Data_Config_ interface { + isConfig() +} + +type CompanionStruct_Config_ struct { +} + +var Companion_Config_ = CompanionStruct_Config_{} + +type Config_Config struct { + Crypto *m_AtomicPrimitives.AtomicPrimitivesClient + Mpl *m_MaterialProviders.MaterialProvidersClient + CommitmentPolicy m_AwsCryptographyMaterialProvidersTypes.ESDKCommitmentPolicy + MaxEncryptedDataKeys m_Wrappers.Option + NetV4__0__0__RetryPolicy m_AwsCryptographyEncryptionSdkTypes.NetV4__0__0__RetryPolicy +} + +func (Config_Config) isConfig() {} + +func (CompanionStruct_Config_) Create_Config_(Crypto *m_AtomicPrimitives.AtomicPrimitivesClient, Mpl *m_MaterialProviders.MaterialProvidersClient, CommitmentPolicy m_AwsCryptographyMaterialProvidersTypes.ESDKCommitmentPolicy, MaxEncryptedDataKeys m_Wrappers.Option, NetV4__0__0__RetryPolicy m_AwsCryptographyEncryptionSdkTypes.NetV4__0__0__RetryPolicy) Config { + return Config{Config_Config{Crypto, Mpl, CommitmentPolicy, MaxEncryptedDataKeys, NetV4__0__0__RetryPolicy}} +} + +func (_this Config) Is_Config() bool { + _, ok := _this.Get_().(Config_Config) + return ok +} + +func (CompanionStruct_Config_) Default() Config { + return Companion_Config_.Create_Config_((*m_AtomicPrimitives.AtomicPrimitivesClient)(nil), (*m_MaterialProviders.MaterialProvidersClient)(nil), m_AwsCryptographyMaterialProvidersTypes.Companion_ESDKCommitmentPolicy_.Default(), m_Wrappers.Companion_Option_.Default(), m_AwsCryptographyEncryptionSdkTypes.Companion_NetV4__0__0__RetryPolicy_.Default()) +} + +func (_this Config) Dtor_crypto() *m_AtomicPrimitives.AtomicPrimitivesClient { + return _this.Get_().(Config_Config).Crypto +} + +func (_this Config) Dtor_mpl() *m_MaterialProviders.MaterialProvidersClient { + return _this.Get_().(Config_Config).Mpl +} + +func (_this Config) Dtor_commitmentPolicy() m_AwsCryptographyMaterialProvidersTypes.ESDKCommitmentPolicy { + return _this.Get_().(Config_Config).CommitmentPolicy +} + +func (_this Config) Dtor_maxEncryptedDataKeys() m_Wrappers.Option { + return _this.Get_().(Config_Config).MaxEncryptedDataKeys +} + +func (_this Config) Dtor_netV4__0__0__RetryPolicy() m_AwsCryptographyEncryptionSdkTypes.NetV4__0__0__RetryPolicy { + return _this.Get_().(Config_Config).NetV4__0__0__RetryPolicy +} + +func (_this Config) String() string { + switch data := _this.Get_().(type) { + case nil: + return "null" + case Config_Config: + { + return "AwsEncryptionSdkOperations.Config.Config" + "(" + _dafny.String(data.Crypto) + ", " + _dafny.String(data.Mpl) + ", " + _dafny.String(data.CommitmentPolicy) + ", " + _dafny.String(data.MaxEncryptedDataKeys) + ", " + _dafny.String(data.NetV4__0__0__RetryPolicy) + ")" + } + default: + { + return "" + } + } +} + +func (_this Config) Equals(other Config) bool { + switch data1 := _this.Get_().(type) { + case Config_Config: + { + data2, ok := other.Get_().(Config_Config) + return ok && data1.Crypto == data2.Crypto && data1.Mpl == data2.Mpl && data1.CommitmentPolicy.Equals(data2.CommitmentPolicy) && data1.MaxEncryptedDataKeys.Equals(data2.MaxEncryptedDataKeys) && data1.NetV4__0__0__RetryPolicy.Equals(data2.NetV4__0__0__RetryPolicy) + } + default: + { + return false // unexpected + } + } +} + +func (_this Config) EqualsGeneric(other interface{}) bool { + typed, ok := other.(Config) + return ok && _this.Equals(typed) +} + +func Type_Config_() _dafny.TypeDescriptor { + return type_Config_{} +} + +type type_Config_ struct { +} + +func (_this type_Config_) Default() interface{} { + return Companion_Config_.Default() +} + +func (_this type_Config_) String() string { + return "AwsEncryptionSdkOperations.Config" +} +func (_this Config) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = Config{} + +// End of datatype Config + +// Definition of class FrameLength +type FrameLength struct { +} + +func New_FrameLength_() *FrameLength { + _this := FrameLength{} + + return &_this +} + +type CompanionStruct_FrameLength_ struct { +} + +var Companion_FrameLength_ = CompanionStruct_FrameLength_{} + +func (*FrameLength) String() string { + return "AwsEncryptionSdkOperations.FrameLength" +} + +// End of class FrameLength + +func Type_FrameLength_() _dafny.TypeDescriptor { + return type_FrameLength_{} +} + +type type_FrameLength_ struct { +} + +func (_this type_FrameLength_) Default() interface{} { + return int64(0) +} + +func (_this type_FrameLength_) String() string { + return "AwsEncryptionSdkOperations.FrameLength" +} +func (_this *CompanionStruct_FrameLength_) Is_(__source int64) bool { + var _0_frameLength int64 = (__source) + _ = _0_frameLength + if true { + return ((int64(0)) < (_0_frameLength)) && ((_0_frameLength) <= (int64(4294967295))) + } + return false +} diff --git a/releases/go/encryption-sdk/CHANGELOG.md b/releases/go/encryption-sdk/CHANGELOG.md new file mode 100644 index 000000000..7b4b1ca4d --- /dev/null +++ b/releases/go/encryption-sdk/CHANGELOG.md @@ -0,0 +1,5 @@ +# Changelog + +## 0.0.1 (2025-01-16) + +Initial launch of the AWS Encryption SDK for Go. diff --git a/releases/go/encryption-sdk/ESDK/ESDK.go b/releases/go/encryption-sdk/ESDK/ESDK.go new file mode 100644 index 000000000..8e6bba505 --- /dev/null +++ b/releases/go/encryption-sdk/ESDK/ESDK.go @@ -0,0 +1,455 @@ +// Package ESDK +// Dafny module ESDK compiled into Go + +package ESDK + +import ( + os "os" + + m_ComAmazonawsDynamodbTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/ComAmazonawsDynamodbTypes" + m_Com_Amazonaws_Dynamodb "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/Com_Amazonaws_Dynamodb" + m_ComAmazonawsKmsTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/ComAmazonawsKmsTypes" + m_Com_Amazonaws_Kms "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/Com_Amazonaws_Kms" + m_AlgorithmSuites "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AlgorithmSuites" + m_AwsArnParsing "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsArnParsing" + m_AwsCryptographyKeyStoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreOperations" + m_AwsCryptographyKeyStoreTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreTypes" + m_AwsCryptographyMaterialProvidersOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersOperations" + m_AwsCryptographyMaterialProvidersTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + m_AwsKmsDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsDiscoveryKeyring" + m_AwsKmsEcdhKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsEcdhKeyring" + m_AwsKmsHierarchicalKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsHierarchicalKeyring" + m_AwsKmsKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsKeyring" + m_AwsKmsMrkAreUnique "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkAreUnique" + m_AwsKmsMrkDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkDiscoveryKeyring" + m_AwsKmsMrkKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkKeyring" + m_AwsKmsMrkMatchForDecrypt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkMatchForDecrypt" + m_AwsKmsRsaKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsRsaKeyring" + m_AwsKmsUtils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsUtils" + m_CMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CMM" + m_CacheConstants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CacheConstants" + m_CanonicalEncryptionContext "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CanonicalEncryptionContext" + m_Commitment "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Commitment" + m_Constants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Constants" + m_CreateKeyStoreTable "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeyStoreTable" + m_CreateKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeys" + m_DDBKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DDBKeystoreOperations" + m_DefaultCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultCMM" + m_DefaultClientSupplier "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultClientSupplier" + m_Defaults "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Defaults" + m_DiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DiscoveryMultiKeyring" + m_EcdhEdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EcdhEdkWrapping" + m_EdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EdkWrapping" + m_ErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/ErrorMessages" + m_GetKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/GetKeys" + m_IntermediateKeyWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/IntermediateKeyWrapping" + m_KMSKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KMSKeystoreOperations" + m_KeyStore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStore" + m_KeyStoreErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStoreErrorMessages" + m_Keyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Keyring" + m_KmsArn "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KmsArn" + m_LocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/LocalCMC" + m_MaterialProviders "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialProviders" + m_MaterialWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialWrapping" + m_Materials "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Materials" + m_MrkAwareDiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareDiscoveryMultiKeyring" + m_MrkAwareStrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareStrictMultiKeyring" + m_MultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MultiKeyring" + m_RawAESKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawAESKeyring" + m_RawECDHKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawECDHKeyring" + m_RawRSAKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawRSAKeyring" + m_RequiredEncryptionContextCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RequiredEncryptionContextCMM" + m_StormTracker "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTracker" + m_StormTrackingCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTrackingCMC" + m_StrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StrictMultiKeyring" + m_Structure "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Structure" + m_SynchronizedLocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/SynchronizedLocalCMC" + m_Utils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Utils" + m_AtomicPrimitives "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AtomicPrimitives" + m_AwsCryptographyPrimitivesOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesOperations" + m_AwsCryptographyPrimitivesTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesTypes" + m_Digest "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Digest" + m_HKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/HKDF" + m_KdfCtr "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/KdfCtr" + m_Random "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Random" + m_WrappedHKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHKDF" + m_WrappedHMAC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHMAC" + m_Actions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Actions" + m_Base64 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64" + m_Base64Lemmas "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64Lemmas" + m_BoundedInts "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/BoundedInts" + m_DivInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternals" + m_DivInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternalsNonlinear" + m_DivMod "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivMod" + m_FileIO "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FileIO" + m_FloatCompare "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FloatCompare" + m_Functions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Functions" + m_GeneralInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GeneralInternals" + m_GetOpt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GetOpt" + m_HexStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/HexStrings" + m_Logarithm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Logarithm" + m__Math "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Math_" + m_ModInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternals" + m_ModInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternalsNonlinear" + m_Mul "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Mul" + m_MulInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternals" + m_MulInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternalsNonlinear" + m_Power "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Power" + m_Relations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Relations" + m_Seq "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq" + m_Seq_MergeSort "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq_MergeSort" + m_Sorting "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Sorting" + m_StandardLibrary "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary" + m_StandardLibraryInterop "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibraryInterop" + m_StandardLibrary_Sequence "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_Sequence" + m_StandardLibrary_String "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_String" + m_StandardLibrary_UInt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_UInt" + m_Streams "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Streams" + m_UnicodeStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UnicodeStrings" + m__Unicode "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Unicode_" + m_Utf16EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf16EncodingForm" + m_Utf8EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf8EncodingForm" + m_Wrappers "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + m_AwsCryptographyEncryptionSdkTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + m_AwsEncryptionSdkOperations "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsEncryptionSdkOperations" + m_EncryptDecryptHelpers "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptDecryptHelpers" + m_EncryptedDataKeys "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptedDataKeys" + m_EncryptionContext "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptionContext" + m_Frames "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/Frames" + m_Header "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/Header" + m_HeaderAuth "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderAuth" + m_HeaderTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderTypes" + m_KeyDerivation "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/KeyDerivation" + m_MessageBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/MessageBody" + m_SerializableTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializableTypes" + m_SerializeFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializeFunctions" + m_SharedHeaderFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SharedHeaderFunctions" + m_V1HeaderBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/V1HeaderBody" + m_V2HeaderBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/V2HeaderBody" + m__System "github.com/dafny-lang/DafnyRuntimeGo/v4/System_" + _dafny "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +var _ = os.Args +var _ _dafny.Dummy__ +var _ m__System.Dummy__ +var _ m_Wrappers.Dummy__ +var _ m_BoundedInts.Dummy__ +var _ m_StandardLibrary_UInt.Dummy__ +var _ m_StandardLibrary_Sequence.Dummy__ +var _ m_StandardLibrary_String.Dummy__ +var _ m_StandardLibrary.Dummy__ +var _ m_AwsCryptographyPrimitivesTypes.Dummy__ +var _ m_Random.Dummy__ +var _ m_Digest.Dummy__ +var _ m_WrappedHMAC.Dummy__ +var _ m_HKDF.Dummy__ +var _ m_WrappedHKDF.Dummy__ +var _ m_KdfCtr.Dummy__ +var _ m_AwsCryptographyPrimitivesOperations.Dummy__ +var _ m_AtomicPrimitives.Dummy__ +var _ m_ComAmazonawsDynamodbTypes.Dummy__ +var _ m_ComAmazonawsKmsTypes.Dummy__ +var _ m_AwsCryptographyKeyStoreTypes.Dummy__ +var _ m_AwsCryptographyMaterialProvidersTypes.Dummy__ +var _ m_Base64.Dummy__ +var _ m_AlgorithmSuites.Dummy__ +var _ m_Materials.Dummy__ +var _ m_Keyring.Dummy__ +var _ m_Relations.Dummy__ +var _ m_Seq_MergeSort.Dummy__ +var _ m__Math.Dummy__ +var _ m_Seq.Dummy__ +var _ m_MultiKeyring.Dummy__ +var _ m_AwsArnParsing.Dummy__ +var _ m_AwsKmsMrkAreUnique.Dummy__ +var _ m_Actions.Dummy__ +var _ m_AwsKmsMrkMatchForDecrypt.Dummy__ +var _ m_AwsKmsUtils.Dummy__ +var _ m_Constants.Dummy__ +var _ m_MaterialWrapping.Dummy__ +var _ m_CanonicalEncryptionContext.Dummy__ +var _ m_IntermediateKeyWrapping.Dummy__ +var _ m_EdkWrapping.Dummy__ +var _ m_ErrorMessages.Dummy__ +var _ m_AwsKmsKeyring.Dummy__ +var _ m_StrictMultiKeyring.Dummy__ +var _ m_AwsKmsDiscoveryKeyring.Dummy__ +var _ m_Com_Amazonaws_Kms.Dummy__ +var _ m_Com_Amazonaws_Dynamodb.Dummy__ +var _ m_DiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkDiscoveryKeyring.Dummy__ +var _ m_MrkAwareDiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkKeyring.Dummy__ +var _ m_MrkAwareStrictMultiKeyring.Dummy__ +var _ m_LocalCMC.Dummy__ +var _ m_SynchronizedLocalCMC.Dummy__ +var _ m_StormTracker.Dummy__ +var _ m_StormTrackingCMC.Dummy__ +var _ m_CacheConstants.Dummy__ +var _ m_AwsKmsHierarchicalKeyring.Dummy__ +var _ m_AwsKmsRsaKeyring.Dummy__ +var _ m_EcdhEdkWrapping.Dummy__ +var _ m_RawECDHKeyring.Dummy__ +var _ m_AwsKmsEcdhKeyring.Dummy__ +var _ m_RawAESKeyring.Dummy__ +var _ m_RawRSAKeyring.Dummy__ +var _ m_CMM.Dummy__ +var _ m_Defaults.Dummy__ +var _ m_Commitment.Dummy__ +var _ m_DefaultCMM.Dummy__ +var _ m_DefaultClientSupplier.Dummy__ +var _ m_Utils.Dummy__ +var _ m_RequiredEncryptionContextCMM.Dummy__ +var _ m_AwsCryptographyMaterialProvidersOperations.Dummy__ +var _ m_MaterialProviders.Dummy__ +var _ m_KeyStoreErrorMessages.Dummy__ +var _ m_KmsArn.Dummy__ +var _ m_Structure.Dummy__ +var _ m_KMSKeystoreOperations.Dummy__ +var _ m_DDBKeystoreOperations.Dummy__ +var _ m_CreateKeys.Dummy__ +var _ m_CreateKeyStoreTable.Dummy__ +var _ m_GetKeys.Dummy__ +var _ m_AwsCryptographyKeyStoreOperations.Dummy__ +var _ m_KeyStore.Dummy__ +var _ m__Unicode.Dummy__ +var _ m_Functions.Dummy__ +var _ m_Utf8EncodingForm.Dummy__ +var _ m_Utf16EncodingForm.Dummy__ +var _ m_UnicodeStrings.Dummy__ +var _ m_FileIO.Dummy__ +var _ m_GeneralInternals.Dummy__ +var _ m_MulInternalsNonlinear.Dummy__ +var _ m_MulInternals.Dummy__ +var _ m_Mul.Dummy__ +var _ m_ModInternalsNonlinear.Dummy__ +var _ m_DivInternalsNonlinear.Dummy__ +var _ m_ModInternals.Dummy__ +var _ m_DivInternals.Dummy__ +var _ m_DivMod.Dummy__ +var _ m_Power.Dummy__ +var _ m_Logarithm.Dummy__ +var _ m_StandardLibraryInterop.Dummy__ +var _ m_Streams.Dummy__ +var _ m_Sorting.Dummy__ +var _ m_HexStrings.Dummy__ +var _ m_GetOpt.Dummy__ +var _ m_FloatCompare.Dummy__ +var _ m_Base64Lemmas.Dummy__ +var _ m_AwsCryptographyEncryptionSdkTypes.Dummy__ +var _ m_SerializableTypes.Dummy__ +var _ m_SerializeFunctions.Dummy__ +var _ m_EncryptionContext.Dummy__ +var _ m_HeaderTypes.Dummy__ +var _ m_SharedHeaderFunctions.Dummy__ +var _ m_EncryptedDataKeys.Dummy__ +var _ m_V1HeaderBody.Dummy__ +var _ m_V2HeaderBody.Dummy__ +var _ m_HeaderAuth.Dummy__ +var _ m_Header.Dummy__ +var _ m_Frames.Dummy__ +var _ m_MessageBody.Dummy__ +var _ m_KeyDerivation.Dummy__ +var _ m_EncryptDecryptHelpers.Dummy__ +var _ m_AwsEncryptionSdkOperations.Dummy__ + +type Dummy__ struct{} + +// Definition of class Default__ +type Default__ struct { + dummy byte +} + +func New_Default___() *Default__ { + _this := Default__{} + + return &_this +} + +type CompanionStruct_Default___ struct { +} + +var Companion_Default___ = CompanionStruct_Default___{} + +func (_this *Default__) Equals(other *Default__) bool { + return _this == other +} + +func (_this *Default__) EqualsGeneric(x interface{}) bool { + other, ok := x.(*Default__) + return ok && _this.Equals(other) +} + +func (*Default__) String() string { + return "ESDK.Default__" +} +func (_this *Default__) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = &Default__{} + +func (_static *CompanionStruct_Default___) DefaultAwsEncryptionSdkConfig() m_AwsCryptographyEncryptionSdkTypes.AwsEncryptionSdkConfig { + return m_AwsCryptographyEncryptionSdkTypes.Companion_AwsEncryptionSdkConfig_.Create_AwsEncryptionSdkConfig_(m_Wrappers.Companion_Option_.Create_Some_(m_AwsCryptographyMaterialProvidersTypes.Companion_ESDKCommitmentPolicy_.Create_REQUIRE__ENCRYPT__REQUIRE__DECRYPT_()), m_Wrappers.Companion_Option_.Create_None_(), m_Wrappers.Companion_Option_.Create_Some_(m_AwsCryptographyEncryptionSdkTypes.Companion_NetV4__0__0__RetryPolicy_.Create_ALLOW__RETRY_())) +} +func (_static *CompanionStruct_Default___) ESDK(config m_AwsCryptographyEncryptionSdkTypes.AwsEncryptionSdkConfig) m_Wrappers.Result { + var res m_Wrappers.Result = m_Wrappers.Result{} + _ = res + var _0_maybeCrypto m_Wrappers.Result + _ = _0_maybeCrypto + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = m_AtomicPrimitives.Companion_Default___.AtomicPrimitives(m_AtomicPrimitives.Companion_Default___.DefaultCryptoConfig()) + _0_maybeCrypto = _out0 + var _1_valueOrError0 m_Wrappers.Result = m_Wrappers.Result{} + _ = _1_valueOrError0 + _1_valueOrError0 = (_0_maybeCrypto).MapFailure(func(coer37 func(m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg38 interface{}) interface{} { + return coer37(arg38.(m_AwsCryptographyPrimitivesTypes.Error)) + } + }(func(_2_e m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyPrimitives_(_2_e) + })) + if (_1_valueOrError0).IsFailure() { + res = (_1_valueOrError0).PropagateFailure() + return res + } + var _3_cryptoX m_AwsCryptographyPrimitivesTypes.IAwsCryptographicPrimitivesClient + _ = _3_cryptoX + _3_cryptoX = (_1_valueOrError0).Extract().(*m_AtomicPrimitives.AtomicPrimitivesClient) + var _4_crypto *m_AtomicPrimitives.AtomicPrimitivesClient + _ = _4_crypto + _4_crypto = _3_cryptoX.(*m_AtomicPrimitives.AtomicPrimitivesClient) + var _5_maybeMpl m_Wrappers.Result + _ = _5_maybeMpl + var _out1 m_Wrappers.Result + _ = _out1 + _out1 = m_MaterialProviders.Companion_Default___.MaterialProviders(m_MaterialProviders.Companion_Default___.DefaultMaterialProvidersConfig()) + _5_maybeMpl = _out1 + var _6_valueOrError1 m_Wrappers.Result = m_Wrappers.Result{} + _ = _6_valueOrError1 + _6_valueOrError1 = (_5_maybeMpl).MapFailure(func(coer38 func(m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg39 interface{}) interface{} { + return coer38(arg39.(m_AwsCryptographyMaterialProvidersTypes.Error)) + } + }(func(_7_e m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyMaterialProviders_(_7_e) + })) + if (_6_valueOrError1).IsFailure() { + res = (_6_valueOrError1).PropagateFailure() + return res + } + var _8_mplX m_AwsCryptographyMaterialProvidersTypes.IAwsCryptographicMaterialProvidersClient + _ = _8_mplX + _8_mplX = (_6_valueOrError1).Extract().(*m_MaterialProviders.MaterialProvidersClient) + var _9_mpl *m_MaterialProviders.MaterialProvidersClient + _ = _9_mpl + _9_mpl = _8_mplX.(*m_MaterialProviders.MaterialProvidersClient) + var _10_internalConfig m_AwsEncryptionSdkOperations.Config + _ = _10_internalConfig + _10_internalConfig = m_AwsEncryptionSdkOperations.Companion_Config_.Create_Config_(_4_crypto, _9_mpl, ((config).Dtor_commitmentPolicy()).UnwrapOr(m_AwsCryptographyMaterialProvidersTypes.Companion_ESDKCommitmentPolicy_.Create_REQUIRE__ENCRYPT__REQUIRE__DECRYPT_()).(m_AwsCryptographyMaterialProvidersTypes.ESDKCommitmentPolicy), (config).Dtor_maxEncryptedDataKeys(), ((config).Dtor_netV4__0__0__RetryPolicy()).UnwrapOr(m_AwsCryptographyEncryptionSdkTypes.Companion_NetV4__0__0__RetryPolicy_.Create_ALLOW__RETRY_()).(m_AwsCryptographyEncryptionSdkTypes.NetV4__0__0__RetryPolicy)) + var _11_client *ESDKClient + _ = _11_client + var _nw0 *ESDKClient = New_ESDKClient_() + _ = _nw0 + _nw0.Ctor__(_10_internalConfig) + _11_client = _nw0 + res = m_Wrappers.Companion_Result_.Create_Success_(_11_client) + return res + return res +} +func (_static *CompanionStruct_Default___) CreateSuccessOfClient(client m_AwsCryptographyEncryptionSdkTypes.IAwsEncryptionSdkClient) m_Wrappers.Result { + return m_Wrappers.Companion_Result_.Create_Success_(client) +} +func (_static *CompanionStruct_Default___) CreateFailureOfError(error_ m_AwsCryptographyEncryptionSdkTypes.Error) m_Wrappers.Result { + return m_Wrappers.Companion_Result_.Create_Failure_(error_) +} + +// End of class Default__ + +// Definition of class ESDKClient +type ESDKClient struct { + _config m_AwsEncryptionSdkOperations.Config +} + +func New_ESDKClient_() *ESDKClient { + _this := ESDKClient{} + + _this._config = m_AwsEncryptionSdkOperations.Config{} + return &_this +} + +type CompanionStruct_ESDKClient_ struct { +} + +var Companion_ESDKClient_ = CompanionStruct_ESDKClient_{} + +func (_this *ESDKClient) Equals(other *ESDKClient) bool { + return _this == other +} + +func (_this *ESDKClient) EqualsGeneric(x interface{}) bool { + other, ok := x.(*ESDKClient) + return ok && _this.Equals(other) +} + +func (*ESDKClient) String() string { + return "ESDK.ESDKClient" +} + +func Type_ESDKClient_() _dafny.TypeDescriptor { + return type_ESDKClient_{} +} + +type type_ESDKClient_ struct { +} + +func (_this type_ESDKClient_) Default() interface{} { + return (*ESDKClient)(nil) +} + +func (_this type_ESDKClient_) String() string { + return "ESDK.ESDKClient" +} +func (_this *ESDKClient) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){m_AwsCryptographyEncryptionSdkTypes.Companion_IAwsEncryptionSdkClient_.TraitID_} +} + +var _ m_AwsCryptographyEncryptionSdkTypes.IAwsEncryptionSdkClient = &ESDKClient{} +var _ _dafny.TraitOffspring = &ESDKClient{} + +func (_this *ESDKClient) Ctor__(config m_AwsEncryptionSdkOperations.Config) { + { + (_this)._config = config + } +} +func (_this *ESDKClient) Encrypt(input m_AwsCryptographyEncryptionSdkTypes.EncryptInput) m_Wrappers.Result { + { + var output m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(m_AwsCryptographyEncryptionSdkTypes.Companion_EncryptOutput_.Default()) + _ = output + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = m_AwsEncryptionSdkOperations.Companion_Default___.Encrypt((_this).Config(), input) + output = _out0 + return output + } +} +func (_this *ESDKClient) Decrypt(input m_AwsCryptographyEncryptionSdkTypes.DecryptInput) m_Wrappers.Result { + { + var output m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(m_AwsCryptographyEncryptionSdkTypes.Companion_DecryptOutput_.Default()) + _ = output + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = m_AwsEncryptionSdkOperations.Companion_Default___.Decrypt((_this).Config(), input) + output = _out0 + return output + } +} +func (_this *ESDKClient) Config() m_AwsEncryptionSdkOperations.Config { + { + return _this._config + } +} + +// End of class ESDKClient diff --git a/releases/go/encryption-sdk/EncryptDecryptHelpers/EncryptDecryptHelpers.go b/releases/go/encryption-sdk/EncryptDecryptHelpers/EncryptDecryptHelpers.go new file mode 100644 index 000000000..06ba67eb3 --- /dev/null +++ b/releases/go/encryption-sdk/EncryptDecryptHelpers/EncryptDecryptHelpers.go @@ -0,0 +1,1008 @@ +// Package EncryptDecryptHelpers +// Dafny module EncryptDecryptHelpers compiled into Go + +package EncryptDecryptHelpers + +import ( + os "os" + + m_ComAmazonawsDynamodbTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/ComAmazonawsDynamodbTypes" + m_Com_Amazonaws_Dynamodb "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/Com_Amazonaws_Dynamodb" + m_ComAmazonawsKmsTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/ComAmazonawsKmsTypes" + m_Com_Amazonaws_Kms "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/Com_Amazonaws_Kms" + m_AlgorithmSuites "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AlgorithmSuites" + m_AwsArnParsing "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsArnParsing" + m_AwsCryptographyKeyStoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreOperations" + m_AwsCryptographyKeyStoreTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreTypes" + m_AwsCryptographyMaterialProvidersOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersOperations" + m_AwsCryptographyMaterialProvidersTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + m_AwsKmsDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsDiscoveryKeyring" + m_AwsKmsEcdhKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsEcdhKeyring" + m_AwsKmsHierarchicalKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsHierarchicalKeyring" + m_AwsKmsKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsKeyring" + m_AwsKmsMrkAreUnique "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkAreUnique" + m_AwsKmsMrkDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkDiscoveryKeyring" + m_AwsKmsMrkKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkKeyring" + m_AwsKmsMrkMatchForDecrypt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkMatchForDecrypt" + m_AwsKmsRsaKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsRsaKeyring" + m_AwsKmsUtils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsUtils" + m_CMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CMM" + m_CacheConstants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CacheConstants" + m_CanonicalEncryptionContext "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CanonicalEncryptionContext" + m_Commitment "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Commitment" + m_Constants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Constants" + m_CreateKeyStoreTable "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeyStoreTable" + m_CreateKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeys" + m_DDBKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DDBKeystoreOperations" + m_DefaultCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultCMM" + m_DefaultClientSupplier "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultClientSupplier" + m_Defaults "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Defaults" + m_DiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DiscoveryMultiKeyring" + m_EcdhEdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EcdhEdkWrapping" + m_EdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EdkWrapping" + m_ErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/ErrorMessages" + m_GetKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/GetKeys" + m_IntermediateKeyWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/IntermediateKeyWrapping" + m_KMSKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KMSKeystoreOperations" + m_KeyStore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStore" + m_KeyStoreErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStoreErrorMessages" + m_Keyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Keyring" + m_KmsArn "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KmsArn" + m_LocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/LocalCMC" + m_MaterialProviders "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialProviders" + m_MaterialWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialWrapping" + m_Materials "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Materials" + m_MrkAwareDiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareDiscoveryMultiKeyring" + m_MrkAwareStrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareStrictMultiKeyring" + m_MultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MultiKeyring" + m_RawAESKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawAESKeyring" + m_RawECDHKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawECDHKeyring" + m_RawRSAKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawRSAKeyring" + m_RequiredEncryptionContextCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RequiredEncryptionContextCMM" + m_StormTracker "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTracker" + m_StormTrackingCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTrackingCMC" + m_StrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StrictMultiKeyring" + m_Structure "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Structure" + m_SynchronizedLocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/SynchronizedLocalCMC" + m_Utils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Utils" + m_AtomicPrimitives "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AtomicPrimitives" + m_AwsCryptographyPrimitivesOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesOperations" + m_AwsCryptographyPrimitivesTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesTypes" + m_Digest "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Digest" + m_HKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/HKDF" + m_KdfCtr "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/KdfCtr" + m_Random "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Random" + m_WrappedHKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHKDF" + m_WrappedHMAC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHMAC" + m_Actions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Actions" + m_Base64 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64" + m_Base64Lemmas "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64Lemmas" + m_BoundedInts "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/BoundedInts" + m_DivInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternals" + m_DivInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternalsNonlinear" + m_DivMod "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivMod" + m_FileIO "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FileIO" + m_FloatCompare "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FloatCompare" + m_Functions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Functions" + m_GeneralInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GeneralInternals" + m_GetOpt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GetOpt" + m_HexStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/HexStrings" + m_Logarithm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Logarithm" + m__Math "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Math_" + m_ModInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternals" + m_ModInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternalsNonlinear" + m_Mul "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Mul" + m_MulInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternals" + m_MulInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternalsNonlinear" + m_Power "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Power" + m_Relations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Relations" + m_Seq "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq" + m_Seq_MergeSort "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq_MergeSort" + m_Sorting "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Sorting" + m_StandardLibrary "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary" + m_StandardLibraryInterop "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibraryInterop" + m_StandardLibrary_Sequence "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_Sequence" + m_StandardLibrary_String "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_String" + m_StandardLibrary_UInt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_UInt" + m_Streams "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Streams" + m_UTF8 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UTF8" + m_UnicodeStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UnicodeStrings" + m__Unicode "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Unicode_" + m_Utf16EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf16EncodingForm" + m_Utf8EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf8EncodingForm" + m_Wrappers "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + m_AwsCryptographyEncryptionSdkTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + m_EncryptedDataKeys "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptedDataKeys" + m_EncryptionContext "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptionContext" + m_Frames "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/Frames" + m_Header "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/Header" + m_HeaderAuth "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderAuth" + m_HeaderTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderTypes" + m_KeyDerivation "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/KeyDerivation" + m_MessageBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/MessageBody" + m_SerializableTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializableTypes" + m_SerializeFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializeFunctions" + m_SharedHeaderFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SharedHeaderFunctions" + m_V1HeaderBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/V1HeaderBody" + m_V2HeaderBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/V2HeaderBody" + m__System "github.com/dafny-lang/DafnyRuntimeGo/v4/System_" + _dafny "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +var _ = os.Args +var _ _dafny.Dummy__ +var _ m__System.Dummy__ +var _ m_Wrappers.Dummy__ +var _ m_BoundedInts.Dummy__ +var _ m_StandardLibrary_UInt.Dummy__ +var _ m_StandardLibrary_Sequence.Dummy__ +var _ m_StandardLibrary_String.Dummy__ +var _ m_StandardLibrary.Dummy__ +var _ m_AwsCryptographyPrimitivesTypes.Dummy__ +var _ m_Random.Dummy__ +var _ m_Digest.Dummy__ +var _ m_WrappedHMAC.Dummy__ +var _ m_HKDF.Dummy__ +var _ m_WrappedHKDF.Dummy__ +var _ m_KdfCtr.Dummy__ +var _ m_AwsCryptographyPrimitivesOperations.Dummy__ +var _ m_AtomicPrimitives.Dummy__ +var _ m_ComAmazonawsDynamodbTypes.Dummy__ +var _ m_ComAmazonawsKmsTypes.Dummy__ +var _ m_AwsCryptographyKeyStoreTypes.Dummy__ +var _ m_AwsCryptographyMaterialProvidersTypes.Dummy__ +var _ m_Base64.Dummy__ +var _ m_AlgorithmSuites.Dummy__ +var _ m_Materials.Dummy__ +var _ m_Keyring.Dummy__ +var _ m_Relations.Dummy__ +var _ m_Seq_MergeSort.Dummy__ +var _ m__Math.Dummy__ +var _ m_Seq.Dummy__ +var _ m_MultiKeyring.Dummy__ +var _ m_AwsArnParsing.Dummy__ +var _ m_AwsKmsMrkAreUnique.Dummy__ +var _ m_Actions.Dummy__ +var _ m_AwsKmsMrkMatchForDecrypt.Dummy__ +var _ m_AwsKmsUtils.Dummy__ +var _ m_Constants.Dummy__ +var _ m_MaterialWrapping.Dummy__ +var _ m_CanonicalEncryptionContext.Dummy__ +var _ m_IntermediateKeyWrapping.Dummy__ +var _ m_EdkWrapping.Dummy__ +var _ m_ErrorMessages.Dummy__ +var _ m_AwsKmsKeyring.Dummy__ +var _ m_StrictMultiKeyring.Dummy__ +var _ m_AwsKmsDiscoveryKeyring.Dummy__ +var _ m_Com_Amazonaws_Kms.Dummy__ +var _ m_Com_Amazonaws_Dynamodb.Dummy__ +var _ m_DiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkDiscoveryKeyring.Dummy__ +var _ m_MrkAwareDiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkKeyring.Dummy__ +var _ m_MrkAwareStrictMultiKeyring.Dummy__ +var _ m_LocalCMC.Dummy__ +var _ m_SynchronizedLocalCMC.Dummy__ +var _ m_StormTracker.Dummy__ +var _ m_StormTrackingCMC.Dummy__ +var _ m_CacheConstants.Dummy__ +var _ m_AwsKmsHierarchicalKeyring.Dummy__ +var _ m_AwsKmsRsaKeyring.Dummy__ +var _ m_EcdhEdkWrapping.Dummy__ +var _ m_RawECDHKeyring.Dummy__ +var _ m_AwsKmsEcdhKeyring.Dummy__ +var _ m_RawAESKeyring.Dummy__ +var _ m_RawRSAKeyring.Dummy__ +var _ m_CMM.Dummy__ +var _ m_Defaults.Dummy__ +var _ m_Commitment.Dummy__ +var _ m_DefaultCMM.Dummy__ +var _ m_DefaultClientSupplier.Dummy__ +var _ m_Utils.Dummy__ +var _ m_RequiredEncryptionContextCMM.Dummy__ +var _ m_AwsCryptographyMaterialProvidersOperations.Dummy__ +var _ m_MaterialProviders.Dummy__ +var _ m_KeyStoreErrorMessages.Dummy__ +var _ m_KmsArn.Dummy__ +var _ m_Structure.Dummy__ +var _ m_KMSKeystoreOperations.Dummy__ +var _ m_DDBKeystoreOperations.Dummy__ +var _ m_CreateKeys.Dummy__ +var _ m_CreateKeyStoreTable.Dummy__ +var _ m_GetKeys.Dummy__ +var _ m_AwsCryptographyKeyStoreOperations.Dummy__ +var _ m_KeyStore.Dummy__ +var _ m__Unicode.Dummy__ +var _ m_Functions.Dummy__ +var _ m_Utf8EncodingForm.Dummy__ +var _ m_Utf16EncodingForm.Dummy__ +var _ m_UnicodeStrings.Dummy__ +var _ m_FileIO.Dummy__ +var _ m_GeneralInternals.Dummy__ +var _ m_MulInternalsNonlinear.Dummy__ +var _ m_MulInternals.Dummy__ +var _ m_Mul.Dummy__ +var _ m_ModInternalsNonlinear.Dummy__ +var _ m_DivInternalsNonlinear.Dummy__ +var _ m_ModInternals.Dummy__ +var _ m_DivInternals.Dummy__ +var _ m_DivMod.Dummy__ +var _ m_Power.Dummy__ +var _ m_Logarithm.Dummy__ +var _ m_StandardLibraryInterop.Dummy__ +var _ m_Streams.Dummy__ +var _ m_Sorting.Dummy__ +var _ m_HexStrings.Dummy__ +var _ m_GetOpt.Dummy__ +var _ m_FloatCompare.Dummy__ +var _ m_Base64Lemmas.Dummy__ +var _ m_AwsCryptographyEncryptionSdkTypes.Dummy__ +var _ m_SerializableTypes.Dummy__ +var _ m_SerializeFunctions.Dummy__ +var _ m_EncryptionContext.Dummy__ +var _ m_HeaderTypes.Dummy__ +var _ m_SharedHeaderFunctions.Dummy__ +var _ m_EncryptedDataKeys.Dummy__ +var _ m_V1HeaderBody.Dummy__ +var _ m_V2HeaderBody.Dummy__ +var _ m_HeaderAuth.Dummy__ +var _ m_Header.Dummy__ +var _ m_Frames.Dummy__ +var _ m_MessageBody.Dummy__ +var _ m_KeyDerivation.Dummy__ + +type Dummy__ struct{} + +// Definition of class Default__ +type Default__ struct { + dummy byte +} + +func New_Default___() *Default__ { + _this := Default__{} + + return &_this +} + +type CompanionStruct_Default___ struct { +} + +var Companion_Default___ = CompanionStruct_Default___{} + +func (_this *Default__) Equals(other *Default__) bool { + return _this == other +} + +func (_this *Default__) EqualsGeneric(x interface{}) bool { + other, ok := x.(*Default__) + return ok && _this.Equals(other) +} + +func (*Default__) String() string { + return "EncryptDecryptHelpers.Default__" +} +func (_this *Default__) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = &Default__{} + +func (_static *CompanionStruct_Default___) SerializeMessageWithSignature(framedMessage m_MessageBody.FramedMessageBody, signature _dafny.Sequence, suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo) m_Wrappers.Result { + var _0_serializedSignature _dafny.Sequence = m_SerializeFunctions.Companion_Default___.WriteShortLengthSeq(signature) + _ = _0_serializedSignature + var _1_valueOrError0 m_Wrappers.Result = Companion_Default___.SerializeMessageWithoutSignature(framedMessage, suite) + _ = _1_valueOrError0 + if (_1_valueOrError0).IsFailure() { + return (_1_valueOrError0).PropagateFailure() + } else { + var _2_serializedMessage _dafny.Sequence = (_1_valueOrError0).Extract().(_dafny.Sequence) + _ = _2_serializedMessage + return m_Wrappers.Companion_Result_.Create_Success_(_dafny.Companion_Sequence_.Concatenate(_2_serializedMessage, _0_serializedSignature)) + } +} +func (_static *CompanionStruct_Default___) SerializeMessageWithoutSignature(framedMessage m_MessageBody.FramedMessageBody, suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_HeaderAuth.Companion_Default___.WriteHeaderAuthTag((((framedMessage).Dtor_finalFrame()).Dtor_header()).Dtor_headerAuth(), suite) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _1_headerAuth _dafny.Sequence = (_0_valueOrError0).Extract().(_dafny.Sequence) + _ = _1_headerAuth + return m_Wrappers.Companion_Result_.Create_Success_(_dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate((((framedMessage).Dtor_finalFrame()).Dtor_header()).Dtor_rawHeader(), _1_headerAuth), m_MessageBody.Companion_Default___.WriteFramedMessageBody(framedMessage))) + } +} +func (_static *CompanionStruct_Default___) VerifySignature(buffer m_SerializeFunctions.ReadableBuffer, msg _dafny.Sequence, decMat m_AwsCryptographyMaterialProvidersTypes.DecryptionMaterials, crypto *m_AtomicPrimitives.AtomicPrimitivesClient) m_Wrappers.Result { + var res m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(m_SerializeFunctions.Companion_ReadableBuffer_.Default()) + _ = res + if ((decMat).Dtor_verificationKey()).Is_None() { + res = m_Wrappers.Companion_Result_.Create_Success_(buffer) + return res + } + var _0_valueOrError0 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(m_SerializeFunctions.Companion_SuccessfulRead_.Default(_dafny.EmptySeq)) + _ = _0_valueOrError0 + _0_valueOrError0 = (m_SerializeFunctions.Companion_Default___.ReadShortLengthSeq(buffer)).MapFailure(func(coer15 func(m_SerializeFunctions.ReadProblems) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg16 interface{}) interface{} { + return coer15(arg16.(m_SerializeFunctions.ReadProblems)) + } + }(Companion_Default___.MapSerializeFailure(_dafny.SeqOfString(": ReadShortLengthSeq")))) + if (_0_valueOrError0).IsFailure() { + res = (_0_valueOrError0).PropagateFailure() + return res + } + var _1_signature m_SerializeFunctions.SuccessfulRead + _ = _1_signature + _1_signature = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + var _2_ecdsaParams m_AwsCryptographyPrimitivesTypes.ECDSASignatureAlgorithm + _ = _2_ecdsaParams + _2_ecdsaParams = ((((decMat).Dtor_algorithmSuite()).Dtor_signature()).Dtor_ECDSA()).Dtor_curve() + var _3_maybeSignatureVerifiedResult m_Wrappers.Result + _ = _3_maybeSignatureVerifiedResult + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = (crypto).ECDSAVerify(m_AwsCryptographyPrimitivesTypes.Companion_ECDSAVerifyInput_.Create_ECDSAVerifyInput_(_2_ecdsaParams, ((decMat).Dtor_verificationKey()).Dtor_value().(_dafny.Sequence), msg, (_1_signature).Dtor_data().(_dafny.Sequence))) + _3_maybeSignatureVerifiedResult = _out0 + var _4_valueOrError1 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(false) + _ = _4_valueOrError1 + _4_valueOrError1 = (_3_maybeSignatureVerifiedResult).MapFailure(func(coer16 func(m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg17 interface{}) interface{} { + return coer16(arg17.(m_AwsCryptographyPrimitivesTypes.Error)) + } + }(func(_5_e m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyPrimitives_(_5_e) + })) + if (_4_valueOrError1).IsFailure() { + res = (_4_valueOrError1).PropagateFailure() + return res + } + var _6_signatureVerifiedResult bool + _ = _6_signatureVerifiedResult + _6_signatureVerifiedResult = (_4_valueOrError1).Extract().(bool) + if !(_6_signatureVerifiedResult) { + res = m_Wrappers.Companion_Result_.Create_Failure_(m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Invalid signature"))) + return res + } + res = m_Wrappers.Companion_Result_.Create_Success_((_1_signature).Dtor_tail()) + return res + return res +} +func (_static *CompanionStruct_Default___) MapSerializeFailure(s _dafny.Sequence) func(m_SerializeFunctions.ReadProblems) m_AwsCryptographyEncryptionSdkTypes.Error { + return (func(_0_s _dafny.Sequence) func(m_SerializeFunctions.ReadProblems) m_AwsCryptographyEncryptionSdkTypes.Error { + return func(_1_e m_SerializeFunctions.ReadProblems) m_AwsCryptographyEncryptionSdkTypes.Error { + return func() m_AwsCryptographyEncryptionSdkTypes.Error { + var _source0 m_SerializeFunctions.ReadProblems = _1_e + _ = _source0 + { + if _source0.Is_Error() { + var _2_e _dafny.Sequence = _source0.Get_().(m_SerializeFunctions.ReadProblems_Error).Message + _ = _2_e + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_2_e) + } + } + { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.Companion_Sequence_.Concatenate(_dafny.SeqOfString("Incomplete message"), _0_s)) + } + }() + } + })(s) +} +func (_static *CompanionStruct_Default___) ValidateEncryptionContext(input m_Wrappers.Option) m_Wrappers.Outcome { + if ((input).Is_Some()) && (_dafny.Quantifier((((input).Dtor_value().(_dafny.Map)).Keys()).Elements(), false, func(_exists_var_0 _dafny.Sequence) bool { + var _0_key _dafny.Sequence + _0_key = interface{}(_exists_var_0).(_dafny.Sequence) + if m_UTF8.Companion_ValidUTF8Bytes_.Is_(_0_key) { + return ((((input).Dtor_value().(_dafny.Map)).Keys()).Contains(_0_key)) && (_dafny.Companion_Sequence_.IsPrefixOf(Companion_Default___.RESERVED__ENCRYPTION__CONTEXT(), _0_key)) + } else { + return false + } + })) { + return m_Wrappers.Companion_Outcome_.Create_Fail_(m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Encryption context keys cannot contain reserved prefix 'aws-crypto-'"))) + } else { + return m_Wrappers.Companion_Outcome_.Create_Pass_() + } +} +func (_static *CompanionStruct_Default___) CreateCmmFromInput(inputCmm m_Wrappers.Option, inputKeyring m_Wrappers.Option) m_Wrappers.Result { + var res m_Wrappers.Result = m_Wrappers.Result{} + _ = res + var _0_valueOrError0 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _0_valueOrError0 + _0_valueOrError0 = m_Wrappers.Companion_Default___.Need(((inputCmm).Is_None()) || ((inputKeyring).Is_None()), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Cannot provide both a keyring and a CMM"))) + if (_0_valueOrError0).IsFailure() { + res = (_0_valueOrError0).PropagateFailure() + return res + } + var _1_valueOrError1 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _1_valueOrError1 + _1_valueOrError1 = m_Wrappers.Companion_Default___.Need(((inputCmm).Is_Some()) || ((inputKeyring).Is_Some()), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Must provide either a keyring or a CMM"))) + if (_1_valueOrError1).IsFailure() { + res = (_1_valueOrError1).PropagateFailure() + return res + } + var _2_cmm m_AwsCryptographyMaterialProvidersTypes.ICryptographicMaterialsManager = (m_AwsCryptographyMaterialProvidersTypes.ICryptographicMaterialsManager)(nil) + _ = _2_cmm + if (inputCmm).Is_Some() { + res = m_Wrappers.Companion_Result_.Create_Success_(m_AwsCryptographyMaterialProvidersTypes.Companion_ICryptographicMaterialsManager_.CastTo_((inputCmm).Dtor_value())) + return res + } else { + var _3_maybeMaterialsProviders m_Wrappers.Result + _ = _3_maybeMaterialsProviders + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = m_MaterialProviders.Companion_Default___.MaterialProviders(m_MaterialProviders.Companion_Default___.DefaultMaterialProvidersConfig()) + _3_maybeMaterialsProviders = _out0 + var _4_valueOrError2 m_Wrappers.Result = m_Wrappers.Result{} + _ = _4_valueOrError2 + _4_valueOrError2 = (_3_maybeMaterialsProviders).MapFailure(func(coer17 func(m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg18 interface{}) interface{} { + return coer17(arg18.(m_AwsCryptographyMaterialProvidersTypes.Error)) + } + }(func(_5_e m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyMaterialProviders_(_5_e) + })) + if (_4_valueOrError2).IsFailure() { + res = (_4_valueOrError2).PropagateFailure() + return res + } + var _6_materialProviders *m_MaterialProviders.MaterialProvidersClient + _ = _6_materialProviders + _6_materialProviders = (_4_valueOrError2).Extract().(*m_MaterialProviders.MaterialProvidersClient) + var _7_maybeCmm m_Wrappers.Result + _ = _7_maybeCmm + var _out1 m_Wrappers.Result + _ = _out1 + _out1 = (_6_materialProviders).CreateDefaultCryptographicMaterialsManager(m_AwsCryptographyMaterialProvidersTypes.Companion_CreateDefaultCryptographicMaterialsManagerInput_.Create_CreateDefaultCryptographicMaterialsManagerInput_(m_AwsCryptographyMaterialProvidersTypes.Companion_IKeyring_.CastTo_((inputKeyring).Dtor_value()))) + _7_maybeCmm = _out1 + res = (_7_maybeCmm).MapFailure(func(coer18 func(m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg19 interface{}) interface{} { + return coer18(arg19.(m_AwsCryptographyMaterialProvidersTypes.Error)) + } + }(func(_8_e m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyMaterialProviders_(_8_e) + })) + return res + } + return res +} +func (_static *CompanionStruct_Default___) ValidateMaxEncryptedDataKeys(maxEncryptedDataKeys m_Wrappers.Option, edks _dafny.Sequence) m_Wrappers.Outcome { + if ((maxEncryptedDataKeys).Is_Some()) && ((_dafny.IntOfUint32((edks).Cardinality())).Cmp(_dafny.IntOfInt64((maxEncryptedDataKeys).Dtor_value().(int64))) > 0) { + return m_Wrappers.Companion_Outcome_.Create_Fail_(m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Encrypted data keys exceed maxEncryptedDataKeys"))) + } else { + return m_Wrappers.Companion_Outcome_.Create_Pass_() + } +} +func (_static *CompanionStruct_Default___) GenerateMessageId(suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo, crypto *m_AtomicPrimitives.AtomicPrimitivesClient) m_Wrappers.Result { + var res m_Wrappers.Result = m_Wrappers.Result{} + _ = res + var _0_maybeId m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.EmptySeq) + _ = _0_maybeId + if ((suite).Dtor_messageVersion()) == (int32(1)) { + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = (crypto).GenerateRandomBytes(m_AwsCryptographyPrimitivesTypes.Companion_GenerateRandomBytesInput_.Create_GenerateRandomBytesInput_((m_HeaderTypes.Companion_Default___.MESSAGE__ID__LEN__V1()).Int32())) + _0_maybeId = _out0 + } else { + var _out1 m_Wrappers.Result + _ = _out1 + _out1 = (crypto).GenerateRandomBytes(m_AwsCryptographyPrimitivesTypes.Companion_GenerateRandomBytesInput_.Create_GenerateRandomBytesInput_((m_HeaderTypes.Companion_Default___.MESSAGE__ID__LEN__V2()).Int32())) + _0_maybeId = _out1 + } + var _1_valueOrError0 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.EmptySeq) + _ = _1_valueOrError0 + _1_valueOrError0 = (_0_maybeId).MapFailure(func(coer19 func(m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg20 interface{}) interface{} { + return coer19(arg20.(m_AwsCryptographyPrimitivesTypes.Error)) + } + }(func(_2_e m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyPrimitives_(_2_e) + })) + if (_1_valueOrError0).IsFailure() { + res = (_1_valueOrError0).PropagateFailure() + return res + } + var _3_id _dafny.Sequence + _ = _3_id + _3_id = (_1_valueOrError0).Extract().(_dafny.Sequence) + res = m_Wrappers.Companion_Result_.Create_Success_(_3_id) + return res + return res +} +func (_static *CompanionStruct_Default___) BuildHeaderForEncrypt(messageId _dafny.Sequence, suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo, encryptionContext _dafny.Map, requiredEncryptionContextKeys _dafny.Sequence, encryptedDataKeys _dafny.Sequence, frameLength uint32, derivedDataKeys m_KeyDerivation.ExpandedKeyMaterial, crypto *m_AtomicPrimitives.AtomicPrimitivesClient) m_Wrappers.Result { + var res m_Wrappers.Result = m_Wrappers.Result{} + _ = res + var _0_reqKeySet _dafny.Set + _ = _0_reqKeySet + _0_reqKeySet = func() _dafny.Set { + var _coll0 = _dafny.NewBuilder() + _ = _coll0 + for _iter2 := _dafny.Iterate((requiredEncryptionContextKeys).Elements()); ; { + _compr_0, _ok2 := _iter2() + if !_ok2 { + break + } + var _1_k _dafny.Sequence + _1_k = interface{}(_compr_0).(_dafny.Sequence) + if m_UTF8.Companion_ValidUTF8Bytes_.Is_(_1_k) { + if _dafny.Companion_Sequence_.Contains(requiredEncryptionContextKeys, _1_k) { + _coll0.Add(_1_k) + } + } + } + return _coll0.ToSet() + }() + var _2_storedEncryptionContext _dafny.Map + _ = _2_storedEncryptionContext + _2_storedEncryptionContext = func() _dafny.Map { + var _coll1 = _dafny.NewMapBuilder() + _ = _coll1 + for _iter3 := _dafny.Iterate(((encryptionContext).Subtract(_0_reqKeySet)).Keys().Elements()); ; { + _compr_1, _ok3 := _iter3() + if !_ok3 { + break + } + var _3_f _dafny.Sequence + _3_f = interface{}(_compr_1).(_dafny.Sequence) + if m_UTF8.Companion_ValidUTF8Bytes_.Is_(_3_f) { + if ((encryptionContext).Subtract(_0_reqKeySet)).Contains(_3_f) { + _coll1.Add(_3_f, (encryptionContext).Get(_3_f).(_dafny.Sequence)) + } + } + } + return _coll1.ToMap() + }() + var _4_canonicalStoredEncryptionContext _dafny.Sequence + _ = _4_canonicalStoredEncryptionContext + _4_canonicalStoredEncryptionContext = m_EncryptionContext.Companion_Default___.GetCanonicalEncryptionContext(_2_storedEncryptionContext) + var _5_body m_HeaderTypes.HeaderBody + _ = _5_body + var _out0 m_HeaderTypes.HeaderBody + _ = _out0 + _out0 = Companion_Default___.BuildHeaderBody(messageId, suite, _4_canonicalStoredEncryptionContext, encryptedDataKeys, frameLength, (derivedDataKeys).Dtor_commitmentKey()) + _5_body = _out0 + var _6_requiredEncryptionContextMap _dafny.Map + _ = _6_requiredEncryptionContextMap + _6_requiredEncryptionContextMap = func() _dafny.Map { + var _coll2 = _dafny.NewMapBuilder() + _ = _coll2 + for _iter4 := _dafny.Iterate((_0_reqKeySet).Elements()); ; { + _compr_2, _ok4 := _iter4() + if !_ok4 { + break + } + var _7_r _dafny.Sequence + _7_r = interface{}(_compr_2).(_dafny.Sequence) + if m_UTF8.Companion_ValidUTF8Bytes_.Is_(_7_r) { + if (_0_reqKeySet).Contains(_7_r) { + _coll2.Add(_7_r, (encryptionContext).Get(_7_r).(_dafny.Sequence)) + } + } + } + return _coll2.ToMap() + }() + var _8_canonicalReqEncryptionContext _dafny.Sequence + _ = _8_canonicalReqEncryptionContext + _8_canonicalReqEncryptionContext = m_EncryptionContext.Companion_Default___.GetCanonicalEncryptionContext(_6_requiredEncryptionContextMap) + var _9_serializedReqEncryptionContext _dafny.Sequence + _ = _9_serializedReqEncryptionContext + _9_serializedReqEncryptionContext = m_EncryptionContext.Companion_Default___.WriteEmptyEcOrWriteAAD(_8_canonicalReqEncryptionContext) + var _10_rawHeader _dafny.Sequence + _ = _10_rawHeader + _10_rawHeader = m_Header.Companion_Default___.WriteHeaderBody(_5_body) + var _11_valueOrError0 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(m_HeaderTypes.Companion_HeaderAuth_.Default()) + _ = _11_valueOrError0 + var _out1 m_Wrappers.Result + _ = _out1 + _out1 = Companion_Default___.BuildHeaderAuthTag(suite, (derivedDataKeys).Dtor_dataKey(), _10_rawHeader, _9_serializedReqEncryptionContext, crypto) + _11_valueOrError0 = _out1 + if (_11_valueOrError0).IsFailure() { + res = (_11_valueOrError0).PropagateFailure() + return res + } + var _12_headerAuth m_HeaderTypes.HeaderAuth + _ = _12_headerAuth + _12_headerAuth = (_11_valueOrError0).Extract().(m_HeaderTypes.HeaderAuth) + var _13_header m_Header.HeaderInfo + _ = _13_header + _13_header = m_Header.Companion_HeaderInfo_.Create_HeaderInfo_(_5_body, _10_rawHeader, encryptionContext, suite, _12_headerAuth) + res = m_Wrappers.Companion_Result_.Create_Success_(_13_header) + return res + return res +} +func (_static *CompanionStruct_Default___) BuildHeaderBody(messageId _dafny.Sequence, suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo, encryptionContext _dafny.Sequence, encryptedDataKeys _dafny.Sequence, frameLength uint32, suiteData m_Wrappers.Option) m_HeaderTypes.HeaderBody { + var res m_HeaderTypes.HeaderBody = m_HeaderTypes.HeaderBody{} + _ = res + var _0_contentType m_HeaderTypes.ContentType + _ = _0_contentType + _0_contentType = m_HeaderTypes.Companion_ContentType_.Create_Framed_() + var _source0 m_AwsCryptographyMaterialProvidersTypes.DerivationAlgorithm = (suite).Dtor_commitment() + _ = _source0 + { + { + if _source0.Is_None() { + res = m_HeaderTypes.Companion_HeaderBody_.Create_V1HeaderBody_(m_HeaderTypes.Companion_MessageType_.Create_TYPE__CUSTOMER__AED_(), suite, messageId, encryptionContext, encryptedDataKeys, _0_contentType, _dafny.IntOfUint8(m_SerializableTypes.Companion_Default___.GetIvLength(suite)), frameLength) + return res + goto Lmatch0 + } + } + { + res = m_HeaderTypes.Companion_HeaderBody_.Create_V2HeaderBody_(suite, messageId, encryptionContext, encryptedDataKeys, _0_contentType, frameLength, (suiteData).Dtor_value().(_dafny.Sequence)) + return res + } + goto Lmatch0 + } +Lmatch0: + return res +} +func (_static *CompanionStruct_Default___) BuildHeaderAuthTag(suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo, dataKey _dafny.Sequence, rawHeader _dafny.Sequence, serializedReqEncryptionContext _dafny.Sequence, crypto *m_AtomicPrimitives.AtomicPrimitivesClient) m_Wrappers.Result { + var res m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(m_HeaderTypes.Companion_HeaderAuth_.Default()) + _ = res + var _0_keyLength _dafny.Int + _ = _0_keyLength + _0_keyLength = _dafny.IntOfInt32(m_SerializableTypes.Companion_Default___.GetEncryptKeyLength(suite)) + var _1_valueOrError0 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _1_valueOrError0 + _1_valueOrError0 = m_Wrappers.Companion_Default___.Need((_dafny.IntOfUint32((dataKey).Cardinality())).Cmp(_0_keyLength) == 0, m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Incorrect data key length"))) + if (_1_valueOrError0).IsFailure() { + res = (_1_valueOrError0).PropagateFailure() + return res + } + var _2_ivLength uint8 + _ = _2_ivLength + _2_ivLength = m_SerializableTypes.Companion_Default___.GetIvLength(suite) + var _3_iv _dafny.Sequence + _ = _3_iv + _3_iv = _dafny.SeqCreate(uint32(_2_ivLength), func(coer20 func(_dafny.Int) uint8) func(_dafny.Int) interface{} { + return func(arg21 _dafny.Int) interface{} { + return coer20(arg21) + } + }(func(_4___v3 _dafny.Int) uint8 { + return uint8(0) + })) + var _5_maybeEncryptionOutput m_Wrappers.Result + _ = _5_maybeEncryptionOutput + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = (crypto).AESEncrypt(m_AwsCryptographyPrimitivesTypes.Companion_AESEncryptInput_.Create_AESEncryptInput_(((suite).Dtor_encrypt()).Dtor_AES__GCM(), _3_iv, dataKey, _dafny.SeqOf(), _dafny.Companion_Sequence_.Concatenate(rawHeader, serializedReqEncryptionContext))) + _5_maybeEncryptionOutput = _out0 + var _6_valueOrError1 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(m_AwsCryptographyPrimitivesTypes.Companion_AESEncryptOutput_.Default()) + _ = _6_valueOrError1 + _6_valueOrError1 = (_5_maybeEncryptionOutput).MapFailure(func(coer21 func(m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg22 interface{}) interface{} { + return coer21(arg22.(m_AwsCryptographyPrimitivesTypes.Error)) + } + }(func(_7_e m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyPrimitives_(_7_e) + })) + if (_6_valueOrError1).IsFailure() { + res = (_6_valueOrError1).PropagateFailure() + return res + } + var _8_encryptionOutput m_AwsCryptographyPrimitivesTypes.AESEncryptOutput + _ = _8_encryptionOutput + _8_encryptionOutput = (_6_valueOrError1).Extract().(m_AwsCryptographyPrimitivesTypes.AESEncryptOutput) + var _9_headerAuth m_HeaderTypes.HeaderAuth + _ = _9_headerAuth + _9_headerAuth = m_HeaderTypes.Companion_HeaderAuth_.Create_AESMac_(_3_iv, (_8_encryptionOutput).Dtor_authTag()) + res = m_Wrappers.Companion_Result_.Create_Success_(_9_headerAuth) + return res + return res +} +func (_static *CompanionStruct_Default___) GetEncryptionMaterials(cmm m_AwsCryptographyMaterialProvidersTypes.ICryptographicMaterialsManager, algorithmSuiteId m_Wrappers.Option, encryptionContext _dafny.Map, maxPlaintextLength int64, commitmentPolicy m_AwsCryptographyMaterialProvidersTypes.ESDKCommitmentPolicy, mpl *m_MaterialProviders.MaterialProvidersClient) m_Wrappers.Result { + var res m_Wrappers.Result = m_Wrappers.Result{} + _ = res + var _0_encMatRequest m_AwsCryptographyMaterialProvidersTypes.GetEncryptionMaterialsInput + _ = _0_encMatRequest + _0_encMatRequest = m_AwsCryptographyMaterialProvidersTypes.Companion_GetEncryptionMaterialsInput_.Create_GetEncryptionMaterialsInput_(encryptionContext, m_AwsCryptographyMaterialProvidersTypes.Companion_CommitmentPolicy_.Create_ESDK_(commitmentPolicy), algorithmSuiteId, m_Wrappers.Companion_Option_.Create_Some_(maxPlaintextLength), m_Wrappers.Companion_Option_.Create_None_()) + var _1_getEncMatResult m_Wrappers.Result + _ = _1_getEncMatResult + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = (cmm).GetEncryptionMaterials(_0_encMatRequest) + _1_getEncMatResult = _out0 + var _2_valueOrError0 m_Wrappers.Result = m_Wrappers.Result{} + _ = _2_valueOrError0 + _2_valueOrError0 = (_1_getEncMatResult).MapFailure(func(coer22 func(m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg23 interface{}) interface{} { + return coer22(arg23.(m_AwsCryptographyMaterialProvidersTypes.Error)) + } + }(func(_3_e m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyMaterialProviders_(_3_e) + })) + if (_2_valueOrError0).IsFailure() { + res = (_2_valueOrError0).PropagateFailure() + return res + } + var _4_output m_AwsCryptographyMaterialProvidersTypes.GetEncryptionMaterialsOutput + _ = _4_output + _4_output = (_2_valueOrError0).Extract().(m_AwsCryptographyMaterialProvidersTypes.GetEncryptionMaterialsOutput) + var _5_materials m_AwsCryptographyMaterialProvidersTypes.EncryptionMaterials + _ = _5_materials + _5_materials = (_4_output).Dtor_encryptionMaterials() + var _6_valueOrError1 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.TupleOf()) + _ = _6_valueOrError1 + _6_valueOrError1 = ((mpl).ValidateCommitmentPolicyOnEncrypt(m_AwsCryptographyMaterialProvidersTypes.Companion_ValidateCommitmentPolicyOnEncryptInput_.Create_ValidateCommitmentPolicyOnEncryptInput_(((_5_materials).Dtor_algorithmSuite()).Dtor_id(), m_AwsCryptographyMaterialProvidersTypes.Companion_CommitmentPolicy_.Create_ESDK_(commitmentPolicy)))).MapFailure(func(coer23 func(m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg24 interface{}) interface{} { + return coer23(arg24.(m_AwsCryptographyMaterialProvidersTypes.Error)) + } + }(func(_7_e m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyMaterialProviders_(_7_e) + })) + if (_6_valueOrError1).IsFailure() { + res = (_6_valueOrError1).PropagateFailure() + return res + } + var _8___v4 _dafny.Tuple + _ = _8___v4 + _8___v4 = (_6_valueOrError1).Extract().(_dafny.Tuple) + var _9_valueOrError2 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.TupleOf()) + _ = _9_valueOrError2 + _9_valueOrError2 = ((mpl).EncryptionMaterialsHasPlaintextDataKey(_5_materials)).MapFailure(func(coer24 func(m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg25 interface{}) interface{} { + return coer24(arg25.(m_AwsCryptographyMaterialProvidersTypes.Error)) + } + }(func(_10_e m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyMaterialProviders_(_10_e) + })) + if (_9_valueOrError2).IsFailure() { + res = (_9_valueOrError2).PropagateFailure() + return res + } + var _11___v5 _dafny.Tuple + _ = _11___v5 + _11___v5 = (_9_valueOrError2).Extract().(_dafny.Tuple) + var _12_valueOrError3 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _12_valueOrError3 + _12_valueOrError3 = m_Wrappers.Companion_Default___.Need(m_SerializableTypes.Companion_Default___.IsESDKEncryptionContext((_5_materials).Dtor_encryptionContext()), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("CMM failed to return serializable encryption materials."))) + if (_12_valueOrError3).IsFailure() { + res = (_12_valueOrError3).PropagateFailure() + return res + } + var _13_valueOrError4 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _13_valueOrError4 + _13_valueOrError4 = m_Wrappers.Companion_Default___.Need(m_StandardLibrary_UInt.Companion_Default___.HasUint16Len((_5_materials).Dtor_encryptedDataKeys()), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("CMM returned EDKs that exceed the allowed maximum."))) + if (_13_valueOrError4).IsFailure() { + res = (_13_valueOrError4).PropagateFailure() + return res + } + var _14_valueOrError5 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _14_valueOrError5 + _14_valueOrError5 = m_Wrappers.Companion_Default___.Need(_dafny.Quantifier(((_5_materials).Dtor_encryptedDataKeys()).UniqueElements(), true, func(_forall_var_0 m_AwsCryptographyMaterialProvidersTypes.EncryptedDataKey) bool { + var _15_edk m_AwsCryptographyMaterialProvidersTypes.EncryptedDataKey + _15_edk = interface{}(_forall_var_0).(m_AwsCryptographyMaterialProvidersTypes.EncryptedDataKey) + return !(_dafny.Companion_Sequence_.Contains((_5_materials).Dtor_encryptedDataKeys(), _15_edk)) || (m_SerializableTypes.Companion_Default___.IsESDKEncryptedDataKey(_15_edk)) + }), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("CMM returned non-serializable encrypted data key."))) + if (_14_valueOrError5).IsFailure() { + res = (_14_valueOrError5).PropagateFailure() + return res + } + res = m_Wrappers.Companion_Result_.Create_Success_(_5_materials) + return res + return res +} +func (_static *CompanionStruct_Default___) GetDecryptionMaterials(cmm m_AwsCryptographyMaterialProvidersTypes.ICryptographicMaterialsManager, algorithmSuiteId m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteId, headerBody m_HeaderTypes.HeaderBody, reproducedEncryptionContext m_Wrappers.Option, commitmentPolicy m_AwsCryptographyMaterialProvidersTypes.ESDKCommitmentPolicy, mpl *m_MaterialProviders.MaterialProvidersClient) m_Wrappers.Result { + var res m_Wrappers.Result = m_Wrappers.Result{} + _ = res + var _0_encryptionContext _dafny.Map + _ = _0_encryptionContext + _0_encryptionContext = m_EncryptionContext.Companion_Default___.GetEncryptionContext((headerBody).Dtor_encryptionContext()) + var _1_decMatRequest m_AwsCryptographyMaterialProvidersTypes.DecryptMaterialsInput + _ = _1_decMatRequest + _1_decMatRequest = m_AwsCryptographyMaterialProvidersTypes.Companion_DecryptMaterialsInput_.Create_DecryptMaterialsInput_(algorithmSuiteId, m_AwsCryptographyMaterialProvidersTypes.Companion_CommitmentPolicy_.Create_ESDK_(commitmentPolicy), (headerBody).Dtor_encryptedDataKeys(), _0_encryptionContext, reproducedEncryptionContext) + var _2_decMatResult m_Wrappers.Result + _ = _2_decMatResult + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = (cmm).DecryptMaterials(_1_decMatRequest) + _2_decMatResult = _out0 + var _3_valueOrError0 m_Wrappers.Result = m_Wrappers.Result{} + _ = _3_valueOrError0 + _3_valueOrError0 = (_2_decMatResult).MapFailure(func(coer25 func(m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg26 interface{}) interface{} { + return coer25(arg26.(m_AwsCryptographyMaterialProvidersTypes.Error)) + } + }(func(_4_e m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyMaterialProviders_(_4_e) + })) + if (_3_valueOrError0).IsFailure() { + res = (_3_valueOrError0).PropagateFailure() + return res + } + var _5_output m_AwsCryptographyMaterialProvidersTypes.DecryptMaterialsOutput + _ = _5_output + _5_output = (_3_valueOrError0).Extract().(m_AwsCryptographyMaterialProvidersTypes.DecryptMaterialsOutput) + var _6_materials m_AwsCryptographyMaterialProvidersTypes.DecryptionMaterials + _ = _6_materials + _6_materials = (_5_output).Dtor_decryptionMaterials() + var _7_valueOrError1 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.TupleOf()) + _ = _7_valueOrError1 + _7_valueOrError1 = ((mpl).ValidateCommitmentPolicyOnDecrypt(m_AwsCryptographyMaterialProvidersTypes.Companion_ValidateCommitmentPolicyOnDecryptInput_.Create_ValidateCommitmentPolicyOnDecryptInput_(((_6_materials).Dtor_algorithmSuite()).Dtor_id(), m_AwsCryptographyMaterialProvidersTypes.Companion_CommitmentPolicy_.Create_ESDK_(commitmentPolicy)))).MapFailure(func(coer26 func(m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg27 interface{}) interface{} { + return coer26(arg27.(m_AwsCryptographyMaterialProvidersTypes.Error)) + } + }(func(_8_e m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyMaterialProviders_(_8_e) + })) + if (_7_valueOrError1).IsFailure() { + res = (_7_valueOrError1).PropagateFailure() + return res + } + var _9___v6 _dafny.Tuple + _ = _9___v6 + _9___v6 = (_7_valueOrError1).Extract().(_dafny.Tuple) + var _10_valueOrError2 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.TupleOf()) + _ = _10_valueOrError2 + _10_valueOrError2 = ((mpl).DecryptionMaterialsWithPlaintextDataKey(_6_materials)).MapFailure(func(coer27 func(m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg28 interface{}) interface{} { + return coer27(arg28.(m_AwsCryptographyMaterialProvidersTypes.Error)) + } + }(func(_11_e m_AwsCryptographyMaterialProvidersTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyMaterialProviders_(_11_e) + })) + if (_10_valueOrError2).IsFailure() { + res = (_10_valueOrError2).PropagateFailure() + return res + } + var _12___v7 _dafny.Tuple + _ = _12___v7 + _12___v7 = (_10_valueOrError2).Extract().(_dafny.Tuple) + var _13_valueOrError3 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _13_valueOrError3 + _13_valueOrError3 = m_Wrappers.Companion_Default___.Need(m_SerializableTypes.Companion_Default___.IsESDKEncryptionContext((_6_materials).Dtor_encryptionContext()), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("CMM failed to return serializable encryption materials."))) + if (_13_valueOrError3).IsFailure() { + res = (_13_valueOrError3).PropagateFailure() + return res + } + res = m_Wrappers.Companion_Result_.Create_Success_(_6_materials) + return res + return res +} +func (_static *CompanionStruct_Default___) ValidateSuiteData(suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo, header m_HeaderTypes.HeaderBody, expectedSuiteData _dafny.Sequence) m_Wrappers.Result { + var res m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.TupleOf()) + _ = res + var _0_valueOrError0 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _0_valueOrError0 + _0_valueOrError0 = m_Wrappers.Companion_Default___.Need((_dafny.IntOfUint32(((header).Dtor_suiteData()).Cardinality())).Cmp(_dafny.IntOfInt32((((suite).Dtor_commitment()).Dtor_HKDF()).Dtor_outputKeyLength())) == 0, m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Commitment key is invalid"))) + if (_0_valueOrError0).IsFailure() { + res = (_0_valueOrError0).PropagateFailure() + return res + } + var _1_valueOrError1 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _1_valueOrError1 + _1_valueOrError1 = m_Wrappers.Companion_Default___.Need(_dafny.Companion_Sequence_.Equal(expectedSuiteData, (header).Dtor_suiteData()), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Commitment key does not match"))) + if (_1_valueOrError1).IsFailure() { + res = (_1_valueOrError1).PropagateFailure() + return res + } + res = m_Wrappers.Companion_Result_.Create_Success_(_dafny.TupleOf()) + return res + return res +} +func (_static *CompanionStruct_Default___) ReadAndDecryptFramedMessageBody(buffer m_SerializeFunctions.ReadableBuffer, header m_Header.HeaderInfo, key _dafny.Sequence, crypto *m_AtomicPrimitives.AtomicPrimitivesClient) m_Wrappers.Result { + var res m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.TupleOf(_dafny.EmptySeq, m_SerializeFunctions.Companion_ReadableBuffer_.Default())) + _ = res + var _0_valueOrError0 m_Wrappers.Result = m_Wrappers.Result{} + _ = _0_valueOrError0 + _0_valueOrError0 = (m_MessageBody.Companion_Default___.ReadFramedMessageBody(buffer, header, _dafny.SeqOf(), buffer)).MapFailure(func(coer28 func(m_SerializeFunctions.ReadProblems) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg29 interface{}) interface{} { + return coer28(arg29.(m_SerializeFunctions.ReadProblems)) + } + }(Companion_Default___.MapSerializeFailure(_dafny.SeqOfString(": ReadFramedMessageBody")))) + if (_0_valueOrError0).IsFailure() { + res = (_0_valueOrError0).PropagateFailure() + return res + } + var _1_messageBody m_SerializeFunctions.SuccessfulRead + _ = _1_messageBody + _1_messageBody = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + var _2_valueOrError1 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.EmptySeq) + _ = _2_valueOrError1 + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = m_MessageBody.Companion_Default___.DecryptFramedMessageBody((_1_messageBody).Dtor_data().(m_MessageBody.FramedMessageBody), key, crypto) + _2_valueOrError1 = _out0 + if (_2_valueOrError1).IsFailure() { + res = (_2_valueOrError1).PropagateFailure() + return res + } + var _3_plaintext _dafny.Sequence + _ = _3_plaintext + _3_plaintext = (_2_valueOrError1).Extract().(_dafny.Sequence) + var _4_messageBodyTail m_SerializeFunctions.ReadableBuffer + _ = _4_messageBodyTail + _4_messageBodyTail = (_1_messageBody).Dtor_tail() + res = m_Wrappers.Companion_Result_.Create_Success_(_dafny.TupleOf(_3_plaintext, _4_messageBodyTail)) + return res + return res +} +func (_static *CompanionStruct_Default___) ReadAndDecryptNonFramedMessageBody(buffer m_SerializeFunctions.ReadableBuffer, header m_Header.HeaderInfo, key _dafny.Sequence, crypto *m_AtomicPrimitives.AtomicPrimitivesClient) m_Wrappers.Result { + var res m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.TupleOf(_dafny.EmptySeq, m_SerializeFunctions.Companion_ReadableBuffer_.Default())) + _ = res + var _0_valueOrError0 m_Wrappers.Result = m_Wrappers.Result{} + _ = _0_valueOrError0 + _0_valueOrError0 = (m_MessageBody.Companion_Default___.ReadNonFramedMessageBody(buffer, header)).MapFailure(func(coer29 func(m_SerializeFunctions.ReadProblems) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg30 interface{}) interface{} { + return coer29(arg30.(m_SerializeFunctions.ReadProblems)) + } + }(Companion_Default___.MapSerializeFailure(_dafny.SeqOfString(": ReadNonFramedMessageBody")))) + if (_0_valueOrError0).IsFailure() { + res = (_0_valueOrError0).PropagateFailure() + return res + } + var _1_messageBody m_SerializeFunctions.SuccessfulRead + _ = _1_messageBody + _1_messageBody = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + var _2_frame m_Frames.Frame + _ = _2_frame + _2_frame = (_1_messageBody).Dtor_data().(m_Frames.Frame) + var _3_valueOrError1 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.EmptySeq) + _ = _3_valueOrError1 + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = m_MessageBody.Companion_Default___.DecryptFrame(_2_frame, key, crypto) + _3_valueOrError1 = _out0 + if (_3_valueOrError1).IsFailure() { + res = (_3_valueOrError1).PropagateFailure() + return res + } + var _4_plaintext _dafny.Sequence + _ = _4_plaintext + _4_plaintext = (_3_valueOrError1).Extract().(_dafny.Sequence) + var _5_messageBodyTail m_SerializeFunctions.ReadableBuffer + _ = _5_messageBodyTail + _5_messageBodyTail = (_1_messageBody).Dtor_tail() + res = m_Wrappers.Companion_Result_.Create_Success_(_dafny.TupleOf(_4_plaintext, _5_messageBodyTail)) + return res + return res +} +func (_static *CompanionStruct_Default___) DEFAULT__FRAME__LENGTH() int64 { + return int64(4096) +} +func (_static *CompanionStruct_Default___) RESERVED__ENCRYPTION__CONTEXT() _dafny.Sequence { + var _0_s _dafny.Sequence = _dafny.SeqOf(uint8(97), uint8(119), uint8(115), uint8(45), uint8(99), uint8(114), uint8(121), uint8(112), uint8(116), uint8(111), uint8(45)) + _ = _0_s + return _0_s +} + +// End of class Default__ + +// Definition of class FrameLength +type FrameLength struct { +} + +func New_FrameLength_() *FrameLength { + _this := FrameLength{} + + return &_this +} + +type CompanionStruct_FrameLength_ struct { +} + +var Companion_FrameLength_ = CompanionStruct_FrameLength_{} + +func (*FrameLength) String() string { + return "EncryptDecryptHelpers.FrameLength" +} + +// End of class FrameLength + +func Type_FrameLength_() _dafny.TypeDescriptor { + return type_FrameLength_{} +} + +type type_FrameLength_ struct { +} + +func (_this type_FrameLength_) Default() interface{} { + return int64(0) +} + +func (_this type_FrameLength_) String() string { + return "EncryptDecryptHelpers.FrameLength" +} +func (_this *CompanionStruct_FrameLength_) Is_(__source int64) bool { + var _1_frameLength int64 = (__source) + _ = _1_frameLength + if true { + return ((int64(0)) < (_1_frameLength)) && ((_1_frameLength) <= (int64(4294967295))) + } + return false +} diff --git a/releases/go/encryption-sdk/EncryptedDataKeys/EncryptedDataKeys.go b/releases/go/encryption-sdk/EncryptedDataKeys/EncryptedDataKeys.go new file mode 100644 index 000000000..3350ed861 --- /dev/null +++ b/releases/go/encryption-sdk/EncryptedDataKeys/EncryptedDataKeys.go @@ -0,0 +1,409 @@ +// Package EncryptedDataKeys +// Dafny module EncryptedDataKeys compiled into Go + +package EncryptedDataKeys + +import ( + os "os" + + m_ComAmazonawsDynamodbTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/ComAmazonawsDynamodbTypes" + m_Com_Amazonaws_Dynamodb "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/Com_Amazonaws_Dynamodb" + m_ComAmazonawsKmsTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/ComAmazonawsKmsTypes" + m_Com_Amazonaws_Kms "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/Com_Amazonaws_Kms" + m_AlgorithmSuites "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AlgorithmSuites" + m_AwsArnParsing "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsArnParsing" + m_AwsCryptographyKeyStoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreOperations" + m_AwsCryptographyKeyStoreTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreTypes" + m_AwsCryptographyMaterialProvidersOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersOperations" + m_AwsCryptographyMaterialProvidersTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + m_AwsKmsDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsDiscoveryKeyring" + m_AwsKmsEcdhKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsEcdhKeyring" + m_AwsKmsHierarchicalKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsHierarchicalKeyring" + m_AwsKmsKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsKeyring" + m_AwsKmsMrkAreUnique "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkAreUnique" + m_AwsKmsMrkDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkDiscoveryKeyring" + m_AwsKmsMrkKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkKeyring" + m_AwsKmsMrkMatchForDecrypt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkMatchForDecrypt" + m_AwsKmsRsaKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsRsaKeyring" + m_AwsKmsUtils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsUtils" + m_CMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CMM" + m_CacheConstants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CacheConstants" + m_CanonicalEncryptionContext "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CanonicalEncryptionContext" + m_Commitment "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Commitment" + m_Constants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Constants" + m_CreateKeyStoreTable "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeyStoreTable" + m_CreateKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeys" + m_DDBKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DDBKeystoreOperations" + m_DefaultCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultCMM" + m_DefaultClientSupplier "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultClientSupplier" + m_Defaults "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Defaults" + m_DiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DiscoveryMultiKeyring" + m_EcdhEdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EcdhEdkWrapping" + m_EdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EdkWrapping" + m_ErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/ErrorMessages" + m_GetKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/GetKeys" + m_IntermediateKeyWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/IntermediateKeyWrapping" + m_KMSKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KMSKeystoreOperations" + m_KeyStore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStore" + m_KeyStoreErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStoreErrorMessages" + m_Keyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Keyring" + m_KmsArn "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KmsArn" + m_LocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/LocalCMC" + m_MaterialProviders "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialProviders" + m_MaterialWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialWrapping" + m_Materials "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Materials" + m_MrkAwareDiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareDiscoveryMultiKeyring" + m_MrkAwareStrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareStrictMultiKeyring" + m_MultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MultiKeyring" + m_RawAESKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawAESKeyring" + m_RawECDHKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawECDHKeyring" + m_RawRSAKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawRSAKeyring" + m_RequiredEncryptionContextCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RequiredEncryptionContextCMM" + m_StormTracker "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTracker" + m_StormTrackingCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTrackingCMC" + m_StrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StrictMultiKeyring" + m_Structure "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Structure" + m_SynchronizedLocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/SynchronizedLocalCMC" + m_Utils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Utils" + m_AtomicPrimitives "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AtomicPrimitives" + m_AwsCryptographyPrimitivesOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesOperations" + m_AwsCryptographyPrimitivesTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesTypes" + m_Digest "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Digest" + m_HKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/HKDF" + m_KdfCtr "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/KdfCtr" + m_Random "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Random" + m_WrappedHKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHKDF" + m_WrappedHMAC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHMAC" + m_Actions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Actions" + m_Base64 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64" + m_Base64Lemmas "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64Lemmas" + m_BoundedInts "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/BoundedInts" + m_DivInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternals" + m_DivInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternalsNonlinear" + m_DivMod "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivMod" + m_FileIO "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FileIO" + m_FloatCompare "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FloatCompare" + m_Functions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Functions" + m_GeneralInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GeneralInternals" + m_GetOpt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GetOpt" + m_HexStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/HexStrings" + m_Logarithm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Logarithm" + m__Math "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Math_" + m_ModInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternals" + m_ModInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternalsNonlinear" + m_Mul "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Mul" + m_MulInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternals" + m_MulInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternalsNonlinear" + m_Power "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Power" + m_Relations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Relations" + m_Seq "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq" + m_Seq_MergeSort "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq_MergeSort" + m_Sorting "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Sorting" + m_StandardLibrary "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary" + m_StandardLibraryInterop "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibraryInterop" + m_StandardLibrary_Sequence "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_Sequence" + m_StandardLibrary_String "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_String" + m_StandardLibrary_UInt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_UInt" + m_Streams "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Streams" + m_UTF8 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UTF8" + m_UnicodeStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UnicodeStrings" + m__Unicode "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Unicode_" + m_Utf16EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf16EncodingForm" + m_Utf8EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf8EncodingForm" + m_Wrappers "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + m_AwsCryptographyEncryptionSdkTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + m_EncryptionContext "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptionContext" + m_HeaderTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderTypes" + m_SerializableTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializableTypes" + m_SerializeFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializeFunctions" + m_SharedHeaderFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SharedHeaderFunctions" + m__System "github.com/dafny-lang/DafnyRuntimeGo/v4/System_" + _dafny "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +var _ = os.Args +var _ _dafny.Dummy__ +var _ m__System.Dummy__ +var _ m_Wrappers.Dummy__ +var _ m_BoundedInts.Dummy__ +var _ m_StandardLibrary_UInt.Dummy__ +var _ m_StandardLibrary_Sequence.Dummy__ +var _ m_StandardLibrary_String.Dummy__ +var _ m_StandardLibrary.Dummy__ +var _ m_AwsCryptographyPrimitivesTypes.Dummy__ +var _ m_Random.Dummy__ +var _ m_Digest.Dummy__ +var _ m_WrappedHMAC.Dummy__ +var _ m_HKDF.Dummy__ +var _ m_WrappedHKDF.Dummy__ +var _ m_KdfCtr.Dummy__ +var _ m_AwsCryptographyPrimitivesOperations.Dummy__ +var _ m_AtomicPrimitives.Dummy__ +var _ m_ComAmazonawsDynamodbTypes.Dummy__ +var _ m_ComAmazonawsKmsTypes.Dummy__ +var _ m_AwsCryptographyKeyStoreTypes.Dummy__ +var _ m_AwsCryptographyMaterialProvidersTypes.Dummy__ +var _ m_Base64.Dummy__ +var _ m_AlgorithmSuites.Dummy__ +var _ m_Materials.Dummy__ +var _ m_Keyring.Dummy__ +var _ m_Relations.Dummy__ +var _ m_Seq_MergeSort.Dummy__ +var _ m__Math.Dummy__ +var _ m_Seq.Dummy__ +var _ m_MultiKeyring.Dummy__ +var _ m_AwsArnParsing.Dummy__ +var _ m_AwsKmsMrkAreUnique.Dummy__ +var _ m_Actions.Dummy__ +var _ m_AwsKmsMrkMatchForDecrypt.Dummy__ +var _ m_AwsKmsUtils.Dummy__ +var _ m_Constants.Dummy__ +var _ m_MaterialWrapping.Dummy__ +var _ m_CanonicalEncryptionContext.Dummy__ +var _ m_IntermediateKeyWrapping.Dummy__ +var _ m_EdkWrapping.Dummy__ +var _ m_ErrorMessages.Dummy__ +var _ m_AwsKmsKeyring.Dummy__ +var _ m_StrictMultiKeyring.Dummy__ +var _ m_AwsKmsDiscoveryKeyring.Dummy__ +var _ m_Com_Amazonaws_Kms.Dummy__ +var _ m_Com_Amazonaws_Dynamodb.Dummy__ +var _ m_DiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkDiscoveryKeyring.Dummy__ +var _ m_MrkAwareDiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkKeyring.Dummy__ +var _ m_MrkAwareStrictMultiKeyring.Dummy__ +var _ m_LocalCMC.Dummy__ +var _ m_SynchronizedLocalCMC.Dummy__ +var _ m_StormTracker.Dummy__ +var _ m_StormTrackingCMC.Dummy__ +var _ m_CacheConstants.Dummy__ +var _ m_AwsKmsHierarchicalKeyring.Dummy__ +var _ m_AwsKmsRsaKeyring.Dummy__ +var _ m_EcdhEdkWrapping.Dummy__ +var _ m_RawECDHKeyring.Dummy__ +var _ m_AwsKmsEcdhKeyring.Dummy__ +var _ m_RawAESKeyring.Dummy__ +var _ m_RawRSAKeyring.Dummy__ +var _ m_CMM.Dummy__ +var _ m_Defaults.Dummy__ +var _ m_Commitment.Dummy__ +var _ m_DefaultCMM.Dummy__ +var _ m_DefaultClientSupplier.Dummy__ +var _ m_Utils.Dummy__ +var _ m_RequiredEncryptionContextCMM.Dummy__ +var _ m_AwsCryptographyMaterialProvidersOperations.Dummy__ +var _ m_MaterialProviders.Dummy__ +var _ m_KeyStoreErrorMessages.Dummy__ +var _ m_KmsArn.Dummy__ +var _ m_Structure.Dummy__ +var _ m_KMSKeystoreOperations.Dummy__ +var _ m_DDBKeystoreOperations.Dummy__ +var _ m_CreateKeys.Dummy__ +var _ m_CreateKeyStoreTable.Dummy__ +var _ m_GetKeys.Dummy__ +var _ m_AwsCryptographyKeyStoreOperations.Dummy__ +var _ m_KeyStore.Dummy__ +var _ m__Unicode.Dummy__ +var _ m_Functions.Dummy__ +var _ m_Utf8EncodingForm.Dummy__ +var _ m_Utf16EncodingForm.Dummy__ +var _ m_UnicodeStrings.Dummy__ +var _ m_FileIO.Dummy__ +var _ m_GeneralInternals.Dummy__ +var _ m_MulInternalsNonlinear.Dummy__ +var _ m_MulInternals.Dummy__ +var _ m_Mul.Dummy__ +var _ m_ModInternalsNonlinear.Dummy__ +var _ m_DivInternalsNonlinear.Dummy__ +var _ m_ModInternals.Dummy__ +var _ m_DivInternals.Dummy__ +var _ m_DivMod.Dummy__ +var _ m_Power.Dummy__ +var _ m_Logarithm.Dummy__ +var _ m_StandardLibraryInterop.Dummy__ +var _ m_Streams.Dummy__ +var _ m_Sorting.Dummy__ +var _ m_HexStrings.Dummy__ +var _ m_GetOpt.Dummy__ +var _ m_FloatCompare.Dummy__ +var _ m_Base64Lemmas.Dummy__ +var _ m_AwsCryptographyEncryptionSdkTypes.Dummy__ +var _ m_SerializableTypes.Dummy__ +var _ m_SerializeFunctions.Dummy__ +var _ m_EncryptionContext.Dummy__ +var _ m_HeaderTypes.Dummy__ +var _ m_SharedHeaderFunctions.Dummy__ + +type Dummy__ struct{} + +// Definition of class Default__ +type Default__ struct { + dummy byte +} + +func New_Default___() *Default__ { + _this := Default__{} + + return &_this +} + +type CompanionStruct_Default___ struct { +} + +var Companion_Default___ = CompanionStruct_Default___{} + +func (_this *Default__) Equals(other *Default__) bool { + return _this == other +} + +func (_this *Default__) EqualsGeneric(x interface{}) bool { + other, ok := x.(*Default__) + return ok && _this.Equals(other) +} + +func (*Default__) String() string { + return "EncryptedDataKeys.Default__" +} +func (_this *Default__) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = &Default__{} + +func (_static *CompanionStruct_Default___) WriteEncryptedDataKey(edk m_AwsCryptographyMaterialProvidersTypes.EncryptedDataKey) _dafny.Sequence { + return _dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(m_SerializeFunctions.Companion_Default___.WriteShortLengthSeq((edk).Dtor_keyProviderId()), m_SerializeFunctions.Companion_Default___.WriteShortLengthSeq((edk).Dtor_keyProviderInfo())), m_SerializeFunctions.Companion_Default___.WriteShortLengthSeq((edk).Dtor_ciphertext())) +} +func (_static *CompanionStruct_Default___) WriteEncryptedDataKeys(edks _dafny.Sequence) _dafny.Sequence { + var _0___accumulator _dafny.Sequence = _dafny.SeqOf() + _ = _0___accumulator + goto TAIL_CALL_START +TAIL_CALL_START: + if (_dafny.IntOfUint32((edks).Cardinality())).Sign() == 0 { + return _dafny.Companion_Sequence_.Concatenate(_dafny.SeqOf(), _0___accumulator) + } else { + _0___accumulator = _dafny.Companion_Sequence_.Concatenate(Companion_Default___.WriteEncryptedDataKey(m_Seq.Companion_Default___.Last(edks).(m_AwsCryptographyMaterialProvidersTypes.EncryptedDataKey)), _0___accumulator) + var _in0 _dafny.Sequence = m_Seq.Companion_Default___.DropLast(edks) + _ = _in0 + edks = _in0 + goto TAIL_CALL_START + } +} +func (_static *CompanionStruct_Default___) WriteEncryptedDataKeysSection(edks _dafny.Sequence) _dafny.Sequence { + return _dafny.Companion_Sequence_.Concatenate(m_StandardLibrary_UInt.Companion_Default___.UInt16ToSeq(uint16((edks).Cardinality())), Companion_Default___.WriteEncryptedDataKeys(edks)) +} +func (_static *CompanionStruct_Default___) ReadEncryptedDataKey(buffer m_SerializeFunctions.ReadableBuffer) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadShortLengthSeq(buffer) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _let_tmp_rhs0 m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _let_tmp_rhs0 + var _1_providerId _dafny.Sequence = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Data.(_dafny.Sequence) + _ = _1_providerId + var _2_providerIdPos m_SerializeFunctions.ReadableBuffer = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Tail + _ = _2_providerIdPos + var _3_valueOrError1 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need(m_UTF8.Companion_Default___.ValidUTF8Seq(_1_providerId), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Invalid providerID"))) + _ = _3_valueOrError1 + if (_3_valueOrError1).IsFailure() { + return (_3_valueOrError1).PropagateFailure() + } else { + var _4_valueOrError2 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadShortLengthSeq(_2_providerIdPos) + _ = _4_valueOrError2 + if (_4_valueOrError2).IsFailure() { + return (_4_valueOrError2).PropagateFailure() + } else { + var _let_tmp_rhs1 m_SerializeFunctions.SuccessfulRead = (_4_valueOrError2).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _let_tmp_rhs1 + var _5_providerInfo _dafny.Sequence = _let_tmp_rhs1.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Data.(_dafny.Sequence) + _ = _5_providerInfo + var _6_providerInfoPos m_SerializeFunctions.ReadableBuffer = _let_tmp_rhs1.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Tail + _ = _6_providerInfoPos + var _7_valueOrError3 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadShortLengthSeq(_6_providerInfoPos) + _ = _7_valueOrError3 + if (_7_valueOrError3).IsFailure() { + return (_7_valueOrError3).PropagateFailure() + } else { + var _let_tmp_rhs2 m_SerializeFunctions.SuccessfulRead = (_7_valueOrError3).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _let_tmp_rhs2 + var _8_cipherText _dafny.Sequence = _let_tmp_rhs2.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Data.(_dafny.Sequence) + _ = _8_cipherText + var _9_tail m_SerializeFunctions.ReadableBuffer = _let_tmp_rhs2.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Tail + _ = _9_tail + var _10_edk m_AwsCryptographyMaterialProvidersTypes.EncryptedDataKey = m_AwsCryptographyMaterialProvidersTypes.Companion_EncryptedDataKey_.Create_EncryptedDataKey_(_1_providerId, _5_providerInfo, _8_cipherText) + _ = _10_edk + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_10_edk, _9_tail)) + } + } + } + } +} +func (_static *CompanionStruct_Default___) ReadEncryptedDataKeys(buffer m_SerializeFunctions.ReadableBuffer, accumulator _dafny.Sequence, count uint16, nextEdkStart m_SerializeFunctions.ReadableBuffer) m_Wrappers.Result { + goto TAIL_CALL_START +TAIL_CALL_START: + if (_dafny.IntOfUint16(count)).Cmp(_dafny.IntOfUint32((accumulator).Cardinality())) > 0 { + var _0_valueOrError0 m_Wrappers.Result = Companion_Default___.ReadEncryptedDataKey(nextEdkStart) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _let_tmp_rhs0 m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _let_tmp_rhs0 + var _1_edk m_AwsCryptographyMaterialProvidersTypes.EncryptedDataKey = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Data.(m_AwsCryptographyMaterialProvidersTypes.EncryptedDataKey) + _ = _1_edk + var _2_newPos m_SerializeFunctions.ReadableBuffer = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Tail + _ = _2_newPos + var _3_nextAcc _dafny.Sequence = _dafny.Companion_Sequence_.Concatenate(accumulator, _dafny.SeqOf(_1_edk)) + _ = _3_nextAcc + var _in0 m_SerializeFunctions.ReadableBuffer = buffer + _ = _in0 + var _in1 _dafny.Sequence = _3_nextAcc + _ = _in1 + var _in2 uint16 = count + _ = _in2 + var _in3 m_SerializeFunctions.ReadableBuffer = _2_newPos + _ = _in3 + buffer = _in0 + accumulator = _in1 + count = _in2 + nextEdkStart = _in3 + goto TAIL_CALL_START + } + } else { + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(accumulator, nextEdkStart)) + } +} +func (_static *CompanionStruct_Default___) ReadEncryptedDataKeysSection(buffer m_SerializeFunctions.ReadableBuffer, maxEdks m_Wrappers.Option) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadUInt16(buffer) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _let_tmp_rhs0 m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _let_tmp_rhs0 + var _1_count uint16 = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Data.(uint16) + _ = _1_count + var _2_edkStart m_SerializeFunctions.ReadableBuffer = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Tail + _ = _2_edkStart + if ((maxEdks).Is_Some()) && ((_dafny.IntOfUint16(_1_count)).Cmp(_dafny.IntOfInt64((maxEdks).Dtor_value().(int64))) > 0) { + return m_Wrappers.Companion_Result_.Create_Failure_(m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Ciphertext encrypted data keys exceed maxEncryptedDataKeys"))) + } else { + var _3_valueOrError1 m_Wrappers.Result = Companion_Default___.ReadEncryptedDataKeys(_2_edkStart, _dafny.SeqOf(), _1_count, _2_edkStart) + _ = _3_valueOrError1 + if (_3_valueOrError1).IsFailure() { + return (_3_valueOrError1).PropagateFailure() + } else { + var _let_tmp_rhs1 m_SerializeFunctions.SuccessfulRead = (_3_valueOrError1).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _let_tmp_rhs1 + var _4_edks _dafny.Sequence = _let_tmp_rhs1.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Data.(_dafny.Sequence) + _ = _4_edks + var _5_tail m_SerializeFunctions.ReadableBuffer = _let_tmp_rhs1.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Tail + _ = _5_tail + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_4_edks, _5_tail)) + } + } + } +} + +// End of class Default__ diff --git a/releases/go/encryption-sdk/EncryptionContext/EncryptionContext.go b/releases/go/encryption-sdk/EncryptionContext/EncryptionContext.go new file mode 100644 index 000000000..f1949d639 --- /dev/null +++ b/releases/go/encryption-sdk/EncryptionContext/EncryptionContext.go @@ -0,0 +1,615 @@ +// Package EncryptionContext +// Dafny module EncryptionContext compiled into Go + +package EncryptionContext + +import ( + os "os" + + m_ComAmazonawsDynamodbTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/ComAmazonawsDynamodbTypes" + m_Com_Amazonaws_Dynamodb "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/Com_Amazonaws_Dynamodb" + m_ComAmazonawsKmsTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/ComAmazonawsKmsTypes" + m_Com_Amazonaws_Kms "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/Com_Amazonaws_Kms" + m_AlgorithmSuites "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AlgorithmSuites" + m_AwsArnParsing "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsArnParsing" + m_AwsCryptographyKeyStoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreOperations" + m_AwsCryptographyKeyStoreTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreTypes" + m_AwsCryptographyMaterialProvidersOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersOperations" + m_AwsCryptographyMaterialProvidersTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + m_AwsKmsDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsDiscoveryKeyring" + m_AwsKmsEcdhKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsEcdhKeyring" + m_AwsKmsHierarchicalKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsHierarchicalKeyring" + m_AwsKmsKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsKeyring" + m_AwsKmsMrkAreUnique "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkAreUnique" + m_AwsKmsMrkDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkDiscoveryKeyring" + m_AwsKmsMrkKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkKeyring" + m_AwsKmsMrkMatchForDecrypt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkMatchForDecrypt" + m_AwsKmsRsaKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsRsaKeyring" + m_AwsKmsUtils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsUtils" + m_CMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CMM" + m_CacheConstants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CacheConstants" + m_CanonicalEncryptionContext "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CanonicalEncryptionContext" + m_Commitment "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Commitment" + m_Constants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Constants" + m_CreateKeyStoreTable "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeyStoreTable" + m_CreateKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeys" + m_DDBKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DDBKeystoreOperations" + m_DefaultCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultCMM" + m_DefaultClientSupplier "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultClientSupplier" + m_Defaults "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Defaults" + m_DiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DiscoveryMultiKeyring" + m_EcdhEdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EcdhEdkWrapping" + m_EdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EdkWrapping" + m_ErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/ErrorMessages" + m_GetKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/GetKeys" + m_IntermediateKeyWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/IntermediateKeyWrapping" + m_KMSKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KMSKeystoreOperations" + m_KeyStore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStore" + m_KeyStoreErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStoreErrorMessages" + m_Keyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Keyring" + m_KmsArn "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KmsArn" + m_LocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/LocalCMC" + m_MaterialProviders "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialProviders" + m_MaterialWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialWrapping" + m_Materials "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Materials" + m_MrkAwareDiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareDiscoveryMultiKeyring" + m_MrkAwareStrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareStrictMultiKeyring" + m_MultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MultiKeyring" + m_RawAESKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawAESKeyring" + m_RawECDHKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawECDHKeyring" + m_RawRSAKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawRSAKeyring" + m_RequiredEncryptionContextCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RequiredEncryptionContextCMM" + m_StormTracker "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTracker" + m_StormTrackingCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTrackingCMC" + m_StrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StrictMultiKeyring" + m_Structure "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Structure" + m_SynchronizedLocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/SynchronizedLocalCMC" + m_Utils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Utils" + m_AtomicPrimitives "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AtomicPrimitives" + m_AwsCryptographyPrimitivesOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesOperations" + m_AwsCryptographyPrimitivesTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesTypes" + m_Digest "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Digest" + m_HKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/HKDF" + m_KdfCtr "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/KdfCtr" + m_Random "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Random" + m_WrappedHKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHKDF" + m_WrappedHMAC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHMAC" + m_Actions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Actions" + m_Base64 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64" + m_Base64Lemmas "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64Lemmas" + m_BoundedInts "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/BoundedInts" + m_DivInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternals" + m_DivInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternalsNonlinear" + m_DivMod "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivMod" + m_FileIO "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FileIO" + m_FloatCompare "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FloatCompare" + m_Functions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Functions" + m_GeneralInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GeneralInternals" + m_GetOpt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GetOpt" + m_HexStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/HexStrings" + m_Logarithm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Logarithm" + m__Math "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Math_" + m_ModInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternals" + m_ModInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternalsNonlinear" + m_Mul "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Mul" + m_MulInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternals" + m_MulInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternalsNonlinear" + m_Power "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Power" + m_Relations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Relations" + m_Seq "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq" + m_Seq_MergeSort "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq_MergeSort" + m_Sorting "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Sorting" + m_StandardLibrary "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary" + m_StandardLibraryInterop "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibraryInterop" + m_StandardLibrary_Sequence "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_Sequence" + m_StandardLibrary_String "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_String" + m_StandardLibrary_UInt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_UInt" + m_Streams "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Streams" + m_UTF8 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UTF8" + m_UnicodeStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UnicodeStrings" + m__Unicode "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Unicode_" + m_Utf16EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf16EncodingForm" + m_Utf8EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf8EncodingForm" + m_Wrappers "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + m_AwsCryptographyEncryptionSdkTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + m_SerializableTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializableTypes" + m_SerializeFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializeFunctions" + m__System "github.com/dafny-lang/DafnyRuntimeGo/v4/System_" + _dafny "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +var _ = os.Args +var _ _dafny.Dummy__ +var _ m__System.Dummy__ +var _ m_Wrappers.Dummy__ +var _ m_BoundedInts.Dummy__ +var _ m_StandardLibrary_UInt.Dummy__ +var _ m_StandardLibrary_Sequence.Dummy__ +var _ m_StandardLibrary_String.Dummy__ +var _ m_StandardLibrary.Dummy__ +var _ m_AwsCryptographyPrimitivesTypes.Dummy__ +var _ m_Random.Dummy__ +var _ m_Digest.Dummy__ +var _ m_WrappedHMAC.Dummy__ +var _ m_HKDF.Dummy__ +var _ m_WrappedHKDF.Dummy__ +var _ m_KdfCtr.Dummy__ +var _ m_AwsCryptographyPrimitivesOperations.Dummy__ +var _ m_AtomicPrimitives.Dummy__ +var _ m_ComAmazonawsDynamodbTypes.Dummy__ +var _ m_ComAmazonawsKmsTypes.Dummy__ +var _ m_AwsCryptographyKeyStoreTypes.Dummy__ +var _ m_AwsCryptographyMaterialProvidersTypes.Dummy__ +var _ m_Base64.Dummy__ +var _ m_AlgorithmSuites.Dummy__ +var _ m_Materials.Dummy__ +var _ m_Keyring.Dummy__ +var _ m_Relations.Dummy__ +var _ m_Seq_MergeSort.Dummy__ +var _ m__Math.Dummy__ +var _ m_Seq.Dummy__ +var _ m_MultiKeyring.Dummy__ +var _ m_AwsArnParsing.Dummy__ +var _ m_AwsKmsMrkAreUnique.Dummy__ +var _ m_Actions.Dummy__ +var _ m_AwsKmsMrkMatchForDecrypt.Dummy__ +var _ m_AwsKmsUtils.Dummy__ +var _ m_Constants.Dummy__ +var _ m_MaterialWrapping.Dummy__ +var _ m_CanonicalEncryptionContext.Dummy__ +var _ m_IntermediateKeyWrapping.Dummy__ +var _ m_EdkWrapping.Dummy__ +var _ m_ErrorMessages.Dummy__ +var _ m_AwsKmsKeyring.Dummy__ +var _ m_StrictMultiKeyring.Dummy__ +var _ m_AwsKmsDiscoveryKeyring.Dummy__ +var _ m_Com_Amazonaws_Kms.Dummy__ +var _ m_Com_Amazonaws_Dynamodb.Dummy__ +var _ m_DiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkDiscoveryKeyring.Dummy__ +var _ m_MrkAwareDiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkKeyring.Dummy__ +var _ m_MrkAwareStrictMultiKeyring.Dummy__ +var _ m_LocalCMC.Dummy__ +var _ m_SynchronizedLocalCMC.Dummy__ +var _ m_StormTracker.Dummy__ +var _ m_StormTrackingCMC.Dummy__ +var _ m_CacheConstants.Dummy__ +var _ m_AwsKmsHierarchicalKeyring.Dummy__ +var _ m_AwsKmsRsaKeyring.Dummy__ +var _ m_EcdhEdkWrapping.Dummy__ +var _ m_RawECDHKeyring.Dummy__ +var _ m_AwsKmsEcdhKeyring.Dummy__ +var _ m_RawAESKeyring.Dummy__ +var _ m_RawRSAKeyring.Dummy__ +var _ m_CMM.Dummy__ +var _ m_Defaults.Dummy__ +var _ m_Commitment.Dummy__ +var _ m_DefaultCMM.Dummy__ +var _ m_DefaultClientSupplier.Dummy__ +var _ m_Utils.Dummy__ +var _ m_RequiredEncryptionContextCMM.Dummy__ +var _ m_AwsCryptographyMaterialProvidersOperations.Dummy__ +var _ m_MaterialProviders.Dummy__ +var _ m_KeyStoreErrorMessages.Dummy__ +var _ m_KmsArn.Dummy__ +var _ m_Structure.Dummy__ +var _ m_KMSKeystoreOperations.Dummy__ +var _ m_DDBKeystoreOperations.Dummy__ +var _ m_CreateKeys.Dummy__ +var _ m_CreateKeyStoreTable.Dummy__ +var _ m_GetKeys.Dummy__ +var _ m_AwsCryptographyKeyStoreOperations.Dummy__ +var _ m_KeyStore.Dummy__ +var _ m__Unicode.Dummy__ +var _ m_Functions.Dummy__ +var _ m_Utf8EncodingForm.Dummy__ +var _ m_Utf16EncodingForm.Dummy__ +var _ m_UnicodeStrings.Dummy__ +var _ m_FileIO.Dummy__ +var _ m_GeneralInternals.Dummy__ +var _ m_MulInternalsNonlinear.Dummy__ +var _ m_MulInternals.Dummy__ +var _ m_Mul.Dummy__ +var _ m_ModInternalsNonlinear.Dummy__ +var _ m_DivInternalsNonlinear.Dummy__ +var _ m_ModInternals.Dummy__ +var _ m_DivInternals.Dummy__ +var _ m_DivMod.Dummy__ +var _ m_Power.Dummy__ +var _ m_Logarithm.Dummy__ +var _ m_StandardLibraryInterop.Dummy__ +var _ m_Streams.Dummy__ +var _ m_Sorting.Dummy__ +var _ m_HexStrings.Dummy__ +var _ m_GetOpt.Dummy__ +var _ m_FloatCompare.Dummy__ +var _ m_Base64Lemmas.Dummy__ +var _ m_AwsCryptographyEncryptionSdkTypes.Dummy__ +var _ m_SerializableTypes.Dummy__ +var _ m_SerializeFunctions.Dummy__ + +type Dummy__ struct{} + +// Definition of class Default__ +type Default__ struct { + dummy byte +} + +func New_Default___() *Default__ { + _this := Default__{} + + return &_this +} + +type CompanionStruct_Default___ struct { +} + +var Companion_Default___ = CompanionStruct_Default___{} + +func (_this *Default__) Equals(other *Default__) bool { + return _this == other +} + +func (_this *Default__) EqualsGeneric(x interface{}) bool { + other, ok := x.(*Default__) + return ok && _this.Equals(other) +} + +func (*Default__) String() string { + return "EncryptionContext.Default__" +} +func (_this *Default__) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = &Default__{} + +func (_static *CompanionStruct_Default___) GetCanonicalEncryptionContext(encryptionContext _dafny.Map) _dafny.Sequence { + return m_SerializableTypes.Companion_Default___.GetCanonicalLinearPairs(encryptionContext) +} +func (_static *CompanionStruct_Default___) GetEncryptionContext(canonicalEncryptionContext _dafny.Sequence) _dafny.Map { + return func() _dafny.Map { + var _coll0 = _dafny.NewMapBuilder() + _ = _coll0 + for _iter0 := _dafny.Iterate(_dafny.IntegerRange(_dafny.Zero, _dafny.IntOfUint32((canonicalEncryptionContext).Cardinality()))); ; { + _compr_0, _ok0 := _iter0() + if !_ok0 { + break + } + var _0_i _dafny.Int + _0_i = interface{}(_compr_0).(_dafny.Int) + if ((_0_i).Sign() != -1) && ((_0_i).Cmp(_dafny.IntOfUint32((canonicalEncryptionContext).Cardinality())) < 0) { + _coll0.Add(((canonicalEncryptionContext).Select((_0_i).Uint32()).(m_SerializableTypes.Pair)).Dtor_key().(_dafny.Sequence), ((canonicalEncryptionContext).Select((_0_i).Uint32()).(m_SerializableTypes.Pair)).Dtor_value().(_dafny.Sequence)) + } + } + return _coll0.ToMap() + }() +} +func (_static *CompanionStruct_Default___) WriteAADSection(ec _dafny.Sequence) _dafny.Sequence { + if (_dafny.IntOfUint32((ec).Cardinality())).Sign() == 0 { + return m_SerializeFunctions.Companion_Default___.WriteUint16(uint16(0)) + } else { + var _0_aad _dafny.Sequence = Companion_Default___.WriteAAD(ec) + _ = _0_aad + return _dafny.Companion_Sequence_.Concatenate(m_SerializeFunctions.Companion_Default___.WriteUint16(uint16((_0_aad).Cardinality())), _0_aad) + } +} +func (_static *CompanionStruct_Default___) WriteEmptyEcOrWriteAAD(ec _dafny.Sequence) _dafny.Sequence { + if (_dafny.IntOfUint32((ec).Cardinality())).Sign() == 0 { + return _dafny.SeqOf() + } else { + return Companion_Default___.WriteAAD(ec) + } +} +func (_static *CompanionStruct_Default___) WriteAAD(ec _dafny.Sequence) _dafny.Sequence { + return _dafny.Companion_Sequence_.Concatenate(m_SerializeFunctions.Companion_Default___.WriteUint16(uint16((ec).Cardinality())), Companion_Default___.WriteAADPairs(ec)) +} +func (_static *CompanionStruct_Default___) WriteAADPairs(ec _dafny.Sequence) _dafny.Sequence { + var _0___accumulator _dafny.Sequence = _dafny.SeqOf() + _ = _0___accumulator + goto TAIL_CALL_START +TAIL_CALL_START: + if (_dafny.IntOfUint32((ec).Cardinality())).Sign() == 0 { + return _dafny.Companion_Sequence_.Concatenate(_dafny.SeqOf(), _0___accumulator) + } else { + _0___accumulator = _dafny.Companion_Sequence_.Concatenate(Companion_Default___.WriteAADPair(m_Seq.Companion_Default___.Last(ec).(m_SerializableTypes.Pair)), _0___accumulator) + var _in0 _dafny.Sequence = m_Seq.Companion_Default___.DropLast(ec) + _ = _in0 + ec = _in0 + goto TAIL_CALL_START + } +} +func (_static *CompanionStruct_Default___) WriteAADPair(pair m_SerializableTypes.Pair) _dafny.Sequence { + return _dafny.Companion_Sequence_.Concatenate(m_SerializeFunctions.Companion_Default___.WriteShortLengthSeq((pair).Dtor_key().(_dafny.Sequence)), m_SerializeFunctions.Companion_Default___.WriteShortLengthSeq((pair).Dtor_value().(_dafny.Sequence))) +} +func (_static *CompanionStruct_Default___) ReadAADPair(buffer m_SerializeFunctions.ReadableBuffer) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadShortLengthSeq(buffer) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _let_tmp_rhs0 m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _let_tmp_rhs0 + var _1_key _dafny.Sequence = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Data.(_dafny.Sequence) + _ = _1_key + var _2_keyEnd m_SerializeFunctions.ReadableBuffer = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Tail + _ = _2_keyEnd + var _3_valueOrError1 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need(m_UTF8.Companion_Default___.ValidUTF8Seq(_1_key), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Invalid Encryption Context key"))) + _ = _3_valueOrError1 + if (_3_valueOrError1).IsFailure() { + return (_3_valueOrError1).PropagateFailure() + } else { + var _4_valueOrError2 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadShortLengthSeq(_2_keyEnd) + _ = _4_valueOrError2 + if (_4_valueOrError2).IsFailure() { + return (_4_valueOrError2).PropagateFailure() + } else { + var _let_tmp_rhs1 m_SerializeFunctions.SuccessfulRead = (_4_valueOrError2).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _let_tmp_rhs1 + var _5_value _dafny.Sequence = _let_tmp_rhs1.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Data.(_dafny.Sequence) + _ = _5_value + var _6_tail m_SerializeFunctions.ReadableBuffer = _let_tmp_rhs1.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Tail + _ = _6_tail + var _7_valueOrError3 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need(m_UTF8.Companion_Default___.ValidUTF8Seq(_5_value), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Invalid Encryption Context value"))) + _ = _7_valueOrError3 + if (_7_valueOrError3).IsFailure() { + return (_7_valueOrError3).PropagateFailure() + } else { + var _8_pair m_SerializableTypes.Pair = m_SerializableTypes.Companion_Pair_.Create_Pair_(_1_key, _5_value) + _ = _8_pair + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_8_pair, _6_tail)) + } + } + } + } +} +func (_static *CompanionStruct_Default___) ReadAADPairs(buffer m_SerializeFunctions.ReadableBuffer, accumulator _dafny.Sequence, keys _dafny.Set, count uint16, nextPair m_SerializeFunctions.ReadableBuffer) m_Wrappers.Result { + goto TAIL_CALL_START +TAIL_CALL_START: + if (_dafny.IntOfUint16(count)).Cmp(_dafny.IntOfUint32((accumulator).Cardinality())) > 0 { + var _0_valueOrError0 m_Wrappers.Result = Companion_Default___.ReadAADPair(nextPair) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _let_tmp_rhs0 m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _let_tmp_rhs0 + var _1_pair m_SerializableTypes.Pair = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Data.(m_SerializableTypes.Pair) + _ = _1_pair + var _2_newPos m_SerializeFunctions.ReadableBuffer = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Tail + _ = _2_newPos + var _3_valueOrError1 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need(!(keys).Contains((_1_pair).Dtor_key().(_dafny.Sequence)), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Duplicate Encryption Context key value."))) + _ = _3_valueOrError1 + if (_3_valueOrError1).IsFailure() { + return (_3_valueOrError1).PropagateFailure() + } else { + var _4_valueOrError2 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need((((_2_newPos).Dtor_start()).Minus((buffer).Dtor_start())).Cmp(m_SerializableTypes.Companion_Default___.ESDK__CANONICAL__ENCRYPTION__CONTEXT__MAX__LENGTH()) < 0, m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Encryption Context exceeds maximum length."))) + _ = _4_valueOrError2 + if (_4_valueOrError2).IsFailure() { + return (_4_valueOrError2).PropagateFailure() + } else { + var _5_nextAcc _dafny.Sequence = _dafny.Companion_Sequence_.Concatenate(accumulator, _dafny.SeqOf(_1_pair)) + _ = _5_nextAcc + var _6_nextKeys _dafny.Set = (keys).Union(Companion_Default___.KeysToSet(_dafny.SeqOf(_1_pair))) + _ = _6_nextKeys + var _in0 m_SerializeFunctions.ReadableBuffer = buffer + _ = _in0 + var _in1 _dafny.Sequence = _5_nextAcc + _ = _in1 + var _in2 _dafny.Set = _6_nextKeys + _ = _in2 + var _in3 uint16 = count + _ = _in3 + var _in4 m_SerializeFunctions.ReadableBuffer = _2_newPos + _ = _in4 + buffer = _in0 + accumulator = _in1 + keys = _in2 + count = _in3 + nextPair = _in4 + goto TAIL_CALL_START + } + } + } + } else { + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(accumulator, nextPair)) + } +} +func (_static *CompanionStruct_Default___) ReadAAD(buffer m_SerializeFunctions.ReadableBuffer) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadUInt16(buffer) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _let_tmp_rhs0 m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _let_tmp_rhs0 + var _1_count uint16 = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Data.(uint16) + _ = _1_count + var _2_ecPos m_SerializeFunctions.ReadableBuffer = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Tail + _ = _2_ecPos + if (_1_count) == (uint16(0)) { + var _3_edks _dafny.Sequence = _dafny.SeqOf() + _ = _3_edks + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_3_edks, _2_ecPos)) + } else { + var _4_accumulator _dafny.Sequence = _dafny.SeqOf() + _ = _4_accumulator + var _5_keys _dafny.Set = Companion_Default___.KeysToSet(_4_accumulator) + _ = _5_keys + var _6_valueOrError1 m_Wrappers.Result = Companion_Default___.ReadAADPairs(_2_ecPos, _4_accumulator, _5_keys, _1_count, _2_ecPos) + _ = _6_valueOrError1 + if (_6_valueOrError1).IsFailure() { + return (_6_valueOrError1).PropagateFailure() + } else { + var _let_tmp_rhs1 m_SerializeFunctions.SuccessfulRead = (_6_valueOrError1).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _let_tmp_rhs1 + var _7_pairs _dafny.Sequence = _let_tmp_rhs1.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Data.(_dafny.Sequence) + _ = _7_pairs + var _8_tail m_SerializeFunctions.ReadableBuffer = _let_tmp_rhs1.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Tail + _ = _8_tail + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_7_pairs, _8_tail)) + } + } + } +} +func (_static *CompanionStruct_Default___) ReadAADSection(buffer m_SerializeFunctions.ReadableBuffer) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadUInt16(buffer) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _1_length m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _1_length + if ((_1_length).Dtor_data().(uint16)) == (uint16(0)) { + var _2_empty _dafny.Sequence = _dafny.SeqOf() + _ = _2_empty + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_2_empty, (_1_length).Dtor_tail())) + } else { + var _3_valueOrError1 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need(((((_1_length).Dtor_tail()).Dtor_start()).Plus(_dafny.IntOfUint16((_1_length).Dtor_data().(uint16)))).Cmp(_dafny.IntOfUint32((((_1_length).Dtor_tail()).Dtor_bytes()).Cardinality())) <= 0, m_SerializeFunctions.Companion_ReadProblems_.Create_MoreNeeded_((((_1_length).Dtor_tail()).Dtor_start()).Plus(_dafny.IntOfUint16((_1_length).Dtor_data().(uint16))))) + _ = _3_valueOrError1 + if (_3_valueOrError1).IsFailure() { + return (_3_valueOrError1).PropagateFailure() + } else { + var _4_valueOrError2 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadUInt16((_1_length).Dtor_tail()) + _ = _4_valueOrError2 + if (_4_valueOrError2).IsFailure() { + return (_4_valueOrError2).PropagateFailure() + } else { + var _5_verifyCount m_SerializeFunctions.SuccessfulRead = (_4_valueOrError2).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _5_verifyCount + if ((_1_length).Dtor_data().(uint16)) == (uint16(2)) { + var _6_valueOrError3 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need(((_5_verifyCount).Dtor_data().(uint16)) == (uint16(0)), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Encryption Context pairs count can not exceed byte length"))) + _ = _6_valueOrError3 + if (_6_valueOrError3).IsFailure() { + return (_6_valueOrError3).PropagateFailure() + } else { + var _7_empty _dafny.Sequence = _dafny.SeqOf() + _ = _7_empty + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_7_empty, (_5_verifyCount).Dtor_tail())) + } + } else { + var _8_valueOrError4 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need((uint16(0)) < ((_5_verifyCount).Dtor_data().(uint16)), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Encryption Context byte length exceeds pairs count."))) + _ = _8_valueOrError4 + if (_8_valueOrError4).IsFailure() { + return (_8_valueOrError4).PropagateFailure() + } else { + var _9_valueOrError5 m_Wrappers.Result = Companion_Default___.ReadAAD((_1_length).Dtor_tail()) + _ = _9_valueOrError5 + if (_9_valueOrError5).IsFailure() { + return (_9_valueOrError5).PropagateFailure() + } else { + var _10_aad m_SerializeFunctions.SuccessfulRead = (_9_valueOrError5).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _10_aad + var _11_valueOrError6 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need(((((_10_aad).Dtor_tail()).Dtor_start()).Minus(((_1_length).Dtor_tail()).Dtor_start())).Cmp(_dafny.IntOfUint16((_1_length).Dtor_data().(uint16))) == 0, m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("AAD Length did not match stored length."))) + _ = _11_valueOrError6 + if (_11_valueOrError6).IsFailure() { + return (_11_valueOrError6).PropagateFailure() + } else { + return m_Wrappers.Companion_Result_.Create_Success_(_10_aad) + } + } + } + } + } + } + } + } +} +func (_static *CompanionStruct_Default___) KeysToSet(pairs _dafny.Sequence) _dafny.Set { + return func() _dafny.Set { + var _coll0 = _dafny.NewBuilder() + _ = _coll0 + for _iter1 := _dafny.Iterate((pairs).Elements()); ; { + _compr_0, _ok1 := _iter1() + if !_ok1 { + break + } + var _0_p m_SerializableTypes.Pair + _0_p = interface{}(_compr_0).(m_SerializableTypes.Pair) + if _dafny.Companion_Sequence_.Contains(pairs, _0_p) { + _coll0.Add((_0_p).Dtor_key()) + } + } + return _coll0.ToSet() + }() +} + +// End of class Default__ + +// Definition of class ESDKEncryptionContextPair +type ESDKEncryptionContextPair struct { +} + +func New_ESDKEncryptionContextPair_() *ESDKEncryptionContextPair { + _this := ESDKEncryptionContextPair{} + + return &_this +} + +type CompanionStruct_ESDKEncryptionContextPair_ struct { +} + +var Companion_ESDKEncryptionContextPair_ = CompanionStruct_ESDKEncryptionContextPair_{} + +func (*ESDKEncryptionContextPair) String() string { + return "EncryptionContext.ESDKEncryptionContextPair" +} + +// End of class ESDKEncryptionContextPair + +func Type_ESDKEncryptionContextPair_() _dafny.TypeDescriptor { + return type_ESDKEncryptionContextPair_{} +} + +type type_ESDKEncryptionContextPair_ struct { +} + +func (_this type_ESDKEncryptionContextPair_) Default() interface{} { + return m_SerializableTypes.Companion_Pair_.Default(m_UTF8.Companion_ValidUTF8Bytes_.Witness(), m_UTF8.Companion_ValidUTF8Bytes_.Witness()) +} + +func (_this type_ESDKEncryptionContextPair_) String() string { + return "EncryptionContext.ESDKEncryptionContextPair" +} +func (_this *CompanionStruct_ESDKEncryptionContextPair_) Is_(__source m_SerializableTypes.Pair) bool { + var _0_p m_SerializableTypes.Pair = (__source) + _ = _0_p + return (((m_StandardLibrary_UInt.Companion_Default___.HasUint16Len((_0_p).Dtor_key().(_dafny.Sequence))) && (m_UTF8.Companion_Default___.ValidUTF8Seq((_0_p).Dtor_key().(_dafny.Sequence)))) && (m_StandardLibrary_UInt.Companion_Default___.HasUint16Len((_0_p).Dtor_value().(_dafny.Sequence)))) && (m_UTF8.Companion_Default___.ValidUTF8Seq((_0_p).Dtor_value().(_dafny.Sequence))) +} + +// Definition of class ESDKCanonicalEncryptionContext +type ESDKCanonicalEncryptionContext struct { +} + +func New_ESDKCanonicalEncryptionContext_() *ESDKCanonicalEncryptionContext { + _this := ESDKCanonicalEncryptionContext{} + + return &_this +} + +type CompanionStruct_ESDKCanonicalEncryptionContext_ struct { +} + +var Companion_ESDKCanonicalEncryptionContext_ = CompanionStruct_ESDKCanonicalEncryptionContext_{} + +func (*ESDKCanonicalEncryptionContext) String() string { + return "EncryptionContext.ESDKCanonicalEncryptionContext" +} + +// End of class ESDKCanonicalEncryptionContext + +func Type_ESDKCanonicalEncryptionContext_() _dafny.TypeDescriptor { + return type_ESDKCanonicalEncryptionContext_{} +} + +type type_ESDKCanonicalEncryptionContext_ struct { +} + +func (_this type_ESDKCanonicalEncryptionContext_) Default() interface{} { + return _dafny.EmptySeq +} + +func (_this type_ESDKCanonicalEncryptionContext_) String() string { + return "EncryptionContext.ESDKCanonicalEncryptionContext" +} diff --git a/releases/go/encryption-sdk/Frames/Frames.go b/releases/go/encryption-sdk/Frames/Frames.go new file mode 100644 index 000000000..1ee4ffa4e --- /dev/null +++ b/releases/go/encryption-sdk/Frames/Frames.go @@ -0,0 +1,838 @@ +// Package Frames +// Dafny module Frames compiled into Go + +package Frames + +import ( + os "os" + + m_ComAmazonawsDynamodbTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/ComAmazonawsDynamodbTypes" + m_Com_Amazonaws_Dynamodb "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/Com_Amazonaws_Dynamodb" + m_ComAmazonawsKmsTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/ComAmazonawsKmsTypes" + m_Com_Amazonaws_Kms "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/Com_Amazonaws_Kms" + m_AlgorithmSuites "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AlgorithmSuites" + m_AwsArnParsing "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsArnParsing" + m_AwsCryptographyKeyStoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreOperations" + m_AwsCryptographyKeyStoreTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreTypes" + m_AwsCryptographyMaterialProvidersOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersOperations" + m_AwsCryptographyMaterialProvidersTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + m_AwsKmsDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsDiscoveryKeyring" + m_AwsKmsEcdhKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsEcdhKeyring" + m_AwsKmsHierarchicalKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsHierarchicalKeyring" + m_AwsKmsKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsKeyring" + m_AwsKmsMrkAreUnique "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkAreUnique" + m_AwsKmsMrkDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkDiscoveryKeyring" + m_AwsKmsMrkKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkKeyring" + m_AwsKmsMrkMatchForDecrypt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkMatchForDecrypt" + m_AwsKmsRsaKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsRsaKeyring" + m_AwsKmsUtils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsUtils" + m_CMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CMM" + m_CacheConstants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CacheConstants" + m_CanonicalEncryptionContext "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CanonicalEncryptionContext" + m_Commitment "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Commitment" + m_Constants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Constants" + m_CreateKeyStoreTable "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeyStoreTable" + m_CreateKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeys" + m_DDBKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DDBKeystoreOperations" + m_DefaultCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultCMM" + m_DefaultClientSupplier "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultClientSupplier" + m_Defaults "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Defaults" + m_DiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DiscoveryMultiKeyring" + m_EcdhEdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EcdhEdkWrapping" + m_EdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EdkWrapping" + m_ErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/ErrorMessages" + m_GetKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/GetKeys" + m_IntermediateKeyWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/IntermediateKeyWrapping" + m_KMSKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KMSKeystoreOperations" + m_KeyStore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStore" + m_KeyStoreErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStoreErrorMessages" + m_Keyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Keyring" + m_KmsArn "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KmsArn" + m_LocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/LocalCMC" + m_MaterialProviders "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialProviders" + m_MaterialWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialWrapping" + m_Materials "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Materials" + m_MrkAwareDiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareDiscoveryMultiKeyring" + m_MrkAwareStrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareStrictMultiKeyring" + m_MultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MultiKeyring" + m_RawAESKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawAESKeyring" + m_RawECDHKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawECDHKeyring" + m_RawRSAKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawRSAKeyring" + m_RequiredEncryptionContextCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RequiredEncryptionContextCMM" + m_StormTracker "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTracker" + m_StormTrackingCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTrackingCMC" + m_StrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StrictMultiKeyring" + m_Structure "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Structure" + m_SynchronizedLocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/SynchronizedLocalCMC" + m_Utils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Utils" + m_AtomicPrimitives "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AtomicPrimitives" + m_AwsCryptographyPrimitivesOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesOperations" + m_AwsCryptographyPrimitivesTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesTypes" + m_Digest "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Digest" + m_HKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/HKDF" + m_KdfCtr "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/KdfCtr" + m_Random "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Random" + m_WrappedHKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHKDF" + m_WrappedHMAC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHMAC" + m_Actions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Actions" + m_Base64 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64" + m_Base64Lemmas "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64Lemmas" + m_BoundedInts "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/BoundedInts" + m_DivInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternals" + m_DivInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternalsNonlinear" + m_DivMod "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivMod" + m_FileIO "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FileIO" + m_FloatCompare "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FloatCompare" + m_Functions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Functions" + m_GeneralInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GeneralInternals" + m_GetOpt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GetOpt" + m_HexStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/HexStrings" + m_Logarithm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Logarithm" + m__Math "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Math_" + m_ModInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternals" + m_ModInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternalsNonlinear" + m_Mul "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Mul" + m_MulInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternals" + m_MulInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternalsNonlinear" + m_Power "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Power" + m_Relations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Relations" + m_Seq "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq" + m_Seq_MergeSort "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq_MergeSort" + m_Sorting "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Sorting" + m_StandardLibrary "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary" + m_StandardLibraryInterop "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibraryInterop" + m_StandardLibrary_Sequence "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_Sequence" + m_StandardLibrary_String "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_String" + m_StandardLibrary_UInt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_UInt" + m_Streams "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Streams" + m_UnicodeStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UnicodeStrings" + m__Unicode "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Unicode_" + m_Utf16EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf16EncodingForm" + m_Utf8EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf8EncodingForm" + m_Wrappers "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + m_AwsCryptographyEncryptionSdkTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + m_EncryptedDataKeys "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptedDataKeys" + m_EncryptionContext "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptionContext" + m_Header "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/Header" + m_HeaderAuth "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderAuth" + m_HeaderTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderTypes" + m_SerializableTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializableTypes" + m_SerializeFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializeFunctions" + m_SharedHeaderFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SharedHeaderFunctions" + m_V1HeaderBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/V1HeaderBody" + m_V2HeaderBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/V2HeaderBody" + m__System "github.com/dafny-lang/DafnyRuntimeGo/v4/System_" + _dafny "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +var _ = os.Args +var _ _dafny.Dummy__ +var _ m__System.Dummy__ +var _ m_Wrappers.Dummy__ +var _ m_BoundedInts.Dummy__ +var _ m_StandardLibrary_UInt.Dummy__ +var _ m_StandardLibrary_Sequence.Dummy__ +var _ m_StandardLibrary_String.Dummy__ +var _ m_StandardLibrary.Dummy__ +var _ m_AwsCryptographyPrimitivesTypes.Dummy__ +var _ m_Random.Dummy__ +var _ m_Digest.Dummy__ +var _ m_WrappedHMAC.Dummy__ +var _ m_HKDF.Dummy__ +var _ m_WrappedHKDF.Dummy__ +var _ m_KdfCtr.Dummy__ +var _ m_AwsCryptographyPrimitivesOperations.Dummy__ +var _ m_AtomicPrimitives.Dummy__ +var _ m_ComAmazonawsDynamodbTypes.Dummy__ +var _ m_ComAmazonawsKmsTypes.Dummy__ +var _ m_AwsCryptographyKeyStoreTypes.Dummy__ +var _ m_AwsCryptographyMaterialProvidersTypes.Dummy__ +var _ m_Base64.Dummy__ +var _ m_AlgorithmSuites.Dummy__ +var _ m_Materials.Dummy__ +var _ m_Keyring.Dummy__ +var _ m_Relations.Dummy__ +var _ m_Seq_MergeSort.Dummy__ +var _ m__Math.Dummy__ +var _ m_Seq.Dummy__ +var _ m_MultiKeyring.Dummy__ +var _ m_AwsArnParsing.Dummy__ +var _ m_AwsKmsMrkAreUnique.Dummy__ +var _ m_Actions.Dummy__ +var _ m_AwsKmsMrkMatchForDecrypt.Dummy__ +var _ m_AwsKmsUtils.Dummy__ +var _ m_Constants.Dummy__ +var _ m_MaterialWrapping.Dummy__ +var _ m_CanonicalEncryptionContext.Dummy__ +var _ m_IntermediateKeyWrapping.Dummy__ +var _ m_EdkWrapping.Dummy__ +var _ m_ErrorMessages.Dummy__ +var _ m_AwsKmsKeyring.Dummy__ +var _ m_StrictMultiKeyring.Dummy__ +var _ m_AwsKmsDiscoveryKeyring.Dummy__ +var _ m_Com_Amazonaws_Kms.Dummy__ +var _ m_Com_Amazonaws_Dynamodb.Dummy__ +var _ m_DiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkDiscoveryKeyring.Dummy__ +var _ m_MrkAwareDiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkKeyring.Dummy__ +var _ m_MrkAwareStrictMultiKeyring.Dummy__ +var _ m_LocalCMC.Dummy__ +var _ m_SynchronizedLocalCMC.Dummy__ +var _ m_StormTracker.Dummy__ +var _ m_StormTrackingCMC.Dummy__ +var _ m_CacheConstants.Dummy__ +var _ m_AwsKmsHierarchicalKeyring.Dummy__ +var _ m_AwsKmsRsaKeyring.Dummy__ +var _ m_EcdhEdkWrapping.Dummy__ +var _ m_RawECDHKeyring.Dummy__ +var _ m_AwsKmsEcdhKeyring.Dummy__ +var _ m_RawAESKeyring.Dummy__ +var _ m_RawRSAKeyring.Dummy__ +var _ m_CMM.Dummy__ +var _ m_Defaults.Dummy__ +var _ m_Commitment.Dummy__ +var _ m_DefaultCMM.Dummy__ +var _ m_DefaultClientSupplier.Dummy__ +var _ m_Utils.Dummy__ +var _ m_RequiredEncryptionContextCMM.Dummy__ +var _ m_AwsCryptographyMaterialProvidersOperations.Dummy__ +var _ m_MaterialProviders.Dummy__ +var _ m_KeyStoreErrorMessages.Dummy__ +var _ m_KmsArn.Dummy__ +var _ m_Structure.Dummy__ +var _ m_KMSKeystoreOperations.Dummy__ +var _ m_DDBKeystoreOperations.Dummy__ +var _ m_CreateKeys.Dummy__ +var _ m_CreateKeyStoreTable.Dummy__ +var _ m_GetKeys.Dummy__ +var _ m_AwsCryptographyKeyStoreOperations.Dummy__ +var _ m_KeyStore.Dummy__ +var _ m__Unicode.Dummy__ +var _ m_Functions.Dummy__ +var _ m_Utf8EncodingForm.Dummy__ +var _ m_Utf16EncodingForm.Dummy__ +var _ m_UnicodeStrings.Dummy__ +var _ m_FileIO.Dummy__ +var _ m_GeneralInternals.Dummy__ +var _ m_MulInternalsNonlinear.Dummy__ +var _ m_MulInternals.Dummy__ +var _ m_Mul.Dummy__ +var _ m_ModInternalsNonlinear.Dummy__ +var _ m_DivInternalsNonlinear.Dummy__ +var _ m_ModInternals.Dummy__ +var _ m_DivInternals.Dummy__ +var _ m_DivMod.Dummy__ +var _ m_Power.Dummy__ +var _ m_Logarithm.Dummy__ +var _ m_StandardLibraryInterop.Dummy__ +var _ m_Streams.Dummy__ +var _ m_Sorting.Dummy__ +var _ m_HexStrings.Dummy__ +var _ m_GetOpt.Dummy__ +var _ m_FloatCompare.Dummy__ +var _ m_Base64Lemmas.Dummy__ +var _ m_AwsCryptographyEncryptionSdkTypes.Dummy__ +var _ m_SerializableTypes.Dummy__ +var _ m_SerializeFunctions.Dummy__ +var _ m_EncryptionContext.Dummy__ +var _ m_HeaderTypes.Dummy__ +var _ m_SharedHeaderFunctions.Dummy__ +var _ m_EncryptedDataKeys.Dummy__ +var _ m_V1HeaderBody.Dummy__ +var _ m_V2HeaderBody.Dummy__ +var _ m_HeaderAuth.Dummy__ +var _ m_Header.Dummy__ + +type Dummy__ struct{} + +// Definition of class Default__ +type Default__ struct { + dummy byte +} + +func New_Default___() *Default__ { + _this := Default__{} + + return &_this +} + +type CompanionStruct_Default___ struct { +} + +var Companion_Default___ = CompanionStruct_Default___{} + +func (_this *Default__) Equals(other *Default__) bool { + return _this == other +} + +func (_this *Default__) EqualsGeneric(x interface{}) bool { + other, ok := x.(*Default__) + return ok && _this.Equals(other) +} + +func (*Default__) String() string { + return "Frames.Default__" +} +func (_this *Default__) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = &Default__{} + +func (_static *CompanionStruct_Default___) WriteRegularFrame(regularFrame Frame) _dafny.Sequence { + return _dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(m_SerializeFunctions.Companion_Default___.WriteUint32((regularFrame).Dtor_seqNum()), m_SerializeFunctions.Companion_Default___.Write((regularFrame).Dtor_iv())), m_SerializeFunctions.Companion_Default___.Write((regularFrame).Dtor_encContent())), m_SerializeFunctions.Companion_Default___.Write((regularFrame).Dtor_authTag())) +} +func (_static *CompanionStruct_Default___) ReadRegularFrame(buffer m_SerializeFunctions.ReadableBuffer, header m_Header.HeaderInfo) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadUInt32(buffer) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _1_sequenceNumber m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _1_sequenceNumber + var _2_valueOrError1 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need(((_1_sequenceNumber).Dtor_data().(uint32)) < (Companion_Default___.ENDFRAME__SEQUENCE__NUMBER()), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Regular frame sequence number can not equal or exceed the final frame."))) + _ = _2_valueOrError1 + if (_2_valueOrError1).IsFailure() { + return (_2_valueOrError1).PropagateFailure() + } else { + var _3_valueOrError2 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read((_1_sequenceNumber).Dtor_tail(), _dafny.IntOfUint8(m_SerializableTypes.Companion_Default___.GetIvLength((header).Dtor_suite()))) + _ = _3_valueOrError2 + if (_3_valueOrError2).IsFailure() { + return (_3_valueOrError2).PropagateFailure() + } else { + var _4_iv m_SerializeFunctions.SuccessfulRead = (_3_valueOrError2).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _4_iv + var _5_valueOrError3 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read((_4_iv).Dtor_tail(), _dafny.IntOfUint32(((header).Dtor_body()).Dtor_frameLength())) + _ = _5_valueOrError3 + if (_5_valueOrError3).IsFailure() { + return (_5_valueOrError3).PropagateFailure() + } else { + var _6_encContent m_SerializeFunctions.SuccessfulRead = (_5_valueOrError3).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _6_encContent + var _7_valueOrError4 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read((_6_encContent).Dtor_tail(), _dafny.IntOfUint8(m_SerializableTypes.Companion_Default___.GetTagLength((header).Dtor_suite()))) + _ = _7_valueOrError4 + if (_7_valueOrError4).IsFailure() { + return (_7_valueOrError4).PropagateFailure() + } else { + var _8_authTag m_SerializeFunctions.SuccessfulRead = (_7_valueOrError4).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _8_authTag + var _9_regularFrame Frame = Companion_Frame_.Create_RegularFrame_(header, (_1_sequenceNumber).Dtor_data().(uint32), (_4_iv).Dtor_data().(_dafny.Sequence), (_6_encContent).Dtor_data().(_dafny.Sequence), (_8_authTag).Dtor_data().(_dafny.Sequence)) + _ = _9_regularFrame + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_9_regularFrame, (_8_authTag).Dtor_tail())) + } + } + } + } + } +} +func (_static *CompanionStruct_Default___) WriteFinalFrame(finalFrame Frame) _dafny.Sequence { + return _dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(m_SerializeFunctions.Companion_Default___.WriteUint32(Companion_Default___.ENDFRAME__SEQUENCE__NUMBER()), m_SerializeFunctions.Companion_Default___.WriteUint32((finalFrame).Dtor_seqNum())), m_SerializeFunctions.Companion_Default___.Write((finalFrame).Dtor_iv())), m_SerializeFunctions.Companion_Default___.WriteUint32Seq((finalFrame).Dtor_encContent())), m_SerializeFunctions.Companion_Default___.Write((finalFrame).Dtor_authTag())) +} +func (_static *CompanionStruct_Default___) ReadFinalFrame(buffer m_SerializeFunctions.ReadableBuffer, header m_Header.HeaderInfo) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadUInt32(buffer) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _1_finalFrameSignal m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _1_finalFrameSignal + var _2_valueOrError1 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need(((_1_finalFrameSignal).Dtor_data().(uint32)) == (Companion_Default___.ENDFRAME__SEQUENCE__NUMBER()), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Final frame sequence number MUST be the end-frame sequence number."))) + _ = _2_valueOrError1 + if (_2_valueOrError1).IsFailure() { + return (_2_valueOrError1).PropagateFailure() + } else { + var _3_valueOrError2 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadUInt32((_1_finalFrameSignal).Dtor_tail()) + _ = _3_valueOrError2 + if (_3_valueOrError2).IsFailure() { + return (_3_valueOrError2).PropagateFailure() + } else { + var _4_sequenceNumber m_SerializeFunctions.SuccessfulRead = (_3_valueOrError2).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _4_sequenceNumber + var _5_valueOrError3 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read((_4_sequenceNumber).Dtor_tail(), _dafny.IntOfUint8(m_SerializableTypes.Companion_Default___.GetIvLength((header).Dtor_suite()))) + _ = _5_valueOrError3 + if (_5_valueOrError3).IsFailure() { + return (_5_valueOrError3).PropagateFailure() + } else { + var _6_iv m_SerializeFunctions.SuccessfulRead = (_5_valueOrError3).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _6_iv + var _7_valueOrError4 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadUInt32((_6_iv).Dtor_tail()) + _ = _7_valueOrError4 + if (_7_valueOrError4).IsFailure() { + return (_7_valueOrError4).PropagateFailure() + } else { + var _8_contentLength m_SerializeFunctions.SuccessfulRead = (_7_valueOrError4).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _8_contentLength + var _9_valueOrError5 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need(((_8_contentLength).Dtor_data().(uint32)) <= (((header).Dtor_body()).Dtor_frameLength()), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Content length MUST NOT exceed the frame length."))) + _ = _9_valueOrError5 + if (_9_valueOrError5).IsFailure() { + return (_9_valueOrError5).PropagateFailure() + } else { + var _10_valueOrError6 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadUint32Seq((_6_iv).Dtor_tail()) + _ = _10_valueOrError6 + if (_10_valueOrError6).IsFailure() { + return (_10_valueOrError6).PropagateFailure() + } else { + var _11_encContent m_SerializeFunctions.SuccessfulRead = (_10_valueOrError6).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _11_encContent + var _12_valueOrError7 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read((_11_encContent).Dtor_tail(), _dafny.IntOfUint8(m_SerializableTypes.Companion_Default___.GetTagLength((header).Dtor_suite()))) + _ = _12_valueOrError7 + if (_12_valueOrError7).IsFailure() { + return (_12_valueOrError7).PropagateFailure() + } else { + var _13_authTag m_SerializeFunctions.SuccessfulRead = (_12_valueOrError7).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _13_authTag + var _14_finalFrame Frame = Companion_Frame_.Create_FinalFrame_(header, (_4_sequenceNumber).Dtor_data().(uint32), (_6_iv).Dtor_data().(_dafny.Sequence), (_11_encContent).Dtor_data().(_dafny.Sequence), (_13_authTag).Dtor_data().(_dafny.Sequence)) + _ = _14_finalFrame + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_14_finalFrame, (_13_authTag).Dtor_tail())) + } + } + } + } + } + } + } + } +} +func (_static *CompanionStruct_Default___) ReadNonFrame(buffer m_SerializeFunctions.ReadableBuffer, header m_Header.HeaderInfo) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read(buffer, _dafny.IntOfUint8(m_SerializableTypes.Companion_Default___.GetIvLength((header).Dtor_suite()))) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _1_iv m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _1_iv + var _2_valueOrError1 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadUInt64((_1_iv).Dtor_tail()) + _ = _2_valueOrError1 + if (_2_valueOrError1).IsFailure() { + return (_2_valueOrError1).PropagateFailure() + } else { + var _3_contentLength m_SerializeFunctions.SuccessfulRead = (_2_valueOrError1).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _3_contentLength + var _4_valueOrError2 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need((_dafny.IntOfUint64((_3_contentLength).Dtor_data().(uint64))).Cmp(Companion_Default___.SAFE__MAX__ENCRYPT()) < 0, m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Frame exceeds AES-GCM cryptographic safety for a single key/iv."))) + _ = _4_valueOrError2 + if (_4_valueOrError2).IsFailure() { + return (_4_valueOrError2).PropagateFailure() + } else { + var _5_valueOrError3 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadUint64Seq((_1_iv).Dtor_tail()) + _ = _5_valueOrError3 + if (_5_valueOrError3).IsFailure() { + return (_5_valueOrError3).PropagateFailure() + } else { + var _6_encContent m_SerializeFunctions.SuccessfulRead = (_5_valueOrError3).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _6_encContent + var _7_valueOrError4 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read((_6_encContent).Dtor_tail(), _dafny.IntOfUint8(m_SerializableTypes.Companion_Default___.GetTagLength((header).Dtor_suite()))) + _ = _7_valueOrError4 + if (_7_valueOrError4).IsFailure() { + return (_7_valueOrError4).PropagateFailure() + } else { + var _8_authTag m_SerializeFunctions.SuccessfulRead = (_7_valueOrError4).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _8_authTag + var _9_nonFramed Frame = Companion_Frame_.Create_NonFramed_(header, (_1_iv).Dtor_data().(_dafny.Sequence), (_6_encContent).Dtor_data().(_dafny.Sequence), (_8_authTag).Dtor_data().(_dafny.Sequence)) + _ = _9_nonFramed + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_9_nonFramed, (_8_authTag).Dtor_tail())) + } + } + } + } + } +} +func (_static *CompanionStruct_Default___) ENDFRAME__SEQUENCE__NUMBER() uint32 { + return uint32(4294967295) +} +func (_static *CompanionStruct_Default___) SAFE__MAX__ENCRYPT() _dafny.Int { + return _dafny.IntOfInt64(68719476704) +} +func (_static *CompanionStruct_Default___) START__SEQUENCE__NUMBER() uint32 { + return uint32(1) +} +func (_static *CompanionStruct_Default___) NONFRAMED__SEQUENCE__NUMBER() uint32 { + return uint32(1) +} + +// End of class Default__ + +// Definition of class FramedHeader +type FramedHeader struct { +} + +func New_FramedHeader_() *FramedHeader { + _this := FramedHeader{} + + return &_this +} + +type CompanionStruct_FramedHeader_ struct { +} + +var Companion_FramedHeader_ = CompanionStruct_FramedHeader_{} + +func (*FramedHeader) String() string { + return "Frames.FramedHeader" +} + +// End of class FramedHeader + +func Type_FramedHeader_() _dafny.TypeDescriptor { + return type_FramedHeader_{} +} + +type type_FramedHeader_ struct { +} + +func (_this type_FramedHeader_) Default() interface{} { + return m_Header.Companion_HeaderInfo_.Default() +} + +func (_this type_FramedHeader_) String() string { + return "Frames.FramedHeader" +} + +// Definition of class NonFramedHeader +type NonFramedHeader struct { +} + +func New_NonFramedHeader_() *NonFramedHeader { + _this := NonFramedHeader{} + + return &_this +} + +type CompanionStruct_NonFramedHeader_ struct { +} + +var Companion_NonFramedHeader_ = CompanionStruct_NonFramedHeader_{} + +func (*NonFramedHeader) String() string { + return "Frames.NonFramedHeader" +} + +// End of class NonFramedHeader + +func Type_NonFramedHeader_() _dafny.TypeDescriptor { + return type_NonFramedHeader_{} +} + +type type_NonFramedHeader_ struct { +} + +func (_this type_NonFramedHeader_) Default() interface{} { + return m_Header.Companion_HeaderInfo_.Default() +} + +func (_this type_NonFramedHeader_) String() string { + return "Frames.NonFramedHeader" +} + +// Definition of datatype Frame +type Frame struct { + Data_Frame_ +} + +func (_this Frame) Get_() Data_Frame_ { + return _this.Data_Frame_ +} + +type Data_Frame_ interface { + isFrame() +} + +type CompanionStruct_Frame_ struct { +} + +var Companion_Frame_ = CompanionStruct_Frame_{} + +type Frame_RegularFrame struct { + Header m_Header.HeaderInfo + SeqNum uint32 + Iv _dafny.Sequence + EncContent _dafny.Sequence + AuthTag _dafny.Sequence +} + +func (Frame_RegularFrame) isFrame() {} + +func (CompanionStruct_Frame_) Create_RegularFrame_(Header m_Header.HeaderInfo, SeqNum uint32, Iv _dafny.Sequence, EncContent _dafny.Sequence, AuthTag _dafny.Sequence) Frame { + return Frame{Frame_RegularFrame{Header, SeqNum, Iv, EncContent, AuthTag}} +} + +func (_this Frame) Is_RegularFrame() bool { + _, ok := _this.Get_().(Frame_RegularFrame) + return ok +} + +type Frame_FinalFrame struct { + Header m_Header.HeaderInfo + SeqNum uint32 + Iv _dafny.Sequence + EncContent _dafny.Sequence + AuthTag _dafny.Sequence +} + +func (Frame_FinalFrame) isFrame() {} + +func (CompanionStruct_Frame_) Create_FinalFrame_(Header m_Header.HeaderInfo, SeqNum uint32, Iv _dafny.Sequence, EncContent _dafny.Sequence, AuthTag _dafny.Sequence) Frame { + return Frame{Frame_FinalFrame{Header, SeqNum, Iv, EncContent, AuthTag}} +} + +func (_this Frame) Is_FinalFrame() bool { + _, ok := _this.Get_().(Frame_FinalFrame) + return ok +} + +type Frame_NonFramed struct { + Header m_Header.HeaderInfo + Iv _dafny.Sequence + EncContent _dafny.Sequence + AuthTag _dafny.Sequence +} + +func (Frame_NonFramed) isFrame() {} + +func (CompanionStruct_Frame_) Create_NonFramed_(Header m_Header.HeaderInfo, Iv _dafny.Sequence, EncContent _dafny.Sequence, AuthTag _dafny.Sequence) Frame { + return Frame{Frame_NonFramed{Header, Iv, EncContent, AuthTag}} +} + +func (_this Frame) Is_NonFramed() bool { + _, ok := _this.Get_().(Frame_NonFramed) + return ok +} + +func (CompanionStruct_Frame_) Default() Frame { + return Companion_Frame_.Create_RegularFrame_(m_Header.Companion_HeaderInfo_.Default(), uint32(0), _dafny.EmptySeq, _dafny.EmptySeq, _dafny.EmptySeq) +} + +func (_this Frame) Dtor_header() m_Header.HeaderInfo { + switch data := _this.Get_().(type) { + case Frame_RegularFrame: + return data.Header + case Frame_FinalFrame: + return data.Header + default: + return data.(Frame_NonFramed).Header + } +} + +func (_this Frame) Dtor_seqNum() uint32 { + switch data := _this.Get_().(type) { + case Frame_RegularFrame: + return data.SeqNum + default: + return data.(Frame_FinalFrame).SeqNum + } +} + +func (_this Frame) Dtor_iv() _dafny.Sequence { + switch data := _this.Get_().(type) { + case Frame_RegularFrame: + return data.Iv + case Frame_FinalFrame: + return data.Iv + default: + return data.(Frame_NonFramed).Iv + } +} + +func (_this Frame) Dtor_encContent() _dafny.Sequence { + switch data := _this.Get_().(type) { + case Frame_RegularFrame: + return data.EncContent + case Frame_FinalFrame: + return data.EncContent + default: + return data.(Frame_NonFramed).EncContent + } +} + +func (_this Frame) Dtor_authTag() _dafny.Sequence { + switch data := _this.Get_().(type) { + case Frame_RegularFrame: + return data.AuthTag + case Frame_FinalFrame: + return data.AuthTag + default: + return data.(Frame_NonFramed).AuthTag + } +} + +func (_this Frame) String() string { + switch data := _this.Get_().(type) { + case nil: + return "null" + case Frame_RegularFrame: + { + return "Frames.Frame.RegularFrame" + "(" + _dafny.String(data.Header) + ", " + _dafny.String(data.SeqNum) + ", " + _dafny.String(data.Iv) + ", " + _dafny.String(data.EncContent) + ", " + _dafny.String(data.AuthTag) + ")" + } + case Frame_FinalFrame: + { + return "Frames.Frame.FinalFrame" + "(" + _dafny.String(data.Header) + ", " + _dafny.String(data.SeqNum) + ", " + _dafny.String(data.Iv) + ", " + _dafny.String(data.EncContent) + ", " + _dafny.String(data.AuthTag) + ")" + } + case Frame_NonFramed: + { + return "Frames.Frame.NonFramed" + "(" + _dafny.String(data.Header) + ", " + _dafny.String(data.Iv) + ", " + _dafny.String(data.EncContent) + ", " + _dafny.String(data.AuthTag) + ")" + } + default: + { + return "" + } + } +} + +func (_this Frame) Equals(other Frame) bool { + switch data1 := _this.Get_().(type) { + case Frame_RegularFrame: + { + data2, ok := other.Get_().(Frame_RegularFrame) + return ok && data1.Header.Equals(data2.Header) && data1.SeqNum == data2.SeqNum && data1.Iv.Equals(data2.Iv) && data1.EncContent.Equals(data2.EncContent) && data1.AuthTag.Equals(data2.AuthTag) + } + case Frame_FinalFrame: + { + data2, ok := other.Get_().(Frame_FinalFrame) + return ok && data1.Header.Equals(data2.Header) && data1.SeqNum == data2.SeqNum && data1.Iv.Equals(data2.Iv) && data1.EncContent.Equals(data2.EncContent) && data1.AuthTag.Equals(data2.AuthTag) + } + case Frame_NonFramed: + { + data2, ok := other.Get_().(Frame_NonFramed) + return ok && data1.Header.Equals(data2.Header) && data1.Iv.Equals(data2.Iv) && data1.EncContent.Equals(data2.EncContent) && data1.AuthTag.Equals(data2.AuthTag) + } + default: + { + return false // unexpected + } + } +} + +func (_this Frame) EqualsGeneric(other interface{}) bool { + typed, ok := other.(Frame) + return ok && _this.Equals(typed) +} + +func Type_Frame_() _dafny.TypeDescriptor { + return type_Frame_{} +} + +type type_Frame_ struct { +} + +func (_this type_Frame_) Default() interface{} { + return Companion_Frame_.Default() +} + +func (_this type_Frame_) String() string { + return "Frames.Frame" +} +func (_this Frame) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = Frame{} + +// End of datatype Frame + +// Definition of class RegularFrame +type RegularFrame struct { +} + +func New_RegularFrame_() *RegularFrame { + _this := RegularFrame{} + + return &_this +} + +type CompanionStruct_RegularFrame_ struct { +} + +var Companion_RegularFrame_ = CompanionStruct_RegularFrame_{} + +func (*RegularFrame) String() string { + return "Frames.RegularFrame" +} + +// End of class RegularFrame + +func Type_RegularFrame_() _dafny.TypeDescriptor { + return type_RegularFrame_{} +} + +type type_RegularFrame_ struct { +} + +func (_this type_RegularFrame_) Default() interface{} { + return Companion_Frame_.Default() +} + +func (_this type_RegularFrame_) String() string { + return "Frames.RegularFrame" +} + +// Definition of class FinalFrame +type FinalFrame struct { +} + +func New_FinalFrame_() *FinalFrame { + _this := FinalFrame{} + + return &_this +} + +type CompanionStruct_FinalFrame_ struct { +} + +var Companion_FinalFrame_ = CompanionStruct_FinalFrame_{} + +func (*FinalFrame) String() string { + return "Frames.FinalFrame" +} + +// End of class FinalFrame + +func Type_FinalFrame_() _dafny.TypeDescriptor { + return type_FinalFrame_{} +} + +type type_FinalFrame_ struct { +} + +func (_this type_FinalFrame_) Default() interface{} { + return Companion_Frame_.Default() +} + +func (_this type_FinalFrame_) String() string { + return "Frames.FinalFrame" +} + +// Definition of class NonFramed +type NonFramed struct { +} + +func New_NonFramed_() *NonFramed { + _this := NonFramed{} + + return &_this +} + +type CompanionStruct_NonFramed_ struct { +} + +var Companion_NonFramed_ = CompanionStruct_NonFramed_{} + +func (*NonFramed) String() string { + return "Frames.NonFramed" +} + +// End of class NonFramed + +func Type_NonFramed_() _dafny.TypeDescriptor { + return type_NonFramed_{} +} + +type type_NonFramed_ struct { +} + +func (_this type_NonFramed_) Default() interface{} { + return Companion_Frame_.Default() +} + +func (_this type_NonFramed_) String() string { + return "Frames.NonFramed" +} diff --git a/releases/go/encryption-sdk/Header/Header.go b/releases/go/encryption-sdk/Header/Header.go new file mode 100644 index 000000000..7942b29a7 --- /dev/null +++ b/releases/go/encryption-sdk/Header/Header.go @@ -0,0 +1,516 @@ +// Package Header +// Dafny module Header compiled into Go + +package Header + +import ( + os "os" + + m_ComAmazonawsDynamodbTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/ComAmazonawsDynamodbTypes" + m_Com_Amazonaws_Dynamodb "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/Com_Amazonaws_Dynamodb" + m_ComAmazonawsKmsTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/ComAmazonawsKmsTypes" + m_Com_Amazonaws_Kms "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/Com_Amazonaws_Kms" + m_AlgorithmSuites "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AlgorithmSuites" + m_AwsArnParsing "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsArnParsing" + m_AwsCryptographyKeyStoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreOperations" + m_AwsCryptographyKeyStoreTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreTypes" + m_AwsCryptographyMaterialProvidersOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersOperations" + m_AwsCryptographyMaterialProvidersTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + m_AwsKmsDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsDiscoveryKeyring" + m_AwsKmsEcdhKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsEcdhKeyring" + m_AwsKmsHierarchicalKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsHierarchicalKeyring" + m_AwsKmsKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsKeyring" + m_AwsKmsMrkAreUnique "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkAreUnique" + m_AwsKmsMrkDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkDiscoveryKeyring" + m_AwsKmsMrkKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkKeyring" + m_AwsKmsMrkMatchForDecrypt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkMatchForDecrypt" + m_AwsKmsRsaKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsRsaKeyring" + m_AwsKmsUtils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsUtils" + m_CMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CMM" + m_CacheConstants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CacheConstants" + m_CanonicalEncryptionContext "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CanonicalEncryptionContext" + m_Commitment "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Commitment" + m_Constants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Constants" + m_CreateKeyStoreTable "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeyStoreTable" + m_CreateKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeys" + m_DDBKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DDBKeystoreOperations" + m_DefaultCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultCMM" + m_DefaultClientSupplier "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultClientSupplier" + m_Defaults "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Defaults" + m_DiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DiscoveryMultiKeyring" + m_EcdhEdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EcdhEdkWrapping" + m_EdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EdkWrapping" + m_ErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/ErrorMessages" + m_GetKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/GetKeys" + m_IntermediateKeyWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/IntermediateKeyWrapping" + m_KMSKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KMSKeystoreOperations" + m_KeyStore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStore" + m_KeyStoreErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStoreErrorMessages" + m_Keyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Keyring" + m_KmsArn "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KmsArn" + m_LocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/LocalCMC" + m_MaterialProviders "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialProviders" + m_MaterialWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialWrapping" + m_Materials "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Materials" + m_MrkAwareDiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareDiscoveryMultiKeyring" + m_MrkAwareStrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareStrictMultiKeyring" + m_MultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MultiKeyring" + m_RawAESKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawAESKeyring" + m_RawECDHKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawECDHKeyring" + m_RawRSAKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawRSAKeyring" + m_RequiredEncryptionContextCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RequiredEncryptionContextCMM" + m_StormTracker "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTracker" + m_StormTrackingCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTrackingCMC" + m_StrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StrictMultiKeyring" + m_Structure "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Structure" + m_SynchronizedLocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/SynchronizedLocalCMC" + m_Utils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Utils" + m_AtomicPrimitives "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AtomicPrimitives" + m_AwsCryptographyPrimitivesOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesOperations" + m_AwsCryptographyPrimitivesTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesTypes" + m_Digest "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Digest" + m_HKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/HKDF" + m_KdfCtr "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/KdfCtr" + m_Random "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Random" + m_WrappedHKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHKDF" + m_WrappedHMAC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHMAC" + m_Actions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Actions" + m_Base64 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64" + m_Base64Lemmas "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64Lemmas" + m_BoundedInts "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/BoundedInts" + m_DivInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternals" + m_DivInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternalsNonlinear" + m_DivMod "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivMod" + m_FileIO "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FileIO" + m_FloatCompare "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FloatCompare" + m_Functions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Functions" + m_GeneralInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GeneralInternals" + m_GetOpt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GetOpt" + m_HexStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/HexStrings" + m_Logarithm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Logarithm" + m__Math "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Math_" + m_ModInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternals" + m_ModInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternalsNonlinear" + m_Mul "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Mul" + m_MulInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternals" + m_MulInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternalsNonlinear" + m_Power "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Power" + m_Relations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Relations" + m_Seq "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq" + m_Seq_MergeSort "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq_MergeSort" + m_Sorting "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Sorting" + m_StandardLibrary "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary" + m_StandardLibraryInterop "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibraryInterop" + m_StandardLibrary_Sequence "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_Sequence" + m_StandardLibrary_String "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_String" + m_StandardLibrary_UInt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_UInt" + m_Streams "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Streams" + m_UnicodeStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UnicodeStrings" + m__Unicode "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Unicode_" + m_Utf16EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf16EncodingForm" + m_Utf8EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf8EncodingForm" + m_Wrappers "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + m_AwsCryptographyEncryptionSdkTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + m_EncryptedDataKeys "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptedDataKeys" + m_EncryptionContext "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptionContext" + m_HeaderAuth "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderAuth" + m_HeaderTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderTypes" + m_SerializableTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializableTypes" + m_SerializeFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializeFunctions" + m_SharedHeaderFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SharedHeaderFunctions" + m_V1HeaderBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/V1HeaderBody" + m_V2HeaderBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/V2HeaderBody" + m__System "github.com/dafny-lang/DafnyRuntimeGo/v4/System_" + _dafny "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +var _ = os.Args +var _ _dafny.Dummy__ +var _ m__System.Dummy__ +var _ m_Wrappers.Dummy__ +var _ m_BoundedInts.Dummy__ +var _ m_StandardLibrary_UInt.Dummy__ +var _ m_StandardLibrary_Sequence.Dummy__ +var _ m_StandardLibrary_String.Dummy__ +var _ m_StandardLibrary.Dummy__ +var _ m_AwsCryptographyPrimitivesTypes.Dummy__ +var _ m_Random.Dummy__ +var _ m_Digest.Dummy__ +var _ m_WrappedHMAC.Dummy__ +var _ m_HKDF.Dummy__ +var _ m_WrappedHKDF.Dummy__ +var _ m_KdfCtr.Dummy__ +var _ m_AwsCryptographyPrimitivesOperations.Dummy__ +var _ m_AtomicPrimitives.Dummy__ +var _ m_ComAmazonawsDynamodbTypes.Dummy__ +var _ m_ComAmazonawsKmsTypes.Dummy__ +var _ m_AwsCryptographyKeyStoreTypes.Dummy__ +var _ m_AwsCryptographyMaterialProvidersTypes.Dummy__ +var _ m_Base64.Dummy__ +var _ m_AlgorithmSuites.Dummy__ +var _ m_Materials.Dummy__ +var _ m_Keyring.Dummy__ +var _ m_Relations.Dummy__ +var _ m_Seq_MergeSort.Dummy__ +var _ m__Math.Dummy__ +var _ m_Seq.Dummy__ +var _ m_MultiKeyring.Dummy__ +var _ m_AwsArnParsing.Dummy__ +var _ m_AwsKmsMrkAreUnique.Dummy__ +var _ m_Actions.Dummy__ +var _ m_AwsKmsMrkMatchForDecrypt.Dummy__ +var _ m_AwsKmsUtils.Dummy__ +var _ m_Constants.Dummy__ +var _ m_MaterialWrapping.Dummy__ +var _ m_CanonicalEncryptionContext.Dummy__ +var _ m_IntermediateKeyWrapping.Dummy__ +var _ m_EdkWrapping.Dummy__ +var _ m_ErrorMessages.Dummy__ +var _ m_AwsKmsKeyring.Dummy__ +var _ m_StrictMultiKeyring.Dummy__ +var _ m_AwsKmsDiscoveryKeyring.Dummy__ +var _ m_Com_Amazonaws_Kms.Dummy__ +var _ m_Com_Amazonaws_Dynamodb.Dummy__ +var _ m_DiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkDiscoveryKeyring.Dummy__ +var _ m_MrkAwareDiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkKeyring.Dummy__ +var _ m_MrkAwareStrictMultiKeyring.Dummy__ +var _ m_LocalCMC.Dummy__ +var _ m_SynchronizedLocalCMC.Dummy__ +var _ m_StormTracker.Dummy__ +var _ m_StormTrackingCMC.Dummy__ +var _ m_CacheConstants.Dummy__ +var _ m_AwsKmsHierarchicalKeyring.Dummy__ +var _ m_AwsKmsRsaKeyring.Dummy__ +var _ m_EcdhEdkWrapping.Dummy__ +var _ m_RawECDHKeyring.Dummy__ +var _ m_AwsKmsEcdhKeyring.Dummy__ +var _ m_RawAESKeyring.Dummy__ +var _ m_RawRSAKeyring.Dummy__ +var _ m_CMM.Dummy__ +var _ m_Defaults.Dummy__ +var _ m_Commitment.Dummy__ +var _ m_DefaultCMM.Dummy__ +var _ m_DefaultClientSupplier.Dummy__ +var _ m_Utils.Dummy__ +var _ m_RequiredEncryptionContextCMM.Dummy__ +var _ m_AwsCryptographyMaterialProvidersOperations.Dummy__ +var _ m_MaterialProviders.Dummy__ +var _ m_KeyStoreErrorMessages.Dummy__ +var _ m_KmsArn.Dummy__ +var _ m_Structure.Dummy__ +var _ m_KMSKeystoreOperations.Dummy__ +var _ m_DDBKeystoreOperations.Dummy__ +var _ m_CreateKeys.Dummy__ +var _ m_CreateKeyStoreTable.Dummy__ +var _ m_GetKeys.Dummy__ +var _ m_AwsCryptographyKeyStoreOperations.Dummy__ +var _ m_KeyStore.Dummy__ +var _ m__Unicode.Dummy__ +var _ m_Functions.Dummy__ +var _ m_Utf8EncodingForm.Dummy__ +var _ m_Utf16EncodingForm.Dummy__ +var _ m_UnicodeStrings.Dummy__ +var _ m_FileIO.Dummy__ +var _ m_GeneralInternals.Dummy__ +var _ m_MulInternalsNonlinear.Dummy__ +var _ m_MulInternals.Dummy__ +var _ m_Mul.Dummy__ +var _ m_ModInternalsNonlinear.Dummy__ +var _ m_DivInternalsNonlinear.Dummy__ +var _ m_ModInternals.Dummy__ +var _ m_DivInternals.Dummy__ +var _ m_DivMod.Dummy__ +var _ m_Power.Dummy__ +var _ m_Logarithm.Dummy__ +var _ m_StandardLibraryInterop.Dummy__ +var _ m_Streams.Dummy__ +var _ m_Sorting.Dummy__ +var _ m_HexStrings.Dummy__ +var _ m_GetOpt.Dummy__ +var _ m_FloatCompare.Dummy__ +var _ m_Base64Lemmas.Dummy__ +var _ m_AwsCryptographyEncryptionSdkTypes.Dummy__ +var _ m_SerializableTypes.Dummy__ +var _ m_SerializeFunctions.Dummy__ +var _ m_EncryptionContext.Dummy__ +var _ m_HeaderTypes.Dummy__ +var _ m_SharedHeaderFunctions.Dummy__ +var _ m_EncryptedDataKeys.Dummy__ +var _ m_V1HeaderBody.Dummy__ +var _ m_V2HeaderBody.Dummy__ +var _ m_HeaderAuth.Dummy__ + +type Dummy__ struct{} + +// Definition of class Default__ +type Default__ struct { + dummy byte +} + +func New_Default___() *Default__ { + _this := Default__{} + + return &_this +} + +type CompanionStruct_Default___ struct { +} + +var Companion_Default___ = CompanionStruct_Default___{} + +func (_this *Default__) Equals(other *Default__) bool { + return _this == other +} + +func (_this *Default__) EqualsGeneric(x interface{}) bool { + other, ok := x.(*Default__) + return ok && _this.Equals(other) +} + +func (*Default__) String() string { + return "Header.Default__" +} +func (_this *Default__) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = &Default__{} + +func (_static *CompanionStruct_Default___) HeaderVersionSupportsCommitment_q(suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo, body m_HeaderTypes.HeaderBody) bool { + return (!(((suite).Dtor_commitment()).Is_HKDF()) || (((body).Is_V2HeaderBody()) && ((_dafny.IntOfUint32(((body).Dtor_suiteData()).Cardinality())).Cmp(_dafny.IntOfInt32((((suite).Dtor_commitment()).Dtor_HKDF()).Dtor_outputKeyLength())) == 0))) && (!(!(((suite).Dtor_commitment()).Is_HKDF())) || ((true) && ((body).Is_V1HeaderBody()))) +} +func (_static *CompanionStruct_Default___) ReadHeaderBody(buffer m_SerializeFunctions.ReadableBuffer, maxEdks m_Wrappers.Option, mpl *m_MaterialProviders.MaterialProvidersClient) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SharedHeaderFunctions.Companion_Default___.ReadMessageFormatVersion(buffer) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _1_version m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _1_version + var _2_valueOrError1 m_Wrappers.Result = func() m_Wrappers.Result { + var _source0 m_HeaderTypes.MessageFormatVersion = (_1_version).Dtor_data().(m_HeaderTypes.MessageFormatVersion) + _ = _source0 + { + if _source0.Is_V1() { + var _3_valueOrError2 m_Wrappers.Result = m_V1HeaderBody.Companion_Default___.ReadV1HeaderBody(buffer, maxEdks, mpl) + _ = _3_valueOrError2 + if (_3_valueOrError2).IsFailure() { + return (_3_valueOrError2).PropagateFailure() + } else { + var _4_b m_SerializeFunctions.SuccessfulRead = (_3_valueOrError2).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _4_b + var _5_body m_HeaderTypes.HeaderBody = (_4_b).Dtor_data().(m_HeaderTypes.HeaderBody) + _ = _5_body + return m_Wrappers.Companion_Result_.Create_Success_(_dafny.TupleOf(_5_body, (_4_b).Dtor_tail())) + } + } + } + { + var _6_valueOrError3 m_Wrappers.Result = m_V2HeaderBody.Companion_Default___.ReadV2HeaderBody(buffer, maxEdks, mpl) + _ = _6_valueOrError3 + if (_6_valueOrError3).IsFailure() { + return (_6_valueOrError3).PropagateFailure() + } else { + var _7_b m_SerializeFunctions.SuccessfulRead = (_6_valueOrError3).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _7_b + var _8_body m_HeaderTypes.HeaderBody = (_7_b).Dtor_data().(m_HeaderTypes.HeaderBody) + _ = _8_body + return m_Wrappers.Companion_Result_.Create_Success_(_dafny.TupleOf(_8_body, (_7_b).Dtor_tail())) + } + } + }() + _ = _2_valueOrError1 + if (_2_valueOrError1).IsFailure() { + return (_2_valueOrError1).PropagateFailure() + } else { + var _let_tmp_rhs0 _dafny.Tuple = (_2_valueOrError1).Extract().(_dafny.Tuple) + _ = _let_tmp_rhs0 + var _9_body m_HeaderTypes.HeaderBody = (*(_let_tmp_rhs0).IndexInt(0)).(m_HeaderTypes.HeaderBody) + _ = _9_body + var _10_tail m_SerializeFunctions.ReadableBuffer = (*(_let_tmp_rhs0).IndexInt(1)).(m_SerializeFunctions.ReadableBuffer) + _ = _10_tail + var _11_valueOrError4 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need((((_9_body).Dtor_contentType()).Is_Framed()) == (((_9_body).Dtor_frameLength()) > (uint32(0))), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Frame length must be positive if content is framed"))) + _ = _11_valueOrError4 + if (_11_valueOrError4).IsFailure() { + return (_11_valueOrError4).PropagateFailure() + } else { + var _12_valueOrError5 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need((((_9_body).Dtor_contentType()).Is_NonFramed()) == (((_9_body).Dtor_frameLength()) == (uint32(0))), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Frame length must be zero if content is non-framed"))) + _ = _12_valueOrError5 + if (_12_valueOrError5).IsFailure() { + return (_12_valueOrError5).PropagateFailure() + } else { + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_9_body, _10_tail)) + } + } + } + } +} +func (_static *CompanionStruct_Default___) WriteHeaderBody(body m_HeaderTypes.HeaderBody) _dafny.Sequence { + var _source0 m_HeaderTypes.HeaderBody = body + _ = _source0 + { + if _source0.Is_V1HeaderBody() { + return m_V1HeaderBody.Companion_Default___.WriteV1HeaderBody(body) + } + } + { + return m_V2HeaderBody.Companion_Default___.WriteV2HeaderBody(body) + } +} + +// End of class Default__ + +// Definition of datatype HeaderInfo +type HeaderInfo struct { + Data_HeaderInfo_ +} + +func (_this HeaderInfo) Get_() Data_HeaderInfo_ { + return _this.Data_HeaderInfo_ +} + +type Data_HeaderInfo_ interface { + isHeaderInfo() +} + +type CompanionStruct_HeaderInfo_ struct { +} + +var Companion_HeaderInfo_ = CompanionStruct_HeaderInfo_{} + +type HeaderInfo_HeaderInfo struct { + Body m_HeaderTypes.HeaderBody + RawHeader _dafny.Sequence + EncryptionContext _dafny.Map + Suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo + HeaderAuth m_HeaderTypes.HeaderAuth +} + +func (HeaderInfo_HeaderInfo) isHeaderInfo() {} + +func (CompanionStruct_HeaderInfo_) Create_HeaderInfo_(Body m_HeaderTypes.HeaderBody, RawHeader _dafny.Sequence, EncryptionContext _dafny.Map, Suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo, HeaderAuth m_HeaderTypes.HeaderAuth) HeaderInfo { + return HeaderInfo{HeaderInfo_HeaderInfo{Body, RawHeader, EncryptionContext, Suite, HeaderAuth}} +} + +func (_this HeaderInfo) Is_HeaderInfo() bool { + _, ok := _this.Get_().(HeaderInfo_HeaderInfo) + return ok +} + +func (CompanionStruct_HeaderInfo_) Default() HeaderInfo { + return Companion_HeaderInfo_.Create_HeaderInfo_(m_HeaderTypes.Companion_HeaderBody_.Default(), _dafny.EmptySeq, _dafny.EmptyMap, m_AwsCryptographyMaterialProvidersTypes.Companion_AlgorithmSuiteInfo_.Default(), m_HeaderTypes.Companion_HeaderAuth_.Default()) +} + +func (_this HeaderInfo) Dtor_body() m_HeaderTypes.HeaderBody { + return _this.Get_().(HeaderInfo_HeaderInfo).Body +} + +func (_this HeaderInfo) Dtor_rawHeader() _dafny.Sequence { + return _this.Get_().(HeaderInfo_HeaderInfo).RawHeader +} + +func (_this HeaderInfo) Dtor_encryptionContext() _dafny.Map { + return _this.Get_().(HeaderInfo_HeaderInfo).EncryptionContext +} + +func (_this HeaderInfo) Dtor_suite() m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo { + return _this.Get_().(HeaderInfo_HeaderInfo).Suite +} + +func (_this HeaderInfo) Dtor_headerAuth() m_HeaderTypes.HeaderAuth { + return _this.Get_().(HeaderInfo_HeaderInfo).HeaderAuth +} + +func (_this HeaderInfo) String() string { + switch data := _this.Get_().(type) { + case nil: + return "null" + case HeaderInfo_HeaderInfo: + { + return "Header.HeaderInfo.HeaderInfo" + "(" + _dafny.String(data.Body) + ", " + _dafny.String(data.RawHeader) + ", " + _dafny.String(data.EncryptionContext) + ", " + _dafny.String(data.Suite) + ", " + _dafny.String(data.HeaderAuth) + ")" + } + default: + { + return "" + } + } +} + +func (_this HeaderInfo) Equals(other HeaderInfo) bool { + switch data1 := _this.Get_().(type) { + case HeaderInfo_HeaderInfo: + { + data2, ok := other.Get_().(HeaderInfo_HeaderInfo) + return ok && data1.Body.Equals(data2.Body) && data1.RawHeader.Equals(data2.RawHeader) && data1.EncryptionContext.Equals(data2.EncryptionContext) && data1.Suite.Equals(data2.Suite) && data1.HeaderAuth.Equals(data2.HeaderAuth) + } + default: + { + return false // unexpected + } + } +} + +func (_this HeaderInfo) EqualsGeneric(other interface{}) bool { + typed, ok := other.(HeaderInfo) + return ok && _this.Equals(typed) +} + +func Type_HeaderInfo_() _dafny.TypeDescriptor { + return type_HeaderInfo_{} +} + +type type_HeaderInfo_ struct { +} + +func (_this type_HeaderInfo_) Default() interface{} { + return Companion_HeaderInfo_.Default() +} + +func (_this type_HeaderInfo_) String() string { + return "Header.HeaderInfo" +} +func (_this HeaderInfo) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = HeaderInfo{} + +// End of datatype HeaderInfo + +// Definition of class Header +type Header struct { +} + +func New_Header_() *Header { + _this := Header{} + + return &_this +} + +type CompanionStruct_Header_ struct { +} + +var Companion_Header_ = CompanionStruct_Header_{} + +func (*Header) String() string { + return "Header.Header" +} + +// End of class Header + +func Type_Header_() _dafny.TypeDescriptor { + return type_Header_{} +} + +type type_Header_ struct { +} + +func (_this type_Header_) Default() interface{} { + return Companion_HeaderInfo_.Default() +} + +func (_this type_Header_) String() string { + return "Header.Header" +} diff --git a/releases/go/encryption-sdk/HeaderAuth/HeaderAuth.go b/releases/go/encryption-sdk/HeaderAuth/HeaderAuth.go new file mode 100644 index 000000000..58a9b9366 --- /dev/null +++ b/releases/go/encryption-sdk/HeaderAuth/HeaderAuth.go @@ -0,0 +1,403 @@ +// Package HeaderAuth +// Dafny module HeaderAuth compiled into Go + +package HeaderAuth + +import ( + os "os" + + m_ComAmazonawsDynamodbTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/ComAmazonawsDynamodbTypes" + m_Com_Amazonaws_Dynamodb "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/Com_Amazonaws_Dynamodb" + m_ComAmazonawsKmsTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/ComAmazonawsKmsTypes" + m_Com_Amazonaws_Kms "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/Com_Amazonaws_Kms" + m_AlgorithmSuites "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AlgorithmSuites" + m_AwsArnParsing "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsArnParsing" + m_AwsCryptographyKeyStoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreOperations" + m_AwsCryptographyKeyStoreTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreTypes" + m_AwsCryptographyMaterialProvidersOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersOperations" + m_AwsCryptographyMaterialProvidersTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + m_AwsKmsDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsDiscoveryKeyring" + m_AwsKmsEcdhKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsEcdhKeyring" + m_AwsKmsHierarchicalKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsHierarchicalKeyring" + m_AwsKmsKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsKeyring" + m_AwsKmsMrkAreUnique "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkAreUnique" + m_AwsKmsMrkDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkDiscoveryKeyring" + m_AwsKmsMrkKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkKeyring" + m_AwsKmsMrkMatchForDecrypt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkMatchForDecrypt" + m_AwsKmsRsaKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsRsaKeyring" + m_AwsKmsUtils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsUtils" + m_CMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CMM" + m_CacheConstants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CacheConstants" + m_CanonicalEncryptionContext "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CanonicalEncryptionContext" + m_Commitment "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Commitment" + m_Constants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Constants" + m_CreateKeyStoreTable "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeyStoreTable" + m_CreateKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeys" + m_DDBKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DDBKeystoreOperations" + m_DefaultCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultCMM" + m_DefaultClientSupplier "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultClientSupplier" + m_Defaults "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Defaults" + m_DiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DiscoveryMultiKeyring" + m_EcdhEdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EcdhEdkWrapping" + m_EdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EdkWrapping" + m_ErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/ErrorMessages" + m_GetKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/GetKeys" + m_IntermediateKeyWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/IntermediateKeyWrapping" + m_KMSKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KMSKeystoreOperations" + m_KeyStore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStore" + m_KeyStoreErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStoreErrorMessages" + m_Keyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Keyring" + m_KmsArn "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KmsArn" + m_LocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/LocalCMC" + m_MaterialProviders "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialProviders" + m_MaterialWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialWrapping" + m_Materials "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Materials" + m_MrkAwareDiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareDiscoveryMultiKeyring" + m_MrkAwareStrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareStrictMultiKeyring" + m_MultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MultiKeyring" + m_RawAESKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawAESKeyring" + m_RawECDHKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawECDHKeyring" + m_RawRSAKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawRSAKeyring" + m_RequiredEncryptionContextCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RequiredEncryptionContextCMM" + m_StormTracker "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTracker" + m_StormTrackingCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTrackingCMC" + m_StrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StrictMultiKeyring" + m_Structure "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Structure" + m_SynchronizedLocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/SynchronizedLocalCMC" + m_Utils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Utils" + m_AtomicPrimitives "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AtomicPrimitives" + m_AwsCryptographyPrimitivesOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesOperations" + m_AwsCryptographyPrimitivesTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesTypes" + m_Digest "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Digest" + m_HKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/HKDF" + m_KdfCtr "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/KdfCtr" + m_Random "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Random" + m_WrappedHKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHKDF" + m_WrappedHMAC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHMAC" + m_Actions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Actions" + m_Base64 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64" + m_Base64Lemmas "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64Lemmas" + m_BoundedInts "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/BoundedInts" + m_DivInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternals" + m_DivInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternalsNonlinear" + m_DivMod "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivMod" + m_FileIO "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FileIO" + m_FloatCompare "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FloatCompare" + m_Functions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Functions" + m_GeneralInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GeneralInternals" + m_GetOpt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GetOpt" + m_HexStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/HexStrings" + m_Logarithm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Logarithm" + m__Math "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Math_" + m_ModInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternals" + m_ModInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternalsNonlinear" + m_Mul "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Mul" + m_MulInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternals" + m_MulInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternalsNonlinear" + m_Power "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Power" + m_Relations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Relations" + m_Seq "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq" + m_Seq_MergeSort "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq_MergeSort" + m_Sorting "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Sorting" + m_StandardLibrary "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary" + m_StandardLibraryInterop "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibraryInterop" + m_StandardLibrary_Sequence "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_Sequence" + m_StandardLibrary_String "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_String" + m_StandardLibrary_UInt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_UInt" + m_Streams "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Streams" + m_UnicodeStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UnicodeStrings" + m__Unicode "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Unicode_" + m_Utf16EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf16EncodingForm" + m_Utf8EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf8EncodingForm" + m_Wrappers "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + m_AwsCryptographyEncryptionSdkTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + m_EncryptedDataKeys "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptedDataKeys" + m_EncryptionContext "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptionContext" + m_HeaderTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderTypes" + m_SerializableTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializableTypes" + m_SerializeFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializeFunctions" + m_SharedHeaderFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SharedHeaderFunctions" + m_V1HeaderBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/V1HeaderBody" + m_V2HeaderBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/V2HeaderBody" + m__System "github.com/dafny-lang/DafnyRuntimeGo/v4/System_" + _dafny "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +var _ = os.Args +var _ _dafny.Dummy__ +var _ m__System.Dummy__ +var _ m_Wrappers.Dummy__ +var _ m_BoundedInts.Dummy__ +var _ m_StandardLibrary_UInt.Dummy__ +var _ m_StandardLibrary_Sequence.Dummy__ +var _ m_StandardLibrary_String.Dummy__ +var _ m_StandardLibrary.Dummy__ +var _ m_AwsCryptographyPrimitivesTypes.Dummy__ +var _ m_Random.Dummy__ +var _ m_Digest.Dummy__ +var _ m_WrappedHMAC.Dummy__ +var _ m_HKDF.Dummy__ +var _ m_WrappedHKDF.Dummy__ +var _ m_KdfCtr.Dummy__ +var _ m_AwsCryptographyPrimitivesOperations.Dummy__ +var _ m_AtomicPrimitives.Dummy__ +var _ m_ComAmazonawsDynamodbTypes.Dummy__ +var _ m_ComAmazonawsKmsTypes.Dummy__ +var _ m_AwsCryptographyKeyStoreTypes.Dummy__ +var _ m_AwsCryptographyMaterialProvidersTypes.Dummy__ +var _ m_Base64.Dummy__ +var _ m_AlgorithmSuites.Dummy__ +var _ m_Materials.Dummy__ +var _ m_Keyring.Dummy__ +var _ m_Relations.Dummy__ +var _ m_Seq_MergeSort.Dummy__ +var _ m__Math.Dummy__ +var _ m_Seq.Dummy__ +var _ m_MultiKeyring.Dummy__ +var _ m_AwsArnParsing.Dummy__ +var _ m_AwsKmsMrkAreUnique.Dummy__ +var _ m_Actions.Dummy__ +var _ m_AwsKmsMrkMatchForDecrypt.Dummy__ +var _ m_AwsKmsUtils.Dummy__ +var _ m_Constants.Dummy__ +var _ m_MaterialWrapping.Dummy__ +var _ m_CanonicalEncryptionContext.Dummy__ +var _ m_IntermediateKeyWrapping.Dummy__ +var _ m_EdkWrapping.Dummy__ +var _ m_ErrorMessages.Dummy__ +var _ m_AwsKmsKeyring.Dummy__ +var _ m_StrictMultiKeyring.Dummy__ +var _ m_AwsKmsDiscoveryKeyring.Dummy__ +var _ m_Com_Amazonaws_Kms.Dummy__ +var _ m_Com_Amazonaws_Dynamodb.Dummy__ +var _ m_DiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkDiscoveryKeyring.Dummy__ +var _ m_MrkAwareDiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkKeyring.Dummy__ +var _ m_MrkAwareStrictMultiKeyring.Dummy__ +var _ m_LocalCMC.Dummy__ +var _ m_SynchronizedLocalCMC.Dummy__ +var _ m_StormTracker.Dummy__ +var _ m_StormTrackingCMC.Dummy__ +var _ m_CacheConstants.Dummy__ +var _ m_AwsKmsHierarchicalKeyring.Dummy__ +var _ m_AwsKmsRsaKeyring.Dummy__ +var _ m_EcdhEdkWrapping.Dummy__ +var _ m_RawECDHKeyring.Dummy__ +var _ m_AwsKmsEcdhKeyring.Dummy__ +var _ m_RawAESKeyring.Dummy__ +var _ m_RawRSAKeyring.Dummy__ +var _ m_CMM.Dummy__ +var _ m_Defaults.Dummy__ +var _ m_Commitment.Dummy__ +var _ m_DefaultCMM.Dummy__ +var _ m_DefaultClientSupplier.Dummy__ +var _ m_Utils.Dummy__ +var _ m_RequiredEncryptionContextCMM.Dummy__ +var _ m_AwsCryptographyMaterialProvidersOperations.Dummy__ +var _ m_MaterialProviders.Dummy__ +var _ m_KeyStoreErrorMessages.Dummy__ +var _ m_KmsArn.Dummy__ +var _ m_Structure.Dummy__ +var _ m_KMSKeystoreOperations.Dummy__ +var _ m_DDBKeystoreOperations.Dummy__ +var _ m_CreateKeys.Dummy__ +var _ m_CreateKeyStoreTable.Dummy__ +var _ m_GetKeys.Dummy__ +var _ m_AwsCryptographyKeyStoreOperations.Dummy__ +var _ m_KeyStore.Dummy__ +var _ m__Unicode.Dummy__ +var _ m_Functions.Dummy__ +var _ m_Utf8EncodingForm.Dummy__ +var _ m_Utf16EncodingForm.Dummy__ +var _ m_UnicodeStrings.Dummy__ +var _ m_FileIO.Dummy__ +var _ m_GeneralInternals.Dummy__ +var _ m_MulInternalsNonlinear.Dummy__ +var _ m_MulInternals.Dummy__ +var _ m_Mul.Dummy__ +var _ m_ModInternalsNonlinear.Dummy__ +var _ m_DivInternalsNonlinear.Dummy__ +var _ m_ModInternals.Dummy__ +var _ m_DivInternals.Dummy__ +var _ m_DivMod.Dummy__ +var _ m_Power.Dummy__ +var _ m_Logarithm.Dummy__ +var _ m_StandardLibraryInterop.Dummy__ +var _ m_Streams.Dummy__ +var _ m_Sorting.Dummy__ +var _ m_HexStrings.Dummy__ +var _ m_GetOpt.Dummy__ +var _ m_FloatCompare.Dummy__ +var _ m_Base64Lemmas.Dummy__ +var _ m_AwsCryptographyEncryptionSdkTypes.Dummy__ +var _ m_SerializableTypes.Dummy__ +var _ m_SerializeFunctions.Dummy__ +var _ m_EncryptionContext.Dummy__ +var _ m_HeaderTypes.Dummy__ +var _ m_SharedHeaderFunctions.Dummy__ +var _ m_EncryptedDataKeys.Dummy__ +var _ m_V1HeaderBody.Dummy__ +var _ m_V2HeaderBody.Dummy__ + +type Dummy__ struct{} + +// Definition of class Default__ +type Default__ struct { + dummy byte +} + +func New_Default___() *Default__ { + _this := Default__{} + + return &_this +} + +type CompanionStruct_Default___ struct { +} + +var Companion_Default___ = CompanionStruct_Default___{} + +func (_this *Default__) Equals(other *Default__) bool { + return _this == other +} + +func (_this *Default__) EqualsGeneric(x interface{}) bool { + other, ok := x.(*Default__) + return ok && _this.Equals(other) +} + +func (*Default__) String() string { + return "HeaderAuth.Default__" +} +func (_this *Default__) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = &Default__{} + +func (_static *CompanionStruct_Default___) WriteHeaderAuthTagV2(headerAuth m_HeaderTypes.HeaderAuth) _dafny.Sequence { + return m_SerializeFunctions.Companion_Default___.Write((headerAuth).Dtor_headerAuthTag()) +} +func (_static *CompanionStruct_Default___) WriteHeaderAuthTagV1(headerAuth m_HeaderTypes.HeaderAuth) _dafny.Sequence { + return _dafny.Companion_Sequence_.Concatenate(m_SerializeFunctions.Companion_Default___.Write((headerAuth).Dtor_headerIv()), m_SerializeFunctions.Companion_Default___.Write((headerAuth).Dtor_headerAuthTag())) +} +func (_static *CompanionStruct_Default___) WriteHeaderAuthTag(headerAuth m_HeaderTypes.HeaderAuth, suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo) m_Wrappers.Result { + var _source0 int32 = (suite).Dtor_messageVersion() + _ = _source0 + { + if (_source0) == (int32(1)) { + return m_Wrappers.Companion_Result_.Create_Success_(Companion_Default___.WriteHeaderAuthTagV1(headerAuth)) + } + } + { + if (_source0) == (int32(2)) { + return m_Wrappers.Companion_Result_.Create_Success_(Companion_Default___.WriteHeaderAuthTagV2(headerAuth)) + } + } + { + return m_Wrappers.Companion_Result_.Create_Failure_(m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Unexpected message version"))) + } +} +func (_static *CompanionStruct_Default___) ReadHeaderAuthTagV1(buffer m_SerializeFunctions.ReadableBuffer, suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read(buffer, _dafny.IntOfUint8(m_SerializableTypes.Companion_Default___.GetIvLength(suite))) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _1_headerIv m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _1_headerIv + var _2_valueOrError1 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read((_1_headerIv).Dtor_tail(), _dafny.IntOfUint8(m_SerializableTypes.Companion_Default___.GetTagLength(suite))) + _ = _2_valueOrError1 + if (_2_valueOrError1).IsFailure() { + return (_2_valueOrError1).PropagateFailure() + } else { + var _3_headerAuthTag m_SerializeFunctions.SuccessfulRead = (_2_valueOrError1).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _3_headerAuthTag + var _4_auth m_HeaderTypes.HeaderAuth = m_HeaderTypes.Companion_HeaderAuth_.Create_AESMac_((_1_headerIv).Dtor_data().(_dafny.Sequence), (_3_headerAuthTag).Dtor_data().(_dafny.Sequence)) + _ = _4_auth + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_4_auth, (_3_headerAuthTag).Dtor_tail())) + } + } +} +func (_static *CompanionStruct_Default___) ReadHeaderAuthTagV2(buffer m_SerializeFunctions.ReadableBuffer, suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo) m_Wrappers.Result { + var _0_headerIv _dafny.Sequence = _dafny.SeqCreate((_dafny.IntOfUint8(m_SerializableTypes.Companion_Default___.GetIvLength(suite))).Uint32(), func(coer6 func(_dafny.Int) uint8) func(_dafny.Int) interface{} { + return func(arg7 _dafny.Int) interface{} { + return coer6(arg7) + } + }(func(_1___v1 _dafny.Int) uint8 { + return uint8(0) + })) + _ = _0_headerIv + var _2_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read(buffer, _dafny.IntOfUint8(m_SerializableTypes.Companion_Default___.GetTagLength(suite))) + _ = _2_valueOrError0 + if (_2_valueOrError0).IsFailure() { + return (_2_valueOrError0).PropagateFailure() + } else { + var _3_headerAuthTag m_SerializeFunctions.SuccessfulRead = (_2_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _3_headerAuthTag + var _4_auth m_HeaderTypes.HeaderAuth = m_HeaderTypes.Companion_HeaderAuth_.Create_AESMac_(_0_headerIv, (_3_headerAuthTag).Dtor_data().(_dafny.Sequence)) + _ = _4_auth + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_4_auth, (_3_headerAuthTag).Dtor_tail())) + } +} +func (_static *CompanionStruct_Default___) ReadHeaderAuthTag(buffer m_SerializeFunctions.ReadableBuffer, suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo) m_Wrappers.Result { + var _source0 int32 = (suite).Dtor_messageVersion() + _ = _source0 + { + if (_source0) == (int32(1)) { + return Companion_Default___.ReadHeaderAuthTagV1(buffer, suite) + } + } + { + if (_source0) == (int32(2)) { + return Companion_Default___.ReadHeaderAuthTagV2(buffer, suite) + } + } + { + return m_Wrappers.Companion_Result_.Create_Failure_(m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Unexpected message version"))) + } +} + +// End of class Default__ + +// Definition of class AESMac +type AESMac struct { +} + +func New_AESMac_() *AESMac { + _this := AESMac{} + + return &_this +} + +type CompanionStruct_AESMac_ struct { +} + +var Companion_AESMac_ = CompanionStruct_AESMac_{} + +func (*AESMac) String() string { + return "HeaderAuth.AESMac" +} + +// End of class AESMac + +func Type_AESMac_() _dafny.TypeDescriptor { + return type_AESMac_{} +} + +type type_AESMac_ struct { +} + +func (_this type_AESMac_) Default() interface{} { + return m_HeaderTypes.Companion_HeaderAuth_.Default() +} + +func (_this type_AESMac_) String() string { + return "HeaderAuth.AESMac" +} +func (_this *CompanionStruct_AESMac_) Is_(__source m_HeaderTypes.HeaderAuth) bool { + var _0_a m_HeaderTypes.HeaderAuth = (__source) + _ = _0_a + return true +} diff --git a/releases/go/encryption-sdk/HeaderTypes/HeaderTypes.go b/releases/go/encryption-sdk/HeaderTypes/HeaderTypes.go new file mode 100644 index 000000000..954153735 --- /dev/null +++ b/releases/go/encryption-sdk/HeaderTypes/HeaderTypes.go @@ -0,0 +1,1111 @@ +// Package HeaderTypes +// Dafny module HeaderTypes compiled into Go + +package HeaderTypes + +import ( + os "os" + + m_ComAmazonawsDynamodbTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/ComAmazonawsDynamodbTypes" + m_Com_Amazonaws_Dynamodb "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/Com_Amazonaws_Dynamodb" + m_ComAmazonawsKmsTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/ComAmazonawsKmsTypes" + m_Com_Amazonaws_Kms "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/Com_Amazonaws_Kms" + m_AlgorithmSuites "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AlgorithmSuites" + m_AwsArnParsing "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsArnParsing" + m_AwsCryptographyKeyStoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreOperations" + m_AwsCryptographyKeyStoreTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreTypes" + m_AwsCryptographyMaterialProvidersOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersOperations" + m_AwsCryptographyMaterialProvidersTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + m_AwsKmsDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsDiscoveryKeyring" + m_AwsKmsEcdhKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsEcdhKeyring" + m_AwsKmsHierarchicalKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsHierarchicalKeyring" + m_AwsKmsKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsKeyring" + m_AwsKmsMrkAreUnique "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkAreUnique" + m_AwsKmsMrkDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkDiscoveryKeyring" + m_AwsKmsMrkKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkKeyring" + m_AwsKmsMrkMatchForDecrypt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkMatchForDecrypt" + m_AwsKmsRsaKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsRsaKeyring" + m_AwsKmsUtils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsUtils" + m_CMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CMM" + m_CacheConstants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CacheConstants" + m_CanonicalEncryptionContext "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CanonicalEncryptionContext" + m_Commitment "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Commitment" + m_Constants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Constants" + m_CreateKeyStoreTable "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeyStoreTable" + m_CreateKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeys" + m_DDBKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DDBKeystoreOperations" + m_DefaultCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultCMM" + m_DefaultClientSupplier "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultClientSupplier" + m_Defaults "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Defaults" + m_DiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DiscoveryMultiKeyring" + m_EcdhEdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EcdhEdkWrapping" + m_EdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EdkWrapping" + m_ErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/ErrorMessages" + m_GetKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/GetKeys" + m_IntermediateKeyWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/IntermediateKeyWrapping" + m_KMSKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KMSKeystoreOperations" + m_KeyStore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStore" + m_KeyStoreErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStoreErrorMessages" + m_Keyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Keyring" + m_KmsArn "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KmsArn" + m_LocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/LocalCMC" + m_MaterialProviders "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialProviders" + m_MaterialWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialWrapping" + m_Materials "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Materials" + m_MrkAwareDiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareDiscoveryMultiKeyring" + m_MrkAwareStrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareStrictMultiKeyring" + m_MultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MultiKeyring" + m_RawAESKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawAESKeyring" + m_RawECDHKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawECDHKeyring" + m_RawRSAKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawRSAKeyring" + m_RequiredEncryptionContextCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RequiredEncryptionContextCMM" + m_StormTracker "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTracker" + m_StormTrackingCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTrackingCMC" + m_StrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StrictMultiKeyring" + m_Structure "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Structure" + m_SynchronizedLocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/SynchronizedLocalCMC" + m_Utils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Utils" + m_AtomicPrimitives "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AtomicPrimitives" + m_AwsCryptographyPrimitivesOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesOperations" + m_AwsCryptographyPrimitivesTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesTypes" + m_Digest "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Digest" + m_HKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/HKDF" + m_KdfCtr "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/KdfCtr" + m_Random "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Random" + m_WrappedHKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHKDF" + m_WrappedHMAC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHMAC" + m_Actions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Actions" + m_Base64 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64" + m_Base64Lemmas "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64Lemmas" + m_BoundedInts "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/BoundedInts" + m_DivInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternals" + m_DivInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternalsNonlinear" + m_DivMod "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivMod" + m_FileIO "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FileIO" + m_FloatCompare "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FloatCompare" + m_Functions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Functions" + m_GeneralInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GeneralInternals" + m_GetOpt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GetOpt" + m_HexStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/HexStrings" + m_Logarithm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Logarithm" + m__Math "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Math_" + m_ModInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternals" + m_ModInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternalsNonlinear" + m_Mul "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Mul" + m_MulInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternals" + m_MulInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternalsNonlinear" + m_Power "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Power" + m_Relations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Relations" + m_Seq "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq" + m_Seq_MergeSort "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq_MergeSort" + m_Sorting "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Sorting" + m_StandardLibrary "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary" + m_StandardLibraryInterop "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibraryInterop" + m_StandardLibrary_Sequence "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_Sequence" + m_StandardLibrary_String "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_String" + m_StandardLibrary_UInt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_UInt" + m_Streams "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Streams" + m_UnicodeStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UnicodeStrings" + m__Unicode "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Unicode_" + m_Utf16EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf16EncodingForm" + m_Utf8EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf8EncodingForm" + m_Wrappers "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + m_AwsCryptographyEncryptionSdkTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + m_EncryptionContext "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptionContext" + m_SerializableTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializableTypes" + m_SerializeFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializeFunctions" + m__System "github.com/dafny-lang/DafnyRuntimeGo/v4/System_" + _dafny "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +var _ = os.Args +var _ _dafny.Dummy__ +var _ m__System.Dummy__ +var _ m_Wrappers.Dummy__ +var _ m_BoundedInts.Dummy__ +var _ m_StandardLibrary_UInt.Dummy__ +var _ m_StandardLibrary_Sequence.Dummy__ +var _ m_StandardLibrary_String.Dummy__ +var _ m_StandardLibrary.Dummy__ +var _ m_AwsCryptographyPrimitivesTypes.Dummy__ +var _ m_Random.Dummy__ +var _ m_Digest.Dummy__ +var _ m_WrappedHMAC.Dummy__ +var _ m_HKDF.Dummy__ +var _ m_WrappedHKDF.Dummy__ +var _ m_KdfCtr.Dummy__ +var _ m_AwsCryptographyPrimitivesOperations.Dummy__ +var _ m_AtomicPrimitives.Dummy__ +var _ m_ComAmazonawsDynamodbTypes.Dummy__ +var _ m_ComAmazonawsKmsTypes.Dummy__ +var _ m_AwsCryptographyKeyStoreTypes.Dummy__ +var _ m_AwsCryptographyMaterialProvidersTypes.Dummy__ +var _ m_Base64.Dummy__ +var _ m_AlgorithmSuites.Dummy__ +var _ m_Materials.Dummy__ +var _ m_Keyring.Dummy__ +var _ m_Relations.Dummy__ +var _ m_Seq_MergeSort.Dummy__ +var _ m__Math.Dummy__ +var _ m_Seq.Dummy__ +var _ m_MultiKeyring.Dummy__ +var _ m_AwsArnParsing.Dummy__ +var _ m_AwsKmsMrkAreUnique.Dummy__ +var _ m_Actions.Dummy__ +var _ m_AwsKmsMrkMatchForDecrypt.Dummy__ +var _ m_AwsKmsUtils.Dummy__ +var _ m_Constants.Dummy__ +var _ m_MaterialWrapping.Dummy__ +var _ m_CanonicalEncryptionContext.Dummy__ +var _ m_IntermediateKeyWrapping.Dummy__ +var _ m_EdkWrapping.Dummy__ +var _ m_ErrorMessages.Dummy__ +var _ m_AwsKmsKeyring.Dummy__ +var _ m_StrictMultiKeyring.Dummy__ +var _ m_AwsKmsDiscoveryKeyring.Dummy__ +var _ m_Com_Amazonaws_Kms.Dummy__ +var _ m_Com_Amazonaws_Dynamodb.Dummy__ +var _ m_DiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkDiscoveryKeyring.Dummy__ +var _ m_MrkAwareDiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkKeyring.Dummy__ +var _ m_MrkAwareStrictMultiKeyring.Dummy__ +var _ m_LocalCMC.Dummy__ +var _ m_SynchronizedLocalCMC.Dummy__ +var _ m_StormTracker.Dummy__ +var _ m_StormTrackingCMC.Dummy__ +var _ m_CacheConstants.Dummy__ +var _ m_AwsKmsHierarchicalKeyring.Dummy__ +var _ m_AwsKmsRsaKeyring.Dummy__ +var _ m_EcdhEdkWrapping.Dummy__ +var _ m_RawECDHKeyring.Dummy__ +var _ m_AwsKmsEcdhKeyring.Dummy__ +var _ m_RawAESKeyring.Dummy__ +var _ m_RawRSAKeyring.Dummy__ +var _ m_CMM.Dummy__ +var _ m_Defaults.Dummy__ +var _ m_Commitment.Dummy__ +var _ m_DefaultCMM.Dummy__ +var _ m_DefaultClientSupplier.Dummy__ +var _ m_Utils.Dummy__ +var _ m_RequiredEncryptionContextCMM.Dummy__ +var _ m_AwsCryptographyMaterialProvidersOperations.Dummy__ +var _ m_MaterialProviders.Dummy__ +var _ m_KeyStoreErrorMessages.Dummy__ +var _ m_KmsArn.Dummy__ +var _ m_Structure.Dummy__ +var _ m_KMSKeystoreOperations.Dummy__ +var _ m_DDBKeystoreOperations.Dummy__ +var _ m_CreateKeys.Dummy__ +var _ m_CreateKeyStoreTable.Dummy__ +var _ m_GetKeys.Dummy__ +var _ m_AwsCryptographyKeyStoreOperations.Dummy__ +var _ m_KeyStore.Dummy__ +var _ m__Unicode.Dummy__ +var _ m_Functions.Dummy__ +var _ m_Utf8EncodingForm.Dummy__ +var _ m_Utf16EncodingForm.Dummy__ +var _ m_UnicodeStrings.Dummy__ +var _ m_FileIO.Dummy__ +var _ m_GeneralInternals.Dummy__ +var _ m_MulInternalsNonlinear.Dummy__ +var _ m_MulInternals.Dummy__ +var _ m_Mul.Dummy__ +var _ m_ModInternalsNonlinear.Dummy__ +var _ m_DivInternalsNonlinear.Dummy__ +var _ m_ModInternals.Dummy__ +var _ m_DivInternals.Dummy__ +var _ m_DivMod.Dummy__ +var _ m_Power.Dummy__ +var _ m_Logarithm.Dummy__ +var _ m_StandardLibraryInterop.Dummy__ +var _ m_Streams.Dummy__ +var _ m_Sorting.Dummy__ +var _ m_HexStrings.Dummy__ +var _ m_GetOpt.Dummy__ +var _ m_FloatCompare.Dummy__ +var _ m_Base64Lemmas.Dummy__ +var _ m_AwsCryptographyEncryptionSdkTypes.Dummy__ +var _ m_SerializableTypes.Dummy__ +var _ m_SerializeFunctions.Dummy__ +var _ m_EncryptionContext.Dummy__ + +type Dummy__ struct{} + +// Definition of class Default__ +type Default__ struct { + dummy byte +} + +func New_Default___() *Default__ { + _this := Default__{} + + return &_this +} + +type CompanionStruct_Default___ struct { +} + +var Companion_Default___ = CompanionStruct_Default___{} + +func (_this *Default__) Equals(other *Default__) bool { + return _this == other +} + +func (_this *Default__) EqualsGeneric(x interface{}) bool { + other, ok := x.(*Default__) + return ok && _this.Equals(other) +} + +func (*Default__) String() string { + return "HeaderTypes.Default__" +} +func (_this *Default__) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = &Default__{} + +func (_static *CompanionStruct_Default___) MESSAGE__ID__LEN__V1() _dafny.Int { + return _dafny.IntOfInt64(16) +} +func (_static *CompanionStruct_Default___) MESSAGE__ID__LEN__V2() _dafny.Int { + return _dafny.IntOfInt64(32) +} + +// End of class Default__ + +// Definition of datatype MessageFormatVersion +type MessageFormatVersion struct { + Data_MessageFormatVersion_ +} + +func (_this MessageFormatVersion) Get_() Data_MessageFormatVersion_ { + return _this.Data_MessageFormatVersion_ +} + +type Data_MessageFormatVersion_ interface { + isMessageFormatVersion() +} + +type CompanionStruct_MessageFormatVersion_ struct { +} + +var Companion_MessageFormatVersion_ = CompanionStruct_MessageFormatVersion_{} + +type MessageFormatVersion_V1 struct { +} + +func (MessageFormatVersion_V1) isMessageFormatVersion() {} + +func (CompanionStruct_MessageFormatVersion_) Create_V1_() MessageFormatVersion { + return MessageFormatVersion{MessageFormatVersion_V1{}} +} + +func (_this MessageFormatVersion) Is_V1() bool { + _, ok := _this.Get_().(MessageFormatVersion_V1) + return ok +} + +type MessageFormatVersion_V2 struct { +} + +func (MessageFormatVersion_V2) isMessageFormatVersion() {} + +func (CompanionStruct_MessageFormatVersion_) Create_V2_() MessageFormatVersion { + return MessageFormatVersion{MessageFormatVersion_V2{}} +} + +func (_this MessageFormatVersion) Is_V2() bool { + _, ok := _this.Get_().(MessageFormatVersion_V2) + return ok +} + +func (CompanionStruct_MessageFormatVersion_) Default() MessageFormatVersion { + return Companion_MessageFormatVersion_.Create_V1_() +} + +func (_ CompanionStruct_MessageFormatVersion_) AllSingletonConstructors() _dafny.Iterator { + i := -1 + return func() (interface{}, bool) { + i++ + switch i { + case 0: + return Companion_MessageFormatVersion_.Create_V1_(), true + case 1: + return Companion_MessageFormatVersion_.Create_V2_(), true + default: + return MessageFormatVersion{}, false + } + } +} + +func (_this MessageFormatVersion) String() string { + switch _this.Get_().(type) { + case nil: + return "null" + case MessageFormatVersion_V1: + { + return "HeaderTypes.MessageFormatVersion.V1" + } + case MessageFormatVersion_V2: + { + return "HeaderTypes.MessageFormatVersion.V2" + } + default: + { + return "" + } + } +} + +func (_this MessageFormatVersion) Equals(other MessageFormatVersion) bool { + switch _this.Get_().(type) { + case MessageFormatVersion_V1: + { + _, ok := other.Get_().(MessageFormatVersion_V1) + return ok + } + case MessageFormatVersion_V2: + { + _, ok := other.Get_().(MessageFormatVersion_V2) + return ok + } + default: + { + return false // unexpected + } + } +} + +func (_this MessageFormatVersion) EqualsGeneric(other interface{}) bool { + typed, ok := other.(MessageFormatVersion) + return ok && _this.Equals(typed) +} + +func Type_MessageFormatVersion_() _dafny.TypeDescriptor { + return type_MessageFormatVersion_{} +} + +type type_MessageFormatVersion_ struct { +} + +func (_this type_MessageFormatVersion_) Default() interface{} { + return Companion_MessageFormatVersion_.Default() +} + +func (_this type_MessageFormatVersion_) String() string { + return "HeaderTypes.MessageFormatVersion" +} +func (_this MessageFormatVersion) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = MessageFormatVersion{} + +func (_this MessageFormatVersion) Serialize() _dafny.Sequence { + { + var _source0 MessageFormatVersion = _this + _ = _source0 + { + if _source0.Is_V1() { + return _dafny.SeqOf(uint8(1)) + } + } + { + return _dafny.SeqOf(uint8(2)) + } + } +} +func (_static CompanionStruct_MessageFormatVersion_) Get(x _dafny.Sequence) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need((_dafny.Companion_Sequence_.Equal(x, _dafny.SeqOf(uint8(1)))) || (_dafny.Companion_Sequence_.Equal(x, _dafny.SeqOf(uint8(2)))), _dafny.SeqOfString("Unsupported Version value.")) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + return m_Wrappers.Companion_Result_.Create_Success_(func() MessageFormatVersion { + var _source0 uint8 = (x).Select(0).(uint8) + _ = _source0 + { + if (_source0) == (uint8(1)) { + return Companion_MessageFormatVersion_.Create_V1_() + } + } + { + return Companion_MessageFormatVersion_.Create_V2_() + } + }()) + } +} + +// End of datatype MessageFormatVersion + +// Definition of class ESDKAlgorithmSuite +type ESDKAlgorithmSuite struct { +} + +func New_ESDKAlgorithmSuite_() *ESDKAlgorithmSuite { + _this := ESDKAlgorithmSuite{} + + return &_this +} + +type CompanionStruct_ESDKAlgorithmSuite_ struct { +} + +var Companion_ESDKAlgorithmSuite_ = CompanionStruct_ESDKAlgorithmSuite_{} + +func (*ESDKAlgorithmSuite) String() string { + return "HeaderTypes.ESDKAlgorithmSuite" +} + +// End of class ESDKAlgorithmSuite + +func Type_ESDKAlgorithmSuite_() _dafny.TypeDescriptor { + return type_ESDKAlgorithmSuite_{} +} + +type type_ESDKAlgorithmSuite_ struct { +} + +func (_this type_ESDKAlgorithmSuite_) Default() interface{} { + return m_AwsCryptographyMaterialProvidersTypes.Companion_AlgorithmSuiteInfo_.Default() +} + +func (_this type_ESDKAlgorithmSuite_) String() string { + return "HeaderTypes.ESDKAlgorithmSuite" +} + +// Definition of datatype HeaderBody +type HeaderBody struct { + Data_HeaderBody_ +} + +func (_this HeaderBody) Get_() Data_HeaderBody_ { + return _this.Data_HeaderBody_ +} + +type Data_HeaderBody_ interface { + isHeaderBody() +} + +type CompanionStruct_HeaderBody_ struct { +} + +var Companion_HeaderBody_ = CompanionStruct_HeaderBody_{} + +type HeaderBody_V1HeaderBody struct { + MessageType MessageType + AlgorithmSuite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo + MessageId _dafny.Sequence + EncryptionContext _dafny.Sequence + EncryptedDataKeys _dafny.Sequence + ContentType ContentType + HeaderIvLength _dafny.Int + FrameLength uint32 +} + +func (HeaderBody_V1HeaderBody) isHeaderBody() {} + +func (CompanionStruct_HeaderBody_) Create_V1HeaderBody_(MessageType MessageType, AlgorithmSuite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo, MessageId _dafny.Sequence, EncryptionContext _dafny.Sequence, EncryptedDataKeys _dafny.Sequence, ContentType ContentType, HeaderIvLength _dafny.Int, FrameLength uint32) HeaderBody { + return HeaderBody{HeaderBody_V1HeaderBody{MessageType, AlgorithmSuite, MessageId, EncryptionContext, EncryptedDataKeys, ContentType, HeaderIvLength, FrameLength}} +} + +func (_this HeaderBody) Is_V1HeaderBody() bool { + _, ok := _this.Get_().(HeaderBody_V1HeaderBody) + return ok +} + +type HeaderBody_V2HeaderBody struct { + AlgorithmSuite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo + MessageId _dafny.Sequence + EncryptionContext _dafny.Sequence + EncryptedDataKeys _dafny.Sequence + ContentType ContentType + FrameLength uint32 + SuiteData _dafny.Sequence +} + +func (HeaderBody_V2HeaderBody) isHeaderBody() {} + +func (CompanionStruct_HeaderBody_) Create_V2HeaderBody_(AlgorithmSuite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo, MessageId _dafny.Sequence, EncryptionContext _dafny.Sequence, EncryptedDataKeys _dafny.Sequence, ContentType ContentType, FrameLength uint32, SuiteData _dafny.Sequence) HeaderBody { + return HeaderBody{HeaderBody_V2HeaderBody{AlgorithmSuite, MessageId, EncryptionContext, EncryptedDataKeys, ContentType, FrameLength, SuiteData}} +} + +func (_this HeaderBody) Is_V2HeaderBody() bool { + _, ok := _this.Get_().(HeaderBody_V2HeaderBody) + return ok +} + +func (CompanionStruct_HeaderBody_) Default() HeaderBody { + return Companion_HeaderBody_.Create_V1HeaderBody_(Companion_MessageType_.Default(), m_AwsCryptographyMaterialProvidersTypes.Companion_AlgorithmSuiteInfo_.Default(), _dafny.EmptySeq, _dafny.EmptySeq, _dafny.EmptySeq, Companion_ContentType_.Default(), _dafny.Zero, uint32(0)) +} + +func (_this HeaderBody) Dtor_messageType() MessageType { + return _this.Get_().(HeaderBody_V1HeaderBody).MessageType +} + +func (_this HeaderBody) Dtor_algorithmSuite() m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo { + switch data := _this.Get_().(type) { + case HeaderBody_V1HeaderBody: + return data.AlgorithmSuite + default: + return data.(HeaderBody_V2HeaderBody).AlgorithmSuite + } +} + +func (_this HeaderBody) Dtor_messageId() _dafny.Sequence { + switch data := _this.Get_().(type) { + case HeaderBody_V1HeaderBody: + return data.MessageId + default: + return data.(HeaderBody_V2HeaderBody).MessageId + } +} + +func (_this HeaderBody) Dtor_encryptionContext() _dafny.Sequence { + switch data := _this.Get_().(type) { + case HeaderBody_V1HeaderBody: + return data.EncryptionContext + default: + return data.(HeaderBody_V2HeaderBody).EncryptionContext + } +} + +func (_this HeaderBody) Dtor_encryptedDataKeys() _dafny.Sequence { + switch data := _this.Get_().(type) { + case HeaderBody_V1HeaderBody: + return data.EncryptedDataKeys + default: + return data.(HeaderBody_V2HeaderBody).EncryptedDataKeys + } +} + +func (_this HeaderBody) Dtor_contentType() ContentType { + switch data := _this.Get_().(type) { + case HeaderBody_V1HeaderBody: + return data.ContentType + default: + return data.(HeaderBody_V2HeaderBody).ContentType + } +} + +func (_this HeaderBody) Dtor_headerIvLength() _dafny.Int { + return _this.Get_().(HeaderBody_V1HeaderBody).HeaderIvLength +} + +func (_this HeaderBody) Dtor_frameLength() uint32 { + switch data := _this.Get_().(type) { + case HeaderBody_V1HeaderBody: + return data.FrameLength + default: + return data.(HeaderBody_V2HeaderBody).FrameLength + } +} + +func (_this HeaderBody) Dtor_suiteData() _dafny.Sequence { + return _this.Get_().(HeaderBody_V2HeaderBody).SuiteData +} + +func (_this HeaderBody) String() string { + switch data := _this.Get_().(type) { + case nil: + return "null" + case HeaderBody_V1HeaderBody: + { + return "HeaderTypes.HeaderBody.V1HeaderBody" + "(" + _dafny.String(data.MessageType) + ", " + _dafny.String(data.AlgorithmSuite) + ", " + _dafny.String(data.MessageId) + ", " + _dafny.String(data.EncryptionContext) + ", " + _dafny.String(data.EncryptedDataKeys) + ", " + _dafny.String(data.ContentType) + ", " + _dafny.String(data.HeaderIvLength) + ", " + _dafny.String(data.FrameLength) + ")" + } + case HeaderBody_V2HeaderBody: + { + return "HeaderTypes.HeaderBody.V2HeaderBody" + "(" + _dafny.String(data.AlgorithmSuite) + ", " + _dafny.String(data.MessageId) + ", " + _dafny.String(data.EncryptionContext) + ", " + _dafny.String(data.EncryptedDataKeys) + ", " + _dafny.String(data.ContentType) + ", " + _dafny.String(data.FrameLength) + ", " + _dafny.String(data.SuiteData) + ")" + } + default: + { + return "" + } + } +} + +func (_this HeaderBody) Equals(other HeaderBody) bool { + switch data1 := _this.Get_().(type) { + case HeaderBody_V1HeaderBody: + { + data2, ok := other.Get_().(HeaderBody_V1HeaderBody) + return ok && data1.MessageType.Equals(data2.MessageType) && data1.AlgorithmSuite.Equals(data2.AlgorithmSuite) && data1.MessageId.Equals(data2.MessageId) && data1.EncryptionContext.Equals(data2.EncryptionContext) && data1.EncryptedDataKeys.Equals(data2.EncryptedDataKeys) && data1.ContentType.Equals(data2.ContentType) && data1.HeaderIvLength.Cmp(data2.HeaderIvLength) == 0 && data1.FrameLength == data2.FrameLength + } + case HeaderBody_V2HeaderBody: + { + data2, ok := other.Get_().(HeaderBody_V2HeaderBody) + return ok && data1.AlgorithmSuite.Equals(data2.AlgorithmSuite) && data1.MessageId.Equals(data2.MessageId) && data1.EncryptionContext.Equals(data2.EncryptionContext) && data1.EncryptedDataKeys.Equals(data2.EncryptedDataKeys) && data1.ContentType.Equals(data2.ContentType) && data1.FrameLength == data2.FrameLength && data1.SuiteData.Equals(data2.SuiteData) + } + default: + { + return false // unexpected + } + } +} + +func (_this HeaderBody) EqualsGeneric(other interface{}) bool { + typed, ok := other.(HeaderBody) + return ok && _this.Equals(typed) +} + +func Type_HeaderBody_() _dafny.TypeDescriptor { + return type_HeaderBody_{} +} + +type type_HeaderBody_ struct { +} + +func (_this type_HeaderBody_) Default() interface{} { + return Companion_HeaderBody_.Default() +} + +func (_this type_HeaderBody_) String() string { + return "HeaderTypes.HeaderBody" +} +func (_this HeaderBody) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = HeaderBody{} + +// End of datatype HeaderBody + +// Definition of datatype HeaderAuth +type HeaderAuth struct { + Data_HeaderAuth_ +} + +func (_this HeaderAuth) Get_() Data_HeaderAuth_ { + return _this.Data_HeaderAuth_ +} + +type Data_HeaderAuth_ interface { + isHeaderAuth() +} + +type CompanionStruct_HeaderAuth_ struct { +} + +var Companion_HeaderAuth_ = CompanionStruct_HeaderAuth_{} + +type HeaderAuth_AESMac struct { + HeaderIv _dafny.Sequence + HeaderAuthTag _dafny.Sequence +} + +func (HeaderAuth_AESMac) isHeaderAuth() {} + +func (CompanionStruct_HeaderAuth_) Create_AESMac_(HeaderIv _dafny.Sequence, HeaderAuthTag _dafny.Sequence) HeaderAuth { + return HeaderAuth{HeaderAuth_AESMac{HeaderIv, HeaderAuthTag}} +} + +func (_this HeaderAuth) Is_AESMac() bool { + _, ok := _this.Get_().(HeaderAuth_AESMac) + return ok +} + +func (CompanionStruct_HeaderAuth_) Default() HeaderAuth { + return Companion_HeaderAuth_.Create_AESMac_(_dafny.EmptySeq, _dafny.EmptySeq) +} + +func (_this HeaderAuth) Dtor_headerIv() _dafny.Sequence { + return _this.Get_().(HeaderAuth_AESMac).HeaderIv +} + +func (_this HeaderAuth) Dtor_headerAuthTag() _dafny.Sequence { + return _this.Get_().(HeaderAuth_AESMac).HeaderAuthTag +} + +func (_this HeaderAuth) String() string { + switch data := _this.Get_().(type) { + case nil: + return "null" + case HeaderAuth_AESMac: + { + return "HeaderTypes.HeaderAuth.AESMac" + "(" + _dafny.String(data.HeaderIv) + ", " + _dafny.String(data.HeaderAuthTag) + ")" + } + default: + { + return "" + } + } +} + +func (_this HeaderAuth) Equals(other HeaderAuth) bool { + switch data1 := _this.Get_().(type) { + case HeaderAuth_AESMac: + { + data2, ok := other.Get_().(HeaderAuth_AESMac) + return ok && data1.HeaderIv.Equals(data2.HeaderIv) && data1.HeaderAuthTag.Equals(data2.HeaderAuthTag) + } + default: + { + return false // unexpected + } + } +} + +func (_this HeaderAuth) EqualsGeneric(other interface{}) bool { + typed, ok := other.(HeaderAuth) + return ok && _this.Equals(typed) +} + +func Type_HeaderAuth_() _dafny.TypeDescriptor { + return type_HeaderAuth_{} +} + +type type_HeaderAuth_ struct { +} + +func (_this type_HeaderAuth_) Default() interface{} { + return Companion_HeaderAuth_.Default() +} + +func (_this type_HeaderAuth_) String() string { + return "HeaderTypes.HeaderAuth" +} +func (_this HeaderAuth) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = HeaderAuth{} + +// End of datatype HeaderAuth + +// Definition of datatype MessageType +type MessageType struct { + Data_MessageType_ +} + +func (_this MessageType) Get_() Data_MessageType_ { + return _this.Data_MessageType_ +} + +type Data_MessageType_ interface { + isMessageType() +} + +type CompanionStruct_MessageType_ struct { +} + +var Companion_MessageType_ = CompanionStruct_MessageType_{} + +type MessageType_TYPE__CUSTOMER__AED struct { +} + +func (MessageType_TYPE__CUSTOMER__AED) isMessageType() {} + +func (CompanionStruct_MessageType_) Create_TYPE__CUSTOMER__AED_() MessageType { + return MessageType{MessageType_TYPE__CUSTOMER__AED{}} +} + +func (_this MessageType) Is_TYPE__CUSTOMER__AED() bool { + _, ok := _this.Get_().(MessageType_TYPE__CUSTOMER__AED) + return ok +} + +func (CompanionStruct_MessageType_) Default() MessageType { + return Companion_MessageType_.Create_TYPE__CUSTOMER__AED_() +} + +func (_ CompanionStruct_MessageType_) AllSingletonConstructors() _dafny.Iterator { + i := -1 + return func() (interface{}, bool) { + i++ + switch i { + case 0: + return Companion_MessageType_.Create_TYPE__CUSTOMER__AED_(), true + default: + return MessageType{}, false + } + } +} + +func (_this MessageType) String() string { + switch _this.Get_().(type) { + case nil: + return "null" + case MessageType_TYPE__CUSTOMER__AED: + { + return "HeaderTypes.MessageType.TYPE_CUSTOMER_AED" + } + default: + { + return "" + } + } +} + +func (_this MessageType) Equals(other MessageType) bool { + switch _this.Get_().(type) { + case MessageType_TYPE__CUSTOMER__AED: + { + _, ok := other.Get_().(MessageType_TYPE__CUSTOMER__AED) + return ok + } + default: + { + return false // unexpected + } + } +} + +func (_this MessageType) EqualsGeneric(other interface{}) bool { + typed, ok := other.(MessageType) + return ok && _this.Equals(typed) +} + +func Type_MessageType_() _dafny.TypeDescriptor { + return type_MessageType_{} +} + +type type_MessageType_ struct { +} + +func (_this type_MessageType_) Default() interface{} { + return Companion_MessageType_.Default() +} + +func (_this type_MessageType_) String() string { + return "HeaderTypes.MessageType" +} +func (_this MessageType) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = MessageType{} + +func (_this MessageType) Serialize() uint8 { + { + var _source0 MessageType = _this + _ = _source0 + { + return uint8(128) + } + } +} +func (_static CompanionStruct_MessageType_) Get(x uint8) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need((x) == (uint8(128)), _dafny.SeqOfString("Unsupported ContentType value.")) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + return m_Wrappers.Companion_Result_.Create_Success_(func() MessageType { + var _source0 uint8 = x + _ = _source0 + { + return Companion_MessageType_.Create_TYPE__CUSTOMER__AED_() + } + }()) + } +} + +// End of datatype MessageType + +// Definition of datatype ContentType +type ContentType struct { + Data_ContentType_ +} + +func (_this ContentType) Get_() Data_ContentType_ { + return _this.Data_ContentType_ +} + +type Data_ContentType_ interface { + isContentType() +} + +type CompanionStruct_ContentType_ struct { +} + +var Companion_ContentType_ = CompanionStruct_ContentType_{} + +type ContentType_NonFramed struct { +} + +func (ContentType_NonFramed) isContentType() {} + +func (CompanionStruct_ContentType_) Create_NonFramed_() ContentType { + return ContentType{ContentType_NonFramed{}} +} + +func (_this ContentType) Is_NonFramed() bool { + _, ok := _this.Get_().(ContentType_NonFramed) + return ok +} + +type ContentType_Framed struct { +} + +func (ContentType_Framed) isContentType() {} + +func (CompanionStruct_ContentType_) Create_Framed_() ContentType { + return ContentType{ContentType_Framed{}} +} + +func (_this ContentType) Is_Framed() bool { + _, ok := _this.Get_().(ContentType_Framed) + return ok +} + +func (CompanionStruct_ContentType_) Default() ContentType { + return Companion_ContentType_.Create_NonFramed_() +} + +func (_ CompanionStruct_ContentType_) AllSingletonConstructors() _dafny.Iterator { + i := -1 + return func() (interface{}, bool) { + i++ + switch i { + case 0: + return Companion_ContentType_.Create_NonFramed_(), true + case 1: + return Companion_ContentType_.Create_Framed_(), true + default: + return ContentType{}, false + } + } +} + +func (_this ContentType) String() string { + switch _this.Get_().(type) { + case nil: + return "null" + case ContentType_NonFramed: + { + return "HeaderTypes.ContentType.NonFramed" + } + case ContentType_Framed: + { + return "HeaderTypes.ContentType.Framed" + } + default: + { + return "" + } + } +} + +func (_this ContentType) Equals(other ContentType) bool { + switch _this.Get_().(type) { + case ContentType_NonFramed: + { + _, ok := other.Get_().(ContentType_NonFramed) + return ok + } + case ContentType_Framed: + { + _, ok := other.Get_().(ContentType_Framed) + return ok + } + default: + { + return false // unexpected + } + } +} + +func (_this ContentType) EqualsGeneric(other interface{}) bool { + typed, ok := other.(ContentType) + return ok && _this.Equals(typed) +} + +func Type_ContentType_() _dafny.TypeDescriptor { + return type_ContentType_{} +} + +type type_ContentType_ struct { +} + +func (_this type_ContentType_) Default() interface{} { + return Companion_ContentType_.Default() +} + +func (_this type_ContentType_) String() string { + return "HeaderTypes.ContentType" +} +func (_this ContentType) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = ContentType{} + +func (_this ContentType) Serialize() uint8 { + { + var _source0 ContentType = _this + _ = _source0 + { + if _source0.Is_NonFramed() { + return uint8(1) + } + } + { + return uint8(2) + } + } +} +func (_static CompanionStruct_ContentType_) Get(x uint8) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need(((x) == (uint8(1))) || ((x) == (uint8(2))), _dafny.SeqOfString("Unsupported ContentType value.")) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + return m_Wrappers.Companion_Result_.Create_Success_(func() ContentType { + var _source0 uint8 = x + _ = _source0 + { + if (_source0) == (uint8(1)) { + return Companion_ContentType_.Create_NonFramed_() + } + } + { + return Companion_ContentType_.Create_Framed_() + } + }()) + } +} + +// End of datatype ContentType + +// Definition of class MessageId +type MessageId struct { +} + +func New_MessageId_() *MessageId { + _this := MessageId{} + + return &_this +} + +type CompanionStruct_MessageId_ struct { +} + +var Companion_MessageId_ = CompanionStruct_MessageId_{} + +func (*MessageId) String() string { + return "HeaderTypes.MessageId" +} + +// End of class MessageId + +func Type_MessageId_() _dafny.TypeDescriptor { + return type_MessageId_{} +} + +type type_MessageId_ struct { +} + +func (_this type_MessageId_) Default() interface{} { + return _dafny.EmptySeq +} + +func (_this type_MessageId_) String() string { + return "HeaderTypes.MessageId" +} +func (_this *CompanionStruct_MessageId_) Is_(__source _dafny.Sequence) bool { + var _1_x _dafny.Sequence = (__source) + _ = _1_x + return ((_dafny.IntOfUint32((_1_x).Cardinality())).Cmp(Companion_Default___.MESSAGE__ID__LEN__V1()) == 0) || ((_dafny.IntOfUint32((_1_x).Cardinality())).Cmp(Companion_Default___.MESSAGE__ID__LEN__V2()) == 0) +} diff --git a/releases/go/encryption-sdk/KeyDerivation/KeyDerivation.go b/releases/go/encryption-sdk/KeyDerivation/KeyDerivation.go new file mode 100644 index 000000000..a824a717f --- /dev/null +++ b/releases/go/encryption-sdk/KeyDerivation/KeyDerivation.go @@ -0,0 +1,664 @@ +// Package KeyDerivation +// Dafny module KeyDerivation compiled into Go + +package KeyDerivation + +import ( + os "os" + + m_ComAmazonawsDynamodbTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/ComAmazonawsDynamodbTypes" + m_Com_Amazonaws_Dynamodb "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/Com_Amazonaws_Dynamodb" + m_ComAmazonawsKmsTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/ComAmazonawsKmsTypes" + m_Com_Amazonaws_Kms "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/Com_Amazonaws_Kms" + m_AlgorithmSuites "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AlgorithmSuites" + m_AwsArnParsing "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsArnParsing" + m_AwsCryptographyKeyStoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreOperations" + m_AwsCryptographyKeyStoreTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreTypes" + m_AwsCryptographyMaterialProvidersOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersOperations" + m_AwsCryptographyMaterialProvidersTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + m_AwsKmsDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsDiscoveryKeyring" + m_AwsKmsEcdhKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsEcdhKeyring" + m_AwsKmsHierarchicalKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsHierarchicalKeyring" + m_AwsKmsKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsKeyring" + m_AwsKmsMrkAreUnique "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkAreUnique" + m_AwsKmsMrkDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkDiscoveryKeyring" + m_AwsKmsMrkKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkKeyring" + m_AwsKmsMrkMatchForDecrypt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkMatchForDecrypt" + m_AwsKmsRsaKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsRsaKeyring" + m_AwsKmsUtils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsUtils" + m_CMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CMM" + m_CacheConstants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CacheConstants" + m_CanonicalEncryptionContext "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CanonicalEncryptionContext" + m_Commitment "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Commitment" + m_Constants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Constants" + m_CreateKeyStoreTable "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeyStoreTable" + m_CreateKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeys" + m_DDBKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DDBKeystoreOperations" + m_DefaultCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultCMM" + m_DefaultClientSupplier "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultClientSupplier" + m_Defaults "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Defaults" + m_DiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DiscoveryMultiKeyring" + m_EcdhEdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EcdhEdkWrapping" + m_EdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EdkWrapping" + m_ErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/ErrorMessages" + m_GetKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/GetKeys" + m_IntermediateKeyWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/IntermediateKeyWrapping" + m_KMSKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KMSKeystoreOperations" + m_KeyStore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStore" + m_KeyStoreErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStoreErrorMessages" + m_Keyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Keyring" + m_KmsArn "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KmsArn" + m_LocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/LocalCMC" + m_MaterialProviders "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialProviders" + m_MaterialWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialWrapping" + m_Materials "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Materials" + m_MrkAwareDiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareDiscoveryMultiKeyring" + m_MrkAwareStrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareStrictMultiKeyring" + m_MultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MultiKeyring" + m_RawAESKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawAESKeyring" + m_RawECDHKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawECDHKeyring" + m_RawRSAKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawRSAKeyring" + m_RequiredEncryptionContextCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RequiredEncryptionContextCMM" + m_StormTracker "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTracker" + m_StormTrackingCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTrackingCMC" + m_StrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StrictMultiKeyring" + m_Structure "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Structure" + m_SynchronizedLocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/SynchronizedLocalCMC" + m_Utils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Utils" + m_AtomicPrimitives "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AtomicPrimitives" + m_AwsCryptographyPrimitivesOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesOperations" + m_AwsCryptographyPrimitivesTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesTypes" + m_Digest "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Digest" + m_HKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/HKDF" + m_KdfCtr "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/KdfCtr" + m_Random "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Random" + m_WrappedHKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHKDF" + m_WrappedHMAC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHMAC" + m_Actions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Actions" + m_Base64 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64" + m_Base64Lemmas "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64Lemmas" + m_BoundedInts "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/BoundedInts" + m_DivInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternals" + m_DivInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternalsNonlinear" + m_DivMod "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivMod" + m_FileIO "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FileIO" + m_FloatCompare "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FloatCompare" + m_Functions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Functions" + m_GeneralInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GeneralInternals" + m_GetOpt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GetOpt" + m_HexStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/HexStrings" + m_Logarithm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Logarithm" + m__Math "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Math_" + m_ModInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternals" + m_ModInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternalsNonlinear" + m_Mul "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Mul" + m_MulInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternals" + m_MulInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternalsNonlinear" + m_Power "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Power" + m_Relations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Relations" + m_Seq "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq" + m_Seq_MergeSort "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq_MergeSort" + m_Sorting "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Sorting" + m_StandardLibrary "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary" + m_StandardLibraryInterop "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibraryInterop" + m_StandardLibrary_Sequence "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_Sequence" + m_StandardLibrary_String "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_String" + m_StandardLibrary_UInt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_UInt" + m_Streams "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Streams" + m_UnicodeStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UnicodeStrings" + m__Unicode "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Unicode_" + m_Utf16EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf16EncodingForm" + m_Utf8EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf8EncodingForm" + m_Wrappers "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + m_AwsCryptographyEncryptionSdkTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + m_EncryptedDataKeys "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptedDataKeys" + m_EncryptionContext "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptionContext" + m_Frames "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/Frames" + m_Header "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/Header" + m_HeaderAuth "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderAuth" + m_HeaderTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderTypes" + m_MessageBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/MessageBody" + m_SerializableTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializableTypes" + m_SerializeFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializeFunctions" + m_SharedHeaderFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SharedHeaderFunctions" + m_V1HeaderBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/V1HeaderBody" + m_V2HeaderBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/V2HeaderBody" + m__System "github.com/dafny-lang/DafnyRuntimeGo/v4/System_" + _dafny "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +var _ = os.Args +var _ _dafny.Dummy__ +var _ m__System.Dummy__ +var _ m_Wrappers.Dummy__ +var _ m_BoundedInts.Dummy__ +var _ m_StandardLibrary_UInt.Dummy__ +var _ m_StandardLibrary_Sequence.Dummy__ +var _ m_StandardLibrary_String.Dummy__ +var _ m_StandardLibrary.Dummy__ +var _ m_AwsCryptographyPrimitivesTypes.Dummy__ +var _ m_Random.Dummy__ +var _ m_Digest.Dummy__ +var _ m_WrappedHMAC.Dummy__ +var _ m_HKDF.Dummy__ +var _ m_WrappedHKDF.Dummy__ +var _ m_KdfCtr.Dummy__ +var _ m_AwsCryptographyPrimitivesOperations.Dummy__ +var _ m_AtomicPrimitives.Dummy__ +var _ m_ComAmazonawsDynamodbTypes.Dummy__ +var _ m_ComAmazonawsKmsTypes.Dummy__ +var _ m_AwsCryptographyKeyStoreTypes.Dummy__ +var _ m_AwsCryptographyMaterialProvidersTypes.Dummy__ +var _ m_Base64.Dummy__ +var _ m_AlgorithmSuites.Dummy__ +var _ m_Materials.Dummy__ +var _ m_Keyring.Dummy__ +var _ m_Relations.Dummy__ +var _ m_Seq_MergeSort.Dummy__ +var _ m__Math.Dummy__ +var _ m_Seq.Dummy__ +var _ m_MultiKeyring.Dummy__ +var _ m_AwsArnParsing.Dummy__ +var _ m_AwsKmsMrkAreUnique.Dummy__ +var _ m_Actions.Dummy__ +var _ m_AwsKmsMrkMatchForDecrypt.Dummy__ +var _ m_AwsKmsUtils.Dummy__ +var _ m_Constants.Dummy__ +var _ m_MaterialWrapping.Dummy__ +var _ m_CanonicalEncryptionContext.Dummy__ +var _ m_IntermediateKeyWrapping.Dummy__ +var _ m_EdkWrapping.Dummy__ +var _ m_ErrorMessages.Dummy__ +var _ m_AwsKmsKeyring.Dummy__ +var _ m_StrictMultiKeyring.Dummy__ +var _ m_AwsKmsDiscoveryKeyring.Dummy__ +var _ m_Com_Amazonaws_Kms.Dummy__ +var _ m_Com_Amazonaws_Dynamodb.Dummy__ +var _ m_DiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkDiscoveryKeyring.Dummy__ +var _ m_MrkAwareDiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkKeyring.Dummy__ +var _ m_MrkAwareStrictMultiKeyring.Dummy__ +var _ m_LocalCMC.Dummy__ +var _ m_SynchronizedLocalCMC.Dummy__ +var _ m_StormTracker.Dummy__ +var _ m_StormTrackingCMC.Dummy__ +var _ m_CacheConstants.Dummy__ +var _ m_AwsKmsHierarchicalKeyring.Dummy__ +var _ m_AwsKmsRsaKeyring.Dummy__ +var _ m_EcdhEdkWrapping.Dummy__ +var _ m_RawECDHKeyring.Dummy__ +var _ m_AwsKmsEcdhKeyring.Dummy__ +var _ m_RawAESKeyring.Dummy__ +var _ m_RawRSAKeyring.Dummy__ +var _ m_CMM.Dummy__ +var _ m_Defaults.Dummy__ +var _ m_Commitment.Dummy__ +var _ m_DefaultCMM.Dummy__ +var _ m_DefaultClientSupplier.Dummy__ +var _ m_Utils.Dummy__ +var _ m_RequiredEncryptionContextCMM.Dummy__ +var _ m_AwsCryptographyMaterialProvidersOperations.Dummy__ +var _ m_MaterialProviders.Dummy__ +var _ m_KeyStoreErrorMessages.Dummy__ +var _ m_KmsArn.Dummy__ +var _ m_Structure.Dummy__ +var _ m_KMSKeystoreOperations.Dummy__ +var _ m_DDBKeystoreOperations.Dummy__ +var _ m_CreateKeys.Dummy__ +var _ m_CreateKeyStoreTable.Dummy__ +var _ m_GetKeys.Dummy__ +var _ m_AwsCryptographyKeyStoreOperations.Dummy__ +var _ m_KeyStore.Dummy__ +var _ m__Unicode.Dummy__ +var _ m_Functions.Dummy__ +var _ m_Utf8EncodingForm.Dummy__ +var _ m_Utf16EncodingForm.Dummy__ +var _ m_UnicodeStrings.Dummy__ +var _ m_FileIO.Dummy__ +var _ m_GeneralInternals.Dummy__ +var _ m_MulInternalsNonlinear.Dummy__ +var _ m_MulInternals.Dummy__ +var _ m_Mul.Dummy__ +var _ m_ModInternalsNonlinear.Dummy__ +var _ m_DivInternalsNonlinear.Dummy__ +var _ m_ModInternals.Dummy__ +var _ m_DivInternals.Dummy__ +var _ m_DivMod.Dummy__ +var _ m_Power.Dummy__ +var _ m_Logarithm.Dummy__ +var _ m_StandardLibraryInterop.Dummy__ +var _ m_Streams.Dummy__ +var _ m_Sorting.Dummy__ +var _ m_HexStrings.Dummy__ +var _ m_GetOpt.Dummy__ +var _ m_FloatCompare.Dummy__ +var _ m_Base64Lemmas.Dummy__ +var _ m_AwsCryptographyEncryptionSdkTypes.Dummy__ +var _ m_SerializableTypes.Dummy__ +var _ m_SerializeFunctions.Dummy__ +var _ m_EncryptionContext.Dummy__ +var _ m_HeaderTypes.Dummy__ +var _ m_SharedHeaderFunctions.Dummy__ +var _ m_EncryptedDataKeys.Dummy__ +var _ m_V1HeaderBody.Dummy__ +var _ m_V2HeaderBody.Dummy__ +var _ m_HeaderAuth.Dummy__ +var _ m_Header.Dummy__ +var _ m_Frames.Dummy__ +var _ m_MessageBody.Dummy__ + +type Dummy__ struct{} + +// Definition of class Default__ +type Default__ struct { + dummy byte +} + +func New_Default___() *Default__ { + _this := Default__{} + + return &_this +} + +type CompanionStruct_Default___ struct { +} + +var Companion_Default___ = CompanionStruct_Default___{} + +func (_this *Default__) Equals(other *Default__) bool { + return _this == other +} + +func (_this *Default__) EqualsGeneric(x interface{}) bool { + other, ok := x.(*Default__) + return ok && _this.Equals(other) +} + +func (*Default__) String() string { + return "KeyDerivation.Default__" +} +func (_this *Default__) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = &Default__{} + +func (_static *CompanionStruct_Default___) DeriveKey(messageId _dafny.Sequence, plaintextDataKey _dafny.Sequence, suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo, crypto *m_AtomicPrimitives.AtomicPrimitivesClient, onNetV4Retry bool) m_Wrappers.Result { + var res m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(Companion_ExpandedKeyMaterial_.Default()) + _ = res + var _source0 m_AwsCryptographyMaterialProvidersTypes.DerivationAlgorithm = (suite).Dtor_kdf() + _ = _source0 + { + { + if _source0.Is_IDENTITY() { + var _0_i m_AwsCryptographyMaterialProvidersTypes.IDENTITY = _source0.Get_().(m_AwsCryptographyMaterialProvidersTypes.DerivationAlgorithm_IDENTITY).IDENTITY + _ = _0_i + { + res = m_Wrappers.Companion_Result_.Create_Success_(Companion_ExpandedKeyMaterial_.Create_ExpandedKeyMaterial_(plaintextDataKey, m_Wrappers.Companion_Option_.Create_None_())) + return res + } + goto Lmatch0 + } + } + { + if _source0.Is_HKDF() { + var _1_hkdf m_AwsCryptographyMaterialProvidersTypes.HKDF = _source0.Get_().(m_AwsCryptographyMaterialProvidersTypes.DerivationAlgorithm_HKDF).HKDF + _ = _1_hkdf + { + var _2_hkdfInput m_AwsCryptographyPrimitivesTypes.HkdfInput + _ = _2_hkdfInput + _2_hkdfInput = m_AwsCryptographyPrimitivesTypes.Companion_HkdfInput_.Create_HkdfInput_((_1_hkdf).Dtor_hmac(), m_Wrappers.Companion_Option_.Create_None_(), plaintextDataKey, _dafny.Companion_Sequence_.Concatenate((suite).Dtor_binaryId(), messageId), (_1_hkdf).Dtor_outputKeyLength()) + if onNetV4Retry { + _2_hkdfInput = m_AwsCryptographyPrimitivesTypes.Companion_HkdfInput_.Create_HkdfInput_((_1_hkdf).Dtor_hmac(), m_Wrappers.Companion_Option_.Create_None_(), plaintextDataKey, (suite).Dtor_binaryId(), (_1_hkdf).Dtor_outputKeyLength()) + } + var _3_maybeDerivedKey m_Wrappers.Result + _ = _3_maybeDerivedKey + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = (crypto).Hkdf(_2_hkdfInput) + _3_maybeDerivedKey = _out0 + var _4_valueOrError0 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.EmptySeq) + _ = _4_valueOrError0 + _4_valueOrError0 = (_3_maybeDerivedKey).MapFailure(func(coer11 func(m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg12 interface{}) interface{} { + return coer11(arg12.(m_AwsCryptographyPrimitivesTypes.Error)) + } + }(func(_5_e m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyPrimitives_(_5_e) + })) + if (_4_valueOrError0).IsFailure() { + res = (_4_valueOrError0).PropagateFailure() + return res + } + var _6_derivedKey _dafny.Sequence + _ = _6_derivedKey + _6_derivedKey = (_4_valueOrError0).Extract().(_dafny.Sequence) + res = m_Wrappers.Companion_Result_.Create_Success_(Companion_ExpandedKeyMaterial_.Create_ExpandedKeyMaterial_(_6_derivedKey, m_Wrappers.Companion_Option_.Create_None_())) + return res + } + goto Lmatch0 + } + } + { + var _7_None m_AwsCryptographyMaterialProvidersTypes.DerivationAlgorithm = _source0 + _ = _7_None + { + res = m_Wrappers.Companion_Result_.Create_Failure_(m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("None is not a valid Key Derivation Function"))) + return res + } + } + goto Lmatch0 + } +Lmatch0: + return res +} +func (_static *CompanionStruct_Default___) ExpandKeyMaterial(messageId _dafny.Sequence, plaintextKey _dafny.Sequence, suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo, crypto *m_AtomicPrimitives.AtomicPrimitivesClient) m_Wrappers.Result { + var res m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(Companion_ExpandedKeyMaterial_.Default()) + _ = res + var _0_digest m_AwsCryptographyPrimitivesTypes.DigestAlgorithm + _ = _0_digest + _0_digest = (((suite).Dtor_commitment()).Dtor_HKDF()).Dtor_hmac() + var _1_info _dafny.Sequence + _ = _1_info + _1_info = _dafny.Companion_Sequence_.Concatenate((suite).Dtor_binaryId(), Companion_Default___.KEY__LABEL()) + var _2_hkdfExtractInput m_AwsCryptographyPrimitivesTypes.HkdfExtractInput + _ = _2_hkdfExtractInput + _2_hkdfExtractInput = m_AwsCryptographyPrimitivesTypes.Companion_HkdfExtractInput_.Create_HkdfExtractInput_(_0_digest, m_Wrappers.Companion_Option_.Create_Some_(messageId), plaintextKey) + var _3_maybePseudoRandomKey m_Wrappers.Result + _ = _3_maybePseudoRandomKey + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = (crypto).HkdfExtract(_2_hkdfExtractInput) + _3_maybePseudoRandomKey = _out0 + var _4_valueOrError0 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.EmptySeq) + _ = _4_valueOrError0 + _4_valueOrError0 = (_3_maybePseudoRandomKey).MapFailure(func(coer12 func(m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg13 interface{}) interface{} { + return coer12(arg13.(m_AwsCryptographyPrimitivesTypes.Error)) + } + }(func(_5_e m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyPrimitives_(_5_e) + })) + if (_4_valueOrError0).IsFailure() { + res = (_4_valueOrError0).PropagateFailure() + return res + } + var _6_pseudoRandomKey _dafny.Sequence + _ = _6_pseudoRandomKey + _6_pseudoRandomKey = (_4_valueOrError0).Extract().(_dafny.Sequence) + var _7_encryptKeyInput m_AwsCryptographyPrimitivesTypes.HkdfExpandInput + _ = _7_encryptKeyInput + _7_encryptKeyInput = m_AwsCryptographyPrimitivesTypes.Companion_HkdfExpandInput_.Create_HkdfExpandInput_(_0_digest, _6_pseudoRandomKey, _1_info, (((suite).Dtor_kdf()).Dtor_HKDF()).Dtor_outputKeyLength()) + var _8_commitKeyInput m_AwsCryptographyPrimitivesTypes.HkdfExpandInput + _ = _8_commitKeyInput + var _9_dt__update__tmp_h0 m_AwsCryptographyPrimitivesTypes.HkdfExpandInput = _7_encryptKeyInput + _ = _9_dt__update__tmp_h0 + var _10_dt__update_hexpectedLength_h0 int32 = (((suite).Dtor_commitment()).Dtor_HKDF()).Dtor_outputKeyLength() + _ = _10_dt__update_hexpectedLength_h0 + var _11_dt__update_hinfo_h0 _dafny.Sequence = Companion_Default___.COMMIT__LABEL() + _ = _11_dt__update_hinfo_h0 + _8_commitKeyInput = m_AwsCryptographyPrimitivesTypes.Companion_HkdfExpandInput_.Create_HkdfExpandInput_((_9_dt__update__tmp_h0).Dtor_digestAlgorithm(), (_9_dt__update__tmp_h0).Dtor_prk(), _11_dt__update_hinfo_h0, _10_dt__update_hexpectedLength_h0) + var _12_maybeEncryptKey m_Wrappers.Result + _ = _12_maybeEncryptKey + var _out1 m_Wrappers.Result + _ = _out1 + _out1 = (crypto).HkdfExpand(_7_encryptKeyInput) + _12_maybeEncryptKey = _out1 + var _13_maybeCommitKey m_Wrappers.Result + _ = _13_maybeCommitKey + var _out2 m_Wrappers.Result + _ = _out2 + _out2 = (crypto).HkdfExpand(_8_commitKeyInput) + _13_maybeCommitKey = _out2 + var _14_valueOrError1 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.EmptySeq) + _ = _14_valueOrError1 + _14_valueOrError1 = (_12_maybeEncryptKey).MapFailure(func(coer13 func(m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg14 interface{}) interface{} { + return coer13(arg14.(m_AwsCryptographyPrimitivesTypes.Error)) + } + }(func(_15_e m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyPrimitives_(_15_e) + })) + if (_14_valueOrError1).IsFailure() { + res = (_14_valueOrError1).PropagateFailure() + return res + } + var _16_encryptKey _dafny.Sequence + _ = _16_encryptKey + _16_encryptKey = (_14_valueOrError1).Extract().(_dafny.Sequence) + var _17_valueOrError2 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.EmptySeq) + _ = _17_valueOrError2 + _17_valueOrError2 = (_13_maybeCommitKey).MapFailure(func(coer14 func(m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg15 interface{}) interface{} { + return coer14(arg15.(m_AwsCryptographyPrimitivesTypes.Error)) + } + }(func(_18_e m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyPrimitives_(_18_e) + })) + if (_17_valueOrError2).IsFailure() { + res = (_17_valueOrError2).PropagateFailure() + return res + } + var _19_commitKey _dafny.Sequence + _ = _19_commitKey + _19_commitKey = (_17_valueOrError2).Extract().(_dafny.Sequence) + res = m_Wrappers.Companion_Result_.Create_Success_(Companion_ExpandedKeyMaterial_.Create_ExpandedKeyMaterial_(_16_encryptKey, m_Wrappers.Companion_Option_.Create_Some_(_19_commitKey))) + return res + return res +} +func (_static *CompanionStruct_Default___) DeriveKeys(messageId _dafny.Sequence, plaintextKey _dafny.Sequence, suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo, crypto *m_AtomicPrimitives.AtomicPrimitivesClient, netV4__0__0__RetryPolicy m_AwsCryptographyEncryptionSdkTypes.NetV4__0__0__RetryPolicy, onNetV4Retry bool) m_Wrappers.Result { + var res m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(Companion_ExpandedKeyMaterial_.Default()) + _ = res + var _0_keys ExpandedKeyMaterial = Companion_ExpandedKeyMaterial_.Default() + _ = _0_keys + if ((suite).Dtor_messageVersion()) == (int32(2)) { + var _1_valueOrError0 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _1_valueOrError0 + _1_valueOrError0 = m_Wrappers.Companion_Default___.Need((((suite).Dtor_commitment()).Is_HKDF()) && (((suite).Dtor_kdf()).Equals((suite).Dtor_commitment())), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Suites with message version 2 must have commitment"))) + if (_1_valueOrError0).IsFailure() { + res = (_1_valueOrError0).PropagateFailure() + return res + } + var _2_valueOrError1 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _2_valueOrError1 + _2_valueOrError1 = m_Wrappers.Companion_Default___.Need(((m_SerializableTypes.Companion_Default___.GetEncryptKeyLength(suite)) == ((((suite).Dtor_kdf()).Dtor_HKDF()).Dtor_outputKeyLength())) && ((_dafny.IntOfUint32((plaintextKey).Cardinality())).Cmp(_dafny.IntOfInt32((((suite).Dtor_kdf()).Dtor_HKDF()).Dtor_inputKeyLength())) == 0), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Invalid Materials"))) + if (_2_valueOrError1).IsFailure() { + res = (_2_valueOrError1).PropagateFailure() + return res + } + var _3_valueOrError2 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(Companion_ExpandedKeyMaterial_.Default()) + _ = _3_valueOrError2 + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = Companion_Default___.ExpandKeyMaterial(messageId, plaintextKey, suite, crypto) + _3_valueOrError2 = _out0 + if (_3_valueOrError2).IsFailure() { + res = (_3_valueOrError2).PropagateFailure() + return res + } + _0_keys = (_3_valueOrError2).Extract().(ExpandedKeyMaterial) + } else if ((suite).Dtor_messageVersion()) == (int32(1)) { + var _4_valueOrError3 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _4_valueOrError3 + _4_valueOrError3 = m_Wrappers.Companion_Default___.Need(((suite).Dtor_commitment()).Is_None(), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Suites with message version 1 must not have commitment"))) + if (_4_valueOrError3).IsFailure() { + res = (_4_valueOrError3).PropagateFailure() + return res + } + var _5_valueOrError4 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _5_valueOrError4 + _5_valueOrError4 = m_Wrappers.Companion_Default___.Need(func() bool { + var _source0 m_AwsCryptographyMaterialProvidersTypes.DerivationAlgorithm = (suite).Dtor_kdf() + _ = _source0 + { + if _source0.Is_IDENTITY() { + var _6_i m_AwsCryptographyMaterialProvidersTypes.IDENTITY = _source0.Get_().(m_AwsCryptographyMaterialProvidersTypes.DerivationAlgorithm_IDENTITY).IDENTITY + _ = _6_i + return (_dafny.IntOfUint32((plaintextKey).Cardinality())).Cmp(_dafny.IntOfInt32(m_SerializableTypes.Companion_Default___.GetEncryptKeyLength(suite))) == 0 + } + } + { + if _source0.Is_HKDF() { + var _7_hkdf m_AwsCryptographyMaterialProvidersTypes.HKDF = _source0.Get_().(m_AwsCryptographyMaterialProvidersTypes.DerivationAlgorithm_HKDF).HKDF + _ = _7_hkdf + return ((_dafny.IntOfUint32((plaintextKey).Cardinality())).Cmp(_dafny.IntOfInt32((((suite).Dtor_kdf()).Dtor_HKDF()).Dtor_inputKeyLength())) == 0) && (((((suite).Dtor_kdf()).Dtor_HKDF()).Dtor_outputKeyLength()) == (m_SerializableTypes.Companion_Default___.GetEncryptKeyLength(suite))) + } + } + { + var _8_None m_AwsCryptographyMaterialProvidersTypes.DerivationAlgorithm = _source0 + _ = _8_None + return false + } + }(), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Suites with message version 1 must not have commitment"))) + if (_5_valueOrError4).IsFailure() { + res = (_5_valueOrError4).PropagateFailure() + return res + } + if ((netV4__0__0__RetryPolicy).Equals(m_AwsCryptographyEncryptionSdkTypes.Companion_NetV4__0__0__RetryPolicy_.Create_ALLOW__RETRY_())) && (onNetV4Retry) { + var _9_valueOrError5 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(Companion_ExpandedKeyMaterial_.Default()) + _ = _9_valueOrError5 + var _out1 m_Wrappers.Result + _ = _out1 + _out1 = Companion_Default___.DeriveKey(messageId, plaintextKey, suite, crypto, true) + _9_valueOrError5 = _out1 + if (_9_valueOrError5).IsFailure() { + res = (_9_valueOrError5).PropagateFailure() + return res + } + _0_keys = (_9_valueOrError5).Extract().(ExpandedKeyMaterial) + } else { + var _10_valueOrError6 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(Companion_ExpandedKeyMaterial_.Default()) + _ = _10_valueOrError6 + var _out2 m_Wrappers.Result + _ = _out2 + _out2 = Companion_Default___.DeriveKey(messageId, plaintextKey, suite, crypto, false) + _10_valueOrError6 = _out2 + if (_10_valueOrError6).IsFailure() { + res = (_10_valueOrError6).PropagateFailure() + return res + } + _0_keys = (_10_valueOrError6).Extract().(ExpandedKeyMaterial) + } + } else { + res = m_Wrappers.Companion_Result_.Create_Failure_(m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("Unknown message version"))) + return res + } + res = m_Wrappers.Companion_Result_.Create_Success_(_0_keys) + return res + return res +} +func (_static *CompanionStruct_Default___) KEY__LABEL() _dafny.Sequence { + var _0_s _dafny.Sequence = _dafny.SeqOf(uint8(68), uint8(69), uint8(82), uint8(73), uint8(86), uint8(69), uint8(75), uint8(69), uint8(89)) + _ = _0_s + return _0_s +} +func (_static *CompanionStruct_Default___) COMMIT__LABEL() _dafny.Sequence { + var _0_s _dafny.Sequence = _dafny.SeqOf(uint8(67), uint8(79), uint8(77), uint8(77), uint8(73), uint8(84), uint8(75), uint8(69), uint8(89)) + _ = _0_s + return _0_s +} + +// End of class Default__ + +// Definition of datatype ExpandedKeyMaterial +type ExpandedKeyMaterial struct { + Data_ExpandedKeyMaterial_ +} + +func (_this ExpandedKeyMaterial) Get_() Data_ExpandedKeyMaterial_ { + return _this.Data_ExpandedKeyMaterial_ +} + +type Data_ExpandedKeyMaterial_ interface { + isExpandedKeyMaterial() +} + +type CompanionStruct_ExpandedKeyMaterial_ struct { +} + +var Companion_ExpandedKeyMaterial_ = CompanionStruct_ExpandedKeyMaterial_{} + +type ExpandedKeyMaterial_ExpandedKeyMaterial struct { + DataKey _dafny.Sequence + CommitmentKey m_Wrappers.Option +} + +func (ExpandedKeyMaterial_ExpandedKeyMaterial) isExpandedKeyMaterial() {} + +func (CompanionStruct_ExpandedKeyMaterial_) Create_ExpandedKeyMaterial_(DataKey _dafny.Sequence, CommitmentKey m_Wrappers.Option) ExpandedKeyMaterial { + return ExpandedKeyMaterial{ExpandedKeyMaterial_ExpandedKeyMaterial{DataKey, CommitmentKey}} +} + +func (_this ExpandedKeyMaterial) Is_ExpandedKeyMaterial() bool { + _, ok := _this.Get_().(ExpandedKeyMaterial_ExpandedKeyMaterial) + return ok +} + +func (CompanionStruct_ExpandedKeyMaterial_) Default() ExpandedKeyMaterial { + return Companion_ExpandedKeyMaterial_.Create_ExpandedKeyMaterial_(_dafny.EmptySeq, m_Wrappers.Companion_Option_.Default()) +} + +func (_this ExpandedKeyMaterial) Dtor_dataKey() _dafny.Sequence { + return _this.Get_().(ExpandedKeyMaterial_ExpandedKeyMaterial).DataKey +} + +func (_this ExpandedKeyMaterial) Dtor_commitmentKey() m_Wrappers.Option { + return _this.Get_().(ExpandedKeyMaterial_ExpandedKeyMaterial).CommitmentKey +} + +func (_this ExpandedKeyMaterial) String() string { + switch data := _this.Get_().(type) { + case nil: + return "null" + case ExpandedKeyMaterial_ExpandedKeyMaterial: + { + return "KeyDerivation.ExpandedKeyMaterial.ExpandedKeyMaterial" + "(" + _dafny.String(data.DataKey) + ", " + _dafny.String(data.CommitmentKey) + ")" + } + default: + { + return "" + } + } +} + +func (_this ExpandedKeyMaterial) Equals(other ExpandedKeyMaterial) bool { + switch data1 := _this.Get_().(type) { + case ExpandedKeyMaterial_ExpandedKeyMaterial: + { + data2, ok := other.Get_().(ExpandedKeyMaterial_ExpandedKeyMaterial) + return ok && data1.DataKey.Equals(data2.DataKey) && data1.CommitmentKey.Equals(data2.CommitmentKey) + } + default: + { + return false // unexpected + } + } +} + +func (_this ExpandedKeyMaterial) EqualsGeneric(other interface{}) bool { + typed, ok := other.(ExpandedKeyMaterial) + return ok && _this.Equals(typed) +} + +func Type_ExpandedKeyMaterial_() _dafny.TypeDescriptor { + return type_ExpandedKeyMaterial_{} +} + +type type_ExpandedKeyMaterial_ struct { +} + +func (_this type_ExpandedKeyMaterial_) Default() interface{} { + return Companion_ExpandedKeyMaterial_.Default() +} + +func (_this type_ExpandedKeyMaterial_) String() string { + return "KeyDerivation.ExpandedKeyMaterial" +} +func (_this ExpandedKeyMaterial) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = ExpandedKeyMaterial{} + +// End of datatype ExpandedKeyMaterial diff --git a/releases/go/encryption-sdk/LICENSE b/releases/go/encryption-sdk/LICENSE new file mode 100644 index 000000000..67db85882 --- /dev/null +++ b/releases/go/encryption-sdk/LICENSE @@ -0,0 +1,175 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. diff --git a/releases/go/encryption-sdk/MessageBody/MessageBody.go b/releases/go/encryption-sdk/MessageBody/MessageBody.go new file mode 100644 index 000000000..bb055886d --- /dev/null +++ b/releases/go/encryption-sdk/MessageBody/MessageBody.go @@ -0,0 +1,1079 @@ +// Package MessageBody +// Dafny module MessageBody compiled into Go + +package MessageBody + +import ( + os "os" + + m_ComAmazonawsDynamodbTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/ComAmazonawsDynamodbTypes" + m_Com_Amazonaws_Dynamodb "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/Com_Amazonaws_Dynamodb" + m_ComAmazonawsKmsTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/ComAmazonawsKmsTypes" + m_Com_Amazonaws_Kms "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/Com_Amazonaws_Kms" + m_AlgorithmSuites "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AlgorithmSuites" + m_AwsArnParsing "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsArnParsing" + m_AwsCryptographyKeyStoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreOperations" + m_AwsCryptographyKeyStoreTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreTypes" + m_AwsCryptographyMaterialProvidersOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersOperations" + m_AwsCryptographyMaterialProvidersTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + m_AwsKmsDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsDiscoveryKeyring" + m_AwsKmsEcdhKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsEcdhKeyring" + m_AwsKmsHierarchicalKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsHierarchicalKeyring" + m_AwsKmsKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsKeyring" + m_AwsKmsMrkAreUnique "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkAreUnique" + m_AwsKmsMrkDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkDiscoveryKeyring" + m_AwsKmsMrkKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkKeyring" + m_AwsKmsMrkMatchForDecrypt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkMatchForDecrypt" + m_AwsKmsRsaKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsRsaKeyring" + m_AwsKmsUtils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsUtils" + m_CMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CMM" + m_CacheConstants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CacheConstants" + m_CanonicalEncryptionContext "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CanonicalEncryptionContext" + m_Commitment "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Commitment" + m_Constants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Constants" + m_CreateKeyStoreTable "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeyStoreTable" + m_CreateKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeys" + m_DDBKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DDBKeystoreOperations" + m_DefaultCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultCMM" + m_DefaultClientSupplier "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultClientSupplier" + m_Defaults "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Defaults" + m_DiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DiscoveryMultiKeyring" + m_EcdhEdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EcdhEdkWrapping" + m_EdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EdkWrapping" + m_ErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/ErrorMessages" + m_GetKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/GetKeys" + m_IntermediateKeyWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/IntermediateKeyWrapping" + m_KMSKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KMSKeystoreOperations" + m_KeyStore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStore" + m_KeyStoreErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStoreErrorMessages" + m_Keyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Keyring" + m_KmsArn "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KmsArn" + m_LocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/LocalCMC" + m_MaterialProviders "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialProviders" + m_MaterialWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialWrapping" + m_Materials "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Materials" + m_MrkAwareDiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareDiscoveryMultiKeyring" + m_MrkAwareStrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareStrictMultiKeyring" + m_MultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MultiKeyring" + m_RawAESKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawAESKeyring" + m_RawECDHKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawECDHKeyring" + m_RawRSAKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawRSAKeyring" + m_RequiredEncryptionContextCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RequiredEncryptionContextCMM" + m_StormTracker "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTracker" + m_StormTrackingCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTrackingCMC" + m_StrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StrictMultiKeyring" + m_Structure "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Structure" + m_SynchronizedLocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/SynchronizedLocalCMC" + m_Utils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Utils" + m_AtomicPrimitives "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AtomicPrimitives" + m_AwsCryptographyPrimitivesOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesOperations" + m_AwsCryptographyPrimitivesTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesTypes" + m_Digest "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Digest" + m_HKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/HKDF" + m_KdfCtr "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/KdfCtr" + m_Random "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Random" + m_WrappedHKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHKDF" + m_WrappedHMAC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHMAC" + m_Actions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Actions" + m_Base64 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64" + m_Base64Lemmas "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64Lemmas" + m_BoundedInts "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/BoundedInts" + m_DivInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternals" + m_DivInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternalsNonlinear" + m_DivMod "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivMod" + m_FileIO "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FileIO" + m_FloatCompare "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FloatCompare" + m_Functions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Functions" + m_GeneralInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GeneralInternals" + m_GetOpt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GetOpt" + m_HexStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/HexStrings" + m_Logarithm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Logarithm" + m__Math "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Math_" + m_ModInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternals" + m_ModInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternalsNonlinear" + m_Mul "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Mul" + m_MulInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternals" + m_MulInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternalsNonlinear" + m_Power "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Power" + m_Relations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Relations" + m_Seq "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq" + m_Seq_MergeSort "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq_MergeSort" + m_Sorting "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Sorting" + m_StandardLibrary "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary" + m_StandardLibraryInterop "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibraryInterop" + m_StandardLibrary_Sequence "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_Sequence" + m_StandardLibrary_String "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_String" + m_StandardLibrary_UInt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_UInt" + m_Streams "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Streams" + m_UTF8 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UTF8" + m_UnicodeStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UnicodeStrings" + m__Unicode "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Unicode_" + m_Utf16EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf16EncodingForm" + m_Utf8EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf8EncodingForm" + m_Wrappers "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + m_AwsCryptographyEncryptionSdkTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + m_EncryptedDataKeys "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptedDataKeys" + m_EncryptionContext "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptionContext" + m_Frames "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/Frames" + m_Header "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/Header" + m_HeaderAuth "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderAuth" + m_HeaderTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderTypes" + m_SerializableTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializableTypes" + m_SerializeFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializeFunctions" + m_SharedHeaderFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SharedHeaderFunctions" + m_V1HeaderBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/V1HeaderBody" + m_V2HeaderBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/V2HeaderBody" + m__System "github.com/dafny-lang/DafnyRuntimeGo/v4/System_" + _dafny "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +var _ = os.Args +var _ _dafny.Dummy__ +var _ m__System.Dummy__ +var _ m_Wrappers.Dummy__ +var _ m_BoundedInts.Dummy__ +var _ m_StandardLibrary_UInt.Dummy__ +var _ m_StandardLibrary_Sequence.Dummy__ +var _ m_StandardLibrary_String.Dummy__ +var _ m_StandardLibrary.Dummy__ +var _ m_AwsCryptographyPrimitivesTypes.Dummy__ +var _ m_Random.Dummy__ +var _ m_Digest.Dummy__ +var _ m_WrappedHMAC.Dummy__ +var _ m_HKDF.Dummy__ +var _ m_WrappedHKDF.Dummy__ +var _ m_KdfCtr.Dummy__ +var _ m_AwsCryptographyPrimitivesOperations.Dummy__ +var _ m_AtomicPrimitives.Dummy__ +var _ m_ComAmazonawsDynamodbTypes.Dummy__ +var _ m_ComAmazonawsKmsTypes.Dummy__ +var _ m_AwsCryptographyKeyStoreTypes.Dummy__ +var _ m_AwsCryptographyMaterialProvidersTypes.Dummy__ +var _ m_Base64.Dummy__ +var _ m_AlgorithmSuites.Dummy__ +var _ m_Materials.Dummy__ +var _ m_Keyring.Dummy__ +var _ m_Relations.Dummy__ +var _ m_Seq_MergeSort.Dummy__ +var _ m__Math.Dummy__ +var _ m_Seq.Dummy__ +var _ m_MultiKeyring.Dummy__ +var _ m_AwsArnParsing.Dummy__ +var _ m_AwsKmsMrkAreUnique.Dummy__ +var _ m_Actions.Dummy__ +var _ m_AwsKmsMrkMatchForDecrypt.Dummy__ +var _ m_AwsKmsUtils.Dummy__ +var _ m_Constants.Dummy__ +var _ m_MaterialWrapping.Dummy__ +var _ m_CanonicalEncryptionContext.Dummy__ +var _ m_IntermediateKeyWrapping.Dummy__ +var _ m_EdkWrapping.Dummy__ +var _ m_ErrorMessages.Dummy__ +var _ m_AwsKmsKeyring.Dummy__ +var _ m_StrictMultiKeyring.Dummy__ +var _ m_AwsKmsDiscoveryKeyring.Dummy__ +var _ m_Com_Amazonaws_Kms.Dummy__ +var _ m_Com_Amazonaws_Dynamodb.Dummy__ +var _ m_DiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkDiscoveryKeyring.Dummy__ +var _ m_MrkAwareDiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkKeyring.Dummy__ +var _ m_MrkAwareStrictMultiKeyring.Dummy__ +var _ m_LocalCMC.Dummy__ +var _ m_SynchronizedLocalCMC.Dummy__ +var _ m_StormTracker.Dummy__ +var _ m_StormTrackingCMC.Dummy__ +var _ m_CacheConstants.Dummy__ +var _ m_AwsKmsHierarchicalKeyring.Dummy__ +var _ m_AwsKmsRsaKeyring.Dummy__ +var _ m_EcdhEdkWrapping.Dummy__ +var _ m_RawECDHKeyring.Dummy__ +var _ m_AwsKmsEcdhKeyring.Dummy__ +var _ m_RawAESKeyring.Dummy__ +var _ m_RawRSAKeyring.Dummy__ +var _ m_CMM.Dummy__ +var _ m_Defaults.Dummy__ +var _ m_Commitment.Dummy__ +var _ m_DefaultCMM.Dummy__ +var _ m_DefaultClientSupplier.Dummy__ +var _ m_Utils.Dummy__ +var _ m_RequiredEncryptionContextCMM.Dummy__ +var _ m_AwsCryptographyMaterialProvidersOperations.Dummy__ +var _ m_MaterialProviders.Dummy__ +var _ m_KeyStoreErrorMessages.Dummy__ +var _ m_KmsArn.Dummy__ +var _ m_Structure.Dummy__ +var _ m_KMSKeystoreOperations.Dummy__ +var _ m_DDBKeystoreOperations.Dummy__ +var _ m_CreateKeys.Dummy__ +var _ m_CreateKeyStoreTable.Dummy__ +var _ m_GetKeys.Dummy__ +var _ m_AwsCryptographyKeyStoreOperations.Dummy__ +var _ m_KeyStore.Dummy__ +var _ m__Unicode.Dummy__ +var _ m_Functions.Dummy__ +var _ m_Utf8EncodingForm.Dummy__ +var _ m_Utf16EncodingForm.Dummy__ +var _ m_UnicodeStrings.Dummy__ +var _ m_FileIO.Dummy__ +var _ m_GeneralInternals.Dummy__ +var _ m_MulInternalsNonlinear.Dummy__ +var _ m_MulInternals.Dummy__ +var _ m_Mul.Dummy__ +var _ m_ModInternalsNonlinear.Dummy__ +var _ m_DivInternalsNonlinear.Dummy__ +var _ m_ModInternals.Dummy__ +var _ m_DivInternals.Dummy__ +var _ m_DivMod.Dummy__ +var _ m_Power.Dummy__ +var _ m_Logarithm.Dummy__ +var _ m_StandardLibraryInterop.Dummy__ +var _ m_Streams.Dummy__ +var _ m_Sorting.Dummy__ +var _ m_HexStrings.Dummy__ +var _ m_GetOpt.Dummy__ +var _ m_FloatCompare.Dummy__ +var _ m_Base64Lemmas.Dummy__ +var _ m_AwsCryptographyEncryptionSdkTypes.Dummy__ +var _ m_SerializableTypes.Dummy__ +var _ m_SerializeFunctions.Dummy__ +var _ m_EncryptionContext.Dummy__ +var _ m_HeaderTypes.Dummy__ +var _ m_SharedHeaderFunctions.Dummy__ +var _ m_EncryptedDataKeys.Dummy__ +var _ m_V1HeaderBody.Dummy__ +var _ m_V2HeaderBody.Dummy__ +var _ m_HeaderAuth.Dummy__ +var _ m_Header.Dummy__ +var _ m_Frames.Dummy__ + +type Dummy__ struct{} + +// Definition of class Default__ +type Default__ struct { + dummy byte +} + +func New_Default___() *Default__ { + _this := Default__{} + + return &_this +} + +type CompanionStruct_Default___ struct { +} + +var Companion_Default___ = CompanionStruct_Default___{} + +func (_this *Default__) Equals(other *Default__) bool { + return _this == other +} + +func (_this *Default__) EqualsGeneric(x interface{}) bool { + other, ok := x.(*Default__) + return ok && _this.Equals(other) +} + +func (*Default__) String() string { + return "MessageBody.Default__" +} +func (_this *Default__) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = &Default__{} + +func (_static *CompanionStruct_Default___) BodyAADContentTypeString(bc BodyAADContent) _dafny.Sequence { + var _source0 BodyAADContent = bc + _ = _source0 + { + if _source0.Is_AADRegularFrame() { + return Companion_Default___.BODY__AAD__CONTENT__REGULAR__FRAME() + } + } + { + if _source0.Is_AADFinalFrame() { + return Companion_Default___.BODY__AAD__CONTENT__FINAL__FRAME() + } + } + { + return Companion_Default___.BODY__AAD__CONTENT__SINGLE__BLOCK() + } +} +func (_static *CompanionStruct_Default___) IVSeq(suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo, sequenceNumber uint32) _dafny.Sequence { + return _dafny.Companion_Sequence_.Concatenate(_dafny.SeqCreate(((_dafny.IntOfUint8(m_SerializableTypes.Companion_Default___.GetIvLength(suite))).Minus(_dafny.IntOfInt64(4))).Uint32(), func(coer7 func(_dafny.Int) uint8) func(_dafny.Int) interface{} { + return func(arg8 _dafny.Int) interface{} { + return coer7(arg8) + } + }(func(_0___v0 _dafny.Int) uint8 { + return uint8(0) + })), m_StandardLibrary_UInt.Companion_Default___.UInt32ToSeq(sequenceNumber)) +} +func (_static *CompanionStruct_Default___) EncryptMessageBody(plaintext _dafny.Sequence, header m_Header.HeaderInfo, key _dafny.Sequence, crypto *m_AtomicPrimitives.AtomicPrimitivesClient) m_Wrappers.Result { + var result m_Wrappers.Result = m_Wrappers.Result{} + _ = result + var _0_n _dafny.Int + _ = _0_n + var _1_sequenceNumber uint32 + _ = _1_sequenceNumber + var _rhs0 _dafny.Int = _dafny.Zero + _ = _rhs0 + var _rhs1 uint32 = Companion_Default___.START__SEQUENCE__NUMBER() + _ = _rhs1 + _0_n = _rhs0 + _1_sequenceNumber = _rhs1 + var _2_regularFrames _dafny.Sequence + _ = _2_regularFrames + _2_regularFrames = _dafny.SeqOf() + for ((_0_n).Plus(_dafny.IntOfUint32(((header).Dtor_body()).Dtor_frameLength()))).Cmp(_dafny.IntOfUint32((plaintext).Cardinality())) < 0 { + var _3_valueOrError0 m_Wrappers.Outcome = m_Wrappers.Companion_Outcome_.Default() + _ = _3_valueOrError0 + _3_valueOrError0 = m_Wrappers.Companion_Default___.Need((_1_sequenceNumber) < (Companion_Default___.ENDFRAME__SEQUENCE__NUMBER()), m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(_dafny.SeqOfString("too many frames"))) + if (_3_valueOrError0).IsFailure() { + result = (_3_valueOrError0).PropagateFailure() + return result + } + var _4_plaintextFrame _dafny.Sequence + _ = _4_plaintextFrame + _4_plaintextFrame = (plaintext).Subsequence((_0_n).Uint32(), ((_0_n).Plus(_dafny.IntOfUint32(((header).Dtor_body()).Dtor_frameLength()))).Uint32()) + var _5_valueOrError1 m_Wrappers.Result = m_Wrappers.Result{} + _ = _5_valueOrError1 + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = Companion_Default___.EncryptRegularFrame(key, header, _4_plaintextFrame, _1_sequenceNumber, crypto) + _5_valueOrError1 = _out0 + if (_5_valueOrError1).IsFailure() { + result = (_5_valueOrError1).PropagateFailure() + return result + } + var _6_regularFrame m_Frames.Frame + _ = _6_regularFrame + _6_regularFrame = (_5_valueOrError1).Extract().(m_Frames.Frame) + _2_regularFrames = _dafny.Companion_Sequence_.Concatenate(_2_regularFrames, _dafny.SeqOf(_6_regularFrame)) + _0_n = (_0_n).Plus(_dafny.IntOfUint32(((header).Dtor_body()).Dtor_frameLength())) + _1_sequenceNumber = (_1_sequenceNumber) + (uint32(1)) + } + var _7_valueOrError2 m_Wrappers.Result = m_Wrappers.Result{} + _ = _7_valueOrError2 + var _out1 m_Wrappers.Result + _ = _out1 + _out1 = Companion_Default___.EncryptFinalFrame(key, header, (plaintext).Drop((_0_n).Uint32()), _1_sequenceNumber, crypto) + _7_valueOrError2 = _out1 + if (_7_valueOrError2).IsFailure() { + result = (_7_valueOrError2).PropagateFailure() + return result + } + var _8_finalFrame m_Frames.Frame + _ = _8_finalFrame + _8_finalFrame = (_7_valueOrError2).Extract().(m_Frames.Frame) + result = m_Wrappers.Companion_Result_.Create_Success_(Companion_FramedMessageBody_.Create_FramedMessageBody_(_2_regularFrames, _8_finalFrame)) + return result +} +func (_static *CompanionStruct_Default___) EncryptRegularFrame(key _dafny.Sequence, header m_Header.HeaderInfo, plaintext _dafny.Sequence, sequenceNumber uint32, crypto *m_AtomicPrimitives.AtomicPrimitivesClient) m_Wrappers.Result { + var res m_Wrappers.Result = m_Wrappers.Result{} + _ = res + var _0_iv _dafny.Sequence + _ = _0_iv + _0_iv = Companion_Default___.IVSeq((header).Dtor_suite(), sequenceNumber) + var _1_aad _dafny.Sequence + _ = _1_aad + _1_aad = Companion_Default___.BodyAAD(((header).Dtor_body()).Dtor_messageId(), Companion_BodyAADContent_.Create_AADRegularFrame_(), sequenceNumber, uint64((plaintext).Cardinality())) + var _2_aesEncryptInput m_AwsCryptographyPrimitivesTypes.AESEncryptInput + _ = _2_aesEncryptInput + _2_aesEncryptInput = m_AwsCryptographyPrimitivesTypes.Companion_AESEncryptInput_.Create_AESEncryptInput_((((header).Dtor_suite()).Dtor_encrypt()).Dtor_AES__GCM(), _0_iv, key, plaintext, _1_aad) + var _3_maybeEncryptionOutput m_Wrappers.Result + _ = _3_maybeEncryptionOutput + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = (crypto).AESEncrypt(_2_aesEncryptInput) + _3_maybeEncryptionOutput = _out0 + var _4_valueOrError0 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(m_AwsCryptographyPrimitivesTypes.Companion_AESEncryptOutput_.Default()) + _ = _4_valueOrError0 + _4_valueOrError0 = (_3_maybeEncryptionOutput).MapFailure(func(coer8 func(m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg9 interface{}) interface{} { + return coer8(arg9.(m_AwsCryptographyPrimitivesTypes.Error)) + } + }(func(_5_e m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyPrimitives_(_5_e) + })) + if (_4_valueOrError0).IsFailure() { + res = (_4_valueOrError0).PropagateFailure() + return res + } + var _6_encryptionOutput m_AwsCryptographyPrimitivesTypes.AESEncryptOutput + _ = _6_encryptionOutput + _6_encryptionOutput = (_4_valueOrError0).Extract().(m_AwsCryptographyPrimitivesTypes.AESEncryptOutput) + var _7_frame m_Frames.Frame + _ = _7_frame + _7_frame = m_Frames.Companion_Frame_.Create_RegularFrame_(header, sequenceNumber, _0_iv, (_6_encryptionOutput).Dtor_cipherText(), (_6_encryptionOutput).Dtor_authTag()) + res = m_Wrappers.Companion_Result_.Create_Success_(_7_frame) + return res + return res +} +func (_static *CompanionStruct_Default___) EncryptFinalFrame(key _dafny.Sequence, header m_Header.HeaderInfo, plaintext _dafny.Sequence, sequenceNumber uint32, crypto *m_AtomicPrimitives.AtomicPrimitivesClient) m_Wrappers.Result { + var res m_Wrappers.Result = m_Wrappers.Result{} + _ = res + var _0_iv _dafny.Sequence + _ = _0_iv + _0_iv = Companion_Default___.IVSeq((header).Dtor_suite(), sequenceNumber) + var _1_aad _dafny.Sequence + _ = _1_aad + _1_aad = Companion_Default___.BodyAAD(((header).Dtor_body()).Dtor_messageId(), Companion_BodyAADContent_.Create_AADFinalFrame_(), sequenceNumber, uint64((plaintext).Cardinality())) + var _2_aesEncryptInput m_AwsCryptographyPrimitivesTypes.AESEncryptInput + _ = _2_aesEncryptInput + _2_aesEncryptInput = m_AwsCryptographyPrimitivesTypes.Companion_AESEncryptInput_.Create_AESEncryptInput_((((header).Dtor_suite()).Dtor_encrypt()).Dtor_AES__GCM(), _0_iv, key, plaintext, _1_aad) + var _3_maybeEncryptionOutput m_Wrappers.Result + _ = _3_maybeEncryptionOutput + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = (crypto).AESEncrypt(_2_aesEncryptInput) + _3_maybeEncryptionOutput = _out0 + var _4_valueOrError0 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(m_AwsCryptographyPrimitivesTypes.Companion_AESEncryptOutput_.Default()) + _ = _4_valueOrError0 + _4_valueOrError0 = (_3_maybeEncryptionOutput).MapFailure(func(coer9 func(m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg10 interface{}) interface{} { + return coer9(arg10.(m_AwsCryptographyPrimitivesTypes.Error)) + } + }(func(_5_e m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyPrimitives_(_5_e) + })) + if (_4_valueOrError0).IsFailure() { + res = (_4_valueOrError0).PropagateFailure() + return res + } + var _6_encryptionOutput m_AwsCryptographyPrimitivesTypes.AESEncryptOutput + _ = _6_encryptionOutput + _6_encryptionOutput = (_4_valueOrError0).Extract().(m_AwsCryptographyPrimitivesTypes.AESEncryptOutput) + var _7_finalFrame m_Frames.Frame + _ = _7_finalFrame + _7_finalFrame = m_Frames.Companion_Frame_.Create_FinalFrame_(header, sequenceNumber, _0_iv, (_6_encryptionOutput).Dtor_cipherText(), (_6_encryptionOutput).Dtor_authTag()) + res = m_Wrappers.Companion_Result_.Create_Success_(_7_finalFrame) + return res + return res +} +func (_static *CompanionStruct_Default___) DecryptFramedMessageBody(body FramedMessageBody, key _dafny.Sequence, crypto *m_AtomicPrimitives.AtomicPrimitivesClient) m_Wrappers.Result { + var res m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.EmptySeq) + _ = res + var _0_plaintext _dafny.Sequence + _ = _0_plaintext + _0_plaintext = _dafny.SeqOf() + var _hi0 _dafny.Int = _dafny.IntOfUint32(((body).Dtor_regularFrames()).Cardinality()) + _ = _hi0 + for _1_i := _dafny.Zero; _1_i.Cmp(_hi0) < 0; _1_i = _1_i.Plus(_dafny.One) { + var _2_valueOrError0 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.EmptySeq) + _ = _2_valueOrError0 + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = Companion_Default___.DecryptFrame(((body).Dtor_regularFrames()).Select((_1_i).Uint32()).(m_Frames.Frame), key, crypto) + _2_valueOrError0 = _out0 + if (_2_valueOrError0).IsFailure() { + res = (_2_valueOrError0).PropagateFailure() + return res + } + var _3_plaintextSegment _dafny.Sequence + _ = _3_plaintextSegment + _3_plaintextSegment = (_2_valueOrError0).Extract().(_dafny.Sequence) + _0_plaintext = _dafny.Companion_Sequence_.Concatenate(_0_plaintext, _3_plaintextSegment) + } + var _4_valueOrError1 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.EmptySeq) + _ = _4_valueOrError1 + var _out1 m_Wrappers.Result + _ = _out1 + _out1 = Companion_Default___.DecryptFrame((body).Dtor_finalFrame(), key, crypto) + _4_valueOrError1 = _out1 + if (_4_valueOrError1).IsFailure() { + res = (_4_valueOrError1).PropagateFailure() + return res + } + var _5_finalPlaintextSegment _dafny.Sequence + _ = _5_finalPlaintextSegment + _5_finalPlaintextSegment = (_4_valueOrError1).Extract().(_dafny.Sequence) + _0_plaintext = _dafny.Companion_Sequence_.Concatenate(_0_plaintext, _5_finalPlaintextSegment) + res = m_Wrappers.Companion_Result_.Create_Success_(_0_plaintext) + return res +} +func (_static *CompanionStruct_Default___) DecryptFrame(frame m_Frames.Frame, key _dafny.Sequence, crypto *m_AtomicPrimitives.AtomicPrimitivesClient) m_Wrappers.Result { + var res m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.EmptySeq) + _ = res + var _0_aad _dafny.Sequence + _ = _0_aad + _0_aad = Companion_Default___.BodyAADByFrameType(frame) + var _1_maybePlaintextSegment m_Wrappers.Result + _ = _1_maybePlaintextSegment + var _out0 m_Wrappers.Result + _ = _out0 + _out0 = (crypto).AESDecrypt(m_AwsCryptographyPrimitivesTypes.Companion_AESDecryptInput_.Create_AESDecryptInput_(((((frame).Dtor_header()).Dtor_suite()).Dtor_encrypt()).Dtor_AES__GCM(), key, (frame).Dtor_encContent(), (frame).Dtor_authTag(), (frame).Dtor_iv(), _0_aad)) + _1_maybePlaintextSegment = _out0 + var _2_valueOrError0 m_Wrappers.Result = m_Wrappers.Companion_Result_.Default(_dafny.EmptySeq) + _ = _2_valueOrError0 + _2_valueOrError0 = (_1_maybePlaintextSegment).MapFailure(func(coer10 func(m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error) func(interface{}) interface{} { + return func(arg11 interface{}) interface{} { + return coer10(arg11.(m_AwsCryptographyPrimitivesTypes.Error)) + } + }(func(_3_e m_AwsCryptographyPrimitivesTypes.Error) m_AwsCryptographyEncryptionSdkTypes.Error { + return m_AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyPrimitives_(_3_e) + })) + if (_2_valueOrError0).IsFailure() { + res = (_2_valueOrError0).PropagateFailure() + return res + } + var _4_plaintextSegment _dafny.Sequence + _ = _4_plaintextSegment + _4_plaintextSegment = (_2_valueOrError0).Extract().(_dafny.Sequence) + res = m_Wrappers.Companion_Result_.Create_Success_(_4_plaintextSegment) + return res + return res +} +func (_static *CompanionStruct_Default___) BodyAADByFrameType(frame m_Frames.Frame) _dafny.Sequence { + var _let_tmp_rhs0 _dafny.Tuple = func() _dafny.Tuple { + var _source0 m_Frames.Frame = frame + _ = _source0 + { + if _source0.Is_RegularFrame() { + var _0_header m_Header.HeaderInfo = _source0.Get_().(m_Frames.Frame_RegularFrame).Header + _ = _0_header + var _1_seqNum uint32 = _source0.Get_().(m_Frames.Frame_RegularFrame).SeqNum + _ = _1_seqNum + return _dafny.TupleOf(_1_seqNum, Companion_BodyAADContent_.Create_AADRegularFrame_(), uint64(((_0_header).Dtor_body()).Dtor_frameLength())) + } + } + { + if _source0.Is_FinalFrame() { + var _2_seqNum uint32 = _source0.Get_().(m_Frames.Frame_FinalFrame).SeqNum + _ = _2_seqNum + var _3_encContent _dafny.Sequence = _source0.Get_().(m_Frames.Frame_FinalFrame).EncContent + _ = _3_encContent + return _dafny.TupleOf(_2_seqNum, Companion_BodyAADContent_.Create_AADFinalFrame_(), uint64((_3_encContent).Cardinality())) + } + } + { + var _4_encContent _dafny.Sequence = _source0.Get_().(m_Frames.Frame_NonFramed).EncContent + _ = _4_encContent + return _dafny.TupleOf(Companion_Default___.NONFRAMED__SEQUENCE__NUMBER(), Companion_BodyAADContent_.Create_AADSingleBlock_(), uint64((_4_encContent).Cardinality())) + } + }() + _ = _let_tmp_rhs0 + var _5_sequenceNumber uint32 = (*(_let_tmp_rhs0).IndexInt(0)).(uint32) + _ = _5_sequenceNumber + var _6_bc BodyAADContent = (*(_let_tmp_rhs0).IndexInt(1)).(BodyAADContent) + _ = _6_bc + var _7_length uint64 = (*(_let_tmp_rhs0).IndexInt(2)).(uint64) + _ = _7_length + return Companion_Default___.BodyAAD((((frame).Dtor_header()).Dtor_body()).Dtor_messageId(), _6_bc, _5_sequenceNumber, _7_length) +} +func (_static *CompanionStruct_Default___) BodyAAD(messageID _dafny.Sequence, bc BodyAADContent, sequenceNumber uint32, length uint64) _dafny.Sequence { + var _0_contentAAD m_Wrappers.Result = m_UTF8.Encode(Companion_Default___.BodyAADContentTypeString(bc)) + _ = _0_contentAAD + return _dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(messageID, (_0_contentAAD).Dtor_value().(_dafny.Sequence)), m_StandardLibrary_UInt.Companion_Default___.UInt32ToSeq(sequenceNumber)), m_StandardLibrary_UInt.Companion_Default___.UInt64ToSeq(length)) +} +func (_static *CompanionStruct_Default___) WriteFramedMessageBody(body FramedMessageBody) _dafny.Sequence { + return _dafny.Companion_Sequence_.Concatenate(Companion_Default___.WriteMessageRegularFrames((body).Dtor_regularFrames()), m_Frames.Companion_Default___.WriteFinalFrame((body).Dtor_finalFrame())) +} +func (_static *CompanionStruct_Default___) WriteMessageRegularFrames(frames _dafny.Sequence) _dafny.Sequence { + var _0___accumulator _dafny.Sequence = _dafny.SeqOf() + _ = _0___accumulator + goto TAIL_CALL_START +TAIL_CALL_START: + if (_dafny.IntOfUint32((frames).Cardinality())).Sign() == 0 { + return _dafny.Companion_Sequence_.Concatenate(_dafny.SeqOf(), _0___accumulator) + } else { + _0___accumulator = _dafny.Companion_Sequence_.Concatenate(m_Frames.Companion_Default___.WriteRegularFrame(m_Seq.Companion_Default___.Last(frames).(m_Frames.Frame)), _0___accumulator) + var _in0 _dafny.Sequence = m_Seq.Companion_Default___.DropLast(frames) + _ = _in0 + frames = _in0 + goto TAIL_CALL_START + } +} +func (_static *CompanionStruct_Default___) ReadFramedMessageBody(buffer m_SerializeFunctions.ReadableBuffer, header m_Header.HeaderInfo, regularFrames _dafny.Sequence, continuation m_SerializeFunctions.ReadableBuffer) m_Wrappers.Result { + goto TAIL_CALL_START +TAIL_CALL_START: + var _0_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadUInt32(continuation) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _1_sequenceNumber m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _1_sequenceNumber + if ((_1_sequenceNumber).Dtor_data().(uint32)) != (Companion_Default___.ENDFRAME__SEQUENCE__NUMBER()) /* dircomp */ { + var _2_valueOrError1 m_Wrappers.Result = m_Frames.Companion_Default___.ReadRegularFrame(continuation, header) + _ = _2_valueOrError1 + if (_2_valueOrError1).IsFailure() { + return (_2_valueOrError1).PropagateFailure() + } else { + var _3_regularFrame m_SerializeFunctions.SuccessfulRead = (_2_valueOrError1).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _3_regularFrame + var _4_valueOrError2 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need((_dafny.IntOfUint32(((_3_regularFrame).Dtor_data().(m_Frames.Frame)).Dtor_seqNum())).Cmp((_dafny.IntOfUint32((regularFrames).Cardinality())).Plus(_dafny.One)) == 0, m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Sequence number out of order."))) + _ = _4_valueOrError2 + if (_4_valueOrError2).IsFailure() { + return (_4_valueOrError2).PropagateFailure() + } else { + var _5_nextRegularFrames _dafny.Sequence = _dafny.Companion_Sequence_.Concatenate(regularFrames, _dafny.SeqOf((_3_regularFrame).Dtor_data().(m_Frames.Frame))) + _ = _5_nextRegularFrames + var _in0 m_SerializeFunctions.ReadableBuffer = buffer + _ = _in0 + var _in1 m_Header.HeaderInfo = header + _ = _in1 + var _in2 _dafny.Sequence = _5_nextRegularFrames + _ = _in2 + var _in3 m_SerializeFunctions.ReadableBuffer = (_3_regularFrame).Dtor_tail() + _ = _in3 + buffer = _in0 + header = _in1 + regularFrames = _in2 + continuation = _in3 + goto TAIL_CALL_START + } + } + } else { + var _6_valueOrError3 m_Wrappers.Result = m_Frames.Companion_Default___.ReadFinalFrame(continuation, header) + _ = _6_valueOrError3 + if (_6_valueOrError3).IsFailure() { + return (_6_valueOrError3).PropagateFailure() + } else { + var _7_finalFrame m_SerializeFunctions.SuccessfulRead = (_6_valueOrError3).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _7_finalFrame + var _8_valueOrError4 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need((_dafny.IntOfUint32(((_7_finalFrame).Dtor_data().(m_Frames.Frame)).Dtor_seqNum())).Cmp((_dafny.IntOfUint32((regularFrames).Cardinality())).Plus(_dafny.One)) == 0, m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Sequence number out of order."))) + _ = _8_valueOrError4 + if (_8_valueOrError4).IsFailure() { + return (_8_valueOrError4).PropagateFailure() + } else { + var _9_body FramedMessageBody = Companion_FramedMessageBody_.Create_FramedMessageBody_(regularFrames, (_7_finalFrame).Dtor_data().(m_Frames.Frame)) + _ = _9_body + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_9_body, (_7_finalFrame).Dtor_tail())) + } + } + } + } +} +func (_static *CompanionStruct_Default___) ReadNonFramedMessageBody(buffer m_SerializeFunctions.ReadableBuffer, header m_Header.HeaderInfo) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_Frames.Companion_Default___.ReadNonFrame(buffer, header) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _1_block m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _1_block + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_((_1_block).Dtor_data().(m_Frames.Frame), (_1_block).Dtor_tail())) + } +} +func (_static *CompanionStruct_Default___) BODY__AAD__CONTENT__REGULAR__FRAME() _dafny.Sequence { + return _dafny.SeqOfString("AWSKMSEncryptionClient Frame") +} +func (_static *CompanionStruct_Default___) BODY__AAD__CONTENT__FINAL__FRAME() _dafny.Sequence { + return _dafny.SeqOfString("AWSKMSEncryptionClient Final Frame") +} +func (_static *CompanionStruct_Default___) BODY__AAD__CONTENT__SINGLE__BLOCK() _dafny.Sequence { + return _dafny.SeqOfString("AWSKMSEncryptionClient Single Block") +} +func (_static *CompanionStruct_Default___) ENDFRAME__SEQUENCE__NUMBER() uint32 { + return m_Frames.Companion_Default___.ENDFRAME__SEQUENCE__NUMBER() +} +func (_static *CompanionStruct_Default___) START__SEQUENCE__NUMBER() uint32 { + return m_Frames.Companion_Default___.START__SEQUENCE__NUMBER() +} +func (_static *CompanionStruct_Default___) NONFRAMED__SEQUENCE__NUMBER() uint32 { + return m_Frames.Companion_Default___.NONFRAMED__SEQUENCE__NUMBER() +} + +// End of class Default__ + +// Definition of datatype BodyAADContent +type BodyAADContent struct { + Data_BodyAADContent_ +} + +func (_this BodyAADContent) Get_() Data_BodyAADContent_ { + return _this.Data_BodyAADContent_ +} + +type Data_BodyAADContent_ interface { + isBodyAADContent() +} + +type CompanionStruct_BodyAADContent_ struct { +} + +var Companion_BodyAADContent_ = CompanionStruct_BodyAADContent_{} + +type BodyAADContent_AADRegularFrame struct { +} + +func (BodyAADContent_AADRegularFrame) isBodyAADContent() {} + +func (CompanionStruct_BodyAADContent_) Create_AADRegularFrame_() BodyAADContent { + return BodyAADContent{BodyAADContent_AADRegularFrame{}} +} + +func (_this BodyAADContent) Is_AADRegularFrame() bool { + _, ok := _this.Get_().(BodyAADContent_AADRegularFrame) + return ok +} + +type BodyAADContent_AADFinalFrame struct { +} + +func (BodyAADContent_AADFinalFrame) isBodyAADContent() {} + +func (CompanionStruct_BodyAADContent_) Create_AADFinalFrame_() BodyAADContent { + return BodyAADContent{BodyAADContent_AADFinalFrame{}} +} + +func (_this BodyAADContent) Is_AADFinalFrame() bool { + _, ok := _this.Get_().(BodyAADContent_AADFinalFrame) + return ok +} + +type BodyAADContent_AADSingleBlock struct { +} + +func (BodyAADContent_AADSingleBlock) isBodyAADContent() {} + +func (CompanionStruct_BodyAADContent_) Create_AADSingleBlock_() BodyAADContent { + return BodyAADContent{BodyAADContent_AADSingleBlock{}} +} + +func (_this BodyAADContent) Is_AADSingleBlock() bool { + _, ok := _this.Get_().(BodyAADContent_AADSingleBlock) + return ok +} + +func (CompanionStruct_BodyAADContent_) Default() BodyAADContent { + return Companion_BodyAADContent_.Create_AADRegularFrame_() +} + +func (_ CompanionStruct_BodyAADContent_) AllSingletonConstructors() _dafny.Iterator { + i := -1 + return func() (interface{}, bool) { + i++ + switch i { + case 0: + return Companion_BodyAADContent_.Create_AADRegularFrame_(), true + case 1: + return Companion_BodyAADContent_.Create_AADFinalFrame_(), true + case 2: + return Companion_BodyAADContent_.Create_AADSingleBlock_(), true + default: + return BodyAADContent{}, false + } + } +} + +func (_this BodyAADContent) String() string { + switch _this.Get_().(type) { + case nil: + return "null" + case BodyAADContent_AADRegularFrame: + { + return "MessageBody.BodyAADContent.AADRegularFrame" + } + case BodyAADContent_AADFinalFrame: + { + return "MessageBody.BodyAADContent.AADFinalFrame" + } + case BodyAADContent_AADSingleBlock: + { + return "MessageBody.BodyAADContent.AADSingleBlock" + } + default: + { + return "" + } + } +} + +func (_this BodyAADContent) Equals(other BodyAADContent) bool { + switch _this.Get_().(type) { + case BodyAADContent_AADRegularFrame: + { + _, ok := other.Get_().(BodyAADContent_AADRegularFrame) + return ok + } + case BodyAADContent_AADFinalFrame: + { + _, ok := other.Get_().(BodyAADContent_AADFinalFrame) + return ok + } + case BodyAADContent_AADSingleBlock: + { + _, ok := other.Get_().(BodyAADContent_AADSingleBlock) + return ok + } + default: + { + return false // unexpected + } + } +} + +func (_this BodyAADContent) EqualsGeneric(other interface{}) bool { + typed, ok := other.(BodyAADContent) + return ok && _this.Equals(typed) +} + +func Type_BodyAADContent_() _dafny.TypeDescriptor { + return type_BodyAADContent_{} +} + +type type_BodyAADContent_ struct { +} + +func (_this type_BodyAADContent_) Default() interface{} { + return Companion_BodyAADContent_.Default() +} + +func (_this type_BodyAADContent_) String() string { + return "MessageBody.BodyAADContent" +} +func (_this BodyAADContent) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = BodyAADContent{} + +// End of datatype BodyAADContent + +// Definition of class MessageRegularFrames +type MessageRegularFrames struct { +} + +func New_MessageRegularFrames_() *MessageRegularFrames { + _this := MessageRegularFrames{} + + return &_this +} + +type CompanionStruct_MessageRegularFrames_ struct { +} + +var Companion_MessageRegularFrames_ = CompanionStruct_MessageRegularFrames_{} + +func (*MessageRegularFrames) String() string { + return "MessageBody.MessageRegularFrames" +} + +// End of class MessageRegularFrames + +func Type_MessageRegularFrames_() _dafny.TypeDescriptor { + return type_MessageRegularFrames_{} +} + +type type_MessageRegularFrames_ struct { +} + +func (_this type_MessageRegularFrames_) Default() interface{} { + return _dafny.EmptySeq +} + +func (_this type_MessageRegularFrames_) String() string { + return "MessageBody.MessageRegularFrames" +} + +// Definition of datatype FramedMessageBody +type FramedMessageBody struct { + Data_FramedMessageBody_ +} + +func (_this FramedMessageBody) Get_() Data_FramedMessageBody_ { + return _this.Data_FramedMessageBody_ +} + +type Data_FramedMessageBody_ interface { + isFramedMessageBody() +} + +type CompanionStruct_FramedMessageBody_ struct { +} + +var Companion_FramedMessageBody_ = CompanionStruct_FramedMessageBody_{} + +type FramedMessageBody_FramedMessageBody struct { + RegularFrames _dafny.Sequence + FinalFrame m_Frames.Frame +} + +func (FramedMessageBody_FramedMessageBody) isFramedMessageBody() {} + +func (CompanionStruct_FramedMessageBody_) Create_FramedMessageBody_(RegularFrames _dafny.Sequence, FinalFrame m_Frames.Frame) FramedMessageBody { + return FramedMessageBody{FramedMessageBody_FramedMessageBody{RegularFrames, FinalFrame}} +} + +func (_this FramedMessageBody) Is_FramedMessageBody() bool { + _, ok := _this.Get_().(FramedMessageBody_FramedMessageBody) + return ok +} + +func (CompanionStruct_FramedMessageBody_) Default() FramedMessageBody { + return Companion_FramedMessageBody_.Create_FramedMessageBody_(_dafny.EmptySeq, m_Frames.Companion_Frame_.Default()) +} + +func (_this FramedMessageBody) Dtor_regularFrames() _dafny.Sequence { + return _this.Get_().(FramedMessageBody_FramedMessageBody).RegularFrames +} + +func (_this FramedMessageBody) Dtor_finalFrame() m_Frames.Frame { + return _this.Get_().(FramedMessageBody_FramedMessageBody).FinalFrame +} + +func (_this FramedMessageBody) String() string { + switch data := _this.Get_().(type) { + case nil: + return "null" + case FramedMessageBody_FramedMessageBody: + { + return "MessageBody.FramedMessageBody.FramedMessageBody" + "(" + _dafny.String(data.RegularFrames) + ", " + _dafny.String(data.FinalFrame) + ")" + } + default: + { + return "" + } + } +} + +func (_this FramedMessageBody) Equals(other FramedMessageBody) bool { + switch data1 := _this.Get_().(type) { + case FramedMessageBody_FramedMessageBody: + { + data2, ok := other.Get_().(FramedMessageBody_FramedMessageBody) + return ok && data1.RegularFrames.Equals(data2.RegularFrames) && data1.FinalFrame.Equals(data2.FinalFrame) + } + default: + { + return false // unexpected + } + } +} + +func (_this FramedMessageBody) EqualsGeneric(other interface{}) bool { + typed, ok := other.(FramedMessageBody) + return ok && _this.Equals(typed) +} + +func Type_FramedMessageBody_() _dafny.TypeDescriptor { + return type_FramedMessageBody_{} +} + +type type_FramedMessageBody_ struct { +} + +func (_this type_FramedMessageBody_) Default() interface{} { + return Companion_FramedMessageBody_.Default() +} + +func (_this type_FramedMessageBody_) String() string { + return "MessageBody.FramedMessageBody" +} +func (_this FramedMessageBody) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = FramedMessageBody{} + +// End of datatype FramedMessageBody + +// Definition of class FramedMessage +type FramedMessage struct { +} + +func New_FramedMessage_() *FramedMessage { + _this := FramedMessage{} + + return &_this +} + +type CompanionStruct_FramedMessage_ struct { +} + +var Companion_FramedMessage_ = CompanionStruct_FramedMessage_{} + +func (*FramedMessage) String() string { + return "MessageBody.FramedMessage" +} + +// End of class FramedMessage + +func Type_FramedMessage_() _dafny.TypeDescriptor { + return type_FramedMessage_{} +} + +type type_FramedMessage_ struct { +} + +func (_this type_FramedMessage_) Default() interface{} { + return Companion_FramedMessageBody_.Default() +} + +func (_this type_FramedMessage_) String() string { + return "MessageBody.FramedMessage" +} + +// Definition of class MessageFrame +type MessageFrame struct { +} + +func New_MessageFrame_() *MessageFrame { + _this := MessageFrame{} + + return &_this +} + +type CompanionStruct_MessageFrame_ struct { +} + +var Companion_MessageFrame_ = CompanionStruct_MessageFrame_{} + +func (*MessageFrame) String() string { + return "MessageBody.MessageFrame" +} + +// End of class MessageFrame + +func Type_MessageFrame_() _dafny.TypeDescriptor { + return type_MessageFrame_{} +} + +type type_MessageFrame_ struct { +} + +func (_this type_MessageFrame_) Default() interface{} { + return m_Frames.Companion_Frame_.Default() +} + +func (_this type_MessageFrame_) String() string { + return "MessageBody.MessageFrame" +} + +// Definition of class Frame +type Frame struct { +} + +func New_Frame_() *Frame { + _this := Frame{} + + return &_this +} + +type CompanionStruct_Frame_ struct { +} + +var Companion_Frame_ = CompanionStruct_Frame_{} + +func (*Frame) String() string { + return "MessageBody.Frame" +} + +// End of class Frame + +func Type_Frame_() _dafny.TypeDescriptor { + return type_Frame_{} +} + +type type_Frame_ struct { +} + +func (_this type_Frame_) Default() interface{} { + return m_Frames.Companion_Frame_.Default() +} + +func (_this type_Frame_) String() string { + return "MessageBody.Frame" +} diff --git a/releases/go/encryption-sdk/README.md b/releases/go/encryption-sdk/README.md new file mode 100644 index 000000000..38465be36 --- /dev/null +++ b/releases/go/encryption-sdk/README.md @@ -0,0 +1,27 @@ +# AWS Encryption SDK for Go + + +This is the official AWS Encryption SDK for Go. + +## [CHANGELOG](https://github.com/aws/aws-encryption-sdk/blob/mainline/AwsEncryptionSDK/releases/go/encryption-sdk/CHANGELOG.md) + +## Overview + +The AWS Encryption SDK enables secure client-side encryption. It uses cryptography best practices to protect your data and protect the encryption keys that protect your data. Each data object is protected with a unique data encryption key, and the data encryption key is protected with a key encryption key called a wrapping key. The encryption method returns a single, portable [encrypted message](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html) that contains the encrypted data and the encrypted data key, so you don't need to keep track of the data encryption keys for your data. You can use KMS keys in [AWS Key Management Service](https://aws.amazon.com/kms/) (AWS KMS) as wrapping keys. The AWS Encryption SDK also provides APIs to define and use encryption keys from other key providers. + +For more details about the design and architecture of the AWS Encryption SDK, see the [AWS Encryption SDK Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). + +## Installation + +`go get github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk@latest` + + +## Examples for AWS Encryption SDK in Go + +Please look at the Examples on how to use the Encryption SDK in Go [here](https://github.com/aws/aws-encryption-sdk/tree/mainline/releases/go/encryption-sdk/examples). + +Please note that some examples MAY require internet access and valid AWS credentials, since calls to KMS are made. + +## License + +This library is licensed under the Apache 2.0 License. diff --git a/releases/go/encryption-sdk/SerializableTypes/SerializableTypes.go b/releases/go/encryption-sdk/SerializableTypes/SerializableTypes.go new file mode 100644 index 000000000..89241fdfb --- /dev/null +++ b/releases/go/encryption-sdk/SerializableTypes/SerializableTypes.go @@ -0,0 +1,588 @@ +// Package SerializableTypes +// Dafny module SerializableTypes compiled into Go + +package SerializableTypes + +import ( + os "os" + + m_ComAmazonawsDynamodbTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/ComAmazonawsDynamodbTypes" + m_Com_Amazonaws_Dynamodb "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/Com_Amazonaws_Dynamodb" + m_ComAmazonawsKmsTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/ComAmazonawsKmsTypes" + m_Com_Amazonaws_Kms "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/Com_Amazonaws_Kms" + m_AlgorithmSuites "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AlgorithmSuites" + m_AwsArnParsing "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsArnParsing" + m_AwsCryptographyKeyStoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreOperations" + m_AwsCryptographyKeyStoreTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreTypes" + m_AwsCryptographyMaterialProvidersOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersOperations" + m_AwsCryptographyMaterialProvidersTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + m_AwsKmsDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsDiscoveryKeyring" + m_AwsKmsEcdhKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsEcdhKeyring" + m_AwsKmsHierarchicalKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsHierarchicalKeyring" + m_AwsKmsKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsKeyring" + m_AwsKmsMrkAreUnique "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkAreUnique" + m_AwsKmsMrkDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkDiscoveryKeyring" + m_AwsKmsMrkKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkKeyring" + m_AwsKmsMrkMatchForDecrypt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkMatchForDecrypt" + m_AwsKmsRsaKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsRsaKeyring" + m_AwsKmsUtils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsUtils" + m_CMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CMM" + m_CacheConstants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CacheConstants" + m_CanonicalEncryptionContext "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CanonicalEncryptionContext" + m_Commitment "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Commitment" + m_Constants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Constants" + m_CreateKeyStoreTable "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeyStoreTable" + m_CreateKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeys" + m_DDBKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DDBKeystoreOperations" + m_DefaultCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultCMM" + m_DefaultClientSupplier "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultClientSupplier" + m_Defaults "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Defaults" + m_DiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DiscoveryMultiKeyring" + m_EcdhEdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EcdhEdkWrapping" + m_EdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EdkWrapping" + m_ErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/ErrorMessages" + m_GetKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/GetKeys" + m_IntermediateKeyWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/IntermediateKeyWrapping" + m_KMSKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KMSKeystoreOperations" + m_KeyStore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStore" + m_KeyStoreErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStoreErrorMessages" + m_Keyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Keyring" + m_KmsArn "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KmsArn" + m_LocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/LocalCMC" + m_MaterialProviders "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialProviders" + m_MaterialWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialWrapping" + m_Materials "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Materials" + m_MrkAwareDiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareDiscoveryMultiKeyring" + m_MrkAwareStrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareStrictMultiKeyring" + m_MultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MultiKeyring" + m_RawAESKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawAESKeyring" + m_RawECDHKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawECDHKeyring" + m_RawRSAKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawRSAKeyring" + m_RequiredEncryptionContextCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RequiredEncryptionContextCMM" + m_StormTracker "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTracker" + m_StormTrackingCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTrackingCMC" + m_StrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StrictMultiKeyring" + m_Structure "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Structure" + m_SynchronizedLocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/SynchronizedLocalCMC" + m_Utils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Utils" + m_AtomicPrimitives "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AtomicPrimitives" + m_AwsCryptographyPrimitivesOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesOperations" + m_AwsCryptographyPrimitivesTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesTypes" + m_Digest "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Digest" + m_HKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/HKDF" + m_KdfCtr "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/KdfCtr" + m_Random "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Random" + m_WrappedHKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHKDF" + m_WrappedHMAC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHMAC" + m_Actions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Actions" + m_Base64 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64" + m_Base64Lemmas "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64Lemmas" + m_BoundedInts "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/BoundedInts" + m_DivInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternals" + m_DivInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternalsNonlinear" + m_DivMod "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivMod" + m_FileIO "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FileIO" + m_FloatCompare "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FloatCompare" + m_Functions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Functions" + m_GeneralInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GeneralInternals" + m_GetOpt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GetOpt" + m_HexStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/HexStrings" + m_Logarithm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Logarithm" + m__Math "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Math_" + m_ModInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternals" + m_ModInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternalsNonlinear" + m_Mul "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Mul" + m_MulInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternals" + m_MulInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternalsNonlinear" + m_Power "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Power" + m_Relations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Relations" + m_Seq "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq" + m_Seq_MergeSort "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq_MergeSort" + m_SortedSets "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/SortedSets" + m_Sorting "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Sorting" + m_StandardLibrary "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary" + m_StandardLibraryInterop "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibraryInterop" + m_StandardLibrary_Sequence "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_Sequence" + m_StandardLibrary_String "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_String" + m_StandardLibrary_UInt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_UInt" + m_Streams "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Streams" + m_UTF8 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UTF8" + m_UnicodeStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UnicodeStrings" + m__Unicode "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Unicode_" + m_Utf16EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf16EncodingForm" + m_Utf8EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf8EncodingForm" + m_Wrappers "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + m_AwsCryptographyEncryptionSdkTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + m__System "github.com/dafny-lang/DafnyRuntimeGo/v4/System_" + _dafny "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +var _ = os.Args +var _ _dafny.Dummy__ +var _ m__System.Dummy__ +var _ m_Wrappers.Dummy__ +var _ m_BoundedInts.Dummy__ +var _ m_StandardLibrary_UInt.Dummy__ +var _ m_StandardLibrary_Sequence.Dummy__ +var _ m_StandardLibrary_String.Dummy__ +var _ m_StandardLibrary.Dummy__ +var _ m_AwsCryptographyPrimitivesTypes.Dummy__ +var _ m_Random.Dummy__ +var _ m_Digest.Dummy__ +var _ m_WrappedHMAC.Dummy__ +var _ m_HKDF.Dummy__ +var _ m_WrappedHKDF.Dummy__ +var _ m_KdfCtr.Dummy__ +var _ m_AwsCryptographyPrimitivesOperations.Dummy__ +var _ m_AtomicPrimitives.Dummy__ +var _ m_ComAmazonawsDynamodbTypes.Dummy__ +var _ m_ComAmazonawsKmsTypes.Dummy__ +var _ m_AwsCryptographyKeyStoreTypes.Dummy__ +var _ m_AwsCryptographyMaterialProvidersTypes.Dummy__ +var _ m_Base64.Dummy__ +var _ m_AlgorithmSuites.Dummy__ +var _ m_Materials.Dummy__ +var _ m_Keyring.Dummy__ +var _ m_Relations.Dummy__ +var _ m_Seq_MergeSort.Dummy__ +var _ m__Math.Dummy__ +var _ m_Seq.Dummy__ +var _ m_MultiKeyring.Dummy__ +var _ m_AwsArnParsing.Dummy__ +var _ m_AwsKmsMrkAreUnique.Dummy__ +var _ m_Actions.Dummy__ +var _ m_AwsKmsMrkMatchForDecrypt.Dummy__ +var _ m_AwsKmsUtils.Dummy__ +var _ m_Constants.Dummy__ +var _ m_MaterialWrapping.Dummy__ +var _ m_CanonicalEncryptionContext.Dummy__ +var _ m_IntermediateKeyWrapping.Dummy__ +var _ m_EdkWrapping.Dummy__ +var _ m_ErrorMessages.Dummy__ +var _ m_AwsKmsKeyring.Dummy__ +var _ m_StrictMultiKeyring.Dummy__ +var _ m_AwsKmsDiscoveryKeyring.Dummy__ +var _ m_Com_Amazonaws_Kms.Dummy__ +var _ m_Com_Amazonaws_Dynamodb.Dummy__ +var _ m_DiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkDiscoveryKeyring.Dummy__ +var _ m_MrkAwareDiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkKeyring.Dummy__ +var _ m_MrkAwareStrictMultiKeyring.Dummy__ +var _ m_LocalCMC.Dummy__ +var _ m_SynchronizedLocalCMC.Dummy__ +var _ m_StormTracker.Dummy__ +var _ m_StormTrackingCMC.Dummy__ +var _ m_CacheConstants.Dummy__ +var _ m_AwsKmsHierarchicalKeyring.Dummy__ +var _ m_AwsKmsRsaKeyring.Dummy__ +var _ m_EcdhEdkWrapping.Dummy__ +var _ m_RawECDHKeyring.Dummy__ +var _ m_AwsKmsEcdhKeyring.Dummy__ +var _ m_RawAESKeyring.Dummy__ +var _ m_RawRSAKeyring.Dummy__ +var _ m_CMM.Dummy__ +var _ m_Defaults.Dummy__ +var _ m_Commitment.Dummy__ +var _ m_DefaultCMM.Dummy__ +var _ m_DefaultClientSupplier.Dummy__ +var _ m_Utils.Dummy__ +var _ m_RequiredEncryptionContextCMM.Dummy__ +var _ m_AwsCryptographyMaterialProvidersOperations.Dummy__ +var _ m_MaterialProviders.Dummy__ +var _ m_KeyStoreErrorMessages.Dummy__ +var _ m_KmsArn.Dummy__ +var _ m_Structure.Dummy__ +var _ m_KMSKeystoreOperations.Dummy__ +var _ m_DDBKeystoreOperations.Dummy__ +var _ m_CreateKeys.Dummy__ +var _ m_CreateKeyStoreTable.Dummy__ +var _ m_GetKeys.Dummy__ +var _ m_AwsCryptographyKeyStoreOperations.Dummy__ +var _ m_KeyStore.Dummy__ +var _ m__Unicode.Dummy__ +var _ m_Functions.Dummy__ +var _ m_Utf8EncodingForm.Dummy__ +var _ m_Utf16EncodingForm.Dummy__ +var _ m_UnicodeStrings.Dummy__ +var _ m_FileIO.Dummy__ +var _ m_GeneralInternals.Dummy__ +var _ m_MulInternalsNonlinear.Dummy__ +var _ m_MulInternals.Dummy__ +var _ m_Mul.Dummy__ +var _ m_ModInternalsNonlinear.Dummy__ +var _ m_DivInternalsNonlinear.Dummy__ +var _ m_ModInternals.Dummy__ +var _ m_DivInternals.Dummy__ +var _ m_DivMod.Dummy__ +var _ m_Power.Dummy__ +var _ m_Logarithm.Dummy__ +var _ m_StandardLibraryInterop.Dummy__ +var _ m_Streams.Dummy__ +var _ m_Sorting.Dummy__ +var _ m_HexStrings.Dummy__ +var _ m_GetOpt.Dummy__ +var _ m_FloatCompare.Dummy__ +var _ m_Base64Lemmas.Dummy__ +var _ m_AwsCryptographyEncryptionSdkTypes.Dummy__ + +type Dummy__ struct{} + +// Definition of class Default__ +type Default__ struct { + dummy byte +} + +func New_Default___() *Default__ { + _this := Default__{} + + return &_this +} + +type CompanionStruct_Default___ struct { +} + +var Companion_Default___ = CompanionStruct_Default___{} + +func (_this *Default__) Equals(other *Default__) bool { + return _this == other +} + +func (_this *Default__) EqualsGeneric(x interface{}) bool { + other, ok := x.(*Default__) + return ok && _this.Equals(other) +} + +func (*Default__) String() string { + return "SerializableTypes.Default__" +} +func (_this *Default__) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = &Default__{} + +func (_static *CompanionStruct_Default___) IsESDKEncryptedDataKey(edk m_AwsCryptographyMaterialProvidersTypes.EncryptedDataKey) bool { + return (((m_StandardLibrary_UInt.Companion_Default___.HasUint16Len((edk).Dtor_keyProviderId())) && (m_UTF8.Companion_Default___.ValidUTF8Seq((edk).Dtor_keyProviderId()))) && (m_StandardLibrary_UInt.Companion_Default___.HasUint16Len((edk).Dtor_keyProviderInfo()))) && (m_StandardLibrary_UInt.Companion_Default___.HasUint16Len((edk).Dtor_ciphertext())) +} +func (_static *CompanionStruct_Default___) IsESDKEncryptionContext(ec _dafny.Map) bool { + return ((((ec).Cardinality()).Cmp(m_StandardLibrary_UInt.Companion_Default___.UINT16__LIMIT()) < 0) && ((Companion_Default___.Length(ec)).Cmp(Companion_Default___.ESDK__CANONICAL__ENCRYPTION__CONTEXT__MAX__LENGTH()) < 0)) && (_dafny.Quantifier(((_dafny.MultiSetFromSet((ec).Keys())).Union(_dafny.MultiSetFromSet((ec).Values()))).UniqueElements(), true, func(_forall_var_0 _dafny.Sequence) bool { + var _0_element _dafny.Sequence + _0_element = interface{}(_forall_var_0).(_dafny.Sequence) + if m_UTF8.Companion_ValidUTF8Bytes_.Is_(_0_element) { + return !(((_dafny.MultiSetFromSet((ec).Keys())).Union(_dafny.MultiSetFromSet((ec).Values()))).Contains(_0_element)) || ((m_StandardLibrary_UInt.Companion_Default___.HasUint16Len(_0_element)) && (m_UTF8.Companion_Default___.ValidUTF8Seq(_0_element))) + } else { + return true + } + })) +} +func (_static *CompanionStruct_Default___) GetIvLength(a m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo) uint8 { + var _source0 m_AwsCryptographyMaterialProvidersTypes.Encrypt = (a).Dtor_encrypt() + _ = _source0 + { + var _0_e m_AwsCryptographyPrimitivesTypes.AES__GCM = _source0.Get_().(m_AwsCryptographyMaterialProvidersTypes.Encrypt_AES__GCM).AES__GCM + _ = _0_e + return uint8((_0_e).Dtor_ivLength()) + } +} +func (_static *CompanionStruct_Default___) GetTagLength(a m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo) uint8 { + var _source0 m_AwsCryptographyMaterialProvidersTypes.Encrypt = (a).Dtor_encrypt() + _ = _source0 + { + var _0_e m_AwsCryptographyPrimitivesTypes.AES__GCM = _source0.Get_().(m_AwsCryptographyMaterialProvidersTypes.Encrypt_AES__GCM).AES__GCM + _ = _0_e + return uint8((_0_e).Dtor_tagLength()) + } +} +func (_static *CompanionStruct_Default___) GetEncryptKeyLength(a m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo) int32 { + var _source0 m_AwsCryptographyMaterialProvidersTypes.Encrypt = (a).Dtor_encrypt() + _ = _source0 + { + var _0_e m_AwsCryptographyPrimitivesTypes.AES__GCM = _source0.Get_().(m_AwsCryptographyMaterialProvidersTypes.Encrypt_AES__GCM).AES__GCM + _ = _0_e + return (_0_e).Dtor_keyLength() + } +} +func (_static *CompanionStruct_Default___) Length(encryptionContext _dafny.Map) _dafny.Int { + if ((encryptionContext).Cardinality()).Sign() == 0 { + return _dafny.Zero + } else { + var _0_pairs _dafny.Sequence = Companion_Default___.GetCanonicalLinearPairs(encryptionContext) + _ = _0_pairs + return Companion_Default___.LinearLength(_0_pairs) + } +} +func (_static *CompanionStruct_Default___) GetCanonicalLinearPairs(encryptionContext _dafny.Map) _dafny.Sequence { + var _0_keys _dafny.Sequence = m_SortedSets.SetToOrderedSequence2((encryptionContext).Keys(), func(coer0 func(uint8, uint8) bool) func(interface{}, interface{}) bool { + return func(arg0 interface{}, arg1 interface{}) bool { + return coer0(arg0.(uint8), arg1.(uint8)) + } + }(m_StandardLibrary_UInt.Companion_Default___.UInt8Less)) + _ = _0_keys + return _dafny.SeqCreate((_dafny.IntOfUint32((_0_keys).Cardinality())).Uint32(), func(coer1 func(_dafny.Int) Pair) func(_dafny.Int) interface{} { + return func(arg2 _dafny.Int) interface{} { + return coer1(arg2) + } + }((func(_1_keys _dafny.Sequence, _2_encryptionContext _dafny.Map) func(_dafny.Int) Pair { + return func(_3_i _dafny.Int) Pair { + return Companion_Pair_.Create_Pair_((_1_keys).Select((_3_i).Uint32()).(_dafny.Sequence), (_2_encryptionContext).Get((_1_keys).Select((_3_i).Uint32()).(_dafny.Sequence)).(_dafny.Sequence)) + } + })(_0_keys, encryptionContext))) +} +func (_static *CompanionStruct_Default___) LinearLength(pairs _dafny.Sequence) _dafny.Int { + var _0___accumulator _dafny.Int = _dafny.Zero + _ = _0___accumulator + goto TAIL_CALL_START +TAIL_CALL_START: + if (_dafny.IntOfUint32((pairs).Cardinality())).Sign() == 0 { + return (_dafny.Zero).Plus(_0___accumulator) + } else { + _0___accumulator = (Companion_Default___.PairLength(m_Seq.Companion_Default___.Last(pairs).(Pair))).Plus(_0___accumulator) + var _in0 _dafny.Sequence = m_Seq.Companion_Default___.DropLast(pairs) + _ = _in0 + pairs = _in0 + goto TAIL_CALL_START + } +} +func (_static *CompanionStruct_Default___) PairLength(pair Pair) _dafny.Int { + return (((_dafny.IntOfInt64(2)).Plus(_dafny.IntOfUint32(((pair).Dtor_key().(_dafny.Sequence)).Cardinality()))).Plus(_dafny.IntOfInt64(2))).Plus(_dafny.IntOfUint32(((pair).Dtor_value().(_dafny.Sequence)).Cardinality())) +} +func (_static *CompanionStruct_Default___) ESDK__CANONICAL__ENCRYPTION__CONTEXT__MAX__LENGTH() _dafny.Int { + return (m_StandardLibrary_UInt.Companion_Default___.UINT16__LIMIT()).Minus(_dafny.IntOfInt64(2)) +} + +// End of class Default__ + +// Definition of class ShortUTF8Seq +type ShortUTF8Seq struct { +} + +func New_ShortUTF8Seq_() *ShortUTF8Seq { + _this := ShortUTF8Seq{} + + return &_this +} + +type CompanionStruct_ShortUTF8Seq_ struct { +} + +var Companion_ShortUTF8Seq_ = CompanionStruct_ShortUTF8Seq_{} + +func (*ShortUTF8Seq) String() string { + return "SerializableTypes.ShortUTF8Seq" +} + +// End of class ShortUTF8Seq + +func Type_ShortUTF8Seq_() _dafny.TypeDescriptor { + return type_ShortUTF8Seq_{} +} + +type type_ShortUTF8Seq_ struct { +} + +func (_this type_ShortUTF8Seq_) Default() interface{} { + return m_UTF8.Companion_ValidUTF8Bytes_.Witness() +} + +func (_this type_ShortUTF8Seq_) String() string { + return "SerializableTypes.ShortUTF8Seq" +} +func (_this *CompanionStruct_ShortUTF8Seq_) Is_(__source _dafny.Sequence) bool { + var _0_s _dafny.Sequence = (__source) + _ = _0_s + if m_UTF8.Companion_ValidUTF8Bytes_.Is_(_0_s) { + return m_StandardLibrary_UInt.Companion_Default___.HasUint16Len(_0_s) + } + return false +} + +// Definition of datatype Pair +type Pair struct { + Data_Pair_ +} + +func (_this Pair) Get_() Data_Pair_ { + return _this.Data_Pair_ +} + +type Data_Pair_ interface { + isPair() +} + +type CompanionStruct_Pair_ struct { +} + +var Companion_Pair_ = CompanionStruct_Pair_{} + +type Pair_Pair struct { + Key interface{} + Value interface{} +} + +func (Pair_Pair) isPair() {} + +func (CompanionStruct_Pair_) Create_Pair_(Key interface{}, Value interface{}) Pair { + return Pair{Pair_Pair{Key, Value}} +} + +func (_this Pair) Is_Pair() bool { + _, ok := _this.Get_().(Pair_Pair) + return ok +} + +func (CompanionStruct_Pair_) Default(_default_K interface{}, _default_V interface{}) Pair { + return Companion_Pair_.Create_Pair_(_default_K, _default_V) +} + +func (_this Pair) Dtor_key() interface{} { + return _this.Get_().(Pair_Pair).Key +} + +func (_this Pair) Dtor_value() interface{} { + return _this.Get_().(Pair_Pair).Value +} + +func (_this Pair) String() string { + switch data := _this.Get_().(type) { + case nil: + return "null" + case Pair_Pair: + { + return "SerializableTypes.Pair.Pair" + "(" + _dafny.String(data.Key) + ", " + _dafny.String(data.Value) + ")" + } + default: + { + return "" + } + } +} + +func (_this Pair) Equals(other Pair) bool { + switch data1 := _this.Get_().(type) { + case Pair_Pair: + { + data2, ok := other.Get_().(Pair_Pair) + return ok && _dafny.AreEqual(data1.Key, data2.Key) && _dafny.AreEqual(data1.Value, data2.Value) + } + default: + { + return false // unexpected + } + } +} + +func (_this Pair) EqualsGeneric(other interface{}) bool { + typed, ok := other.(Pair) + return ok && _this.Equals(typed) +} + +func Type_Pair_(Type_K_ _dafny.TypeDescriptor, Type_V_ _dafny.TypeDescriptor) _dafny.TypeDescriptor { + return type_Pair_{Type_K_, Type_V_} +} + +type type_Pair_ struct { + Type_K_ _dafny.TypeDescriptor + Type_V_ _dafny.TypeDescriptor +} + +func (_this type_Pair_) Default() interface{} { + Type_K_ := _this.Type_K_ + _ = Type_K_ + Type_V_ := _this.Type_V_ + _ = Type_V_ + return Companion_Pair_.Default(Type_K_.Default(), Type_V_.Default()) +} + +func (_this type_Pair_) String() string { + return "SerializableTypes.Pair" +} +func (_this Pair) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = Pair{} + +// End of datatype Pair + +// Definition of class ESDKEncryptedDataKey +type ESDKEncryptedDataKey struct { +} + +func New_ESDKEncryptedDataKey_() *ESDKEncryptedDataKey { + _this := ESDKEncryptedDataKey{} + + return &_this +} + +type CompanionStruct_ESDKEncryptedDataKey_ struct { +} + +var Companion_ESDKEncryptedDataKey_ = CompanionStruct_ESDKEncryptedDataKey_{} + +func (*ESDKEncryptedDataKey) String() string { + return "SerializableTypes.ESDKEncryptedDataKey" +} + +// End of class ESDKEncryptedDataKey + +func Type_ESDKEncryptedDataKey_() _dafny.TypeDescriptor { + return type_ESDKEncryptedDataKey_{} +} + +type type_ESDKEncryptedDataKey_ struct { +} + +func (_this type_ESDKEncryptedDataKey_) Default() interface{} { + return m_AwsCryptographyMaterialProvidersTypes.Companion_EncryptedDataKey_.Default() +} + +func (_this type_ESDKEncryptedDataKey_) String() string { + return "SerializableTypes.ESDKEncryptedDataKey" +} +func (_this *CompanionStruct_ESDKEncryptedDataKey_) Is_(__source m_AwsCryptographyMaterialProvidersTypes.EncryptedDataKey) bool { + var _1_e m_AwsCryptographyMaterialProvidersTypes.EncryptedDataKey = (__source) + _ = _1_e + return Companion_Default___.IsESDKEncryptedDataKey(_1_e) +} + +// Definition of class ESDKEncryptionContext +type ESDKEncryptionContext struct { +} + +func New_ESDKEncryptionContext_() *ESDKEncryptionContext { + _this := ESDKEncryptionContext{} + + return &_this +} + +type CompanionStruct_ESDKEncryptionContext_ struct { +} + +var Companion_ESDKEncryptionContext_ = CompanionStruct_ESDKEncryptionContext_{} + +func (*ESDKEncryptionContext) String() string { + return "SerializableTypes.ESDKEncryptionContext" +} + +// End of class ESDKEncryptionContext + +func Type_ESDKEncryptionContext_() _dafny.TypeDescriptor { + return type_ESDKEncryptionContext_{} +} + +type type_ESDKEncryptionContext_ struct { +} + +func (_this type_ESDKEncryptionContext_) Default() interface{} { + return _dafny.EmptyMap +} + +func (_this type_ESDKEncryptionContext_) String() string { + return "SerializableTypes.ESDKEncryptionContext" +} +func (_this *CompanionStruct_ESDKEncryptionContext_) Is_(__source _dafny.Map) bool { + var _2_ec _dafny.Map = (__source) + _ = _2_ec + return Companion_Default___.IsESDKEncryptionContext(_2_ec) +} diff --git a/releases/go/encryption-sdk/SerializeFunctions/SerializeFunctions.go b/releases/go/encryption-sdk/SerializeFunctions/SerializeFunctions.go new file mode 100644 index 000000000..a0711d03a --- /dev/null +++ b/releases/go/encryption-sdk/SerializeFunctions/SerializeFunctions.go @@ -0,0 +1,781 @@ +// Package SerializeFunctions +// Dafny module SerializeFunctions compiled into Go + +package SerializeFunctions + +import ( + os "os" + + m_ComAmazonawsDynamodbTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/ComAmazonawsDynamodbTypes" + m_Com_Amazonaws_Dynamodb "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/Com_Amazonaws_Dynamodb" + m_ComAmazonawsKmsTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/ComAmazonawsKmsTypes" + m_Com_Amazonaws_Kms "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/Com_Amazonaws_Kms" + m_AlgorithmSuites "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AlgorithmSuites" + m_AwsArnParsing "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsArnParsing" + m_AwsCryptographyKeyStoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreOperations" + m_AwsCryptographyKeyStoreTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreTypes" + m_AwsCryptographyMaterialProvidersOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersOperations" + m_AwsCryptographyMaterialProvidersTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + m_AwsKmsDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsDiscoveryKeyring" + m_AwsKmsEcdhKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsEcdhKeyring" + m_AwsKmsHierarchicalKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsHierarchicalKeyring" + m_AwsKmsKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsKeyring" + m_AwsKmsMrkAreUnique "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkAreUnique" + m_AwsKmsMrkDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkDiscoveryKeyring" + m_AwsKmsMrkKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkKeyring" + m_AwsKmsMrkMatchForDecrypt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkMatchForDecrypt" + m_AwsKmsRsaKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsRsaKeyring" + m_AwsKmsUtils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsUtils" + m_CMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CMM" + m_CacheConstants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CacheConstants" + m_CanonicalEncryptionContext "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CanonicalEncryptionContext" + m_Commitment "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Commitment" + m_Constants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Constants" + m_CreateKeyStoreTable "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeyStoreTable" + m_CreateKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeys" + m_DDBKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DDBKeystoreOperations" + m_DefaultCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultCMM" + m_DefaultClientSupplier "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultClientSupplier" + m_Defaults "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Defaults" + m_DiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DiscoveryMultiKeyring" + m_EcdhEdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EcdhEdkWrapping" + m_EdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EdkWrapping" + m_ErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/ErrorMessages" + m_GetKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/GetKeys" + m_IntermediateKeyWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/IntermediateKeyWrapping" + m_KMSKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KMSKeystoreOperations" + m_KeyStore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStore" + m_KeyStoreErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStoreErrorMessages" + m_Keyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Keyring" + m_KmsArn "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KmsArn" + m_LocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/LocalCMC" + m_MaterialProviders "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialProviders" + m_MaterialWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialWrapping" + m_Materials "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Materials" + m_MrkAwareDiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareDiscoveryMultiKeyring" + m_MrkAwareStrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareStrictMultiKeyring" + m_MultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MultiKeyring" + m_RawAESKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawAESKeyring" + m_RawECDHKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawECDHKeyring" + m_RawRSAKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawRSAKeyring" + m_RequiredEncryptionContextCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RequiredEncryptionContextCMM" + m_StormTracker "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTracker" + m_StormTrackingCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTrackingCMC" + m_StrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StrictMultiKeyring" + m_Structure "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Structure" + m_SynchronizedLocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/SynchronizedLocalCMC" + m_Utils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Utils" + m_AtomicPrimitives "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AtomicPrimitives" + m_AwsCryptographyPrimitivesOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesOperations" + m_AwsCryptographyPrimitivesTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesTypes" + m_Digest "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Digest" + m_HKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/HKDF" + m_KdfCtr "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/KdfCtr" + m_Random "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Random" + m_WrappedHKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHKDF" + m_WrappedHMAC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHMAC" + m_Actions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Actions" + m_Base64 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64" + m_Base64Lemmas "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64Lemmas" + m_BoundedInts "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/BoundedInts" + m_DivInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternals" + m_DivInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternalsNonlinear" + m_DivMod "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivMod" + m_FileIO "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FileIO" + m_FloatCompare "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FloatCompare" + m_Functions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Functions" + m_GeneralInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GeneralInternals" + m_GetOpt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GetOpt" + m_HexStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/HexStrings" + m_Logarithm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Logarithm" + m__Math "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Math_" + m_ModInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternals" + m_ModInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternalsNonlinear" + m_Mul "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Mul" + m_MulInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternals" + m_MulInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternalsNonlinear" + m_Power "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Power" + m_Relations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Relations" + m_Seq "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq" + m_Seq_MergeSort "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq_MergeSort" + m_Sorting "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Sorting" + m_StandardLibrary "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary" + m_StandardLibraryInterop "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibraryInterop" + m_StandardLibrary_Sequence "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_Sequence" + m_StandardLibrary_String "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_String" + m_StandardLibrary_UInt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_UInt" + m_Streams "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Streams" + m_UnicodeStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UnicodeStrings" + m__Unicode "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Unicode_" + m_Utf16EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf16EncodingForm" + m_Utf8EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf8EncodingForm" + m_Wrappers "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + m_AwsCryptographyEncryptionSdkTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + m_SerializableTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializableTypes" + m__System "github.com/dafny-lang/DafnyRuntimeGo/v4/System_" + _dafny "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +var _ = os.Args +var _ _dafny.Dummy__ +var _ m__System.Dummy__ +var _ m_Wrappers.Dummy__ +var _ m_BoundedInts.Dummy__ +var _ m_StandardLibrary_UInt.Dummy__ +var _ m_StandardLibrary_Sequence.Dummy__ +var _ m_StandardLibrary_String.Dummy__ +var _ m_StandardLibrary.Dummy__ +var _ m_AwsCryptographyPrimitivesTypes.Dummy__ +var _ m_Random.Dummy__ +var _ m_Digest.Dummy__ +var _ m_WrappedHMAC.Dummy__ +var _ m_HKDF.Dummy__ +var _ m_WrappedHKDF.Dummy__ +var _ m_KdfCtr.Dummy__ +var _ m_AwsCryptographyPrimitivesOperations.Dummy__ +var _ m_AtomicPrimitives.Dummy__ +var _ m_ComAmazonawsDynamodbTypes.Dummy__ +var _ m_ComAmazonawsKmsTypes.Dummy__ +var _ m_AwsCryptographyKeyStoreTypes.Dummy__ +var _ m_AwsCryptographyMaterialProvidersTypes.Dummy__ +var _ m_Base64.Dummy__ +var _ m_AlgorithmSuites.Dummy__ +var _ m_Materials.Dummy__ +var _ m_Keyring.Dummy__ +var _ m_Relations.Dummy__ +var _ m_Seq_MergeSort.Dummy__ +var _ m__Math.Dummy__ +var _ m_Seq.Dummy__ +var _ m_MultiKeyring.Dummy__ +var _ m_AwsArnParsing.Dummy__ +var _ m_AwsKmsMrkAreUnique.Dummy__ +var _ m_Actions.Dummy__ +var _ m_AwsKmsMrkMatchForDecrypt.Dummy__ +var _ m_AwsKmsUtils.Dummy__ +var _ m_Constants.Dummy__ +var _ m_MaterialWrapping.Dummy__ +var _ m_CanonicalEncryptionContext.Dummy__ +var _ m_IntermediateKeyWrapping.Dummy__ +var _ m_EdkWrapping.Dummy__ +var _ m_ErrorMessages.Dummy__ +var _ m_AwsKmsKeyring.Dummy__ +var _ m_StrictMultiKeyring.Dummy__ +var _ m_AwsKmsDiscoveryKeyring.Dummy__ +var _ m_Com_Amazonaws_Kms.Dummy__ +var _ m_Com_Amazonaws_Dynamodb.Dummy__ +var _ m_DiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkDiscoveryKeyring.Dummy__ +var _ m_MrkAwareDiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkKeyring.Dummy__ +var _ m_MrkAwareStrictMultiKeyring.Dummy__ +var _ m_LocalCMC.Dummy__ +var _ m_SynchronizedLocalCMC.Dummy__ +var _ m_StormTracker.Dummy__ +var _ m_StormTrackingCMC.Dummy__ +var _ m_CacheConstants.Dummy__ +var _ m_AwsKmsHierarchicalKeyring.Dummy__ +var _ m_AwsKmsRsaKeyring.Dummy__ +var _ m_EcdhEdkWrapping.Dummy__ +var _ m_RawECDHKeyring.Dummy__ +var _ m_AwsKmsEcdhKeyring.Dummy__ +var _ m_RawAESKeyring.Dummy__ +var _ m_RawRSAKeyring.Dummy__ +var _ m_CMM.Dummy__ +var _ m_Defaults.Dummy__ +var _ m_Commitment.Dummy__ +var _ m_DefaultCMM.Dummy__ +var _ m_DefaultClientSupplier.Dummy__ +var _ m_Utils.Dummy__ +var _ m_RequiredEncryptionContextCMM.Dummy__ +var _ m_AwsCryptographyMaterialProvidersOperations.Dummy__ +var _ m_MaterialProviders.Dummy__ +var _ m_KeyStoreErrorMessages.Dummy__ +var _ m_KmsArn.Dummy__ +var _ m_Structure.Dummy__ +var _ m_KMSKeystoreOperations.Dummy__ +var _ m_DDBKeystoreOperations.Dummy__ +var _ m_CreateKeys.Dummy__ +var _ m_CreateKeyStoreTable.Dummy__ +var _ m_GetKeys.Dummy__ +var _ m_AwsCryptographyKeyStoreOperations.Dummy__ +var _ m_KeyStore.Dummy__ +var _ m__Unicode.Dummy__ +var _ m_Functions.Dummy__ +var _ m_Utf8EncodingForm.Dummy__ +var _ m_Utf16EncodingForm.Dummy__ +var _ m_UnicodeStrings.Dummy__ +var _ m_FileIO.Dummy__ +var _ m_GeneralInternals.Dummy__ +var _ m_MulInternalsNonlinear.Dummy__ +var _ m_MulInternals.Dummy__ +var _ m_Mul.Dummy__ +var _ m_ModInternalsNonlinear.Dummy__ +var _ m_DivInternalsNonlinear.Dummy__ +var _ m_ModInternals.Dummy__ +var _ m_DivInternals.Dummy__ +var _ m_DivMod.Dummy__ +var _ m_Power.Dummy__ +var _ m_Logarithm.Dummy__ +var _ m_StandardLibraryInterop.Dummy__ +var _ m_Streams.Dummy__ +var _ m_Sorting.Dummy__ +var _ m_HexStrings.Dummy__ +var _ m_GetOpt.Dummy__ +var _ m_FloatCompare.Dummy__ +var _ m_Base64Lemmas.Dummy__ +var _ m_AwsCryptographyEncryptionSdkTypes.Dummy__ +var _ m_SerializableTypes.Dummy__ + +type Dummy__ struct{} + +// Definition of class Default__ +type Default__ struct { + dummy byte +} + +func New_Default___() *Default__ { + _this := Default__{} + + return &_this +} + +type CompanionStruct_Default___ struct { +} + +var Companion_Default___ = CompanionStruct_Default___{} + +func (_this *Default__) Equals(other *Default__) bool { + return _this == other +} + +func (_this *Default__) EqualsGeneric(x interface{}) bool { + other, ok := x.(*Default__) + return ok && _this.Equals(other) +} + +func (*Default__) String() string { + return "SerializeFunctions.Default__" +} +func (_this *Default__) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = &Default__{} + +func (_static *CompanionStruct_Default___) Write(data _dafny.Sequence) _dafny.Sequence { + return data +} +func (_static *CompanionStruct_Default___) Read(buffer ReadableBuffer, length _dafny.Int) m_Wrappers.Result { + var _0_end _dafny.Int = ((buffer).Dtor_start()).Plus(length) + _ = _0_end + var _1_valueOrError0 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need((_dafny.IntOfUint32(((buffer).Dtor_bytes()).Cardinality())).Cmp(_0_end) >= 0, Companion_ReadProblems_.Create_MoreNeeded_(_0_end)) + _ = _1_valueOrError0 + if (_1_valueOrError0).IsFailure() { + return (_1_valueOrError0).PropagateFailure() + } else { + return m_Wrappers.Companion_Result_.Create_Success_(Companion_SuccessfulRead_.Create_SuccessfulRead_(((buffer).Dtor_bytes()).Subsequence(((buffer).Dtor_start()).Uint32(), (_0_end).Uint32()), func(_pat_let0_0 ReadableBuffer) ReadableBuffer { + return func(_2_dt__update__tmp_h0 ReadableBuffer) ReadableBuffer { + return func(_pat_let1_0 _dafny.Int) ReadableBuffer { + return func(_3_dt__update_hstart_h0 _dafny.Int) ReadableBuffer { + return Companion_ReadableBuffer_.Create_ReadableBuffer_((_2_dt__update__tmp_h0).Dtor_bytes(), _3_dt__update_hstart_h0) + }(_pat_let1_0) + }(_0_end) + }(_pat_let0_0) + }(buffer))) + } +} +func (_static *CompanionStruct_Default___) WriteUint16(number uint16) _dafny.Sequence { + return Companion_Default___.Write(m_StandardLibrary_UInt.Companion_Default___.UInt16ToSeq(number)) +} +func (_static *CompanionStruct_Default___) ReadUInt16(buffer ReadableBuffer) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = Companion_Default___.Read(buffer, _dafny.IntOfInt64(2)) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _let_tmp_rhs0 SuccessfulRead = (_0_valueOrError0).Extract().(SuccessfulRead) + _ = _let_tmp_rhs0 + var _1_uint16Bytes _dafny.Sequence = _let_tmp_rhs0.Get_().(SuccessfulRead_SuccessfulRead).Data.(_dafny.Sequence) + _ = _1_uint16Bytes + var _2_tail ReadableBuffer = _let_tmp_rhs0.Get_().(SuccessfulRead_SuccessfulRead).Tail + _ = _2_tail + return m_Wrappers.Companion_Result_.Create_Success_(Companion_SuccessfulRead_.Create_SuccessfulRead_(m_StandardLibrary_UInt.Companion_Default___.SeqToUInt16(_1_uint16Bytes), _2_tail)) + } +} +func (_static *CompanionStruct_Default___) WriteUint32(number uint32) _dafny.Sequence { + return Companion_Default___.Write(m_StandardLibrary_UInt.Companion_Default___.UInt32ToSeq(number)) +} +func (_static *CompanionStruct_Default___) ReadUInt32(buffer ReadableBuffer) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = Companion_Default___.Read(buffer, _dafny.IntOfInt64(4)) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _let_tmp_rhs0 SuccessfulRead = (_0_valueOrError0).Extract().(SuccessfulRead) + _ = _let_tmp_rhs0 + var _1_uint32Bytes _dafny.Sequence = _let_tmp_rhs0.Get_().(SuccessfulRead_SuccessfulRead).Data.(_dafny.Sequence) + _ = _1_uint32Bytes + var _2_tail ReadableBuffer = _let_tmp_rhs0.Get_().(SuccessfulRead_SuccessfulRead).Tail + _ = _2_tail + return m_Wrappers.Companion_Result_.Create_Success_(Companion_SuccessfulRead_.Create_SuccessfulRead_(m_StandardLibrary_UInt.Companion_Default___.SeqToUInt32(_1_uint32Bytes), _2_tail)) + } +} +func (_static *CompanionStruct_Default___) WriteUint64(number uint64) _dafny.Sequence { + return Companion_Default___.Write(m_StandardLibrary_UInt.Companion_Default___.UInt64ToSeq(number)) +} +func (_static *CompanionStruct_Default___) ReadUInt64(buffer ReadableBuffer) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = Companion_Default___.Read(buffer, _dafny.IntOfInt64(8)) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _let_tmp_rhs0 SuccessfulRead = (_0_valueOrError0).Extract().(SuccessfulRead) + _ = _let_tmp_rhs0 + var _1_uint64Bytes _dafny.Sequence = _let_tmp_rhs0.Get_().(SuccessfulRead_SuccessfulRead).Data.(_dafny.Sequence) + _ = _1_uint64Bytes + var _2_tail ReadableBuffer = _let_tmp_rhs0.Get_().(SuccessfulRead_SuccessfulRead).Tail + _ = _2_tail + return m_Wrappers.Companion_Result_.Create_Success_(Companion_SuccessfulRead_.Create_SuccessfulRead_(m_StandardLibrary_UInt.Companion_Default___.SeqToUInt64(_1_uint64Bytes), _2_tail)) + } +} +func (_static *CompanionStruct_Default___) WriteShortLengthSeq(d _dafny.Sequence) _dafny.Sequence { + return _dafny.Companion_Sequence_.Concatenate(Companion_Default___.WriteUint16(uint16((d).Cardinality())), Companion_Default___.Write(d)) +} +func (_static *CompanionStruct_Default___) ReadShortLengthSeq(buffer ReadableBuffer) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = Companion_Default___.ReadUInt16(buffer) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _1_length SuccessfulRead = (_0_valueOrError0).Extract().(SuccessfulRead) + _ = _1_length + var _2_valueOrError1 m_Wrappers.Result = Companion_Default___.Read((_1_length).Dtor_tail(), _dafny.IntOfUint16((_1_length).Dtor_data().(uint16))) + _ = _2_valueOrError1 + if (_2_valueOrError1).IsFailure() { + return (_2_valueOrError1).PropagateFailure() + } else { + var _3_d SuccessfulRead = (_2_valueOrError1).Extract().(SuccessfulRead) + _ = _3_d + return m_Wrappers.Companion_Result_.Create_Success_(_3_d) + } + } +} +func (_static *CompanionStruct_Default___) WriteUint32Seq(d _dafny.Sequence) _dafny.Sequence { + return _dafny.Companion_Sequence_.Concatenate(Companion_Default___.WriteUint32(uint32((d).Cardinality())), Companion_Default___.Write(d)) +} +func (_static *CompanionStruct_Default___) ReadUint32Seq(buffer ReadableBuffer) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = Companion_Default___.ReadUInt32(buffer) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _1_length SuccessfulRead = (_0_valueOrError0).Extract().(SuccessfulRead) + _ = _1_length + var _2_valueOrError1 m_Wrappers.Result = Companion_Default___.Read((_1_length).Dtor_tail(), _dafny.IntOfUint32((_1_length).Dtor_data().(uint32))) + _ = _2_valueOrError1 + if (_2_valueOrError1).IsFailure() { + return (_2_valueOrError1).PropagateFailure() + } else { + var _3_d SuccessfulRead = (_2_valueOrError1).Extract().(SuccessfulRead) + _ = _3_d + return m_Wrappers.Companion_Result_.Create_Success_(_3_d) + } + } +} +func (_static *CompanionStruct_Default___) WriteUint64Seq(d _dafny.Sequence) _dafny.Sequence { + return _dafny.Companion_Sequence_.Concatenate(Companion_Default___.WriteUint64(uint64((d).Cardinality())), Companion_Default___.Write(d)) +} +func (_static *CompanionStruct_Default___) ReadUint64Seq(buffer ReadableBuffer) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = Companion_Default___.ReadUInt64(buffer) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _1_length SuccessfulRead = (_0_valueOrError0).Extract().(SuccessfulRead) + _ = _1_length + var _2_valueOrError1 m_Wrappers.Result = Companion_Default___.Read((_1_length).Dtor_tail(), _dafny.IntOfUint64((_1_length).Dtor_data().(uint64))) + _ = _2_valueOrError1 + if (_2_valueOrError1).IsFailure() { + return (_2_valueOrError1).PropagateFailure() + } else { + var _3_d SuccessfulRead = (_2_valueOrError1).Extract().(SuccessfulRead) + _ = _3_d + return m_Wrappers.Companion_Result_.Create_Success_(_3_d) + } + } +} + +// End of class Default__ + +// Definition of datatype ReadProblems +type ReadProblems struct { + Data_ReadProblems_ +} + +func (_this ReadProblems) Get_() Data_ReadProblems_ { + return _this.Data_ReadProblems_ +} + +type Data_ReadProblems_ interface { + isReadProblems() +} + +type CompanionStruct_ReadProblems_ struct { +} + +var Companion_ReadProblems_ = CompanionStruct_ReadProblems_{} + +type ReadProblems_MoreNeeded struct { + Pos _dafny.Int +} + +func (ReadProblems_MoreNeeded) isReadProblems() {} + +func (CompanionStruct_ReadProblems_) Create_MoreNeeded_(Pos _dafny.Int) ReadProblems { + return ReadProblems{ReadProblems_MoreNeeded{Pos}} +} + +func (_this ReadProblems) Is_MoreNeeded() bool { + _, ok := _this.Get_().(ReadProblems_MoreNeeded) + return ok +} + +type ReadProblems_Error struct { + Message _dafny.Sequence +} + +func (ReadProblems_Error) isReadProblems() {} + +func (CompanionStruct_ReadProblems_) Create_Error_(Message _dafny.Sequence) ReadProblems { + return ReadProblems{ReadProblems_Error{Message}} +} + +func (_this ReadProblems) Is_Error() bool { + _, ok := _this.Get_().(ReadProblems_Error) + return ok +} + +func (CompanionStruct_ReadProblems_) Default() ReadProblems { + return Companion_ReadProblems_.Create_MoreNeeded_(_dafny.Zero) +} + +func (_this ReadProblems) Dtor_pos() _dafny.Int { + return _this.Get_().(ReadProblems_MoreNeeded).Pos +} + +func (_this ReadProblems) Dtor_message() _dafny.Sequence { + return _this.Get_().(ReadProblems_Error).Message +} + +func (_this ReadProblems) String() string { + switch data := _this.Get_().(type) { + case nil: + return "null" + case ReadProblems_MoreNeeded: + { + return "SerializeFunctions.ReadProblems.MoreNeeded" + "(" + _dafny.String(data.Pos) + ")" + } + case ReadProblems_Error: + { + return "SerializeFunctions.ReadProblems.Error" + "(" + _dafny.String(data.Message) + ")" + } + default: + { + return "" + } + } +} + +func (_this ReadProblems) Equals(other ReadProblems) bool { + switch data1 := _this.Get_().(type) { + case ReadProblems_MoreNeeded: + { + data2, ok := other.Get_().(ReadProblems_MoreNeeded) + return ok && data1.Pos.Cmp(data2.Pos) == 0 + } + case ReadProblems_Error: + { + data2, ok := other.Get_().(ReadProblems_Error) + return ok && data1.Message.Equals(data2.Message) + } + default: + { + return false // unexpected + } + } +} + +func (_this ReadProblems) EqualsGeneric(other interface{}) bool { + typed, ok := other.(ReadProblems) + return ok && _this.Equals(typed) +} + +func Type_ReadProblems_() _dafny.TypeDescriptor { + return type_ReadProblems_{} +} + +type type_ReadProblems_ struct { +} + +func (_this type_ReadProblems_) Default() interface{} { + return Companion_ReadProblems_.Default() +} + +func (_this type_ReadProblems_) String() string { + return "SerializeFunctions.ReadProblems" +} +func (_this ReadProblems) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = ReadProblems{} + +// End of datatype ReadProblems + +// Definition of class MoreNeeded +type MoreNeeded struct { +} + +func New_MoreNeeded_() *MoreNeeded { + _this := MoreNeeded{} + + return &_this +} + +type CompanionStruct_MoreNeeded_ struct { +} + +var Companion_MoreNeeded_ = CompanionStruct_MoreNeeded_{} + +func (*MoreNeeded) String() string { + return "SerializeFunctions.MoreNeeded" +} + +// End of class MoreNeeded + +func Type_MoreNeeded_() _dafny.TypeDescriptor { + return type_MoreNeeded_{} +} + +type type_MoreNeeded_ struct { +} + +func (_this type_MoreNeeded_) Default() interface{} { + return Companion_ReadProblems_.Default() +} + +func (_this type_MoreNeeded_) String() string { + return "SerializeFunctions.MoreNeeded" +} +func (_this *CompanionStruct_MoreNeeded_) Is_(__source ReadProblems) bool { + var _0_p ReadProblems = (__source) + _ = _0_p + return (_0_p).Is_MoreNeeded() +} + +// Definition of datatype ReadableBuffer +type ReadableBuffer struct { + Data_ReadableBuffer_ +} + +func (_this ReadableBuffer) Get_() Data_ReadableBuffer_ { + return _this.Data_ReadableBuffer_ +} + +type Data_ReadableBuffer_ interface { + isReadableBuffer() +} + +type CompanionStruct_ReadableBuffer_ struct { +} + +var Companion_ReadableBuffer_ = CompanionStruct_ReadableBuffer_{} + +type ReadableBuffer_ReadableBuffer struct { + Bytes _dafny.Sequence + Start _dafny.Int +} + +func (ReadableBuffer_ReadableBuffer) isReadableBuffer() {} + +func (CompanionStruct_ReadableBuffer_) Create_ReadableBuffer_(Bytes _dafny.Sequence, Start _dafny.Int) ReadableBuffer { + return ReadableBuffer{ReadableBuffer_ReadableBuffer{Bytes, Start}} +} + +func (_this ReadableBuffer) Is_ReadableBuffer() bool { + _, ok := _this.Get_().(ReadableBuffer_ReadableBuffer) + return ok +} + +func (CompanionStruct_ReadableBuffer_) Default() ReadableBuffer { + return Companion_ReadableBuffer_.Create_ReadableBuffer_(_dafny.EmptySeq, _dafny.Zero) +} + +func (_this ReadableBuffer) Dtor_bytes() _dafny.Sequence { + return _this.Get_().(ReadableBuffer_ReadableBuffer).Bytes +} + +func (_this ReadableBuffer) Dtor_start() _dafny.Int { + return _this.Get_().(ReadableBuffer_ReadableBuffer).Start +} + +func (_this ReadableBuffer) String() string { + switch data := _this.Get_().(type) { + case nil: + return "null" + case ReadableBuffer_ReadableBuffer: + { + return "SerializeFunctions.ReadableBuffer.ReadableBuffer" + "(" + _dafny.String(data.Bytes) + ", " + _dafny.String(data.Start) + ")" + } + default: + { + return "" + } + } +} + +func (_this ReadableBuffer) Equals(other ReadableBuffer) bool { + switch data1 := _this.Get_().(type) { + case ReadableBuffer_ReadableBuffer: + { + data2, ok := other.Get_().(ReadableBuffer_ReadableBuffer) + return ok && data1.Bytes.Equals(data2.Bytes) && data1.Start.Cmp(data2.Start) == 0 + } + default: + { + return false // unexpected + } + } +} + +func (_this ReadableBuffer) EqualsGeneric(other interface{}) bool { + typed, ok := other.(ReadableBuffer) + return ok && _this.Equals(typed) +} + +func Type_ReadableBuffer_() _dafny.TypeDescriptor { + return type_ReadableBuffer_{} +} + +type type_ReadableBuffer_ struct { +} + +func (_this type_ReadableBuffer_) Default() interface{} { + return Companion_ReadableBuffer_.Default() +} + +func (_this type_ReadableBuffer_) String() string { + return "SerializeFunctions.ReadableBuffer" +} +func (_this ReadableBuffer) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = ReadableBuffer{} + +// End of datatype ReadableBuffer + +// Definition of datatype SuccessfulRead +type SuccessfulRead struct { + Data_SuccessfulRead_ +} + +func (_this SuccessfulRead) Get_() Data_SuccessfulRead_ { + return _this.Data_SuccessfulRead_ +} + +type Data_SuccessfulRead_ interface { + isSuccessfulRead() +} + +type CompanionStruct_SuccessfulRead_ struct { +} + +var Companion_SuccessfulRead_ = CompanionStruct_SuccessfulRead_{} + +type SuccessfulRead_SuccessfulRead struct { + Data interface{} + Tail ReadableBuffer +} + +func (SuccessfulRead_SuccessfulRead) isSuccessfulRead() {} + +func (CompanionStruct_SuccessfulRead_) Create_SuccessfulRead_(Data interface{}, Tail ReadableBuffer) SuccessfulRead { + return SuccessfulRead{SuccessfulRead_SuccessfulRead{Data, Tail}} +} + +func (_this SuccessfulRead) Is_SuccessfulRead() bool { + _, ok := _this.Get_().(SuccessfulRead_SuccessfulRead) + return ok +} + +func (CompanionStruct_SuccessfulRead_) Default(_default_T interface{}) SuccessfulRead { + return Companion_SuccessfulRead_.Create_SuccessfulRead_(_default_T, Companion_ReadableBuffer_.Default()) +} + +func (_this SuccessfulRead) Dtor_data() interface{} { + return _this.Get_().(SuccessfulRead_SuccessfulRead).Data +} + +func (_this SuccessfulRead) Dtor_tail() ReadableBuffer { + return _this.Get_().(SuccessfulRead_SuccessfulRead).Tail +} + +func (_this SuccessfulRead) String() string { + switch data := _this.Get_().(type) { + case nil: + return "null" + case SuccessfulRead_SuccessfulRead: + { + return "SerializeFunctions.SuccessfulRead.SuccessfulRead" + "(" + _dafny.String(data.Data) + ", " + _dafny.String(data.Tail) + ")" + } + default: + { + return "" + } + } +} + +func (_this SuccessfulRead) Equals(other SuccessfulRead) bool { + switch data1 := _this.Get_().(type) { + case SuccessfulRead_SuccessfulRead: + { + data2, ok := other.Get_().(SuccessfulRead_SuccessfulRead) + return ok && _dafny.AreEqual(data1.Data, data2.Data) && data1.Tail.Equals(data2.Tail) + } + default: + { + return false // unexpected + } + } +} + +func (_this SuccessfulRead) EqualsGeneric(other interface{}) bool { + typed, ok := other.(SuccessfulRead) + return ok && _this.Equals(typed) +} + +func Type_SuccessfulRead_(Type_T_ _dafny.TypeDescriptor) _dafny.TypeDescriptor { + return type_SuccessfulRead_{Type_T_} +} + +type type_SuccessfulRead_ struct { + Type_T_ _dafny.TypeDescriptor +} + +func (_this type_SuccessfulRead_) Default() interface{} { + Type_T_ := _this.Type_T_ + _ = Type_T_ + return Companion_SuccessfulRead_.Default(Type_T_.Default()) +} + +func (_this type_SuccessfulRead_) String() string { + return "SerializeFunctions.SuccessfulRead" +} +func (_this SuccessfulRead) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = SuccessfulRead{} + +// End of datatype SuccessfulRead diff --git a/releases/go/encryption-sdk/SharedHeaderFunctions/SharedHeaderFunctions.go b/releases/go/encryption-sdk/SharedHeaderFunctions/SharedHeaderFunctions.go new file mode 100644 index 000000000..66fc3cd1d --- /dev/null +++ b/releases/go/encryption-sdk/SharedHeaderFunctions/SharedHeaderFunctions.go @@ -0,0 +1,403 @@ +// Package SharedHeaderFunctions +// Dafny module SharedHeaderFunctions compiled into Go + +package SharedHeaderFunctions + +import ( + os "os" + + m_ComAmazonawsDynamodbTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/ComAmazonawsDynamodbTypes" + m_Com_Amazonaws_Dynamodb "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/Com_Amazonaws_Dynamodb" + m_ComAmazonawsKmsTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/ComAmazonawsKmsTypes" + m_Com_Amazonaws_Kms "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/Com_Amazonaws_Kms" + m_AlgorithmSuites "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AlgorithmSuites" + m_AwsArnParsing "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsArnParsing" + m_AwsCryptographyKeyStoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreOperations" + m_AwsCryptographyKeyStoreTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreTypes" + m_AwsCryptographyMaterialProvidersOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersOperations" + m_AwsCryptographyMaterialProvidersTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + m_AwsKmsDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsDiscoveryKeyring" + m_AwsKmsEcdhKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsEcdhKeyring" + m_AwsKmsHierarchicalKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsHierarchicalKeyring" + m_AwsKmsKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsKeyring" + m_AwsKmsMrkAreUnique "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkAreUnique" + m_AwsKmsMrkDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkDiscoveryKeyring" + m_AwsKmsMrkKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkKeyring" + m_AwsKmsMrkMatchForDecrypt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkMatchForDecrypt" + m_AwsKmsRsaKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsRsaKeyring" + m_AwsKmsUtils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsUtils" + m_CMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CMM" + m_CacheConstants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CacheConstants" + m_CanonicalEncryptionContext "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CanonicalEncryptionContext" + m_Commitment "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Commitment" + m_Constants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Constants" + m_CreateKeyStoreTable "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeyStoreTable" + m_CreateKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeys" + m_DDBKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DDBKeystoreOperations" + m_DefaultCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultCMM" + m_DefaultClientSupplier "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultClientSupplier" + m_Defaults "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Defaults" + m_DiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DiscoveryMultiKeyring" + m_EcdhEdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EcdhEdkWrapping" + m_EdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EdkWrapping" + m_ErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/ErrorMessages" + m_GetKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/GetKeys" + m_IntermediateKeyWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/IntermediateKeyWrapping" + m_KMSKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KMSKeystoreOperations" + m_KeyStore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStore" + m_KeyStoreErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStoreErrorMessages" + m_Keyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Keyring" + m_KmsArn "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KmsArn" + m_LocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/LocalCMC" + m_MaterialProviders "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialProviders" + m_MaterialWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialWrapping" + m_Materials "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Materials" + m_MrkAwareDiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareDiscoveryMultiKeyring" + m_MrkAwareStrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareStrictMultiKeyring" + m_MultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MultiKeyring" + m_RawAESKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawAESKeyring" + m_RawECDHKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawECDHKeyring" + m_RawRSAKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawRSAKeyring" + m_RequiredEncryptionContextCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RequiredEncryptionContextCMM" + m_StormTracker "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTracker" + m_StormTrackingCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTrackingCMC" + m_StrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StrictMultiKeyring" + m_Structure "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Structure" + m_SynchronizedLocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/SynchronizedLocalCMC" + m_Utils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Utils" + m_AtomicPrimitives "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AtomicPrimitives" + m_AwsCryptographyPrimitivesOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesOperations" + m_AwsCryptographyPrimitivesTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesTypes" + m_Digest "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Digest" + m_HKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/HKDF" + m_KdfCtr "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/KdfCtr" + m_Random "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Random" + m_WrappedHKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHKDF" + m_WrappedHMAC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHMAC" + m_Actions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Actions" + m_Base64 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64" + m_Base64Lemmas "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64Lemmas" + m_BoundedInts "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/BoundedInts" + m_DivInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternals" + m_DivInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternalsNonlinear" + m_DivMod "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivMod" + m_FileIO "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FileIO" + m_FloatCompare "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FloatCompare" + m_Functions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Functions" + m_GeneralInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GeneralInternals" + m_GetOpt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GetOpt" + m_HexStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/HexStrings" + m_Logarithm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Logarithm" + m__Math "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Math_" + m_ModInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternals" + m_ModInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternalsNonlinear" + m_Mul "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Mul" + m_MulInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternals" + m_MulInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternalsNonlinear" + m_Power "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Power" + m_Relations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Relations" + m_Seq "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq" + m_Seq_MergeSort "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq_MergeSort" + m_Sorting "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Sorting" + m_StandardLibrary "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary" + m_StandardLibraryInterop "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibraryInterop" + m_StandardLibrary_Sequence "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_Sequence" + m_StandardLibrary_String "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_String" + m_StandardLibrary_UInt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_UInt" + m_Streams "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Streams" + m_UnicodeStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UnicodeStrings" + m__Unicode "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Unicode_" + m_Utf16EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf16EncodingForm" + m_Utf8EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf8EncodingForm" + m_Wrappers "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + m_AwsCryptographyEncryptionSdkTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + m_EncryptionContext "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptionContext" + m_HeaderTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderTypes" + m_SerializableTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializableTypes" + m_SerializeFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializeFunctions" + m__System "github.com/dafny-lang/DafnyRuntimeGo/v4/System_" + _dafny "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +var _ = os.Args +var _ _dafny.Dummy__ +var _ m__System.Dummy__ +var _ m_Wrappers.Dummy__ +var _ m_BoundedInts.Dummy__ +var _ m_StandardLibrary_UInt.Dummy__ +var _ m_StandardLibrary_Sequence.Dummy__ +var _ m_StandardLibrary_String.Dummy__ +var _ m_StandardLibrary.Dummy__ +var _ m_AwsCryptographyPrimitivesTypes.Dummy__ +var _ m_Random.Dummy__ +var _ m_Digest.Dummy__ +var _ m_WrappedHMAC.Dummy__ +var _ m_HKDF.Dummy__ +var _ m_WrappedHKDF.Dummy__ +var _ m_KdfCtr.Dummy__ +var _ m_AwsCryptographyPrimitivesOperations.Dummy__ +var _ m_AtomicPrimitives.Dummy__ +var _ m_ComAmazonawsDynamodbTypes.Dummy__ +var _ m_ComAmazonawsKmsTypes.Dummy__ +var _ m_AwsCryptographyKeyStoreTypes.Dummy__ +var _ m_AwsCryptographyMaterialProvidersTypes.Dummy__ +var _ m_Base64.Dummy__ +var _ m_AlgorithmSuites.Dummy__ +var _ m_Materials.Dummy__ +var _ m_Keyring.Dummy__ +var _ m_Relations.Dummy__ +var _ m_Seq_MergeSort.Dummy__ +var _ m__Math.Dummy__ +var _ m_Seq.Dummy__ +var _ m_MultiKeyring.Dummy__ +var _ m_AwsArnParsing.Dummy__ +var _ m_AwsKmsMrkAreUnique.Dummy__ +var _ m_Actions.Dummy__ +var _ m_AwsKmsMrkMatchForDecrypt.Dummy__ +var _ m_AwsKmsUtils.Dummy__ +var _ m_Constants.Dummy__ +var _ m_MaterialWrapping.Dummy__ +var _ m_CanonicalEncryptionContext.Dummy__ +var _ m_IntermediateKeyWrapping.Dummy__ +var _ m_EdkWrapping.Dummy__ +var _ m_ErrorMessages.Dummy__ +var _ m_AwsKmsKeyring.Dummy__ +var _ m_StrictMultiKeyring.Dummy__ +var _ m_AwsKmsDiscoveryKeyring.Dummy__ +var _ m_Com_Amazonaws_Kms.Dummy__ +var _ m_Com_Amazonaws_Dynamodb.Dummy__ +var _ m_DiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkDiscoveryKeyring.Dummy__ +var _ m_MrkAwareDiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkKeyring.Dummy__ +var _ m_MrkAwareStrictMultiKeyring.Dummy__ +var _ m_LocalCMC.Dummy__ +var _ m_SynchronizedLocalCMC.Dummy__ +var _ m_StormTracker.Dummy__ +var _ m_StormTrackingCMC.Dummy__ +var _ m_CacheConstants.Dummy__ +var _ m_AwsKmsHierarchicalKeyring.Dummy__ +var _ m_AwsKmsRsaKeyring.Dummy__ +var _ m_EcdhEdkWrapping.Dummy__ +var _ m_RawECDHKeyring.Dummy__ +var _ m_AwsKmsEcdhKeyring.Dummy__ +var _ m_RawAESKeyring.Dummy__ +var _ m_RawRSAKeyring.Dummy__ +var _ m_CMM.Dummy__ +var _ m_Defaults.Dummy__ +var _ m_Commitment.Dummy__ +var _ m_DefaultCMM.Dummy__ +var _ m_DefaultClientSupplier.Dummy__ +var _ m_Utils.Dummy__ +var _ m_RequiredEncryptionContextCMM.Dummy__ +var _ m_AwsCryptographyMaterialProvidersOperations.Dummy__ +var _ m_MaterialProviders.Dummy__ +var _ m_KeyStoreErrorMessages.Dummy__ +var _ m_KmsArn.Dummy__ +var _ m_Structure.Dummy__ +var _ m_KMSKeystoreOperations.Dummy__ +var _ m_DDBKeystoreOperations.Dummy__ +var _ m_CreateKeys.Dummy__ +var _ m_CreateKeyStoreTable.Dummy__ +var _ m_GetKeys.Dummy__ +var _ m_AwsCryptographyKeyStoreOperations.Dummy__ +var _ m_KeyStore.Dummy__ +var _ m__Unicode.Dummy__ +var _ m_Functions.Dummy__ +var _ m_Utf8EncodingForm.Dummy__ +var _ m_Utf16EncodingForm.Dummy__ +var _ m_UnicodeStrings.Dummy__ +var _ m_FileIO.Dummy__ +var _ m_GeneralInternals.Dummy__ +var _ m_MulInternalsNonlinear.Dummy__ +var _ m_MulInternals.Dummy__ +var _ m_Mul.Dummy__ +var _ m_ModInternalsNonlinear.Dummy__ +var _ m_DivInternalsNonlinear.Dummy__ +var _ m_ModInternals.Dummy__ +var _ m_DivInternals.Dummy__ +var _ m_DivMod.Dummy__ +var _ m_Power.Dummy__ +var _ m_Logarithm.Dummy__ +var _ m_StandardLibraryInterop.Dummy__ +var _ m_Streams.Dummy__ +var _ m_Sorting.Dummy__ +var _ m_HexStrings.Dummy__ +var _ m_GetOpt.Dummy__ +var _ m_FloatCompare.Dummy__ +var _ m_Base64Lemmas.Dummy__ +var _ m_AwsCryptographyEncryptionSdkTypes.Dummy__ +var _ m_SerializableTypes.Dummy__ +var _ m_SerializeFunctions.Dummy__ +var _ m_EncryptionContext.Dummy__ +var _ m_HeaderTypes.Dummy__ + +type Dummy__ struct{} + +// Definition of class Default__ +type Default__ struct { + dummy byte +} + +func New_Default___() *Default__ { + _this := Default__{} + + return &_this +} + +type CompanionStruct_Default___ struct { +} + +var Companion_Default___ = CompanionStruct_Default___{} + +func (_this *Default__) Equals(other *Default__) bool { + return _this == other +} + +func (_this *Default__) EqualsGeneric(x interface{}) bool { + other, ok := x.(*Default__) + return ok && _this.Equals(other) +} + +func (*Default__) String() string { + return "SharedHeaderFunctions.Default__" +} +func (_this *Default__) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = &Default__{} + +func (_static *CompanionStruct_Default___) WriteMessageFormatVersion(version m_HeaderTypes.MessageFormatVersion) _dafny.Sequence { + return m_SerializeFunctions.Companion_Default___.Write((version).Serialize()) +} +func (_static *CompanionStruct_Default___) ReadMessageFormatVersion(buffer m_SerializeFunctions.ReadableBuffer) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read(buffer, _dafny.One) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _1_rawVersion m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _1_rawVersion + var _2_valueOrError1 m_Wrappers.Result = (m_HeaderTypes.Companion_MessageFormatVersion_.Get((_1_rawVersion).Dtor_data().(_dafny.Sequence))).MapFailure(func(coer2 func(_dafny.Sequence) m_SerializeFunctions.ReadProblems) func(interface{}) interface{} { + return func(arg3 interface{}) interface{} { + return coer2(arg3.(_dafny.Sequence)) + } + }(func(_3_e _dafny.Sequence) m_SerializeFunctions.ReadProblems { + return m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_3_e) + })) + _ = _2_valueOrError1 + if (_2_valueOrError1).IsFailure() { + return (_2_valueOrError1).PropagateFailure() + } else { + var _4_version m_HeaderTypes.MessageFormatVersion = (_2_valueOrError1).Extract().(m_HeaderTypes.MessageFormatVersion) + _ = _4_version + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_4_version, (_1_rawVersion).Dtor_tail())) + } + } +} +func (_static *CompanionStruct_Default___) WriteESDKSuiteId(suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo) _dafny.Sequence { + return m_SerializeFunctions.Companion_Default___.Write((suite).Dtor_binaryId()) +} +func (_static *CompanionStruct_Default___) ReadESDKSuiteId(buffer m_SerializeFunctions.ReadableBuffer, mpl *m_MaterialProviders.MaterialProvidersClient) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read(buffer, _dafny.IntOfInt64(2)) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _1_esdkSuiteIdBytes m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _1_esdkSuiteIdBytes + var _2_valueOrError1 m_Wrappers.Result = ((mpl).GetAlgorithmSuiteInfo((_1_esdkSuiteIdBytes).Dtor_data().(_dafny.Sequence))).MapFailure(func(coer3 func(m_AwsCryptographyMaterialProvidersTypes.Error) m_SerializeFunctions.ReadProblems) func(interface{}) interface{} { + return func(arg4 interface{}) interface{} { + return coer3(arg4.(m_AwsCryptographyMaterialProvidersTypes.Error)) + } + }(func(_3___v0 m_AwsCryptographyMaterialProvidersTypes.Error) m_SerializeFunctions.ReadProblems { + return m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Algorithm suite ID not supported.")) + })) + _ = _2_valueOrError1 + if (_2_valueOrError1).IsFailure() { + return (_2_valueOrError1).PropagateFailure() + } else { + var _4_suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo = (_2_valueOrError1).Extract().(m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo) + _ = _4_suite + var _5_valueOrError2 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need(_dafny.Companion_Sequence_.Equal((_4_suite).Dtor_binaryId(), (_1_esdkSuiteIdBytes).Dtor_data().(_dafny.Sequence)), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Algorithm suite ID not supported."))) + _ = _5_valueOrError2 + if (_5_valueOrError2).IsFailure() { + return (_5_valueOrError2).PropagateFailure() + } else { + var _6_valueOrError3 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need(((_4_suite).Dtor_id()).Is_ESDK(), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Algorithm suite ID not supported."))) + _ = _6_valueOrError3 + if (_6_valueOrError3).IsFailure() { + return (_6_valueOrError3).PropagateFailure() + } else { + var _7_esdkSuite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo = _4_suite + _ = _7_esdkSuite + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_7_esdkSuite, (_1_esdkSuiteIdBytes).Dtor_tail())) + } + } + } + } +} +func (_static *CompanionStruct_Default___) WriteMessageId(messageId _dafny.Sequence) _dafny.Sequence { + return m_SerializeFunctions.Companion_Default___.Write(messageId) +} +func (_static *CompanionStruct_Default___) ReadMessageIdV1(buffer m_SerializeFunctions.ReadableBuffer) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read(buffer, m_HeaderTypes.Companion_Default___.MESSAGE__ID__LEN__V1()) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _1_messageIdRead m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _1_messageIdRead + var _2_messageId _dafny.Sequence = (_1_messageIdRead).Dtor_data().(_dafny.Sequence) + _ = _2_messageId + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_2_messageId, (_1_messageIdRead).Dtor_tail())) + } +} +func (_static *CompanionStruct_Default___) ReadMessageIdV2(buffer m_SerializeFunctions.ReadableBuffer) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read(buffer, m_HeaderTypes.Companion_Default___.MESSAGE__ID__LEN__V2()) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _1_messageIdRead m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _1_messageIdRead + var _2_messageId _dafny.Sequence = (_1_messageIdRead).Dtor_data().(_dafny.Sequence) + _ = _2_messageId + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_2_messageId, (_1_messageIdRead).Dtor_tail())) + } +} +func (_static *CompanionStruct_Default___) WriteContentType(contentType m_HeaderTypes.ContentType) _dafny.Sequence { + return m_SerializeFunctions.Companion_Default___.Write(_dafny.SeqOf((contentType).Serialize())) +} +func (_static *CompanionStruct_Default___) ReadContentType(buffer m_SerializeFunctions.ReadableBuffer) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read(buffer, _dafny.One) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _let_tmp_rhs0 m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _let_tmp_rhs0 + var _1_raw _dafny.Sequence = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Data.(_dafny.Sequence) + _ = _1_raw + var _2_tail m_SerializeFunctions.ReadableBuffer = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Tail + _ = _2_tail + var _3_valueOrError1 m_Wrappers.Result = (m_HeaderTypes.Companion_ContentType_.Get((_1_raw).Select(0).(uint8))).MapFailure(func(coer4 func(_dafny.Sequence) m_SerializeFunctions.ReadProblems) func(interface{}) interface{} { + return func(arg5 interface{}) interface{} { + return coer4(arg5.(_dafny.Sequence)) + } + }(func(_4_e _dafny.Sequence) m_SerializeFunctions.ReadProblems { + return m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_4_e) + })) + _ = _3_valueOrError1 + if (_3_valueOrError1).IsFailure() { + return (_3_valueOrError1).PropagateFailure() + } else { + var _5_contentType m_HeaderTypes.ContentType = (_3_valueOrError1).Extract().(m_HeaderTypes.ContentType) + _ = _5_contentType + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_5_contentType, _2_tail)) + } + } +} + +// End of class Default__ diff --git a/releases/go/encryption-sdk/V1HeaderBody/V1HeaderBody.go b/releases/go/encryption-sdk/V1HeaderBody/V1HeaderBody.go new file mode 100644 index 000000000..db566cfdd --- /dev/null +++ b/releases/go/encryption-sdk/V1HeaderBody/V1HeaderBody.go @@ -0,0 +1,546 @@ +// Package V1HeaderBody +// Dafny module V1HeaderBody compiled into Go + +package V1HeaderBody + +import ( + os "os" + + m_ComAmazonawsDynamodbTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/ComAmazonawsDynamodbTypes" + m_Com_Amazonaws_Dynamodb "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/Com_Amazonaws_Dynamodb" + m_ComAmazonawsKmsTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/ComAmazonawsKmsTypes" + m_Com_Amazonaws_Kms "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/Com_Amazonaws_Kms" + m_AlgorithmSuites "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AlgorithmSuites" + m_AwsArnParsing "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsArnParsing" + m_AwsCryptographyKeyStoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreOperations" + m_AwsCryptographyKeyStoreTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreTypes" + m_AwsCryptographyMaterialProvidersOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersOperations" + m_AwsCryptographyMaterialProvidersTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + m_AwsKmsDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsDiscoveryKeyring" + m_AwsKmsEcdhKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsEcdhKeyring" + m_AwsKmsHierarchicalKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsHierarchicalKeyring" + m_AwsKmsKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsKeyring" + m_AwsKmsMrkAreUnique "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkAreUnique" + m_AwsKmsMrkDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkDiscoveryKeyring" + m_AwsKmsMrkKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkKeyring" + m_AwsKmsMrkMatchForDecrypt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkMatchForDecrypt" + m_AwsKmsRsaKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsRsaKeyring" + m_AwsKmsUtils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsUtils" + m_CMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CMM" + m_CacheConstants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CacheConstants" + m_CanonicalEncryptionContext "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CanonicalEncryptionContext" + m_Commitment "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Commitment" + m_Constants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Constants" + m_CreateKeyStoreTable "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeyStoreTable" + m_CreateKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeys" + m_DDBKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DDBKeystoreOperations" + m_DefaultCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultCMM" + m_DefaultClientSupplier "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultClientSupplier" + m_Defaults "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Defaults" + m_DiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DiscoveryMultiKeyring" + m_EcdhEdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EcdhEdkWrapping" + m_EdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EdkWrapping" + m_ErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/ErrorMessages" + m_GetKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/GetKeys" + m_IntermediateKeyWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/IntermediateKeyWrapping" + m_KMSKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KMSKeystoreOperations" + m_KeyStore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStore" + m_KeyStoreErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStoreErrorMessages" + m_Keyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Keyring" + m_KmsArn "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KmsArn" + m_LocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/LocalCMC" + m_MaterialProviders "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialProviders" + m_MaterialWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialWrapping" + m_Materials "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Materials" + m_MrkAwareDiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareDiscoveryMultiKeyring" + m_MrkAwareStrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareStrictMultiKeyring" + m_MultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MultiKeyring" + m_RawAESKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawAESKeyring" + m_RawECDHKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawECDHKeyring" + m_RawRSAKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawRSAKeyring" + m_RequiredEncryptionContextCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RequiredEncryptionContextCMM" + m_StormTracker "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTracker" + m_StormTrackingCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTrackingCMC" + m_StrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StrictMultiKeyring" + m_Structure "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Structure" + m_SynchronizedLocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/SynchronizedLocalCMC" + m_Utils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Utils" + m_AtomicPrimitives "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AtomicPrimitives" + m_AwsCryptographyPrimitivesOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesOperations" + m_AwsCryptographyPrimitivesTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesTypes" + m_Digest "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Digest" + m_HKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/HKDF" + m_KdfCtr "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/KdfCtr" + m_Random "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Random" + m_WrappedHKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHKDF" + m_WrappedHMAC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHMAC" + m_Actions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Actions" + m_Base64 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64" + m_Base64Lemmas "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64Lemmas" + m_BoundedInts "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/BoundedInts" + m_DivInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternals" + m_DivInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternalsNonlinear" + m_DivMod "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivMod" + m_FileIO "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FileIO" + m_FloatCompare "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FloatCompare" + m_Functions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Functions" + m_GeneralInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GeneralInternals" + m_GetOpt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GetOpt" + m_HexStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/HexStrings" + m_Logarithm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Logarithm" + m__Math "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Math_" + m_ModInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternals" + m_ModInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternalsNonlinear" + m_Mul "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Mul" + m_MulInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternals" + m_MulInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternalsNonlinear" + m_Power "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Power" + m_Relations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Relations" + m_Seq "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq" + m_Seq_MergeSort "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq_MergeSort" + m_Sorting "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Sorting" + m_StandardLibrary "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary" + m_StandardLibraryInterop "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibraryInterop" + m_StandardLibrary_Sequence "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_Sequence" + m_StandardLibrary_String "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_String" + m_StandardLibrary_UInt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_UInt" + m_Streams "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Streams" + m_UnicodeStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UnicodeStrings" + m__Unicode "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Unicode_" + m_Utf16EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf16EncodingForm" + m_Utf8EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf8EncodingForm" + m_Wrappers "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + m_AwsCryptographyEncryptionSdkTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + m_EncryptedDataKeys "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptedDataKeys" + m_EncryptionContext "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptionContext" + m_HeaderTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderTypes" + m_SerializableTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializableTypes" + m_SerializeFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializeFunctions" + m_SharedHeaderFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SharedHeaderFunctions" + m__System "github.com/dafny-lang/DafnyRuntimeGo/v4/System_" + _dafny "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +var _ = os.Args +var _ _dafny.Dummy__ +var _ m__System.Dummy__ +var _ m_Wrappers.Dummy__ +var _ m_BoundedInts.Dummy__ +var _ m_StandardLibrary_UInt.Dummy__ +var _ m_StandardLibrary_Sequence.Dummy__ +var _ m_StandardLibrary_String.Dummy__ +var _ m_StandardLibrary.Dummy__ +var _ m_AwsCryptographyPrimitivesTypes.Dummy__ +var _ m_Random.Dummy__ +var _ m_Digest.Dummy__ +var _ m_WrappedHMAC.Dummy__ +var _ m_HKDF.Dummy__ +var _ m_WrappedHKDF.Dummy__ +var _ m_KdfCtr.Dummy__ +var _ m_AwsCryptographyPrimitivesOperations.Dummy__ +var _ m_AtomicPrimitives.Dummy__ +var _ m_ComAmazonawsDynamodbTypes.Dummy__ +var _ m_ComAmazonawsKmsTypes.Dummy__ +var _ m_AwsCryptographyKeyStoreTypes.Dummy__ +var _ m_AwsCryptographyMaterialProvidersTypes.Dummy__ +var _ m_Base64.Dummy__ +var _ m_AlgorithmSuites.Dummy__ +var _ m_Materials.Dummy__ +var _ m_Keyring.Dummy__ +var _ m_Relations.Dummy__ +var _ m_Seq_MergeSort.Dummy__ +var _ m__Math.Dummy__ +var _ m_Seq.Dummy__ +var _ m_MultiKeyring.Dummy__ +var _ m_AwsArnParsing.Dummy__ +var _ m_AwsKmsMrkAreUnique.Dummy__ +var _ m_Actions.Dummy__ +var _ m_AwsKmsMrkMatchForDecrypt.Dummy__ +var _ m_AwsKmsUtils.Dummy__ +var _ m_Constants.Dummy__ +var _ m_MaterialWrapping.Dummy__ +var _ m_CanonicalEncryptionContext.Dummy__ +var _ m_IntermediateKeyWrapping.Dummy__ +var _ m_EdkWrapping.Dummy__ +var _ m_ErrorMessages.Dummy__ +var _ m_AwsKmsKeyring.Dummy__ +var _ m_StrictMultiKeyring.Dummy__ +var _ m_AwsKmsDiscoveryKeyring.Dummy__ +var _ m_Com_Amazonaws_Kms.Dummy__ +var _ m_Com_Amazonaws_Dynamodb.Dummy__ +var _ m_DiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkDiscoveryKeyring.Dummy__ +var _ m_MrkAwareDiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkKeyring.Dummy__ +var _ m_MrkAwareStrictMultiKeyring.Dummy__ +var _ m_LocalCMC.Dummy__ +var _ m_SynchronizedLocalCMC.Dummy__ +var _ m_StormTracker.Dummy__ +var _ m_StormTrackingCMC.Dummy__ +var _ m_CacheConstants.Dummy__ +var _ m_AwsKmsHierarchicalKeyring.Dummy__ +var _ m_AwsKmsRsaKeyring.Dummy__ +var _ m_EcdhEdkWrapping.Dummy__ +var _ m_RawECDHKeyring.Dummy__ +var _ m_AwsKmsEcdhKeyring.Dummy__ +var _ m_RawAESKeyring.Dummy__ +var _ m_RawRSAKeyring.Dummy__ +var _ m_CMM.Dummy__ +var _ m_Defaults.Dummy__ +var _ m_Commitment.Dummy__ +var _ m_DefaultCMM.Dummy__ +var _ m_DefaultClientSupplier.Dummy__ +var _ m_Utils.Dummy__ +var _ m_RequiredEncryptionContextCMM.Dummy__ +var _ m_AwsCryptographyMaterialProvidersOperations.Dummy__ +var _ m_MaterialProviders.Dummy__ +var _ m_KeyStoreErrorMessages.Dummy__ +var _ m_KmsArn.Dummy__ +var _ m_Structure.Dummy__ +var _ m_KMSKeystoreOperations.Dummy__ +var _ m_DDBKeystoreOperations.Dummy__ +var _ m_CreateKeys.Dummy__ +var _ m_CreateKeyStoreTable.Dummy__ +var _ m_GetKeys.Dummy__ +var _ m_AwsCryptographyKeyStoreOperations.Dummy__ +var _ m_KeyStore.Dummy__ +var _ m__Unicode.Dummy__ +var _ m_Functions.Dummy__ +var _ m_Utf8EncodingForm.Dummy__ +var _ m_Utf16EncodingForm.Dummy__ +var _ m_UnicodeStrings.Dummy__ +var _ m_FileIO.Dummy__ +var _ m_GeneralInternals.Dummy__ +var _ m_MulInternalsNonlinear.Dummy__ +var _ m_MulInternals.Dummy__ +var _ m_Mul.Dummy__ +var _ m_ModInternalsNonlinear.Dummy__ +var _ m_DivInternalsNonlinear.Dummy__ +var _ m_ModInternals.Dummy__ +var _ m_DivInternals.Dummy__ +var _ m_DivMod.Dummy__ +var _ m_Power.Dummy__ +var _ m_Logarithm.Dummy__ +var _ m_StandardLibraryInterop.Dummy__ +var _ m_Streams.Dummy__ +var _ m_Sorting.Dummy__ +var _ m_HexStrings.Dummy__ +var _ m_GetOpt.Dummy__ +var _ m_FloatCompare.Dummy__ +var _ m_Base64Lemmas.Dummy__ +var _ m_AwsCryptographyEncryptionSdkTypes.Dummy__ +var _ m_SerializableTypes.Dummy__ +var _ m_SerializeFunctions.Dummy__ +var _ m_EncryptionContext.Dummy__ +var _ m_HeaderTypes.Dummy__ +var _ m_SharedHeaderFunctions.Dummy__ +var _ m_EncryptedDataKeys.Dummy__ + +type Dummy__ struct{} + +// Definition of class Default__ +type Default__ struct { + dummy byte +} + +func New_Default___() *Default__ { + _this := Default__{} + + return &_this +} + +type CompanionStruct_Default___ struct { +} + +var Companion_Default___ = CompanionStruct_Default___{} + +func (_this *Default__) Equals(other *Default__) bool { + return _this == other +} + +func (_this *Default__) EqualsGeneric(x interface{}) bool { + other, ok := x.(*Default__) + return ok && _this.Equals(other) +} + +func (*Default__) String() string { + return "V1HeaderBody.Default__" +} +func (_this *Default__) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = &Default__{} + +func (_static *CompanionStruct_Default___) WriteV1HeaderBody(body m_HeaderTypes.HeaderBody) _dafny.Sequence { + return _dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(m_SharedHeaderFunctions.Companion_Default___.WriteMessageFormatVersion(m_HeaderTypes.Companion_MessageFormatVersion_.Create_V1_()), Companion_Default___.WriteV1MessageType((body).Dtor_messageType())), m_SharedHeaderFunctions.Companion_Default___.WriteESDKSuiteId((body).Dtor_algorithmSuite())), m_SharedHeaderFunctions.Companion_Default___.WriteMessageId((body).Dtor_messageId())), m_EncryptionContext.Companion_Default___.WriteAADSection((body).Dtor_encryptionContext())), m_EncryptedDataKeys.Companion_Default___.WriteEncryptedDataKeysSection((body).Dtor_encryptedDataKeys())), m_SharedHeaderFunctions.Companion_Default___.WriteContentType((body).Dtor_contentType())), Companion_Default___.WriteV1ReservedBytes(Companion_Default___.RESERVED__BYTES())), Companion_Default___.WriteV1HeaderIvLength(m_SerializableTypes.Companion_Default___.GetIvLength((body).Dtor_algorithmSuite()))), m_SerializeFunctions.Companion_Default___.WriteUint32((body).Dtor_frameLength())) +} +func (_static *CompanionStruct_Default___) ReadV1HeaderBody(buffer m_SerializeFunctions.ReadableBuffer, maxEdks m_Wrappers.Option, mpl *m_MaterialProviders.MaterialProvidersClient) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SharedHeaderFunctions.Companion_Default___.ReadMessageFormatVersion(buffer) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _1_version m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _1_version + var _2_valueOrError1 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need(((_1_version).Dtor_data().(m_HeaderTypes.MessageFormatVersion)).Is_V1(), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Message version must be version 1."))) + _ = _2_valueOrError1 + if (_2_valueOrError1).IsFailure() { + return (_2_valueOrError1).PropagateFailure() + } else { + var _3_valueOrError2 m_Wrappers.Result = Companion_Default___.ReadV1MessageType((_1_version).Dtor_tail()) + _ = _3_valueOrError2 + if (_3_valueOrError2).IsFailure() { + return (_3_valueOrError2).PropagateFailure() + } else { + var _4_messageType m_SerializeFunctions.SuccessfulRead = (_3_valueOrError2).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _4_messageType + var _5_valueOrError3 m_Wrappers.Result = m_SharedHeaderFunctions.Companion_Default___.ReadESDKSuiteId((_4_messageType).Dtor_tail(), mpl) + _ = _5_valueOrError3 + if (_5_valueOrError3).IsFailure() { + return (_5_valueOrError3).PropagateFailure() + } else { + var _6_suite m_SerializeFunctions.SuccessfulRead = (_5_valueOrError3).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _6_suite + var _7_valueOrError4 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need((((_6_suite).Dtor_data().(m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo)).Dtor_commitment()).Is_None(), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Algorithm suite must not support commitment."))) + _ = _7_valueOrError4 + if (_7_valueOrError4).IsFailure() { + return (_7_valueOrError4).PropagateFailure() + } else { + var _8_valueOrError5 m_Wrappers.Result = m_SharedHeaderFunctions.Companion_Default___.ReadMessageIdV1((_6_suite).Dtor_tail()) + _ = _8_valueOrError5 + if (_8_valueOrError5).IsFailure() { + return (_8_valueOrError5).PropagateFailure() + } else { + var _9_messageId m_SerializeFunctions.SuccessfulRead = (_8_valueOrError5).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _9_messageId + var _10_valueOrError6 m_Wrappers.Result = m_EncryptionContext.Companion_Default___.ReadAADSection((_9_messageId).Dtor_tail()) + _ = _10_valueOrError6 + if (_10_valueOrError6).IsFailure() { + return (_10_valueOrError6).PropagateFailure() + } else { + var _11_encryptionContext m_SerializeFunctions.SuccessfulRead = (_10_valueOrError6).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _11_encryptionContext + var _12_valueOrError7 m_Wrappers.Result = m_EncryptedDataKeys.Companion_Default___.ReadEncryptedDataKeysSection((_11_encryptionContext).Dtor_tail(), maxEdks) + _ = _12_valueOrError7 + if (_12_valueOrError7).IsFailure() { + return (_12_valueOrError7).PropagateFailure() + } else { + var _13_encryptedDataKeys m_SerializeFunctions.SuccessfulRead = (_12_valueOrError7).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _13_encryptedDataKeys + var _14_valueOrError8 m_Wrappers.Result = m_SharedHeaderFunctions.Companion_Default___.ReadContentType((_13_encryptedDataKeys).Dtor_tail()) + _ = _14_valueOrError8 + if (_14_valueOrError8).IsFailure() { + return (_14_valueOrError8).PropagateFailure() + } else { + var _15_contentType m_SerializeFunctions.SuccessfulRead = (_14_valueOrError8).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _15_contentType + var _16_valueOrError9 m_Wrappers.Result = Companion_Default___.ReadV1ReservedBytes((_15_contentType).Dtor_tail()) + _ = _16_valueOrError9 + if (_16_valueOrError9).IsFailure() { + return (_16_valueOrError9).PropagateFailure() + } else { + var _17_reservedBytes m_SerializeFunctions.SuccessfulRead = (_16_valueOrError9).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _17_reservedBytes + var _18_valueOrError10 m_Wrappers.Result = Companion_Default___.ReadV1HeaderIvLength((_17_reservedBytes).Dtor_tail(), (_6_suite).Dtor_data().(m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo)) + _ = _18_valueOrError10 + if (_18_valueOrError10).IsFailure() { + return (_18_valueOrError10).PropagateFailure() + } else { + var _19_headerIvLength m_SerializeFunctions.SuccessfulRead = (_18_valueOrError10).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _19_headerIvLength + var _20_valueOrError11 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadUInt32((_19_headerIvLength).Dtor_tail()) + _ = _20_valueOrError11 + if (_20_valueOrError11).IsFailure() { + return (_20_valueOrError11).PropagateFailure() + } else { + var _21_frameLength m_SerializeFunctions.SuccessfulRead = (_20_valueOrError11).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _21_frameLength + var _22_body m_HeaderTypes.HeaderBody = m_HeaderTypes.Companion_HeaderBody_.Create_V1HeaderBody_((_4_messageType).Dtor_data().(m_HeaderTypes.MessageType), (_6_suite).Dtor_data().(m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo), (_9_messageId).Dtor_data().(_dafny.Sequence), (_11_encryptionContext).Dtor_data().(_dafny.Sequence), (_13_encryptedDataKeys).Dtor_data().(_dafny.Sequence), (_15_contentType).Dtor_data().(m_HeaderTypes.ContentType), _dafny.IntOfUint8((_19_headerIvLength).Dtor_data().(uint8)), (_21_frameLength).Dtor_data().(uint32)) + _ = _22_body + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_22_body, (_21_frameLength).Dtor_tail())) + } + } + } + } + } + } + } + } + } + } + } + } +} +func (_static *CompanionStruct_Default___) WriteV1MessageType(messageType m_HeaderTypes.MessageType) _dafny.Sequence { + return _dafny.SeqOf((messageType).Serialize()) +} +func (_static *CompanionStruct_Default___) ReadV1MessageType(buffer m_SerializeFunctions.ReadableBuffer) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read(buffer, _dafny.One) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _let_tmp_rhs0 m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _let_tmp_rhs0 + var _1_raw _dafny.Sequence = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Data.(_dafny.Sequence) + _ = _1_raw + var _2_tail m_SerializeFunctions.ReadableBuffer = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Tail + _ = _2_tail + var _3_valueOrError1 m_Wrappers.Result = (m_HeaderTypes.Companion_MessageType_.Get((_1_raw).Select(0).(uint8))).MapFailure(func(coer5 func(_dafny.Sequence) m_SerializeFunctions.ReadProblems) func(interface{}) interface{} { + return func(arg6 interface{}) interface{} { + return coer5(arg6.(_dafny.Sequence)) + } + }(func(_4_e _dafny.Sequence) m_SerializeFunctions.ReadProblems { + return m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_4_e) + })) + _ = _3_valueOrError1 + if (_3_valueOrError1).IsFailure() { + return (_3_valueOrError1).PropagateFailure() + } else { + var _5_messageType m_HeaderTypes.MessageType = (_3_valueOrError1).Extract().(m_HeaderTypes.MessageType) + _ = _5_messageType + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_5_messageType, _2_tail)) + } + } +} +func (_static *CompanionStruct_Default___) WriteV1ReservedBytes(reservedBytes _dafny.Sequence) _dafny.Sequence { + return reservedBytes +} +func (_static *CompanionStruct_Default___) ReadV1ReservedBytes(buffer m_SerializeFunctions.ReadableBuffer) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read(buffer, _dafny.IntOfUint32((Companion_Default___.RESERVED__BYTES()).Cardinality())) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _let_tmp_rhs0 m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _let_tmp_rhs0 + var _1_raw _dafny.Sequence = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Data.(_dafny.Sequence) + _ = _1_raw + var _2_tail m_SerializeFunctions.ReadableBuffer = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Tail + _ = _2_tail + var _3_valueOrError1 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need(_dafny.Companion_Sequence_.Equal(_1_raw, Companion_Default___.RESERVED__BYTES()), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Incorrect reserved bytes."))) + _ = _3_valueOrError1 + if (_3_valueOrError1).IsFailure() { + return (_3_valueOrError1).PropagateFailure() + } else { + var _4_reservedBytes _dafny.Sequence = _1_raw + _ = _4_reservedBytes + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_4_reservedBytes, _2_tail)) + } + } +} +func (_static *CompanionStruct_Default___) WriteV1HeaderIvLength(ivLength uint8) _dafny.Sequence { + return _dafny.SeqOf(ivLength) +} +func (_static *CompanionStruct_Default___) ReadV1HeaderIvLength(buffer m_SerializeFunctions.ReadableBuffer, suite m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read(buffer, _dafny.One) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _let_tmp_rhs0 m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _let_tmp_rhs0 + var _1_raw _dafny.Sequence = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Data.(_dafny.Sequence) + _ = _1_raw + var _2_tail m_SerializeFunctions.ReadableBuffer = _let_tmp_rhs0.Get_().(m_SerializeFunctions.SuccessfulRead_SuccessfulRead).Tail + _ = _2_tail + var _3_valueOrError1 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need(((_1_raw).Select(0).(uint8)) == (m_SerializableTypes.Companion_Default___.GetIvLength(suite)), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("HeaderIv Length does not match Algorithm Suite."))) + _ = _3_valueOrError1 + if (_3_valueOrError1).IsFailure() { + return (_3_valueOrError1).PropagateFailure() + } else { + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_((_1_raw).Select(0).(uint8), _2_tail)) + } + } +} +func (_static *CompanionStruct_Default___) RESERVED__BYTES() _dafny.Sequence { + return _dafny.SeqOf(uint8(0), uint8(0), uint8(0), uint8(0)) +} + +// End of class Default__ + +// Definition of class V1HeaderBody +type V1HeaderBody struct { +} + +func New_V1HeaderBody_() *V1HeaderBody { + _this := V1HeaderBody{} + + return &_this +} + +type CompanionStruct_V1HeaderBody_ struct { +} + +var Companion_V1HeaderBody_ = CompanionStruct_V1HeaderBody_{} + +func (*V1HeaderBody) String() string { + return "V1HeaderBody.V1HeaderBody" +} + +// End of class V1HeaderBody + +func Type_V1HeaderBody_() _dafny.TypeDescriptor { + return type_V1HeaderBody_{} +} + +type type_V1HeaderBody_ struct { +} + +func (_this type_V1HeaderBody_) Default() interface{} { + return m_HeaderTypes.Companion_HeaderBody_.Default() +} + +func (_this type_V1HeaderBody_) String() string { + return "V1HeaderBody.V1HeaderBody" +} +func (_this *CompanionStruct_V1HeaderBody_) Is_(__source m_HeaderTypes.HeaderBody) bool { + var _0_h m_HeaderTypes.HeaderBody = (__source) + _ = _0_h + return (_0_h).Is_V1HeaderBody() +} + +// Definition of class ReservedBytes +type ReservedBytes struct { +} + +func New_ReservedBytes_() *ReservedBytes { + _this := ReservedBytes{} + + return &_this +} + +type CompanionStruct_ReservedBytes_ struct { +} + +var Companion_ReservedBytes_ = CompanionStruct_ReservedBytes_{} + +func (*ReservedBytes) String() string { + return "V1HeaderBody.ReservedBytes" +} +func (_this *CompanionStruct_ReservedBytes_) Witness() _dafny.Sequence { + return Companion_Default___.RESERVED__BYTES() +} + +// End of class ReservedBytes + +func Type_ReservedBytes_() _dafny.TypeDescriptor { + return type_ReservedBytes_{} +} + +type type_ReservedBytes_ struct { +} + +func (_this type_ReservedBytes_) Default() interface{} { + return Companion_ReservedBytes_.Witness() +} + +func (_this type_ReservedBytes_) String() string { + return "V1HeaderBody.ReservedBytes" +} +func (_this *CompanionStruct_ReservedBytes_) Is_(__source _dafny.Sequence) bool { + var _1_s _dafny.Sequence = (__source) + _ = _1_s + return _dafny.Companion_Sequence_.Equal(_1_s, Companion_Default___.RESERVED__BYTES()) +} diff --git a/releases/go/encryption-sdk/V2HeaderBody/V2HeaderBody.go b/releases/go/encryption-sdk/V2HeaderBody/V2HeaderBody.go new file mode 100644 index 000000000..5b65282a3 --- /dev/null +++ b/releases/go/encryption-sdk/V2HeaderBody/V2HeaderBody.go @@ -0,0 +1,406 @@ +// Package V2HeaderBody +// Dafny module V2HeaderBody compiled into Go + +package V2HeaderBody + +import ( + os "os" + + m_ComAmazonawsDynamodbTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/ComAmazonawsDynamodbTypes" + m_Com_Amazonaws_Dynamodb "github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb/Com_Amazonaws_Dynamodb" + m_ComAmazonawsKmsTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/ComAmazonawsKmsTypes" + m_Com_Amazonaws_Kms "github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms/Com_Amazonaws_Kms" + m_AlgorithmSuites "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AlgorithmSuites" + m_AwsArnParsing "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsArnParsing" + m_AwsCryptographyKeyStoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreOperations" + m_AwsCryptographyKeyStoreTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyKeyStoreTypes" + m_AwsCryptographyMaterialProvidersOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersOperations" + m_AwsCryptographyMaterialProvidersTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + m_AwsKmsDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsDiscoveryKeyring" + m_AwsKmsEcdhKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsEcdhKeyring" + m_AwsKmsHierarchicalKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsHierarchicalKeyring" + m_AwsKmsKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsKeyring" + m_AwsKmsMrkAreUnique "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkAreUnique" + m_AwsKmsMrkDiscoveryKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkDiscoveryKeyring" + m_AwsKmsMrkKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkKeyring" + m_AwsKmsMrkMatchForDecrypt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsMrkMatchForDecrypt" + m_AwsKmsRsaKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsRsaKeyring" + m_AwsKmsUtils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsKmsUtils" + m_CMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CMM" + m_CacheConstants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CacheConstants" + m_CanonicalEncryptionContext "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CanonicalEncryptionContext" + m_Commitment "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Commitment" + m_Constants "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Constants" + m_CreateKeyStoreTable "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeyStoreTable" + m_CreateKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/CreateKeys" + m_DDBKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DDBKeystoreOperations" + m_DefaultCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultCMM" + m_DefaultClientSupplier "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DefaultClientSupplier" + m_Defaults "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Defaults" + m_DiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/DiscoveryMultiKeyring" + m_EcdhEdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EcdhEdkWrapping" + m_EdkWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/EdkWrapping" + m_ErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/ErrorMessages" + m_GetKeys "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/GetKeys" + m_IntermediateKeyWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/IntermediateKeyWrapping" + m_KMSKeystoreOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KMSKeystoreOperations" + m_KeyStore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStore" + m_KeyStoreErrorMessages "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KeyStoreErrorMessages" + m_Keyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Keyring" + m_KmsArn "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/KmsArn" + m_LocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/LocalCMC" + m_MaterialProviders "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialProviders" + m_MaterialWrapping "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MaterialWrapping" + m_Materials "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Materials" + m_MrkAwareDiscoveryMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareDiscoveryMultiKeyring" + m_MrkAwareStrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MrkAwareStrictMultiKeyring" + m_MultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/MultiKeyring" + m_RawAESKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawAESKeyring" + m_RawECDHKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawECDHKeyring" + m_RawRSAKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RawRSAKeyring" + m_RequiredEncryptionContextCMM "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/RequiredEncryptionContextCMM" + m_StormTracker "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTracker" + m_StormTrackingCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StormTrackingCMC" + m_StrictMultiKeyring "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/StrictMultiKeyring" + m_Structure "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Structure" + m_SynchronizedLocalCMC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/SynchronizedLocalCMC" + m_Utils "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/Utils" + m_AtomicPrimitives "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AtomicPrimitives" + m_AwsCryptographyPrimitivesOperations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesOperations" + m_AwsCryptographyPrimitivesTypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/AwsCryptographyPrimitivesTypes" + m_Digest "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Digest" + m_HKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/HKDF" + m_KdfCtr "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/KdfCtr" + m_Random "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/Random" + m_WrappedHKDF "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHKDF" + m_WrappedHMAC "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/WrappedHMAC" + m_Actions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Actions" + m_Base64 "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64" + m_Base64Lemmas "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Base64Lemmas" + m_BoundedInts "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/BoundedInts" + m_DivInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternals" + m_DivInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivInternalsNonlinear" + m_DivMod "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/DivMod" + m_FileIO "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FileIO" + m_FloatCompare "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/FloatCompare" + m_Functions "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Functions" + m_GeneralInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GeneralInternals" + m_GetOpt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/GetOpt" + m_HexStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/HexStrings" + m_Logarithm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Logarithm" + m__Math "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Math_" + m_ModInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternals" + m_ModInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/ModInternalsNonlinear" + m_Mul "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Mul" + m_MulInternals "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternals" + m_MulInternalsNonlinear "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/MulInternalsNonlinear" + m_Power "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Power" + m_Relations "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Relations" + m_Seq "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq" + m_Seq_MergeSort "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Seq_MergeSort" + m_Sorting "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Sorting" + m_StandardLibrary "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary" + m_StandardLibraryInterop "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibraryInterop" + m_StandardLibrary_Sequence "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_Sequence" + m_StandardLibrary_String "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_String" + m_StandardLibrary_UInt "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/StandardLibrary_UInt" + m_Streams "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Streams" + m_UnicodeStrings "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/UnicodeStrings" + m__Unicode "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Unicode_" + m_Utf16EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf16EncodingForm" + m_Utf8EncodingForm "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Utf8EncodingForm" + m_Wrappers "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + m_AwsCryptographyEncryptionSdkTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + m_EncryptedDataKeys "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptedDataKeys" + m_EncryptionContext "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/EncryptionContext" + m_HeaderTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/HeaderTypes" + m_SerializableTypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializableTypes" + m_SerializeFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SerializeFunctions" + m_SharedHeaderFunctions "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/SharedHeaderFunctions" + m_V1HeaderBody "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/V1HeaderBody" + m__System "github.com/dafny-lang/DafnyRuntimeGo/v4/System_" + _dafny "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +var _ = os.Args +var _ _dafny.Dummy__ +var _ m__System.Dummy__ +var _ m_Wrappers.Dummy__ +var _ m_BoundedInts.Dummy__ +var _ m_StandardLibrary_UInt.Dummy__ +var _ m_StandardLibrary_Sequence.Dummy__ +var _ m_StandardLibrary_String.Dummy__ +var _ m_StandardLibrary.Dummy__ +var _ m_AwsCryptographyPrimitivesTypes.Dummy__ +var _ m_Random.Dummy__ +var _ m_Digest.Dummy__ +var _ m_WrappedHMAC.Dummy__ +var _ m_HKDF.Dummy__ +var _ m_WrappedHKDF.Dummy__ +var _ m_KdfCtr.Dummy__ +var _ m_AwsCryptographyPrimitivesOperations.Dummy__ +var _ m_AtomicPrimitives.Dummy__ +var _ m_ComAmazonawsDynamodbTypes.Dummy__ +var _ m_ComAmazonawsKmsTypes.Dummy__ +var _ m_AwsCryptographyKeyStoreTypes.Dummy__ +var _ m_AwsCryptographyMaterialProvidersTypes.Dummy__ +var _ m_Base64.Dummy__ +var _ m_AlgorithmSuites.Dummy__ +var _ m_Materials.Dummy__ +var _ m_Keyring.Dummy__ +var _ m_Relations.Dummy__ +var _ m_Seq_MergeSort.Dummy__ +var _ m__Math.Dummy__ +var _ m_Seq.Dummy__ +var _ m_MultiKeyring.Dummy__ +var _ m_AwsArnParsing.Dummy__ +var _ m_AwsKmsMrkAreUnique.Dummy__ +var _ m_Actions.Dummy__ +var _ m_AwsKmsMrkMatchForDecrypt.Dummy__ +var _ m_AwsKmsUtils.Dummy__ +var _ m_Constants.Dummy__ +var _ m_MaterialWrapping.Dummy__ +var _ m_CanonicalEncryptionContext.Dummy__ +var _ m_IntermediateKeyWrapping.Dummy__ +var _ m_EdkWrapping.Dummy__ +var _ m_ErrorMessages.Dummy__ +var _ m_AwsKmsKeyring.Dummy__ +var _ m_StrictMultiKeyring.Dummy__ +var _ m_AwsKmsDiscoveryKeyring.Dummy__ +var _ m_Com_Amazonaws_Kms.Dummy__ +var _ m_Com_Amazonaws_Dynamodb.Dummy__ +var _ m_DiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkDiscoveryKeyring.Dummy__ +var _ m_MrkAwareDiscoveryMultiKeyring.Dummy__ +var _ m_AwsKmsMrkKeyring.Dummy__ +var _ m_MrkAwareStrictMultiKeyring.Dummy__ +var _ m_LocalCMC.Dummy__ +var _ m_SynchronizedLocalCMC.Dummy__ +var _ m_StormTracker.Dummy__ +var _ m_StormTrackingCMC.Dummy__ +var _ m_CacheConstants.Dummy__ +var _ m_AwsKmsHierarchicalKeyring.Dummy__ +var _ m_AwsKmsRsaKeyring.Dummy__ +var _ m_EcdhEdkWrapping.Dummy__ +var _ m_RawECDHKeyring.Dummy__ +var _ m_AwsKmsEcdhKeyring.Dummy__ +var _ m_RawAESKeyring.Dummy__ +var _ m_RawRSAKeyring.Dummy__ +var _ m_CMM.Dummy__ +var _ m_Defaults.Dummy__ +var _ m_Commitment.Dummy__ +var _ m_DefaultCMM.Dummy__ +var _ m_DefaultClientSupplier.Dummy__ +var _ m_Utils.Dummy__ +var _ m_RequiredEncryptionContextCMM.Dummy__ +var _ m_AwsCryptographyMaterialProvidersOperations.Dummy__ +var _ m_MaterialProviders.Dummy__ +var _ m_KeyStoreErrorMessages.Dummy__ +var _ m_KmsArn.Dummy__ +var _ m_Structure.Dummy__ +var _ m_KMSKeystoreOperations.Dummy__ +var _ m_DDBKeystoreOperations.Dummy__ +var _ m_CreateKeys.Dummy__ +var _ m_CreateKeyStoreTable.Dummy__ +var _ m_GetKeys.Dummy__ +var _ m_AwsCryptographyKeyStoreOperations.Dummy__ +var _ m_KeyStore.Dummy__ +var _ m__Unicode.Dummy__ +var _ m_Functions.Dummy__ +var _ m_Utf8EncodingForm.Dummy__ +var _ m_Utf16EncodingForm.Dummy__ +var _ m_UnicodeStrings.Dummy__ +var _ m_FileIO.Dummy__ +var _ m_GeneralInternals.Dummy__ +var _ m_MulInternalsNonlinear.Dummy__ +var _ m_MulInternals.Dummy__ +var _ m_Mul.Dummy__ +var _ m_ModInternalsNonlinear.Dummy__ +var _ m_DivInternalsNonlinear.Dummy__ +var _ m_ModInternals.Dummy__ +var _ m_DivInternals.Dummy__ +var _ m_DivMod.Dummy__ +var _ m_Power.Dummy__ +var _ m_Logarithm.Dummy__ +var _ m_StandardLibraryInterop.Dummy__ +var _ m_Streams.Dummy__ +var _ m_Sorting.Dummy__ +var _ m_HexStrings.Dummy__ +var _ m_GetOpt.Dummy__ +var _ m_FloatCompare.Dummy__ +var _ m_Base64Lemmas.Dummy__ +var _ m_AwsCryptographyEncryptionSdkTypes.Dummy__ +var _ m_SerializableTypes.Dummy__ +var _ m_SerializeFunctions.Dummy__ +var _ m_EncryptionContext.Dummy__ +var _ m_HeaderTypes.Dummy__ +var _ m_SharedHeaderFunctions.Dummy__ +var _ m_EncryptedDataKeys.Dummy__ +var _ m_V1HeaderBody.Dummy__ + +type Dummy__ struct{} + +// Definition of class Default__ +type Default__ struct { + dummy byte +} + +func New_Default___() *Default__ { + _this := Default__{} + + return &_this +} + +type CompanionStruct_Default___ struct { +} + +var Companion_Default___ = CompanionStruct_Default___{} + +func (_this *Default__) Equals(other *Default__) bool { + return _this == other +} + +func (_this *Default__) EqualsGeneric(x interface{}) bool { + other, ok := x.(*Default__) + return ok && _this.Equals(other) +} + +func (*Default__) String() string { + return "V2HeaderBody.Default__" +} +func (_this *Default__) ParentTraits_() []*_dafny.TraitID { + return [](*_dafny.TraitID){} +} + +var _ _dafny.TraitOffspring = &Default__{} + +func (_static *CompanionStruct_Default___) WriteV2HeaderBody(body m_HeaderTypes.HeaderBody) _dafny.Sequence { + return _dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(_dafny.Companion_Sequence_.Concatenate(m_SharedHeaderFunctions.Companion_Default___.WriteMessageFormatVersion(m_HeaderTypes.Companion_MessageFormatVersion_.Create_V2_()), m_SharedHeaderFunctions.Companion_Default___.WriteESDKSuiteId((body).Dtor_algorithmSuite())), m_SharedHeaderFunctions.Companion_Default___.WriteMessageId((body).Dtor_messageId())), m_EncryptionContext.Companion_Default___.WriteAADSection((body).Dtor_encryptionContext())), m_EncryptedDataKeys.Companion_Default___.WriteEncryptedDataKeysSection((body).Dtor_encryptedDataKeys())), m_SharedHeaderFunctions.Companion_Default___.WriteContentType((body).Dtor_contentType())), m_SerializeFunctions.Companion_Default___.WriteUint32((body).Dtor_frameLength())), m_SerializeFunctions.Companion_Default___.Write((body).Dtor_suiteData())) +} +func (_static *CompanionStruct_Default___) ReadV2HeaderBody(buffer m_SerializeFunctions.ReadableBuffer, maxEdks m_Wrappers.Option, mpl *m_MaterialProviders.MaterialProvidersClient) m_Wrappers.Result { + var _0_valueOrError0 m_Wrappers.Result = m_SharedHeaderFunctions.Companion_Default___.ReadMessageFormatVersion(buffer) + _ = _0_valueOrError0 + if (_0_valueOrError0).IsFailure() { + return (_0_valueOrError0).PropagateFailure() + } else { + var _1_version m_SerializeFunctions.SuccessfulRead = (_0_valueOrError0).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _1_version + var _2_valueOrError1 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need(((_1_version).Dtor_data().(m_HeaderTypes.MessageFormatVersion)).Is_V2(), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Message version must be version 2."))) + _ = _2_valueOrError1 + if (_2_valueOrError1).IsFailure() { + return (_2_valueOrError1).PropagateFailure() + } else { + var _3_valueOrError2 m_Wrappers.Result = m_SharedHeaderFunctions.Companion_Default___.ReadESDKSuiteId((_1_version).Dtor_tail(), mpl) + _ = _3_valueOrError2 + if (_3_valueOrError2).IsFailure() { + return (_3_valueOrError2).PropagateFailure() + } else { + var _4_suite m_SerializeFunctions.SuccessfulRead = (_3_valueOrError2).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _4_suite + var _5_valueOrError3 m_Wrappers.Outcome = m_Wrappers.Companion_Default___.Need((((_4_suite).Dtor_data().(m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo)).Dtor_commitment()).Is_HKDF(), m_SerializeFunctions.Companion_ReadProblems_.Create_Error_(_dafny.SeqOfString("Algorithm suite must support commitment."))) + _ = _5_valueOrError3 + if (_5_valueOrError3).IsFailure() { + return (_5_valueOrError3).PropagateFailure() + } else { + var _6_valueOrError4 m_Wrappers.Result = m_SharedHeaderFunctions.Companion_Default___.ReadMessageIdV2((_4_suite).Dtor_tail()) + _ = _6_valueOrError4 + if (_6_valueOrError4).IsFailure() { + return (_6_valueOrError4).PropagateFailure() + } else { + var _7_messageId m_SerializeFunctions.SuccessfulRead = (_6_valueOrError4).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _7_messageId + var _8_valueOrError5 m_Wrappers.Result = m_EncryptionContext.Companion_Default___.ReadAADSection((_7_messageId).Dtor_tail()) + _ = _8_valueOrError5 + if (_8_valueOrError5).IsFailure() { + return (_8_valueOrError5).PropagateFailure() + } else { + var _9_encryptionContext m_SerializeFunctions.SuccessfulRead = (_8_valueOrError5).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _9_encryptionContext + var _10_valueOrError6 m_Wrappers.Result = m_EncryptedDataKeys.Companion_Default___.ReadEncryptedDataKeysSection((_9_encryptionContext).Dtor_tail(), maxEdks) + _ = _10_valueOrError6 + if (_10_valueOrError6).IsFailure() { + return (_10_valueOrError6).PropagateFailure() + } else { + var _11_encryptedDataKeys m_SerializeFunctions.SuccessfulRead = (_10_valueOrError6).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _11_encryptedDataKeys + var _12_valueOrError7 m_Wrappers.Result = m_SharedHeaderFunctions.Companion_Default___.ReadContentType((_11_encryptedDataKeys).Dtor_tail()) + _ = _12_valueOrError7 + if (_12_valueOrError7).IsFailure() { + return (_12_valueOrError7).PropagateFailure() + } else { + var _13_contentType m_SerializeFunctions.SuccessfulRead = (_12_valueOrError7).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _13_contentType + var _14_valueOrError8 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.ReadUInt32((_13_contentType).Dtor_tail()) + _ = _14_valueOrError8 + if (_14_valueOrError8).IsFailure() { + return (_14_valueOrError8).PropagateFailure() + } else { + var _15_frameLength m_SerializeFunctions.SuccessfulRead = (_14_valueOrError8).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _15_frameLength + var _16_valueOrError9 m_Wrappers.Result = m_SerializeFunctions.Companion_Default___.Read((_15_frameLength).Dtor_tail(), _dafny.IntOfInt32(((((_4_suite).Dtor_data().(m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo)).Dtor_commitment()).Dtor_HKDF()).Dtor_outputKeyLength())) + _ = _16_valueOrError9 + if (_16_valueOrError9).IsFailure() { + return (_16_valueOrError9).PropagateFailure() + } else { + var _17_suiteData m_SerializeFunctions.SuccessfulRead = (_16_valueOrError9).Extract().(m_SerializeFunctions.SuccessfulRead) + _ = _17_suiteData + var _18_body m_HeaderTypes.HeaderBody = m_HeaderTypes.Companion_HeaderBody_.Create_V2HeaderBody_((_4_suite).Dtor_data().(m_AwsCryptographyMaterialProvidersTypes.AlgorithmSuiteInfo), (_7_messageId).Dtor_data().(_dafny.Sequence), (_9_encryptionContext).Dtor_data().(_dafny.Sequence), (_11_encryptedDataKeys).Dtor_data().(_dafny.Sequence), (_13_contentType).Dtor_data().(m_HeaderTypes.ContentType), (_15_frameLength).Dtor_data().(uint32), (_17_suiteData).Dtor_data().(_dafny.Sequence)) + _ = _18_body + return m_Wrappers.Companion_Result_.Create_Success_(m_SerializeFunctions.Companion_SuccessfulRead_.Create_SuccessfulRead_(_18_body, (_17_suiteData).Dtor_tail())) + } + } + } + } + } + } + } + } + } + } +} +func (_static *CompanionStruct_Default___) HeaderBytesToAADStart() _dafny.Int { + return ((_dafny.One).Plus(_dafny.IntOfInt64(2))).Plus(_dafny.IntOfInt64(32)) +} + +// End of class Default__ + +// Definition of class V2HeaderBody +type V2HeaderBody struct { +} + +func New_V2HeaderBody_() *V2HeaderBody { + _this := V2HeaderBody{} + + return &_this +} + +type CompanionStruct_V2HeaderBody_ struct { +} + +var Companion_V2HeaderBody_ = CompanionStruct_V2HeaderBody_{} + +func (*V2HeaderBody) String() string { + return "V2HeaderBody.V2HeaderBody" +} + +// End of class V2HeaderBody + +func Type_V2HeaderBody_() _dafny.TypeDescriptor { + return type_V2HeaderBody_{} +} + +type type_V2HeaderBody_ struct { +} + +func (_this type_V2HeaderBody_) Default() interface{} { + return m_HeaderTypes.Companion_HeaderBody_.Default() +} + +func (_this type_V2HeaderBody_) String() string { + return "V2HeaderBody.V2HeaderBody" +} +func (_this *CompanionStruct_V2HeaderBody_) Is_(__source m_HeaderTypes.HeaderBody) bool { + var _0_h m_HeaderTypes.HeaderBody = (__source) + _ = _0_h + return (_0_h).Is_V2HeaderBody() +} diff --git a/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated/api_client.go b/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated/api_client.go new file mode 100644 index 000000000..064767857 --- /dev/null +++ b/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated/api_client.go @@ -0,0 +1,68 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package awscryptographyencryptionsdksmithygenerated + +import ( + "context" + + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/ESDK" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" +) + +type Client struct { + DafnyClient AwsCryptographyEncryptionSdkTypes.IAwsEncryptionSdkClient +} + +func NewClient(clientConfig awscryptographyencryptionsdksmithygeneratedtypes.AwsEncryptionSdkConfig) (*Client, error) { + var dafnyConfig = AwsEncryptionSdkConfig_ToDafny(clientConfig) + var dafny_response = ESDK.Companion_Default___.ESDK(dafnyConfig) + if dafny_response.Is_Failure() { + panic("Client construction failed. This should never happen") + } + var dafnyClient = dafny_response.Extract().(AwsCryptographyEncryptionSdkTypes.IAwsEncryptionSdkClient) + client := &Client{dafnyClient} + return client, nil +} + +func (client *Client) Encrypt(ctx context.Context, params awscryptographyencryptionsdksmithygeneratedtypes.EncryptInput) (*awscryptographyencryptionsdksmithygeneratedtypes.EncryptOutput, error) { + err := params.Validate() + if err != nil { + opaqueErr := awscryptographyencryptionsdksmithygeneratedtypes.OpaqueError{ + ErrObject: err, + } + return nil, opaqueErr + } + + var dafny_request AwsCryptographyEncryptionSdkTypes.EncryptInput = EncryptInput_ToDafny(params) + var dafny_response = client.DafnyClient.Encrypt(dafny_request) + + if dafny_response.Is_Failure() { + err := dafny_response.Dtor_error().(AwsCryptographyEncryptionSdkTypes.Error) + return nil, Error_FromDafny(err) + } + var native_response = EncryptOutput_FromDafny(dafny_response.Dtor_value().(AwsCryptographyEncryptionSdkTypes.EncryptOutput)) + return &native_response, nil + +} + +func (client *Client) Decrypt(ctx context.Context, params awscryptographyencryptionsdksmithygeneratedtypes.DecryptInput) (*awscryptographyencryptionsdksmithygeneratedtypes.DecryptOutput, error) { + err := params.Validate() + if err != nil { + opaqueErr := awscryptographyencryptionsdksmithygeneratedtypes.OpaqueError{ + ErrObject: err, + } + return nil, opaqueErr + } + + var dafny_request AwsCryptographyEncryptionSdkTypes.DecryptInput = DecryptInput_ToDafny(params) + var dafny_response = client.DafnyClient.Decrypt(dafny_request) + + if dafny_response.Is_Failure() { + err := dafny_response.Dtor_error().(AwsCryptographyEncryptionSdkTypes.Error) + return nil, Error_FromDafny(err) + } + var native_response = DecryptOutput_FromDafny(dafny_response.Dtor_value().(AwsCryptographyEncryptionSdkTypes.DecryptOutput)) + return &native_response, nil + +} diff --git a/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated/to_dafny.go b/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated/to_dafny.go new file mode 100644 index 000000000..21b3787b1 --- /dev/null +++ b/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated/to_dafny.go @@ -0,0 +1,389 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package awscryptographyencryptionsdksmithygenerated + +import ( + "unicode/utf8" + + "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/awscryptographyprimitivessmithygenerated" + "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/awscryptographyprimitivessmithygeneratedtypes" + "github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library/Wrappers" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +func DecryptInput_ToDafny(nativeInput awscryptographyencryptionsdksmithygeneratedtypes.DecryptInput) AwsCryptographyEncryptionSdkTypes.DecryptInput { + + return func() AwsCryptographyEncryptionSdkTypes.DecryptInput { + + return AwsCryptographyEncryptionSdkTypes.Companion_DecryptInput_.Create_DecryptInput_(aws_cryptography_encryptionSdk_DecryptInput_ciphertext_ToDafny(nativeInput.Ciphertext), func() Wrappers.Option { + if (nativeInput.MaterialsManager) == nil { + return Wrappers.Companion_Option_.Create_None_() + } + return Wrappers.Companion_Option_.Create_Some_(awscryptographymaterialproviderssmithygenerated.CryptographicMaterialsManager_ToDafny(nativeInput.MaterialsManager)) + }(), func() Wrappers.Option { + if (nativeInput.Keyring) == nil { + return Wrappers.Companion_Option_.Create_None_() + } + return Wrappers.Companion_Option_.Create_Some_(awscryptographymaterialproviderssmithygenerated.Keyring_ToDafny(nativeInput.Keyring)) + }(), aws_cryptography_encryptionSdk_DecryptInput_encryptionContext_ToDafny(nativeInput.EncryptionContext)) + }() + +} + +func DecryptOutput_ToDafny(nativeOutput awscryptographyencryptionsdksmithygeneratedtypes.DecryptOutput) AwsCryptographyEncryptionSdkTypes.DecryptOutput { + + return func() AwsCryptographyEncryptionSdkTypes.DecryptOutput { + + return AwsCryptographyEncryptionSdkTypes.Companion_DecryptOutput_.Create_DecryptOutput_(aws_cryptography_encryptionSdk_DecryptOutput_plaintext_ToDafny(nativeOutput.Plaintext), aws_cryptography_encryptionSdk_DecryptOutput_encryptionContext_ToDafny(nativeOutput.EncryptionContext), aws_cryptography_encryptionSdk_DecryptOutput_algorithmSuiteId_ToDafny(nativeOutput.AlgorithmSuiteId)) + }() + +} + +func EncryptInput_ToDafny(nativeInput awscryptographyencryptionsdksmithygeneratedtypes.EncryptInput) AwsCryptographyEncryptionSdkTypes.EncryptInput { + + return func() AwsCryptographyEncryptionSdkTypes.EncryptInput { + + return AwsCryptographyEncryptionSdkTypes.Companion_EncryptInput_.Create_EncryptInput_(aws_cryptography_encryptionSdk_EncryptInput_plaintext_ToDafny(nativeInput.Plaintext), aws_cryptography_encryptionSdk_EncryptInput_encryptionContext_ToDafny(nativeInput.EncryptionContext), func() Wrappers.Option { + if (nativeInput.MaterialsManager) == nil { + return Wrappers.Companion_Option_.Create_None_() + } + return Wrappers.Companion_Option_.Create_Some_(awscryptographymaterialproviderssmithygenerated.CryptographicMaterialsManager_ToDafny(nativeInput.MaterialsManager)) + }(), func() Wrappers.Option { + if (nativeInput.Keyring) == nil { + return Wrappers.Companion_Option_.Create_None_() + } + return Wrappers.Companion_Option_.Create_Some_(awscryptographymaterialproviderssmithygenerated.Keyring_ToDafny(nativeInput.Keyring)) + }(), aws_cryptography_encryptionSdk_EncryptInput_algorithmSuiteId_ToDafny(nativeInput.AlgorithmSuiteId), aws_cryptography_encryptionSdk_EncryptInput_frameLength_ToDafny(nativeInput.FrameLength)) + }() + +} + +func EncryptOutput_ToDafny(nativeOutput awscryptographyencryptionsdksmithygeneratedtypes.EncryptOutput) AwsCryptographyEncryptionSdkTypes.EncryptOutput { + + return func() AwsCryptographyEncryptionSdkTypes.EncryptOutput { + + return AwsCryptographyEncryptionSdkTypes.Companion_EncryptOutput_.Create_EncryptOutput_(aws_cryptography_encryptionSdk_EncryptOutput_ciphertext_ToDafny(nativeOutput.Ciphertext), aws_cryptography_encryptionSdk_EncryptOutput_encryptionContext_ToDafny(nativeOutput.EncryptionContext), aws_cryptography_encryptionSdk_EncryptOutput_algorithmSuiteId_ToDafny(nativeOutput.AlgorithmSuiteId)) + }() + +} + +func AwsEncryptionSdkException_ToDafny(nativeInput awscryptographyencryptionsdksmithygeneratedtypes.AwsEncryptionSdkException) AwsCryptographyEncryptionSdkTypes.Error { + return func() AwsCryptographyEncryptionSdkTypes.Error { + + return AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsEncryptionSdkException_(aws_cryptography_encryptionSdk_AwsEncryptionSdkException_message_ToDafny(nativeInput.Message)) + }() + +} + +func CollectionOfErrors_Input_ToDafny(nativeInput awscryptographyencryptionsdksmithygeneratedtypes.CollectionOfErrors) AwsCryptographyEncryptionSdkTypes.Error { + var e []interface{} + for _, i2 := range nativeInput.ListOfErrors { + e = append(e, Error_ToDafny(i2)) + } + return AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_CollectionOfErrors_(dafny.SeqOf(e...), dafny.SeqOfChars([]dafny.Char(nativeInput.Message)...)) +} +func OpaqueError_Input_ToDafny(nativeInput awscryptographyencryptionsdksmithygeneratedtypes.OpaqueError) AwsCryptographyEncryptionSdkTypes.Error { + return AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_Opaque_(nativeInput.ErrObject) +} + +func Error_ToDafny(err error) AwsCryptographyEncryptionSdkTypes.Error { + switch err.(type) { + // Service Errors + case awscryptographyencryptionsdksmithygeneratedtypes.AwsEncryptionSdkException: + return AwsEncryptionSdkException_ToDafny(err.(awscryptographyencryptionsdksmithygeneratedtypes.AwsEncryptionSdkException)) + + //DependentErrors + case awscryptographyprimitivessmithygeneratedtypes.AwsCryptographicPrimitivesBaseException: + return AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyPrimitives_(awscryptographyprimitivessmithygenerated.Error_ToDafny(err)) + + case awscryptographymaterialproviderssmithygeneratedtypes.AwsCryptographicMaterialProvidersBaseException: + return AwsCryptographyEncryptionSdkTypes.Companion_Error_.Create_AwsCryptographyMaterialProviders_(awscryptographymaterialproviderssmithygenerated.Error_ToDafny(err)) + + //Unmodelled Errors + case awscryptographyencryptionsdksmithygeneratedtypes.CollectionOfErrors: + return CollectionOfErrors_Input_ToDafny(err.(awscryptographyencryptionsdksmithygeneratedtypes.CollectionOfErrors)) + + default: + error, ok := err.(awscryptographyencryptionsdksmithygeneratedtypes.OpaqueError) + if !ok { + panic("Error is not an OpaqueError") + } + return OpaqueError_Input_ToDafny(error) + } +} + +func AwsEncryptionSdkConfig_ToDafny(nativeInput awscryptographyencryptionsdksmithygeneratedtypes.AwsEncryptionSdkConfig) AwsCryptographyEncryptionSdkTypes.AwsEncryptionSdkConfig { + return func() AwsCryptographyEncryptionSdkTypes.AwsEncryptionSdkConfig { + + return AwsCryptographyEncryptionSdkTypes.Companion_AwsEncryptionSdkConfig_.Create_AwsEncryptionSdkConfig_(aws_cryptography_encryptionSdk_AwsEncryptionSdkConfig_commitmentPolicy_ToDafny(nativeInput.CommitmentPolicy), aws_cryptography_encryptionSdk_AwsEncryptionSdkConfig_maxEncryptedDataKeys_ToDafny(nativeInput.MaxEncryptedDataKeys), aws_cryptography_encryptionSdk_AwsEncryptionSdkConfig_netV4_0_0_RetryPolicy_ToDafny(nativeInput.NetV4_0_0_RetryPolicy)) + }() + +} + +func aws_cryptography_encryptionSdk_DecryptInput_ciphertext_ToDafny(input []byte) dafny.Sequence { + return func() dafny.Sequence { + var v []interface{} + if input == nil { + return nil + } + for _, e := range input { + v = append(v, e) + } + return dafny.SeqOf(v...) + }() +} + +func aws_cryptography_encryptionSdk_DecryptInput_encryptionContext_ToDafny(input map[string]string) Wrappers.Option { + return func() Wrappers.Option { + fieldValue := dafny.NewMapBuilder() + for key, val := range input { + fieldValue.Add(aws_cryptography_materialProviders_EncryptionContext_key_ToDafny(key), aws_cryptography_materialProviders_EncryptionContext_value_ToDafny(val)) + } + return Wrappers.Companion_Option_.Create_Some_(fieldValue.ToMap()) + }() +} + +func aws_cryptography_materialProviders_EncryptionContext_key_ToDafny(input string) dafny.Sequence { + return func() dafny.Sequence { + + return dafny.SeqOf(func() []interface{} { + utf8.ValidString(input) + b := []byte(input) + f := make([]interface{}, len(b)) + for i, v := range b { + f[i] = v + } + return f + }()...) + }() +} + +func aws_cryptography_materialProviders_EncryptionContext_value_ToDafny(input string) dafny.Sequence { + return func() dafny.Sequence { + + return dafny.SeqOf(func() []interface{} { + utf8.ValidString(input) + b := []byte(input) + f := make([]interface{}, len(b)) + for i, v := range b { + f[i] = v + } + return f + }()...) + }() +} + +func aws_cryptography_encryptionSdk_DecryptOutput_plaintext_ToDafny(input []byte) dafny.Sequence { + return func() dafny.Sequence { + var v []interface{} + if input == nil { + return nil + } + for _, e := range input { + v = append(v, e) + } + return dafny.SeqOf(v...) + }() +} + +func aws_cryptography_encryptionSdk_DecryptOutput_encryptionContext_ToDafny(input map[string]string) dafny.Map { + return func() dafny.Map { + fieldValue := dafny.NewMapBuilder() + for key, val := range input { + fieldValue.Add(aws_cryptography_materialProviders_EncryptionContext_key_ToDafny(key), aws_cryptography_materialProviders_EncryptionContext_value_ToDafny(val)) + } + return fieldValue.ToMap() + }() +} + +func aws_cryptography_encryptionSdk_DecryptOutput_algorithmSuiteId_ToDafny(input awscryptographymaterialproviderssmithygeneratedtypes.ESDKAlgorithmSuiteId) AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId { + return func() AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId { + + var index int + for _, enumVal := range input.Values() { + index++ + if enumVal == input { + break + } + } + var enum interface{} + for allEnums, i := dafny.Iterate(AwsCryptographyMaterialProvidersTypes.CompanionStruct_ESDKAlgorithmSuiteId_{}.AllSingletonConstructors()), 0; i < index; i++ { + var ok bool + enum, ok = allEnums() + if !ok { + break + } + } + return enum.(AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId) + }() +} + +func aws_cryptography_encryptionSdk_EncryptInput_plaintext_ToDafny(input []byte) dafny.Sequence { + return func() dafny.Sequence { + var v []interface{} + if input == nil { + return nil + } + for _, e := range input { + v = append(v, e) + } + return dafny.SeqOf(v...) + }() +} + +func aws_cryptography_encryptionSdk_EncryptInput_encryptionContext_ToDafny(input map[string]string) Wrappers.Option { + return func() Wrappers.Option { + fieldValue := dafny.NewMapBuilder() + for key, val := range input { + fieldValue.Add(aws_cryptography_materialProviders_EncryptionContext_key_ToDafny(key), aws_cryptography_materialProviders_EncryptionContext_value_ToDafny(val)) + } + return Wrappers.Companion_Option_.Create_Some_(fieldValue.ToMap()) + }() +} + +func aws_cryptography_encryptionSdk_EncryptInput_algorithmSuiteId_ToDafny(input *awscryptographymaterialproviderssmithygeneratedtypes.ESDKAlgorithmSuiteId) Wrappers.Option { + return func() Wrappers.Option { + if input == nil { + return Wrappers.Companion_Option_.Create_None_() + } + var index int + for _, enumVal := range input.Values() { + index++ + if enumVal == *input { + break + } + } + var enum interface{} + for allEnums, i := dafny.Iterate(AwsCryptographyMaterialProvidersTypes.CompanionStruct_ESDKAlgorithmSuiteId_{}.AllSingletonConstructors()), 0; i < index; i++ { + var ok bool + enum, ok = allEnums() + if !ok { + break + } + } + return Wrappers.Companion_Option_.Create_Some_(enum.(AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId)) + }() +} + +func aws_cryptography_encryptionSdk_EncryptInput_frameLength_ToDafny(input *int64) Wrappers.Option { + return func() Wrappers.Option { + if input == nil { + return Wrappers.Companion_Option_.Create_None_() + } + return Wrappers.Companion_Option_.Create_Some_(*input) + }() +} + +func aws_cryptography_encryptionSdk_EncryptOutput_ciphertext_ToDafny(input []byte) dafny.Sequence { + return func() dafny.Sequence { + var v []interface{} + if input == nil { + return nil + } + for _, e := range input { + v = append(v, e) + } + return dafny.SeqOf(v...) + }() +} + +func aws_cryptography_encryptionSdk_EncryptOutput_encryptionContext_ToDafny(input map[string]string) dafny.Map { + return func() dafny.Map { + fieldValue := dafny.NewMapBuilder() + for key, val := range input { + fieldValue.Add(aws_cryptography_materialProviders_EncryptionContext_key_ToDafny(key), aws_cryptography_materialProviders_EncryptionContext_value_ToDafny(val)) + } + return fieldValue.ToMap() + }() +} + +func aws_cryptography_encryptionSdk_EncryptOutput_algorithmSuiteId_ToDafny(input awscryptographymaterialproviderssmithygeneratedtypes.ESDKAlgorithmSuiteId) AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId { + return func() AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId { + + var index int + for _, enumVal := range input.Values() { + index++ + if enumVal == input { + break + } + } + var enum interface{} + for allEnums, i := dafny.Iterate(AwsCryptographyMaterialProvidersTypes.CompanionStruct_ESDKAlgorithmSuiteId_{}.AllSingletonConstructors()), 0; i < index; i++ { + var ok bool + enum, ok = allEnums() + if !ok { + break + } + } + return enum.(AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId) + }() +} + +func aws_cryptography_encryptionSdk_AwsEncryptionSdkException_message_ToDafny(input string) dafny.Sequence { + return func() dafny.Sequence { + + return dafny.SeqOfChars([]dafny.Char(input)...) + }() +} + +func aws_cryptography_encryptionSdk_AwsEncryptionSdkConfig_commitmentPolicy_ToDafny(input *awscryptographymaterialproviderssmithygeneratedtypes.ESDKCommitmentPolicy) Wrappers.Option { + return func() Wrappers.Option { + if input == nil { + return Wrappers.Companion_Option_.Create_None_() + } + var index int + for _, enumVal := range input.Values() { + index++ + if enumVal == *input { + break + } + } + var enum interface{} + for allEnums, i := dafny.Iterate(AwsCryptographyMaterialProvidersTypes.CompanionStruct_ESDKCommitmentPolicy_{}.AllSingletonConstructors()), 0; i < index; i++ { + var ok bool + enum, ok = allEnums() + if !ok { + break + } + } + return Wrappers.Companion_Option_.Create_Some_(enum.(AwsCryptographyMaterialProvidersTypes.ESDKCommitmentPolicy)) + }() +} + +func aws_cryptography_encryptionSdk_AwsEncryptionSdkConfig_maxEncryptedDataKeys_ToDafny(input *int64) Wrappers.Option { + return func() Wrappers.Option { + if input == nil { + return Wrappers.Companion_Option_.Create_None_() + } + return Wrappers.Companion_Option_.Create_Some_(*input) + }() +} + +func aws_cryptography_encryptionSdk_AwsEncryptionSdkConfig_netV4_0_0_RetryPolicy_ToDafny(input *awscryptographyencryptionsdksmithygeneratedtypes.NetV4_0_0_RetryPolicy) Wrappers.Option { + return func() Wrappers.Option { + if input == nil { + return Wrappers.Companion_Option_.Create_None_() + } + var index int + for _, enumVal := range input.Values() { + index++ + if enumVal == *input { + break + } + } + var enum interface{} + for allEnums, i := dafny.Iterate(AwsCryptographyEncryptionSdkTypes.CompanionStruct_NetV4__0__0__RetryPolicy_{}.AllSingletonConstructors()), 0; i < index; i++ { + var ok bool + enum, ok = allEnums() + if !ok { + break + } + } + return Wrappers.Companion_Option_.Create_Some_(enum.(AwsCryptographyEncryptionSdkTypes.NetV4__0__0__RetryPolicy)) + }() +} diff --git a/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated/to_native.go b/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated/to_native.go new file mode 100644 index 000000000..49ca5dc7a --- /dev/null +++ b/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated/to_native.go @@ -0,0 +1,436 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package awscryptographyencryptionsdksmithygenerated + +import ( + "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/AwsCryptographyMaterialProvidersTypes" + "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/awscryptographyprimitivessmithygenerated" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/AwsCryptographyEncryptionSdkTypes" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/dafny-lang/DafnyRuntimeGo/v4/dafny" +) + +func DecryptInput_FromDafny(dafnyInput AwsCryptographyEncryptionSdkTypes.DecryptInput) awscryptographyencryptionsdksmithygeneratedtypes.DecryptInput { + + return awscryptographyencryptionsdksmithygeneratedtypes.DecryptInput{Ciphertext: aws_cryptography_encryptionSdk_DecryptInput_ciphertext_FromDafny(dafnyInput.Dtor_ciphertext()), + MaterialsManager: func() awscryptographymaterialproviderssmithygeneratedtypes.ICryptographicMaterialsManager { + if dafnyInput.Dtor_materialsManager().UnwrapOr(nil) == nil { + return nil + } + return awscryptographymaterialproviderssmithygenerated.CryptographicMaterialsManager_FromDafny(dafnyInput.Dtor_materialsManager().UnwrapOr(nil).(AwsCryptographyMaterialProvidersTypes.ICryptographicMaterialsManager)) + }(), + Keyring: func() awscryptographymaterialproviderssmithygeneratedtypes.IKeyring { + if dafnyInput.Dtor_keyring().UnwrapOr(nil) == nil { + return nil + } + return awscryptographymaterialproviderssmithygenerated.Keyring_FromDafny(dafnyInput.Dtor_keyring().UnwrapOr(nil).(AwsCryptographyMaterialProvidersTypes.IKeyring)) + }(), + EncryptionContext: aws_cryptography_encryptionSdk_DecryptInput_encryptionContext_FromDafny(dafnyInput.Dtor_encryptionContext().UnwrapOr(nil)), + } + +} + +func DecryptOutput_FromDafny(dafnyOutput AwsCryptographyEncryptionSdkTypes.DecryptOutput) awscryptographyencryptionsdksmithygeneratedtypes.DecryptOutput { + + return awscryptographyencryptionsdksmithygeneratedtypes.DecryptOutput{Plaintext: aws_cryptography_encryptionSdk_DecryptOutput_plaintext_FromDafny(dafnyOutput.Dtor_plaintext()), + EncryptionContext: aws_cryptography_encryptionSdk_DecryptOutput_encryptionContext_FromDafny(dafnyOutput.Dtor_encryptionContext()), + AlgorithmSuiteId: aws_cryptography_encryptionSdk_DecryptOutput_algorithmSuiteId_FromDafny(dafnyOutput.Dtor_algorithmSuiteId()), + } + +} + +func EncryptInput_FromDafny(dafnyInput AwsCryptographyEncryptionSdkTypes.EncryptInput) awscryptographyencryptionsdksmithygeneratedtypes.EncryptInput { + + return awscryptographyencryptionsdksmithygeneratedtypes.EncryptInput{Plaintext: aws_cryptography_encryptionSdk_EncryptInput_plaintext_FromDafny(dafnyInput.Dtor_plaintext()), + EncryptionContext: aws_cryptography_encryptionSdk_EncryptInput_encryptionContext_FromDafny(dafnyInput.Dtor_encryptionContext().UnwrapOr(nil)), + MaterialsManager: func() awscryptographymaterialproviderssmithygeneratedtypes.ICryptographicMaterialsManager { + if dafnyInput.Dtor_materialsManager().UnwrapOr(nil) == nil { + return nil + } + return awscryptographymaterialproviderssmithygenerated.CryptographicMaterialsManager_FromDafny(dafnyInput.Dtor_materialsManager().UnwrapOr(nil).(AwsCryptographyMaterialProvidersTypes.ICryptographicMaterialsManager)) + }(), + Keyring: func() awscryptographymaterialproviderssmithygeneratedtypes.IKeyring { + if dafnyInput.Dtor_keyring().UnwrapOr(nil) == nil { + return nil + } + return awscryptographymaterialproviderssmithygenerated.Keyring_FromDafny(dafnyInput.Dtor_keyring().UnwrapOr(nil).(AwsCryptographyMaterialProvidersTypes.IKeyring)) + }(), + AlgorithmSuiteId: aws_cryptography_encryptionSdk_EncryptInput_algorithmSuiteId_FromDafny(dafnyInput.Dtor_algorithmSuiteId().UnwrapOr(nil)), + FrameLength: aws_cryptography_encryptionSdk_EncryptInput_frameLength_FromDafny(dafnyInput.Dtor_frameLength().UnwrapOr(nil)), + } + +} + +func EncryptOutput_FromDafny(dafnyOutput AwsCryptographyEncryptionSdkTypes.EncryptOutput) awscryptographyencryptionsdksmithygeneratedtypes.EncryptOutput { + + return awscryptographyencryptionsdksmithygeneratedtypes.EncryptOutput{Ciphertext: aws_cryptography_encryptionSdk_EncryptOutput_ciphertext_FromDafny(dafnyOutput.Dtor_ciphertext()), + EncryptionContext: aws_cryptography_encryptionSdk_EncryptOutput_encryptionContext_FromDafny(dafnyOutput.Dtor_encryptionContext()), + AlgorithmSuiteId: aws_cryptography_encryptionSdk_EncryptOutput_algorithmSuiteId_FromDafny(dafnyOutput.Dtor_algorithmSuiteId()), + } + +} + +func AwsEncryptionSdkException_FromDafny(dafnyOutput AwsCryptographyEncryptionSdkTypes.Error) awscryptographyencryptionsdksmithygeneratedtypes.AwsEncryptionSdkException { + return awscryptographyencryptionsdksmithygeneratedtypes.AwsEncryptionSdkException{Message: aws_cryptography_encryptionSdk_AwsEncryptionSdkException_message_FromDafny(dafnyOutput.Dtor_message())} + +} + +func CollectionOfErrors_Output_FromDafny(dafnyOutput AwsCryptographyEncryptionSdkTypes.Error) awscryptographyencryptionsdksmithygeneratedtypes.CollectionOfErrors { + listOfErrors := dafnyOutput.Dtor_list() + message := dafnyOutput.Dtor_message() + t := awscryptographyencryptionsdksmithygeneratedtypes.CollectionOfErrors{} + for i := dafny.Iterate(listOfErrors); ; { + val, ok := i() + if !ok { + break + } + err := val.(AwsCryptographyEncryptionSdkTypes.Error) + t.ListOfErrors = append(t.ListOfErrors, Error_FromDafny(err)) + + } + t.Message = func() string { + var s string + for i := dafny.Iterate(message); ; { + val, ok := i() + if !ok { + return s + } else { + s = s + string(val.(dafny.Char)) + } + } + }() + return t +} +func OpaqueError_Output_FromDafny(dafnyOutput AwsCryptographyEncryptionSdkTypes.Error) awscryptographyencryptionsdksmithygeneratedtypes.OpaqueError { + return awscryptographyencryptionsdksmithygeneratedtypes.OpaqueError{ + ErrObject: dafnyOutput.Dtor_obj(), + } +} + +func Error_FromDafny(err AwsCryptographyEncryptionSdkTypes.Error) error { + // Service Errors + if err.Is_AwsEncryptionSdkException() { + return AwsEncryptionSdkException_FromDafny(err) + } + + //DependentErrors + if err.Is_AwsCryptographyPrimitives() { + return awscryptographyprimitivessmithygenerated.Error_FromDafny(err.Dtor_AwsCryptographyPrimitives()) + } + + if err.Is_AwsCryptographyMaterialProviders() { + return awscryptographymaterialproviderssmithygenerated.Error_FromDafny(err.Dtor_AwsCryptographyMaterialProviders()) + } + + //Unmodelled Errors + if err.Is_CollectionOfErrors() { + return CollectionOfErrors_Output_FromDafny(err) + } + + return OpaqueError_Output_FromDafny(err) +} + +func AwsEncryptionSdkConfig_FromDafny(dafnyOutput AwsCryptographyEncryptionSdkTypes.AwsEncryptionSdkConfig) awscryptographyencryptionsdksmithygeneratedtypes.AwsEncryptionSdkConfig { + return awscryptographyencryptionsdksmithygeneratedtypes.AwsEncryptionSdkConfig{CommitmentPolicy: aws_cryptography_encryptionSdk_AwsEncryptionSdkConfig_commitmentPolicy_FromDafny(dafnyOutput.Dtor_commitmentPolicy().UnwrapOr(nil)), + MaxEncryptedDataKeys: aws_cryptography_encryptionSdk_AwsEncryptionSdkConfig_maxEncryptedDataKeys_FromDafny(dafnyOutput.Dtor_maxEncryptedDataKeys().UnwrapOr(nil)), + NetV4_0_0_RetryPolicy: aws_cryptography_encryptionSdk_AwsEncryptionSdkConfig_netV4_0_0_RetryPolicy_FromDafny(dafnyOutput.Dtor_netV4__0__0__RetryPolicy().UnwrapOr(nil)), + } + +} + +func aws_cryptography_encryptionSdk_DecryptInput_ciphertext_FromDafny(input interface{}) []byte { + return func() []byte { + var b []byte + if input == nil { + return nil + } + for i := dafny.Iterate(input); ; { + val, ok := i() + if !ok { + return b + } else { + b = append(b, val.(byte)) + } + } + }() +} +func aws_cryptography_encryptionSdk_DecryptInput_encryptionContext_FromDafny(input interface{}) map[string]string { + var m map[string]string = make(map[string]string) + if input == nil { + return nil + } + for i := dafny.Iterate(input.(dafny.Map).Items()); ; { + val, ok := i() + if !ok { + break + } + m[aws_cryptography_materialProviders_EncryptionContext_key_FromDafny((*val.(dafny.Tuple).IndexInt(0)))] = aws_cryptography_materialProviders_EncryptionContext_value_FromDafny((*val.(dafny.Tuple).IndexInt(1))) + } + return m + +} +func aws_cryptography_materialProviders_EncryptionContext_key_FromDafny(input interface{}) string { + return func() string { + var s string + for i := dafny.Iterate(input); ; { + val, ok := i() + if !ok { + return s + } else { + // UTF bytes should be always converted from bytes to string in go + // Otherwise go treats the string as a unicode codepoint + + var valUint, _ = val.(uint8) + var byteSlice = []byte{valUint} + s = s + string(byteSlice) + + } + } + }() +} +func aws_cryptography_materialProviders_EncryptionContext_value_FromDafny(input interface{}) string { + return func() string { + var s string + for i := dafny.Iterate(input); ; { + val, ok := i() + if !ok { + return s + } else { + // UTF bytes should be always converted from bytes to string in go + // Otherwise go treats the string as a unicode codepoint + + var valUint, _ = val.(uint8) + var byteSlice = []byte{valUint} + s = s + string(byteSlice) + + } + } + }() +} +func aws_cryptography_encryptionSdk_DecryptOutput_plaintext_FromDafny(input interface{}) []byte { + return func() []byte { + var b []byte + if input == nil { + return nil + } + for i := dafny.Iterate(input); ; { + val, ok := i() + if !ok { + return b + } else { + b = append(b, val.(byte)) + } + } + }() +} +func aws_cryptography_encryptionSdk_DecryptOutput_encryptionContext_FromDafny(input interface{}) map[string]string { + var m map[string]string = make(map[string]string) + if input == nil { + return nil + } + for i := dafny.Iterate(input.(dafny.Map).Items()); ; { + val, ok := i() + if !ok { + break + } + m[aws_cryptography_materialProviders_EncryptionContext_key_FromDafny((*val.(dafny.Tuple).IndexInt(0)))] = aws_cryptography_materialProviders_EncryptionContext_value_FromDafny((*val.(dafny.Tuple).IndexInt(1))) + } + return m + +} +func aws_cryptography_encryptionSdk_DecryptOutput_algorithmSuiteId_FromDafny(input interface{}) awscryptographymaterialproviderssmithygeneratedtypes.ESDKAlgorithmSuiteId { + return func() awscryptographymaterialproviderssmithygeneratedtypes.ESDKAlgorithmSuiteId { + var u awscryptographymaterialproviderssmithygeneratedtypes.ESDKAlgorithmSuiteId + inputEnum := input.(AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId) + index := -1 + for allEnums := dafny.Iterate(AwsCryptographyMaterialProvidersTypes.CompanionStruct_ESDKAlgorithmSuiteId_{}.AllSingletonConstructors()); ; { + enum, ok := allEnums() + if ok { + index++ + if enum.(AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId).Equals(inputEnum) { + break + } + } + } + + return u.Values()[index] + }() +} +func aws_cryptography_encryptionSdk_EncryptInput_plaintext_FromDafny(input interface{}) []byte { + return func() []byte { + var b []byte + if input == nil { + return nil + } + for i := dafny.Iterate(input); ; { + val, ok := i() + if !ok { + return b + } else { + b = append(b, val.(byte)) + } + } + }() +} +func aws_cryptography_encryptionSdk_EncryptInput_encryptionContext_FromDafny(input interface{}) map[string]string { + var m map[string]string = make(map[string]string) + if input == nil { + return nil + } + for i := dafny.Iterate(input.(dafny.Map).Items()); ; { + val, ok := i() + if !ok { + break + } + m[aws_cryptography_materialProviders_EncryptionContext_key_FromDafny((*val.(dafny.Tuple).IndexInt(0)))] = aws_cryptography_materialProviders_EncryptionContext_value_FromDafny((*val.(dafny.Tuple).IndexInt(1))) + } + return m + +} +func aws_cryptography_encryptionSdk_EncryptInput_algorithmSuiteId_FromDafny(input interface{}) *awscryptographymaterialproviderssmithygeneratedtypes.ESDKAlgorithmSuiteId { + return func() *awscryptographymaterialproviderssmithygeneratedtypes.ESDKAlgorithmSuiteId { + var u awscryptographymaterialproviderssmithygeneratedtypes.ESDKAlgorithmSuiteId + if input == nil { + return nil + } + inputEnum := input.(AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId) + index := -1 + for allEnums := dafny.Iterate(AwsCryptographyMaterialProvidersTypes.CompanionStruct_ESDKAlgorithmSuiteId_{}.AllSingletonConstructors()); ; { + enum, ok := allEnums() + if ok { + index++ + if enum.(AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId).Equals(inputEnum) { + break + } + } + } + + return &u.Values()[index] + }() +} +func aws_cryptography_encryptionSdk_EncryptInput_frameLength_FromDafny(input interface{}) *int64 { + return func() *int64 { + var b int64 + if input == nil { + return nil + } + b = input.(int64) + return &b + }() +} +func aws_cryptography_encryptionSdk_EncryptOutput_ciphertext_FromDafny(input interface{}) []byte { + return func() []byte { + var b []byte + if input == nil { + return nil + } + for i := dafny.Iterate(input); ; { + val, ok := i() + if !ok { + return b + } else { + b = append(b, val.(byte)) + } + } + }() +} +func aws_cryptography_encryptionSdk_EncryptOutput_encryptionContext_FromDafny(input interface{}) map[string]string { + var m map[string]string = make(map[string]string) + if input == nil { + return nil + } + for i := dafny.Iterate(input.(dafny.Map).Items()); ; { + val, ok := i() + if !ok { + break + } + m[aws_cryptography_materialProviders_EncryptionContext_key_FromDafny((*val.(dafny.Tuple).IndexInt(0)))] = aws_cryptography_materialProviders_EncryptionContext_value_FromDafny((*val.(dafny.Tuple).IndexInt(1))) + } + return m + +} +func aws_cryptography_encryptionSdk_EncryptOutput_algorithmSuiteId_FromDafny(input interface{}) awscryptographymaterialproviderssmithygeneratedtypes.ESDKAlgorithmSuiteId { + return func() awscryptographymaterialproviderssmithygeneratedtypes.ESDKAlgorithmSuiteId { + var u awscryptographymaterialproviderssmithygeneratedtypes.ESDKAlgorithmSuiteId + inputEnum := input.(AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId) + index := -1 + for allEnums := dafny.Iterate(AwsCryptographyMaterialProvidersTypes.CompanionStruct_ESDKAlgorithmSuiteId_{}.AllSingletonConstructors()); ; { + enum, ok := allEnums() + if ok { + index++ + if enum.(AwsCryptographyMaterialProvidersTypes.ESDKAlgorithmSuiteId).Equals(inputEnum) { + break + } + } + } + + return u.Values()[index] + }() +} +func aws_cryptography_encryptionSdk_AwsEncryptionSdkException_message_FromDafny(input interface{}) string { + return func() string { + var s string + for i := dafny.Iterate(input); ; { + val, ok := i() + if !ok { + return s + } else { + s = s + string(val.(dafny.Char)) + } + } + }() +} +func aws_cryptography_encryptionSdk_AwsEncryptionSdkConfig_commitmentPolicy_FromDafny(input interface{}) *awscryptographymaterialproviderssmithygeneratedtypes.ESDKCommitmentPolicy { + return func() *awscryptographymaterialproviderssmithygeneratedtypes.ESDKCommitmentPolicy { + var u awscryptographymaterialproviderssmithygeneratedtypes.ESDKCommitmentPolicy + if input == nil { + return nil + } + inputEnum := input.(AwsCryptographyMaterialProvidersTypes.ESDKCommitmentPolicy) + index := -1 + for allEnums := dafny.Iterate(AwsCryptographyMaterialProvidersTypes.CompanionStruct_ESDKCommitmentPolicy_{}.AllSingletonConstructors()); ; { + enum, ok := allEnums() + if ok { + index++ + if enum.(AwsCryptographyMaterialProvidersTypes.ESDKCommitmentPolicy).Equals(inputEnum) { + break + } + } + } + + return &u.Values()[index] + }() +} +func aws_cryptography_encryptionSdk_AwsEncryptionSdkConfig_maxEncryptedDataKeys_FromDafny(input interface{}) *int64 { + return func() *int64 { + var b int64 + if input == nil { + return nil + } + b = input.(int64) + return &b + }() +} +func aws_cryptography_encryptionSdk_AwsEncryptionSdkConfig_netV4_0_0_RetryPolicy_FromDafny(input interface{}) *awscryptographyencryptionsdksmithygeneratedtypes.NetV4_0_0_RetryPolicy { + return func() *awscryptographyencryptionsdksmithygeneratedtypes.NetV4_0_0_RetryPolicy { + var u awscryptographyencryptionsdksmithygeneratedtypes.NetV4_0_0_RetryPolicy + if input == nil { + return nil + } + inputEnum := input.(AwsCryptographyEncryptionSdkTypes.NetV4__0__0__RetryPolicy) + index := -1 + for allEnums := dafny.Iterate(AwsCryptographyEncryptionSdkTypes.CompanionStruct_NetV4__0__0__RetryPolicy_{}.AllSingletonConstructors()); ; { + enum, ok := allEnums() + if ok { + index++ + if enum.(AwsCryptographyEncryptionSdkTypes.NetV4__0__0__RetryPolicy).Equals(inputEnum) { + break + } + } + } + + return &u.Values()[index] + }() +} diff --git a/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes/enums.go b/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes/enums.go new file mode 100644 index 000000000..0322a937c --- /dev/null +++ b/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes/enums.go @@ -0,0 +1,17 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package awscryptographyencryptionsdksmithygeneratedtypes + +type NetV4_0_0_RetryPolicy string + +const ( + NetV4_0_0_RetryPolicyForbidRetry NetV4_0_0_RetryPolicy = "FORBID_RETRY" + NetV4_0_0_RetryPolicyAllowRetry NetV4_0_0_RetryPolicy = "ALLOW_RETRY" +) + +func (NetV4_0_0_RetryPolicy) Values() []NetV4_0_0_RetryPolicy { + return []NetV4_0_0_RetryPolicy{ + "FORBID_RETRY", + "ALLOW_RETRY", + } +} diff --git a/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes/errors.go b/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes/errors.go new file mode 100644 index 000000000..aa73b8a30 --- /dev/null +++ b/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes/errors.go @@ -0,0 +1,17 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package awscryptographyencryptionsdksmithygeneratedtypes + +import ( + "fmt" +) + +type AwsEncryptionSdkException struct { + AwsEncryptionSdkBaseException + Message string + ErrorCodeOverride *string +} + +func (e AwsEncryptionSdkException) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCodeOverride, e.Message) +} diff --git a/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes/types.go b/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes/types.go new file mode 100644 index 000000000..0a64bd5fc --- /dev/null +++ b/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes/types.go @@ -0,0 +1,189 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package awscryptographyencryptionsdksmithygeneratedtypes + +import ( + "fmt" + "unicode/utf8" + + "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" +) + +type DecryptInput struct { + Ciphertext []byte + + EncryptionContext map[string]string + + Keyring awscryptographymaterialproviderssmithygeneratedtypes.IKeyring + + MaterialsManager awscryptographymaterialproviderssmithygeneratedtypes.ICryptographicMaterialsManager +} + +func (input DecryptInput) Validate() error { + if input.aws_cryptography_encryptionSdk_DecryptInput_encryptionContext_Validate() != nil { + return input.aws_cryptography_encryptionSdk_DecryptInput_encryptionContext_Validate() + } + + return nil +} + +func (input DecryptInput) aws_cryptography_encryptionSdk_DecryptInput_encryptionContext_Validate() error { + for key, value := range input.EncryptionContext { + if !utf8.ValidString(key) { + return fmt.Errorf("Invalid UTF bytes %s ", key) + } + if !utf8.ValidString(value) { + return fmt.Errorf("Invalid UTF bytes %s ", value) + } + } + + return nil +} + +type DecryptOutput struct { + AlgorithmSuiteId awscryptographymaterialproviderssmithygeneratedtypes.ESDKAlgorithmSuiteId + + EncryptionContext map[string]string + + Plaintext []byte +} + +func (input DecryptOutput) Validate() error { + if input.EncryptionContext == nil { + return fmt.Errorf("input.EncryptionContext is required but has a nil value.") + } + if input.aws_cryptography_encryptionSdk_DecryptOutput_encryptionContext_Validate() != nil { + return input.aws_cryptography_encryptionSdk_DecryptOutput_encryptionContext_Validate() + } + + return nil +} + +func (input DecryptOutput) aws_cryptography_encryptionSdk_DecryptOutput_encryptionContext_Validate() error { + for key, value := range input.EncryptionContext { + if !utf8.ValidString(key) { + return fmt.Errorf("Invalid UTF bytes %s ", key) + } + if !utf8.ValidString(value) { + return fmt.Errorf("Invalid UTF bytes %s ", value) + } + } + + return nil +} + +type EncryptInput struct { + Plaintext []byte + + AlgorithmSuiteId *awscryptographymaterialproviderssmithygeneratedtypes.ESDKAlgorithmSuiteId + + EncryptionContext map[string]string + + FrameLength *int64 + + Keyring awscryptographymaterialproviderssmithygeneratedtypes.IKeyring + + MaterialsManager awscryptographymaterialproviderssmithygeneratedtypes.ICryptographicMaterialsManager +} + +func (input EncryptInput) Validate() error { + if input.aws_cryptography_encryptionSdk_EncryptInput_encryptionContext_Validate() != nil { + return input.aws_cryptography_encryptionSdk_EncryptInput_encryptionContext_Validate() + } + if input.FrameLength != nil { + if *input.FrameLength < 1 { + return fmt.Errorf("FrameLength has a minimum of 1 but has the value of %d.", *input.FrameLength) + } + if *input.FrameLength > 4294967296 { + return fmt.Errorf("FrameLength has a maximum of 4294967296 but has the value of %d.", *input.FrameLength) + } + } + + return nil +} + +func (input EncryptInput) aws_cryptography_encryptionSdk_EncryptInput_encryptionContext_Validate() error { + for key, value := range input.EncryptionContext { + if !utf8.ValidString(key) { + return fmt.Errorf("Invalid UTF bytes %s ", key) + } + if !utf8.ValidString(value) { + return fmt.Errorf("Invalid UTF bytes %s ", value) + } + } + + return nil +} + +type EncryptOutput struct { + AlgorithmSuiteId awscryptographymaterialproviderssmithygeneratedtypes.ESDKAlgorithmSuiteId + + Ciphertext []byte + + EncryptionContext map[string]string +} + +func (input EncryptOutput) Validate() error { + if input.EncryptionContext == nil { + return fmt.Errorf("input.EncryptionContext is required but has a nil value.") + } + if input.aws_cryptography_encryptionSdk_EncryptOutput_encryptionContext_Validate() != nil { + return input.aws_cryptography_encryptionSdk_EncryptOutput_encryptionContext_Validate() + } + + return nil +} + +func (input EncryptOutput) aws_cryptography_encryptionSdk_EncryptOutput_encryptionContext_Validate() error { + for key, value := range input.EncryptionContext { + if !utf8.ValidString(key) { + return fmt.Errorf("Invalid UTF bytes %s ", key) + } + if !utf8.ValidString(value) { + return fmt.Errorf("Invalid UTF bytes %s ", value) + } + } + + return nil +} + +type AtomicPrimitivesReference struct { +} + +func (input AtomicPrimitivesReference) Validate() error { + + return nil +} + +type AwsEncryptionSdkConfig struct { + CommitmentPolicy *awscryptographymaterialproviderssmithygeneratedtypes.ESDKCommitmentPolicy + + MaxEncryptedDataKeys *int64 + + NetV4_0_0_RetryPolicy *NetV4_0_0_RetryPolicy +} + +func (input AwsEncryptionSdkConfig) Validate() error { + if input.MaxEncryptedDataKeys != nil { + if *input.MaxEncryptedDataKeys < 1 { + return fmt.Errorf("CountingNumbers has a minimum of 1 but has the value of %d.", *input.MaxEncryptedDataKeys) + } + } + + return nil +} + +type MaterialProvidersReference struct { +} + +func (input MaterialProvidersReference) Validate() error { + + return nil +} + +type AwsEncryptionSdkBaseException interface { + // This is a dummy method to allow type assertion since Go empty interfaces + // aren't useful for type assertion checks. No concrete class is expected to implement + // this method. This is also not exported. + interfaceBindingMethod() +} diff --git a/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes/unmodelled_errors.go b/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes/unmodelled_errors.go new file mode 100644 index 000000000..d6f21280b --- /dev/null +++ b/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes/unmodelled_errors.go @@ -0,0 +1,26 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package awscryptographyencryptionsdksmithygeneratedtypes + +import ( + "fmt" +) + +type CollectionOfErrors struct { + AwsEncryptionSdkBaseException + ListOfErrors []error + Message string +} + +func (e CollectionOfErrors) Error() string { + return fmt.Sprintf("message: %s\n err %v", e.Message, e.ListOfErrors) +} + +type OpaqueError struct { + AwsEncryptionSdkBaseException + ErrObject interface{} +} + +func (e OpaqueError) Error() string { + return fmt.Sprintf("message: %v", e.ErrObject) +} diff --git a/releases/go/encryption-sdk/examples/README.md b/releases/go/encryption-sdk/examples/README.md new file mode 100644 index 000000000..df7de5e1b --- /dev/null +++ b/releases/go/encryption-sdk/examples/README.md @@ -0,0 +1,90 @@ +# AWS Encryption SDK for Go Examples + +This section features examples that show you +how to use the AWS Encryption SDK. +We demonstrate how to use the encryption and decryption APIs +and how to set up some common configuration patterns. + +## APIs + +The AWS Encryption SDK provides two high-level APIs: +one-step APIs that process the entire operation in memory +and streaming APIs. + +You can find examples that demonstrate these APIs +in the [`examples/`](./) directory. + +* [How to encrypt and decrypt](./keyring/awskmskeyring/awskmskeyring.go) +* [How to change the algorithm suite](./misc/setencryptionalgorithmsuite.go) +* [How to set the commitment policy](./misc/commitmentpolicy.go) +* [How to limit the number of encrypted data keys (EDKs)](./misc/limitencrypteddatakeysexample.go) + +## Configuration + +To use the encryption and decryption APIs, +you need to describe how you want the library to protect your data keys. +You can do this by configuring +[keyrings](#keyrings) or [cryptographic materials managers](#cryptographic-materials-managers). +These examples will show you how to use the configuration tools that we include for you +and how to create some of your own. +We start with AWS KMS examples, then show how to use other wrapping keys. + +* Using AWS Key Management Service (AWS KMS) + * [How to use one AWS KMS key](./keyring/awskmskeyring/awskmskeyring.go) + * [How to use multiple AWS KMS keys in different regions](./keyring/awskmsmrkmultikeyring/awskmsmrkmultikeyring.go) + * [How to decrypt when you don't know the AWS KMS key](./keyring/awskmsdiscoverykeyring/awskmsdiscoverykeyring.go) + * [How to limit decryption to a single region](./keyring/awskmsmrkdiscoverykeyring/awskmsmrkdiscoverykeyring.go) + * [How to decrypt with a preferred region but failover to others](./keyring/awskmsmrkdiscoverykeyring/awskmsmrkdiscoverykeyring.go) + * [How to reproduce the behavior of an AWS KMS master key provider](./keyring/awskmsmultikeyring/awskmsmultikeyring.go) +* Using raw wrapping keys + * [How to use a raw AES wrapping key](./keyring/rawaeskeyring/rawaeskeyring.go) + * [How to use a raw RSA wrapping key](./keyring/rawrsakeyring/rawrasakeyring.go) +* Combining wrapping keys + * [How to combine AWS KMS with an offline escrow key](./keyring/multikeyring/multikeyring.go) +* How to restrict algorithm suites + * [with a custom cryptographic materials manager](./cryptographicmaterialsmanager/restrictalgorithmsuite/signingsuiteonlycmm.go) + +### Keyrings + +Keyrings are the most common way for you to configure the AWS Encryption SDK. +They determine how the AWS Encryption SDK protects your data. +You can find these examples in [`examples/keyring`](./keyring). + +### Cryptographic Materials Managers + +Keyrings define how your data keys are protected, +but there is more going on here than just protecting data keys. + +Cryptographic materials managers give you higher-level controls +over how the AWS Encryption SDK protects your data. +This can include things like +enforcing the use of certain algorithm suites or encryption context settings, +reusing data keys across messages, +or changing how you interact with keyrings. +You can find these examples in +[`examples/cryptographic_materials_manager`](./cryptographicmaterialsmanager). + +### Client Supplier + +The AWS Encryption SDK creates AWS KMS clients when interacting with AWS KMS. +In case the default AWS KMS client configuration doesn't suit your needs, +you can configure clients by defining a custom Client Supplier. +For example, your Client Supplier could tune +the retry and timeout settings on the client, or use different credentials +based on which region is being called. In our +[regional_role_client_supplier](./clientsupplier/regionalroleclientsupplier.go) +example, we show how you can build a custom Client Supplier which +creates clients by assuming different IAM roles for different regions. + +# Writing Examples + +If you want to contribute a new example, that's awesome! +To make sure that your example runs in our CI, +please make sure that it meets the following requirements: + +1. The example MUST be a distinct subdirectory or file in the [`examples/`](./) directory. +1. The example MAY be nested arbitrarily deeply. +1. Each example file MUST contain exactly one example. +1. Each example filename MUST be descriptive. +1. Each example file MUST contain validation checks to check for expected returned values and MUST panic is the returned value is no expected. +1. Each example MUST also be called inside the `main` function of [main.go](./main.go). \ No newline at end of file diff --git a/releases/go/encryption-sdk/examples/clientsupplier/clientSupplierExample.go b/releases/go/encryption-sdk/examples/clientsupplier/clientSupplierExample.go new file mode 100644 index 000000000..26e023728 --- /dev/null +++ b/releases/go/encryption-sdk/examples/clientsupplier/clientSupplierExample.go @@ -0,0 +1,163 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/* + This example sets up an MRK multi-keyring and an MRK discovery + multi-keyring using a custom client supplier. + A custom client supplier grants users access to more granular + configuration aspects of their authentication details and KMS + client. In this example, we create a simple custom client supplier + that authenticates with a different IAM role based on the + region of the KMS key. + + This example creates a MRK multi-keyring configured with a custom + client supplier using a single MRK and encrypts the example_data with it. + Then, it creates a MRK discovery multi-keyring to decrypt the ciphertext. +*/ + +package clientsupplier + +import ( + "context" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" +) + +func ClientSupplierExample(exampleText, mrkKeyIdEncrypt, awsAccountId string, awsRegions []string) { + // Step 1: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 2: Create your encryption context. + // Remember that your encryption context is NOT SECRET. + // For more information, see + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 3: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 4: Create keyrings + // First Keyring: Create the multi-keyring using our custom client supplier + // defined in the RegionalRoleClientSupplier class in this directory. + // Note: RegionalRoleClientSupplier will internally use the key_arn's region + // to retrieve the correct IAM role. + awsKmsMrkKeyringMultiInput := mpltypes.CreateAwsKmsMrkMultiKeyringInput{ + ClientSupplier: &RegionalRoleClientSupplier{}, + Generator: &mrkKeyIdEncrypt, + } + awsKmsMrkMultiKeyring, err := matProv.CreateAwsKmsMrkMultiKeyring(context.Background(), awsKmsMrkKeyringMultiInput) + if err != nil { + panic(err) + } + // Second Keyring: Create a MRK discovery multi-keyring with a custom client supplier. + // A discovery MRK multi-keyring will be composed of + // multiple discovery MRK keyrings, one for each region. + // Each component keyring has its own KMS client in a particular region. + // When we provide a client supplier to the multi-keyring, all component + // keyrings will use that client supplier configuration. + // In our tests, we make `mrk_key_id_encrypt` an MRK with a replica, and + // provide only the replica region in our discovery filter. + discoveryFilter := mpltypes.DiscoveryFilter{ + AccountIds: []string{awsAccountId}, + Partition: "aws", + } + awsKmsMrkDiscoveryMultiKeyringInput := mpltypes.CreateAwsKmsMrkDiscoveryMultiKeyringInput{ + ClientSupplier: &RegionalRoleClientSupplier{}, + Regions: awsRegions, + DiscoveryFilter: &discoveryFilter, + } + awsKmsMrkDiscoveryMultiKeyring, err := matProv.CreateAwsKmsMrkDiscoveryMultiKeyring(context.Background(), awsKmsMrkDiscoveryMultiKeyringInput) + // Step 5a: Encrypt + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + Keyring: awsKmsMrkMultiKeyring, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 5b: Decrypt + // Decrypt your encrypted data using the discovery multi keyring. + // On Decrypt, the header of the encrypted message (ciphertext) will be parsed. + // The header contains the Encrypted Data Keys (EDKs), which, if the EDK + // was encrypted by a KMS Keyring, includes the KMS Key ARN. + // For each member of the Multi Keyring, every EDK will try to be decrypted until a decryption + // is successful. + // Since every member of the Multi Keyring is a Discovery Keyring: + // Each Keyring will filter the EDKs by the Discovery Filter and the Keyring's region. + // For each filtered EDK, the keyring will attempt decryption with the keyring's client. + // All of this is done serially, until a success occurs or all keyrings have failed + // all (filtered) EDKs. KMS MRK Discovery Keyrings will attempt to decrypt + // Multi Region Keys (MRKs) and regular KMS Keys. + decryptOutput, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + EncryptionContext: encryptionContext, + Keyring: awsKmsMrkDiscoveryMultiKeyring, + Ciphertext: res.Ciphertext, + }) + if err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutput.EncryptionContext); err != nil { + panic(err) + } + // Test the Missing Region Exception + // (This is for demonstration; you do not need to do this in your code.) + + // Create a MRK discovery multi-keyring with a custom client supplier and a fake region. + awsKmsMrkDiscoveryMultiKeyringInputMissingRegion := mpltypes.CreateAwsKmsMrkDiscoveryMultiKeyringInput{ + ClientSupplier: &RegionalRoleClientSupplier{}, + Regions: []string{"fake-region"}, + DiscoveryFilter: &discoveryFilter, + } + _, err = matProv.CreateAwsKmsMrkDiscoveryMultiKeyring(context.Background(), awsKmsMrkDiscoveryMultiKeyringInputMissingRegion) + // Swallow the AwsCryptographicMaterialProvidersException but you may choose how to handle the exception + switch err.(type) { + case mpltypes.AwsCryptographicMaterialProvidersException: + // You may choose how to handle the exception in this switch case. + default: + panic("Decryption using discovery keyring with missing region MUST raise AwsCryptographicMaterialProvidersException") + } + fmt.Println("Client Supplier Example completed successfully") +} + +// This function only does subset matching because AWS Encryption SDK can add pairs, so don't require an exact match. +func validateEncryptionContext(expected, actual map[string]string) error { + for expectedKey, expectedValue := range expected { + actualValue, exists := actual[expectedKey] + if !exists || actualValue != expectedValue { + return fmt.Errorf("encryption context mismatch: expected key '%s' with value '%s'", + expectedKey, expectedValue) + } + } + return nil +} diff --git a/releases/go/encryption-sdk/examples/clientsupplier/regionalroleclientsupplier.go b/releases/go/encryption-sdk/examples/clientsupplier/regionalroleclientsupplier.go new file mode 100644 index 000000000..0eb3921b5 --- /dev/null +++ b/releases/go/encryption-sdk/examples/clientsupplier/regionalroleclientsupplier.go @@ -0,0 +1,57 @@ +package clientsupplier + +import ( + "context" + + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/credentials/stscreds" + "github.com/aws/aws-sdk-go-v2/service/kms" + "github.com/aws/aws-sdk-go-v2/service/sts" +) + +/* + Example class demonstrating an implementation of a custom client supplier. + This particular implementation will create KMS clients with different IAM roles, + depending on the region passed. +*/ + +// RegionalRoleClientSupplier provides implementation for mpltypes.IClientSupplier +type RegionalRoleClientSupplier struct { +} + +func (this *RegionalRoleClientSupplier) GetClient(input mpltypes.GetClientInput) (kms.Client, error) { + region := input.Region + // Check if the region is supported + regionIamRoleMap := RegionIamRoleMap() + var defaultVal kms.Client + // Check if region is supported + if _, exists := regionIamRoleMap[region]; !exists { + return defaultVal, mpltypes.AwsCryptographicMaterialProvidersException{ + Message: "Region is not supported by this client supplier", + } + } + // Get the IAM role ARN associated with the region + arn := regionIamRoleMap[region] + ctx := context.TODO() + cfg, err := config.LoadDefaultConfig(ctx, + config.WithRegion(region), + ) + if err != nil { + return defaultVal, err + } + stsClient := sts.NewFromConfig(cfg) + // Create the AssumeRoleProvider + provider := stscreds.NewAssumeRoleProvider(stsClient, arn, func(o *stscreds.AssumeRoleOptions) { + o.RoleSessionName = "Go-ESDK-Client-Supplier-Example-Session" + }) + // Load AWS SDK configuration with the AssumeRoleProvider + sdkConfig, err := config.LoadDefaultConfig(context.Background(), config.WithRegion(region), config.WithCredentialsProvider(provider)) + if err != nil { + return defaultVal, mpltypes.AwsCryptographicMaterialProvidersException{Message: "failed to load AWS SDK config"} + } + // Create the KMS client + kmsClient := kms.NewFromConfig(sdkConfig) + // Return the KMS client wrapped in a custom type + return *kmsClient, nil +} diff --git a/releases/go/encryption-sdk/examples/clientsupplier/regionalroleclientsupplierconfig.go b/releases/go/encryption-sdk/examples/clientsupplier/regionalroleclientsupplierconfig.go new file mode 100644 index 000000000..2c82f40fb --- /dev/null +++ b/releases/go/encryption-sdk/examples/clientsupplier/regionalroleclientsupplierconfig.go @@ -0,0 +1,22 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package clientsupplier + +/* + File containing config for the RegionalRoleClientSupplier. + In your own code, this might be hardcoded, or reference + an external source, e.g. environment variables or AWS AppConfig. +*/ + +const ( + usEast1IamRole = "arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-only-us-east-1-KMS-keys" + euWest1IamRole = "arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-only-eu-west-1-KMS-keys" +) + +func RegionIamRoleMap() map[string]string { + return map[string]string{ + "us-east-1": usEast1IamRole, + "eu-west-1": euWest1IamRole, + } +} diff --git a/releases/go/encryption-sdk/examples/cryptographicmaterialsmanager/requiredencryptioncontext/requiredencryptioncontext.go b/releases/go/encryption-sdk/examples/cryptographicmaterialsmanager/requiredencryptioncontext/requiredencryptioncontext.go new file mode 100644 index 000000000..67dafea33 --- /dev/null +++ b/releases/go/encryption-sdk/examples/cryptographicmaterialsmanager/requiredencryptioncontext/requiredencryptioncontext.go @@ -0,0 +1,160 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/* +Demonstrate an encrypt/decrypt cycle using a Required Encryption Context CMM. +A required encryption context CMM asks for required keys in the encryption context field +on encrypt such that they will not be stored on the message, but WILL be included in the header signature. +On decrypt, the client MUST supply the key/value pair(s) that were not stored to successfully decrypt the message. +*/ + +package requiredencryptioncontext + +import ( + "context" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +func RequiredEncryptionContextExample(exampleText, defaultKMSKeyId, defaultKmsKeyRegion string) { + // Step 1: Create the aws kms client + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + kmsClient := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = defaultKmsKeyRegion + }) + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 3: Create the keyring + awsKmsKeyringInput := mpltypes.CreateAwsKmsKeyringInput{ + KmsClient: kmsClient, + KmsKeyId: defaultKMSKeyId, + } + awsKmsKeyring, err := matProv.CreateAwsKmsKeyring(context.Background(), awsKmsKeyringInput) + if err != nil { + panic(err) + } + // Step 4: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 5: Create your encryption context. + // Remember that your encryption context is NOT SECRET. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + "requiredKey1": "requiredValue1", + "requiredKey2": "requiredValue2", + } + // Step 6: Create your required encryption context keys. + // These keys MUST be in your encryption context. + // These keys and their corresponding values WILL NOT be stored on the message but will be used + // for authentication. + underlyingCMM, err := matProv.CreateDefaultCryptographicMaterialsManager(context.Background(), mpltypes.CreateDefaultCryptographicMaterialsManagerInput{Keyring: awsKmsKeyring}) + if err != nil { + panic(err) + } + requiredEncryptionContextKeys := []string{} + requiredEncryptionContextKeys = append(requiredEncryptionContextKeys, "requiredKey1", "requiredKey2") + requiredEncryptionContextInput := mpltypes.CreateRequiredEncryptionContextCMMInput{ + UnderlyingCMM: underlyingCMM, + // If you pass in a keyring but no underlying cmm, it will result in a failure because only cmm is supported. + RequiredEncryptionContextKeys: requiredEncryptionContextKeys, + } + requiredEC, err := matProv.CreateRequiredEncryptionContextCMM(context.Background(), requiredEncryptionContextInput) + if err != nil { + panic(err) + } + // Step 7a: Encrypt + // NOTE: the keys "requiredKey1", and "requiredKey2" + // WILL NOT be stored in the message header, but "encryption", "is not", + // "but adds", "that can help you", and "the data you are handling" WILL be stored. + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + MaterialsManager: requiredEC, + EncryptionContext: encryptionContext, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 7b: Decrypt + decryptOutput, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + EncryptionContext: encryptionContext, + Ciphertext: res.Ciphertext, + MaterialsManager: requiredEC, + }) + if err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + // For demonstration attempt to decrypt your encrypted data using the same cryptographic material manager + // you used on encrypt, but we won't pass the encryption context we DID NOT store on the message. + // This will fail + _, err = encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + Ciphertext: res.Ciphertext, + MaterialsManager: requiredEC, + }) + // We expect failure. + if err == nil { + panic("Decryption passed without any error when encryption context was not provided.") + } + // Decrypt your encrypted data using the same cryptographic material manager + // you used to encrypt, but supply encryption context that contains ONLY the encryption context that + // was NOT stored. This will pass. + reproducedEncryptionContext := map[string]string{ + "requiredKey1": "requiredValue1", + "requiredKey2": "requiredValue2", + } + decryptOutputreproducedEC, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + EncryptionContext: reproducedEncryptionContext, + Ciphertext: res.Ciphertext, + MaterialsManager: requiredEC, + }) + if err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutputreproducedEC.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + // You can also decrypt with the underlyingCMM, but must still provide the reproducedEncryptionContext. + decryptOutputWithCMM, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + EncryptionContext: reproducedEncryptionContext, + Ciphertext: res.Ciphertext, + MaterialsManager: underlyingCMM, + }) + if err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutputWithCMM.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + fmt.Println("Required Encryption Context CMM Example Completed Successfully") +} diff --git a/releases/go/encryption-sdk/examples/cryptographicmaterialsmanager/restrictalgorithmsuite/signingonlyexample.go b/releases/go/encryption-sdk/examples/cryptographicmaterialsmanager/restrictalgorithmsuite/signingonlyexample.go new file mode 100644 index 000000000..99b36e844 --- /dev/null +++ b/releases/go/encryption-sdk/examples/cryptographicmaterialsmanager/restrictalgorithmsuite/signingonlyexample.go @@ -0,0 +1,137 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/* + Demonstrate an encrypt/decrypt cycle using a Custom Cryptographic Materials Manager (CMM). + `signingsuiteonlycmm.go` demonstrates creating a custom CMM to reject Non-Signing Algorithms. +*/ + +package restrictalgorithmsuite + +import ( + "context" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +func SigningOnlyExample(exampleText, defaultKMSKeyId, defaultKmsKeyRegion string) { + // Step 1: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 2: Create the AWS KMS client + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + kmsClient := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = defaultKmsKeyRegion + }) + // Step 3: Create your encryption context. + // Remember that your encryption context is NOT SECRET. + // For more information, see + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 3: Create the Aws KMS Keyring + awsKmsKeyringInput := mpltypes.CreateAwsKmsKeyringInput{ + KmsClient: kmsClient, + KmsKeyId: defaultKMSKeyId, + } + awsKmsKeyring, err := matProv.CreateAwsKmsKeyring(context.Background(), awsKmsKeyringInput) + if err != nil { + panic(err) + } + // Step 4: Create an instance of the custom CMM + cmm, err := NewSigningSuiteOnlyCMM(awsKmsKeyring) + if err != nil { + panic(err) + } + // Step 5a: Encrypt + algorithmSuiteId := mpltypes.ESDKAlgorithmSuiteIdAlgAes256GcmHkdfSha512CommitKeyEcdsaP384 + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + MaterialsManager: cmm, + AlgorithmSuiteId: &algorithmSuiteId, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 5b: Decrypt + decryptOutput, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + Ciphertext: res.Ciphertext, + EncryptionContext: encryptionContext, + MaterialsManager: cmm, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutput.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + // Demonstrate that a Non Signing Algorithm Suite will be rejected by the CMM. + nonSigningAlgorithmSuiteId := mpltypes.ESDKAlgorithmSuiteIdAlgAes256GcmHkdfSha512CommitKey + _, err = encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + MaterialsManager: cmm, + AlgorithmSuiteId: &nonSigningAlgorithmSuiteId, + }) + if err == nil { + panic("Expected error but error is nil") + } + switch err.(type) { + case mpltypes.AwsCryptographicMaterialProvidersException: + // You may choose how to handle the exception in this switch case. + default: + panic("error is expected to be a type of AwsCryptographicMaterialProvidersException") + } + fmt.Println("SigningSuiteOnlyCMM Example Completed Successfully") +} + +// This function only does subset matching because AWS Encryption SDK can add pairs, so don't require an exact match. +func validateEncryptionContext(expected, actual map[string]string) error { + for expectedKey, expectedValue := range expected { + actualValue, exists := actual[expectedKey] + if !exists || actualValue != expectedValue { + return fmt.Errorf("encryption context mismatch: expected key '%s' with value '%s'", + expectedKey, expectedValue) + } + } + return nil +} diff --git a/releases/go/encryption-sdk/examples/cryptographicmaterialsmanager/restrictalgorithmsuite/signingsuiteonlycmm.go b/releases/go/encryption-sdk/examples/cryptographicmaterialsmanager/restrictalgorithmsuite/signingsuiteonlycmm.go new file mode 100644 index 000000000..f7a1cee69 --- /dev/null +++ b/releases/go/encryption-sdk/examples/cryptographicmaterialsmanager/restrictalgorithmsuite/signingsuiteonlycmm.go @@ -0,0 +1,77 @@ +package restrictalgorithmsuite + +import ( + "context" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" +) + +type SigningSuiteOnlyCMM struct { + approvedAlgos map[mpltypes.ESDKAlgorithmSuiteId]bool + cmm mpltypes.ICryptographicMaterialsManager +} + +// NewSigningSuiteOnlyCMM creates a new SigningSuiteOnlyCMM +func NewSigningSuiteOnlyCMM(keyring mpltypes.IKeyring) (*SigningSuiteOnlyCMM, error) { + // Initialize the MPL client + materialProviders, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Create a DefaultCryptographicMaterialsManager + cmmInput := mpltypes.CreateDefaultCryptographicMaterialsManagerInput{ + Keyring: keyring, + } + cmm, err := materialProviders.CreateDefaultCryptographicMaterialsManager(context.Background(), cmmInput) + if err != nil { + return nil, err + } + // Create list of approved algorithm + var approvedAlgos = map[mpltypes.ESDKAlgorithmSuiteId]bool{ + mpltypes.ESDKAlgorithmSuiteIdAlgAes128GcmIv12Tag16HkdfSha256EcdsaP256: true, + mpltypes.ESDKAlgorithmSuiteIdAlgAes192GcmIv12Tag16HkdfSha384EcdsaP384: true, + mpltypes.ESDKAlgorithmSuiteIdAlgAes256GcmIv12Tag16HkdfSha384EcdsaP384: true, + mpltypes.ESDKAlgorithmSuiteIdAlgAes256GcmHkdfSha512CommitKeyEcdsaP384: true, + } + return &SigningSuiteOnlyCMM{ + approvedAlgos: approvedAlgos, + cmm: cmm, + }, nil +} + +func (signingSuiteOnlyCMM *SigningSuiteOnlyCMM) GetEncryptionMaterials(input mpltypes.GetEncryptionMaterialsInput) (*mpltypes.GetEncryptionMaterialsOutput, error) { + // Get the algorithm suite from the input + esdkAlgorithmSuite, err := getESDKAlgorithmSuite(input.AlgorithmSuiteId) + if err != nil { + return nil, err + } + // Check if the algorithm is approved + if !signingSuiteOnlyCMM.approvedAlgos[esdkAlgorithmSuite.Value] { + return nil, mpltypes.AwsCryptographicMaterialProvidersException{Message: "Algorithm Suite must use Signing"} + } + // Delegate to the underlying CMM + return signingSuiteOnlyCMM.cmm.GetEncryptionMaterials(input) +} + +func getESDKAlgorithmSuite(algSuite mpltypes.AlgorithmSuiteId) (*mpltypes.AlgorithmSuiteIdMemberESDK, error) { + if esdk, ok := algSuite.(*mpltypes.AlgorithmSuiteIdMemberESDK); ok { + return esdk, nil + } + return nil, fmt.Errorf("algorithm suite is not ESDK type") +} + +func (signingSuiteOnlyCMM *SigningSuiteOnlyCMM) DecryptMaterials(input mpltypes.DecryptMaterialsInput) (*mpltypes.DecryptMaterialsOutput, error) { + // Get the algorithm suite from the input + esdkAlgorithmSuite, err := getESDKAlgorithmSuite(input.AlgorithmSuiteId) + if err != nil { + return nil, err + } + // Check if the algorithm is approved + if !signingSuiteOnlyCMM.approvedAlgos[esdkAlgorithmSuite.Value] { + return nil, mpltypes.AwsCryptographicMaterialProvidersException{Message: "Algorithm Suite must use Signing"} + } + // Delegate to the underlying CMM + return signingSuiteOnlyCMM.cmm.DecryptMaterials(input) +} diff --git a/releases/go/encryption-sdk/examples/go.mod b/releases/go/encryption-sdk/examples/go.mod new file mode 100644 index 000000000..11d24fe74 --- /dev/null +++ b/releases/go/encryption-sdk/examples/go.mod @@ -0,0 +1,36 @@ +module github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples + +go 1.23.0 + +replace github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk => ../ + +require ( + github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl v0.0.1 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives v0.0.1 + github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk v0.0.0-00010101000000-000000000000 + github.com/aws/aws-sdk-go-v2/config v1.29.0 + github.com/aws/aws-sdk-go-v2/credentials v1.17.53 + github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.4 + github.com/aws/aws-sdk-go-v2/service/kms v1.37.12 + github.com/aws/aws-sdk-go-v2/service/sts v1.33.8 + github.com/google/uuid v1.6.0 +) + +require ( + github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb v0.0.3 // indirect + github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms v0.0.1 // indirect + github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library v0.0.1 // indirect + github.com/aws/aws-sdk-go-v2 v1.33.0 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.9 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.10 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.9 // indirect + github.com/aws/smithy-go v1.22.1 // indirect + github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect +) diff --git a/releases/go/encryption-sdk/examples/go.sum b/releases/go/encryption-sdk/examples/go.sum new file mode 100644 index 000000000..274e59dc0 --- /dev/null +++ b/releases/go/encryption-sdk/examples/go.sum @@ -0,0 +1,58 @@ +github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb v0.0.3 h1:JY/4eTs5ObPqZFk6dDNvoCkomUvKtYGBtFp5rvfIV20= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb v0.0.3/go.mod h1:8mHZUqK00Oga2z7H6Kp8LZGkEBKSWUUT/nkeoIR8GiM= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms v0.0.1 h1:jvMM4fgVZ116L8VPfdEa3GxJiU7ic/krHCAIyeIcPJY= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms v0.0.1/go.mod h1:6QCmXRQJNf1XId129cnFqpWK9DHamyyqmC7GKxHmcEE= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl v0.0.1 h1:0FVo3F6hsrrYhV9AtFUr/Z0TpRwvSO5l/W1bOdWtg4c= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl v0.0.1/go.mod h1:+QLHsXYeIZqA4WDjQBXNDm5r5T3zyIxE0q/k2l76apc= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives v0.0.1 h1:Iy8Va/0Aa43JQkzGKlTjOvBlecTyZCIOg1JqRRyWH9g= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives v0.0.1/go.mod h1:aPCFt/cDDuUlg6aWLSTPW6ZPqivNt3pNzDWCsBFRQtE= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library v0.0.1 h1:GMsJ9YTY+JcaZDlaTDOtiqrOXvR909fjXQtv9ed8Ip4= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library v0.0.1/go.mod h1:m3mzHKiNiSC0LWeWX6ZAxSe6mKbJHgliux1Yu/sjCYI= +github.com/aws/aws-sdk-go-v2 v1.33.0 h1:Evgm4DI9imD81V0WwD+TN4DCwjUMdc94TrduMLbgZJs= +github.com/aws/aws-sdk-go-v2 v1.33.0/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2/config v1.29.0 h1:Vk/u4jof33or1qAQLdofpjKV7mQQT7DcUpnYx8kdmxY= +github.com/aws/aws-sdk-go-v2/config v1.29.0/go.mod h1:iXAZK3Gxvpq3tA+B9WaDYpZis7M8KFgdrDPMmHrgbJM= +github.com/aws/aws-sdk-go-v2/credentials v1.17.53 h1:lwrVhiEDW5yXsuVKlFVUnR2R50zt2DklhOyeLETqDuE= +github.com/aws/aws-sdk-go-v2/credentials v1.17.53/go.mod h1:CkqM1bIw/xjEpBMhBnvqUXYZbpCFuj6dnCAyDk2AtAY= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 h1:5grmdTdMsovn9kPZPI23Hhvp0ZyNm5cRO+IZFIYiAfw= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24/go.mod h1:zqi7TVKTswH3Ozq28PkmBmgzG1tona7mo9G2IJg4Cis= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28 h1:igORFSiH3bfq4lxKFkTSYDhJEUCYo6C8VKiWJjYwQuQ= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28/go.mod h1:3So8EA/aAYm36L7XIvCVwLa0s5N0P7o2b1oqnx/2R4g= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28 h1:1mOW9zAUMhTSrMDssEHS/ajx8JcAj/IcftzcmNlmVLI= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28/go.mod h1:kGlXVIWDfvt2Ox5zEaNglmq0hXPHgQFNMix33Tw22jA= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.4 h1:pK2f6BM2vfbWOvjirUIabQH52fa1MycnFi1F8Ismeog= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.4/go.mod h1:2xlKGs8OTgN92fRVfP4EgFgQGhYwVI7LQ2PLQ0tIFAQ= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.9 h1:ramlTFqWSsOt4Y/skpd30D8oI0kfKf5wd1Yu9C5HhPw= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.9/go.mod h1:+B//vxKaB6Z/HfJfRV4ikLz0M7nIcKheHKm96FuaRrs= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 h1:TQmKDyETFGiXVhZfQ/I0cCFziqqX58pi4tKJGYGFSz0= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9/go.mod h1:HVLPK2iHQBUx7HfZeOQSEu3v2ubZaAY2YPbAm5/WUyY= +github.com/aws/aws-sdk-go-v2/service/kms v1.37.12 h1:jkZNsp+0NwC2isvmcRb2p1EYm188weJTfgcVr+3E9Pc= +github.com/aws/aws-sdk-go-v2/service/kms v1.37.12/go.mod h1:TTGECZ6vGfx8k/pmzQKokSJy7ux2PJID4r96QCh5L0A= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.10 h1:DyZUj3xSw3FR3TXSwDhPhuZkkT14QHBiacdbUVcD0Dg= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.10/go.mod h1:Ro744S4fKiCCuZECXgOi760TiYylUM8ZBf6OGiZzJtY= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.9 h1:I1TsPEs34vbpOnR81GIcAq4/3Ud+jRHVGwx6qLQUHLs= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.9/go.mod h1:Fzsj6lZEb8AkTE5S68OhcbBqeWPsR8RnGuKPr8Todl8= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.8 h1:pqEJQtlKWvnv3B6VRt60ZmsHy3SotlEBvfUBPB1KVcM= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.8/go.mod h1:f6vjfZER1M17Fokn0IzssOTMT2N8ZSq+7jnNF0tArvw= +github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= +github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2 h1:g/xAj4F7Zt9wXJ6QjfbfocVi/ZYlAFpNddHCFyfzRDg= +github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2/go.mod h1:l2Tm4N2DKuq3ljONC2vOATeM9PUpXbIc8SgXdwwqEto= +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/releases/go/encryption-sdk/examples/keyring/awskmsdiscoverykeyring/awskmsdiscoverykeyring.go b/releases/go/encryption-sdk/examples/keyring/awskmsdiscoverykeyring/awskmsdiscoverykeyring.go new file mode 100644 index 000000000..162051922 --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/awskmsdiscoverykeyring/awskmsdiscoverykeyring.go @@ -0,0 +1,189 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +/* +This example sets up the AWS KMS Discovery Keyring +AWS KMS discovery keyring is an AWS KMS keyring that doesn't specify any wrapping keys. +The AWS Encryption SDK provides a standard AWS KMS discovery keyring and a discovery keyring +for AWS KMS multi-Region keys. For information about using multi-Region keys with the +AWS Encryption SDK, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/configure.html#config-mrks +Because it doesn't specify any wrapping keys, a discovery keyring can't encrypt data. +If you use a discovery keyring to encrypt data, alone or in a multi-keyring, the encrypt +operation fails. +When decrypting, a discovery keyring allows the AWS Encryption SDK to ask AWS KMS to decrypt +any encrypted data key by using the AWS KMS key that encrypted it, regardless of who owns or +has access to that AWS KMS key. The call succeeds only when the caller has kms:Decrypt +permission on the AWS KMS key. +This example creates a KMS Keyring and then encrypts a custom input exampleText +with an encryption context. This encrypted ciphertext is then decrypted using the Discovery keyring. +This example also includes some sanity checks for demonstration: + 1. Ciphertext and plaintext data are not the same + 2. Decrypted plaintext value matches exampleText + 3. Decryption is only possible if the Discovery Keyring contains the correct AWS Account ID's to + which the KMS key used for encryption belongs +These sanity checks are for demonstration in the example only. You do not need these in your code. +For more information on how to use KMS Discovery keyrings, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-keyring.html#kms-keyring-discovery +For more information on KMS Key identifiers, see +https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id +*/ + +package awskmsdiscoverykeyring + +import ( + "context" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +func AwsKmsDiscoveryKeyringExample(exampleText string, defaultKmsKeyId string, defaultKMSKeyAccountID string) { + // Step 1: Create the aws kms client + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + kmsClient := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = "us-west-2" + }) + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient( + mpltypes.MaterialProvidersConfig{}, + ) + if err != nil { + panic(err) + } + // Step 3: Create the keyring + // Although this example highlights Discovery keyrings, Discovery keyrings cannot + // be used to encrypt, so for encryption we create a KMS keyring without discovery mode. + // So, we create two keyrings, one for encrypt and another for decrypt + // First Keyring: Create a AwsKmsKeyring to use for encryption + awsKmsKeyringInput := mpltypes.CreateAwsKmsKeyringInput{ + KmsClient: kmsClient, + KmsKeyId: defaultKmsKeyId, + } + awsKmsKeyring, err := matProv.CreateAwsKmsKeyring(context.Background(), awsKmsKeyringInput) + if err != nil { + panic(err) + } + // Second Keyring: Create a Discovery keyring to use for decryption. + // We'll add a discovery filter so that we limit + // the set of ciphertexts we are willing to decrypt to only ones created by KMS keys in our account and + // partition. + discoveryFilter := mpltypes.DiscoveryFilter{ + AccountIds: []string{defaultKMSKeyAccountID}, + Partition: "aws", + } + awsKmsDiscoveryKeyringInput := mpltypes.CreateAwsKmsDiscoveryKeyringInput{ + KmsClient: kmsClient, + DiscoveryFilter: &discoveryFilter, + } + awsKmsDiscoveryKeyring, err := matProv.CreateAwsKmsDiscoveryKeyring(context.Background(), awsKmsDiscoveryKeyringInput) + if err != nil { + panic(err) + } + // Step 4: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 5: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 6a: Encrypt + algorithmSuiteID := mpltypes.ESDKAlgorithmSuiteIdAlgAes256GcmHkdfSha512CommitKey + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + AlgorithmSuiteId: &algorithmSuiteID, + EncryptionContext: encryptionContext, + Keyring: awsKmsKeyring, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 6b: Decrypt + // On Decrypt, the header of the encrypted message (ciphertext) will be parsed. + // The header contains the Encrypted Data Keys (EDKs), which, if the EDK + // was encrypted by a KMS Keyring, includes the KMS Key ARN. + // The Discovery Keyring filters these EDKs for + // EDKs encrypted by Single Region OR Multi Region KMS Keys. + // If a Discovery Filter is present, these KMS Keys must belong + // to an AWS Account ID in the discovery filter's AccountIds and + // must be from the discovery filter's partition. + // Finally, KMS is called to decrypt each filtered EDK until an EDK is + // successfully decrypted. The resulting data key is used to decrypt the + // ciphertext's message. + // If all calls to KMS fail, the decryption fails. + decryptOutput, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + Keyring: awsKmsDiscoveryKeyring, + Ciphertext: res.Ciphertext, + }) + if err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutput.EncryptionContext); err != nil { + panic(err) + } + // Validate that if a different discovery keyring doesn't have the correct + // AWS Account ID's, the decrypt will fail with an error message + // Note that this assumes Account ID used here ('888888888888') is different than the one used + // during encryption + discoveryFilterFailureCase := mpltypes.DiscoveryFilter{ + AccountIds: []string{"888888888888"}, + Partition: "aws", + } + awsKmsDiscoveryKeyringInputFailureCase := mpltypes.CreateAwsKmsDiscoveryKeyringInput{ + KmsClient: kmsClient, + DiscoveryFilter: &discoveryFilterFailureCase, + } + awsKmsDiscoveryKeyringFailureCase, err := matProv.CreateAwsKmsDiscoveryKeyring(context.Background(), awsKmsDiscoveryKeyringInputFailureCase) + _, err = encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + Keyring: awsKmsDiscoveryKeyringFailureCase, + Ciphertext: res.Ciphertext, + }) + // We expected error in failure case + if err == nil { + panic("Expected failure case to fail") + } + fmt.Println("AWS KMS Discovery Keyring Example Completed Successfully") +} + +// This function only does subset matching because AWS Encryption SDK can add pairs, so don't require an exact match. +func validateEncryptionContext(expected, actual map[string]string) error { + for expectedKey, expectedValue := range expected { + actualValue, exists := actual[expectedKey] + if !exists || actualValue != expectedValue { + return fmt.Errorf("encryption context mismatch: expected key '%s' with value '%s'", + expectedKey, expectedValue) + } + } + return nil +} diff --git a/releases/go/encryption-sdk/examples/keyring/awskmsdiscoverymultikeyring/awskmsdiscoverymultikeyring.go b/releases/go/encryption-sdk/examples/keyring/awskmsdiscoverymultikeyring/awskmsdiscoverymultikeyring.go new file mode 100644 index 000000000..aed94b256 --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/awskmsdiscoverymultikeyring/awskmsdiscoverymultikeyring.go @@ -0,0 +1,169 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +/* +This example sets up the AWS KMS Discovery Multi Keyring and demonstrates decryption +using a Multi-Keyring containing multiple AWS KMS Discovery Keyrings. +The AWS Encryption SDK provides a standard AWS KMS discovery keyring and a discovery keyring +for AWS KMS multi-Region keys. For information about using multi-Region keys with the +AWS Encryption SDK, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/configure.html#config-mrks +Because it doesn't specify any wrapping keys, a discovery keyring can't encrypt data. +If you use a discovery keyring to encrypt data, alone or in a multi-keyring, the encrypt +operation fails. +When decrypting, a discovery keyring allows the AWS Encryption SDK to ask AWS KMS to decrypt +any encrypted data key by using the AWS KMS key that encrypted it, regardless of who owns or +has access to that AWS KMS key. The call succeeds only when the caller has kms:Decrypt +permission on the AWS KMS key. +This example creates a KMS Keyring and then encrypts a custom input exampleText +with an encryption context. This encrypted ciphertext is then decrypted using the Discovery Multi +keyring. This example also includes some sanity checks for demonstration: +1. Ciphertext and plaintext data are not the same +2. Decrypted plaintext value matches exampleText +These sanity checks are for demonstration in the example only. You do not need these in your code. +For more information on how to use KMS Discovery keyrings, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-keyring.html#kms-keyring-discovery +For more information on KMS Key identifiers, see +https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id +*/ + +package awskmsdiscoverymultikeyring + +import ( + "context" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +func AwsKmsDiscoveryMultiKeyringExample( + exampleText string, + defaultKmsKeyId string, + defaultKMSKeyAccountID string, + regions []string) { + // Step 1: Create the aws kms client + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + kmsClient := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = "us-west-2" + }) + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient( + mpltypes.MaterialProvidersConfig{}, + ) + if err != nil { + panic(err) + } + // Step 3: Create the keyring + // Although this example highlights Discovery keyrings, Discovery keyrings cannot + // be used to encrypt, so for encryption we create a KMS keyring without discovery mode. + // So, we create two keyrings, one for encrypt and another for decrypt + // First Keyring: Create a AwsKmsKeyring to use for encryption + awsKmsKeyringInput := mpltypes.CreateAwsKmsKeyringInput{ + KmsClient: kmsClient, + KmsKeyId: defaultKmsKeyId, + } + awsKmsKeyring, err := matProv.CreateAwsKmsKeyring(context.Background(), awsKmsKeyringInput) + if err != nil { + panic(err) + } + // Second Keyring: Create a Discovery keyring to use for decryption. + // We'll add a discovery filter so that we limit the set of ciphertexts we are willing to + // decrypt to only ones created by KMS keys in our account and partition. + discoveryFilter := mpltypes.DiscoveryFilter{ + AccountIds: []string{defaultKMSKeyAccountID}, + Partition: "aws", + } + awsKmsDiscoveryMultiKeyringInput := mpltypes.CreateAwsKmsDiscoveryMultiKeyringInput{ + Regions: regions, + DiscoveryFilter: &discoveryFilter, + } + awsKmsDiscoveryMultiKeyring, err := matProv.CreateAwsKmsDiscoveryMultiKeyring(context.Background(), awsKmsDiscoveryMultiKeyringInput) + if err != nil { + panic(err) + } + // Step 4: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 5: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 6a: Encrypt + algorithmSuiteID := mpltypes.ESDKAlgorithmSuiteIdAlgAes256GcmHkdfSha512CommitKey + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + AlgorithmSuiteId: &algorithmSuiteID, + EncryptionContext: encryptionContext, + Keyring: awsKmsKeyring, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 6b: Decrypt + // On Decrypt, the header of the encrypted message (ciphertext) will be parsed. + // The header contains the Encrypted Data Keys (EDKs), which, if the EDK + // was encrypted by a KMS Keyring, includes the KMS Key ARN. + // The Discovery Keyring filters these EDKs for + // EDKs encrypted by Single Region OR Multi Region KMS Keys. + // If a Discovery Filter is present, these KMS Keys must belong + // to an AWS Account ID in the discovery filter's AccountIds and + // must be from the discovery filter's partition. + // Finally, KMS is called to decrypt each filtered EDK until an EDK is + // successfully decrypted. The resulting data key is used to decrypt the + // ciphertext's message. + // If all calls to KMS fail, the decryption fails. + decryptOutput, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + Keyring: awsKmsDiscoveryMultiKeyring, + Ciphertext: res.Ciphertext, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err := validateEncryptionContext(encryptionContext, decryptOutput.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same.") + } + fmt.Println("AWS KMS Discovery Multi Keyring Example Completed Successfully") +} + +// This function only does subset matching because AWS Encryption SDK can add pairs, so don't require an exact match. +func validateEncryptionContext(expected, actual map[string]string) error { + for expectedKey, expectedValue := range expected { + actualValue, exists := actual[expectedKey] + if !exists || actualValue != expectedValue { + return fmt.Errorf("encryption context mismatch: expected key '%s' with value '%s'", + expectedKey, expectedValue) + } + } + return nil +} diff --git a/releases/go/encryption-sdk/examples/keyring/awskmshierarchicalkeyring/awskmshierarchicalkeyring.go b/releases/go/encryption-sdk/examples/keyring/awskmshierarchicalkeyring/awskmshierarchicalkeyring.go new file mode 100644 index 000000000..987353f3c --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/awskmshierarchicalkeyring/awskmshierarchicalkeyring.go @@ -0,0 +1,296 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/* + This example sets up the Hierarchical Keyring, which establishes a key hierarchy where "branch" + keys are persisted in DynamoDb. These branch keys are used to protect your data keys, and these + branch keys are themselves protected by a KMS Key. + + Establishing a key hierarchy like this has two benefits: + First, by caching the branch key material, and only calling KMS to re-establish authentication + regularly according to your configured TTL, you limit how often you need to call KMS to protect + your data. This is a performance security tradeoff, where your authentication, audit, and logging + from KMS is no longer one-to-one with every encrypt or decrypt call. Additionally, KMS Cloudtrail + cannot be used to distinguish Encrypt and Decrypt calls, and you cannot restrict who has + Encryption rights from who has Decryption rights since they both ONLY need KMS:Decrypt. However, + the benefit is that you no longer have to make a network call to KMS for every encrypt or + decrypt. + + Second, this key hierarchy facilitates cryptographic isolation of a tenant's data in a + multi-tenant data store. Each tenant can have a unique Branch Key, that is only used to protect + the tenant's data. You can either statically configure a single branch key to ensure you are + restricting access to a single tenant, or you can implement an interface that selects the Branch + Key based on the Encryption Context. + + This example demonstrates configuring a Hierarchical Keyring with a Branch Key ID Supplier to + encrypt and decrypt data for two separate tenants. + + This example requires access to the DDB Table where you are storing the Branch Keys. This + table must be configured with the following primary key configuration: - Partition key is named + "partition_key" with type (S) - Sort key is named "sort_key" with type (S). + + This example also requires using a KMS Key. You need the following access on this key: + - GenerateDataKeyWithoutPlaintext + - Decrypt + + For more information on how to use Hierarchical Keyrings, see + https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-hierarchical-keyring.html +*/ + +package awskmshierarchicalkeyring + +import ( + "context" + "fmt" + + keystore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographykeystoresmithygenerated" + keystoretypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographykeystoresmithygeneratedtypes" + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/dynamodb" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +func AwsKmsHKeyExample(exampletext, keyStoreKMSKeyRegion, keyStoreRegion, keyStoreKMSKeyID, keyStoreName, logicalKeyStoreName string) { + // Step 1: Create the aws sdk clients + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + // Step 1a: Create the aws kms client + kmsClient := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = keyStoreKMSKeyRegion + }) + // Step 1b: Create the ddb client + ddbClient := dynamodb.NewFromConfig(cfg, func(options *dynamodb.Options) { + options.Region = keyStoreRegion + }) + // Step 2: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + client, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 2: Create the keystore to manage the tenant keys + // This SHOULD be the same configuration that you used + // to initially create and populate your KeyStore. + kmsConfig := keystoretypes.KMSConfigurationMemberkmsKeyArn{ + Value: keyStoreKMSKeyID, + } + keyStore, err := keystore.NewClient(keystoretypes.KeyStoreConfig{ + DdbTableName: keyStoreName, + KmsConfiguration: &kmsConfig, + LogicalKeyStoreName: logicalKeyStoreName, + DdbClient: ddbClient, + KmsClient: kmsClient, + }) + if err != nil { + panic(err) + } + // Step 3: Create two new branch keys + branchKeyA, err := createbranchkeyid(keyStoreName, logicalKeyStoreName, keyStoreKMSKeyID, ddbClient, kmsClient) + if err != nil { + panic(err) + } + branchKeyB, err := createbranchkeyid(keyStoreName, logicalKeyStoreName, keyStoreKMSKeyID, ddbClient, kmsClient) + if err != nil { + panic(err) + } + // Step 4: Create a branch key supplier that maps the branch key id to a more readable format + // See branchkeysupplier.go in this package for the branchKeySupplier structure + keySupplier := branchKeySupplier{branchKeyA: branchKeyA, branchKeyB: branchKeyB} + // Step 5: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 6: Create the Hierarchical Keyring. + hkeyringInput := mpltypes.CreateAwsKmsHierarchicalKeyringInput{ + KeyStore: keyStore, + BranchKeyIdSupplier: &keySupplier, + TtlSeconds: 600, + } + hKeyRing, err := matProv.CreateAwsKmsHierarchicalKeyring(context.Background(), hkeyringInput) + if err != nil { + panic(err) + } + // Step 7: Create encryption context for both tenants. + // The Branch Key Id supplier uses the encryption context to determine which branch key id will + // be used to encrypt data. + // Remember that your encryption context is NOT SECRET. + // For more information, see + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + + // Create encryption context for TenantA + encryptionContextA := map[string]string{ + "tenant": "TenantA", + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Create encryption context for TenantB + encryptionContextB := map[string]string{ + "tenant": "TenantB", + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 8a: Encrypt the data + // Encrypt data for Tenant A + encryptOutputA, err := client.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampletext), + EncryptionContext: encryptionContextA, + Keyring: hKeyRing, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(encryptOutputA.Ciphertext) == exampletext { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Encrypt data for Tenant B + encryptOutputB, err := client.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampletext), + EncryptionContext: encryptionContextB, + Keyring: hKeyRing, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(encryptOutputB.Ciphertext) == exampletext { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 8b: Decrypt the data with various scenerios for demonstration + + // For demonstration, let's attest that TenantKeyB cannot decrypt a message written by TenantKeyA, + // and vice versa and construct more restrictive hierarchical keyrings. + hkeyringInputA := mpltypes.CreateAwsKmsHierarchicalKeyringInput{ + KeyStore: keyStore, + BranchKeyId: &branchKeyA, + TtlSeconds: 600, + } + hKeyRingA, err := matProv.CreateAwsKmsHierarchicalKeyring(context.Background(), hkeyringInputA) + if err != nil { + panic(err) + } + hkeyringInputB := mpltypes.CreateAwsKmsHierarchicalKeyringInput{ + KeyStore: keyStore, + BranchKeyId: &branchKeyB, + TtlSeconds: 600, + } + hKeyRingB, err := matProv.CreateAwsKmsHierarchicalKeyring(context.Background(), hkeyringInputB) + if err != nil { + panic(err) + } + // Demonstrate that data encrypted by one tenant's key + // cannot be decrypted with by a keyring specific to another tenant. + + // Keyring with tenant B's branch key cannot decrypt data encrypted with tenant A's branch key + // This will fail and raise a AwsCryptographicMaterialProvidersException, + // which we swallow ONLY for demonstration purposes. + _, err = client.Decrypt(context.Background(), esdktypes.DecryptInput{ + Ciphertext: encryptOutputA.Ciphertext, + EncryptionContext: encryptionContextA, + Keyring: hKeyRingB, + }) + if err == nil { + panic("Expected error did not occur") + } + switch err.(type) { + case mpltypes.AwsCryptographicMaterialProvidersException: + // You may choose how to handle the exception in this switch case. + default: + panic("error is expected to be a type of AwsCryptographicMaterialProvidersException") + } + // Keyring with tenant A's branch key cannot decrypt data encrypted with tenant B's branch key. + // This will fail and raise a AwsCryptographicMaterialProvidersException, + // which we swallow ONLY for demonstration purposes. + _, err = client.Decrypt(context.Background(), esdktypes.DecryptInput{ + Ciphertext: encryptOutputB.Ciphertext, + EncryptionContext: encryptionContextA, + Keyring: hKeyRingA, + }) + if err == nil { + panic("Expected error did not occur") + } + switch err.(type) { + case mpltypes.AwsCryptographicMaterialProvidersException: + // You may choose how to handle the exception in this switch case. + default: + panic("error is expected to be a type of AwsCryptographicMaterialProvidersException") + } + // Demonstrate that data encrypted by one tenant's branch key can be decrypted by that tenant, + // and that the decrypted data matches the input data. + + // For tenant A + decryptOutputA, err := client.Decrypt(context.Background(), esdktypes.DecryptInput{ + Ciphertext: encryptOutputA.Ciphertext, + EncryptionContext: encryptionContextA, + Keyring: hKeyRingA, + }) + if err != nil { + panic(err) + } + // If you are not specifying the encryption context on decrypt. Its recommended to check if the encryption context matches. + // Although, we are specifying the encryption context on decrypt, only for demonstration we are validating the encryption context. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContextA, decryptOutputA.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutputA.Plaintext) != exampletext { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + // For tenant B + decryptOutputB, err := client.Decrypt(context.Background(), esdktypes.DecryptInput{ + Ciphertext: encryptOutputB.Ciphertext, + EncryptionContext: encryptionContextB, + Keyring: hKeyRingB, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContextB, decryptOutputB.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutputB.Plaintext) != exampletext { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutputA.Plaintext) != exampletext { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + fmt.Println("Aws Kms Hierarchical Keyring Example Completed Successfully") +} + +// This function only does subset matching because AWS Encryption SDK can add pairs, so don't require an exact match. +func validateEncryptionContext(expected, actual map[string]string) error { + for expectedKey, expectedValue := range expected { + actualValue, exists := actual[expectedKey] + if !exists || actualValue != expectedValue { + return fmt.Errorf("encryption context mismatch: expected key '%s' with value '%s'", + expectedKey, expectedValue) + } + } + return nil +} diff --git a/releases/go/encryption-sdk/examples/keyring/awskmshierarchicalkeyring/branchkeysupplier.go b/releases/go/encryption-sdk/examples/keyring/awskmshierarchicalkeyring/branchkeysupplier.go new file mode 100644 index 000000000..d2d0abd67 --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/awskmshierarchicalkeyring/branchkeysupplier.go @@ -0,0 +1,45 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package awskmshierarchicalkeyring + +import ( + "fmt" + + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" +) + +/* +Demonstrates how to create a BranchKeyIdSupplier. + +The BranchKeyIdSupplier determines which Branch Key is used +to protect or access data. +It is an important component in a Multi-tenant solution, +where each tenant is cryptographically isolated. +The Branch Key ID Supplier uses the Encryption Context +provided at Encrypt or Decrypt +to determine what "shared secret" (Branch Key) +is used. +*/ + +type branchKeySupplier struct { + branchKeyA string + branchKeyB string +} + +func (b *branchKeySupplier) GetBranchKeyId(input mpltypes.GetBranchKeyIdInput) (*mpltypes.GetBranchKeyIdOutput, error) { + // We MUST use the encryption context to determine + // the Branch Key ID. + ec := input.EncryptionContext + if value, exists := ec["tenant"]; !exists || value == "" { + return nil, fmt.Errorf("EncryptionContext invalid, does not contain expected tenant key value pair.") + } + branchKeyIdentifier := ec["tenant"] + if branchKeyIdentifier == "TenantA" { + return &mpltypes.GetBranchKeyIdOutput{BranchKeyId: b.branchKeyA}, nil + } else if branchKeyIdentifier == "TenantB" { + return &mpltypes.GetBranchKeyIdOutput{BranchKeyId: b.branchKeyB}, nil + } else { + return &mpltypes.GetBranchKeyIdOutput{}, fmt.Errorf("unknown branch key identifier") + } +} diff --git a/releases/go/encryption-sdk/examples/keyring/awskmshierarchicalkeyring/createbranchkeyid.go b/releases/go/encryption-sdk/examples/keyring/awskmshierarchicalkeyring/createbranchkeyid.go new file mode 100644 index 000000000..866f04fef --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/awskmshierarchicalkeyring/createbranchkeyid.go @@ -0,0 +1,45 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package awskmshierarchicalkeyring + +import ( + "context" + + keystore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographykeystoresmithygenerated" + keystoretypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographykeystoresmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/service/dynamodb" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +/* + The Hierarchical Keyring Example relies on the existence + of a DDB-backed key store with pre-existing + branch key material. + + This example demonstrates configuring a KeyStore and creating a branch key. +*/ + +func createbranchkeyid(keyStoreTableName, logicalKeyStoreName, kmsKeyArn string, ddbClient *dynamodb.Client, kmsClient *kms.Client) (string, error) { + // 1. Create the keystore + // The KMS Configuration you use in the KeyStore MUST have the right access to the resources in the KeyStore. + kmsConfig := keystoretypes.KMSConfigurationMemberkmsKeyArn{ + Value: kmsKeyArn, + } + keyStore, err := keystore.NewClient(keystoretypes.KeyStoreConfig{ + DdbTableName: keyStoreTableName, + KmsConfiguration: &kmsConfig, + LogicalKeyStoreName: logicalKeyStoreName, + DdbClient: ddbClient, + KmsClient: kmsClient, + }) + if err != nil { + return "", err + } + // 2. Create a branch key identifier with the AWS KMS Key configured in the KeyStore Configuration. + branchKey, err := keyStore.CreateKey(context.Background(), keystoretypes.CreateKeyInput{}) + if err != nil { + return "", err + } + return branchKey.BranchKeyIdentifier, nil +} diff --git a/releases/go/encryption-sdk/examples/keyring/awskmshierarchicalkeyring/sharedcacheacrosshierarchicalkeyring.go b/releases/go/encryption-sdk/examples/keyring/awskmshierarchicalkeyring/sharedcacheacrosshierarchicalkeyring.go new file mode 100644 index 000000000..41fa33882 --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/awskmshierarchicalkeyring/sharedcacheacrosshierarchicalkeyring.go @@ -0,0 +1,228 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/* + This example demonstrates how to use a shared cache across multiple Hierarchical Keyrings. + With this functionality, users only need to maintain one common shared cache across multiple + Hierarchical Keyrings with different Key Stores instances/KMS Clients/KMS Keys. + + If you want to use a Shared Cache, you need to initialize it only once, and + pass the same cache `shared_cache` to different hierarchical keyrings. + + There are three important parameters that users need to carefully set while providing the shared cache: + + 1. Partition ID - Partition ID is an optional parameter provided to the Hierarchical Keyring input, + which distinguishes Cryptographic Material Providers (i.e: Keyrings) writing to a cache. + - If the Partition ID is set and is the same for two Hierarchical Keyrings (or another Material Provider), + they CAN share the same cache entries in the cache. + - If the Partition ID is set and is different for two Hierarchical Keyrings (or another Material Provider), + they CANNOT share the same cache entries in the cache. + - If the Partition ID is not set by the user, it is initialized as a random 16-byte UUID which makes + it unique for every Hierarchical Keyring, and two Hierarchical Keyrings (or another Material Provider) + CANNOT share the same cache entries in the cache. + + 2. Logical Key Store Name - This parameter is set by the user when configuring the Key Store for + the Hierarchical Keyring. This is a logical name for the branch key store. + Suppose you have a physical Key Store (K). You create two instances of K (K1 and K2). Now, you create + two Hierarchical Keyrings (HK1 and HK2) with these Key Store instances (K1 and K2 respectively). + - If you want to share cache entries across these two keyrings, you should set the Logical Key Store Names + for both the Key Store instances (K1 and K2) to be the same. + - If you set the Logical Key Store Names for K1 and K2 to be different, HK1 (which uses Key Store instance K1) + and HK2 (which uses Key Store instance K2) will NOT be able to share cache entries. + + 3. Branch Key ID - Choose an effective Branch Key ID Schema + + This is demonstrated in the example below. + Notice that both K1 and K2 are instances of the same physical Key Store (K). + You MUST NEVER have two different physical Key Stores with the same Logical Key Store Name. + + Important Note: If you have two or more Hierarchy Keyrings with: + - Same Partition ID + - Same Logical Key Store Name of the Key Store for the Hierarchical Keyring + - Same Branch Key ID + then they WILL share the cache entries in the Shared Cache. + Please make sure that you set all of Partition ID, Logical Key Store Name and Branch Key ID + to be the same for two Hierarchical Keyrings if and only if you want them to share cache entries. + + This example first creates a shared cache that you can use across multiple Hierarchical Keyrings. + The example then configures a Hierarchical Keyring (HK1 and HK2) with the shared cache, + a Branch Key ID and two instances (K1 and K2) of the same physical Key Store (K) respectively, + i.e. HK1 with K1 and HK2 with K2. The example demonstrates that if you set the same Partition ID + for HK1 and HK2, the two keyrings can share cache entries. + If you set different Partition ID of the Hierarchical Keyrings, or different + Logical Key Store Names of the Key Store instances, then the keyrings will NOT + be able to share cache entries. + + This example requires access to the DDB Table (K) where you are storing the Branch Keys. This + table must be configured with the following primary key configuration: - Partition key is named + "partition_key" with type (S) - Sort key is named "sort_key" with type (S) + + This example also requires using a KMS Key. You need the following access on this key: + - GenerateDataKeyWithoutPlaintext + - Decrypt +*/ + +package awskmshierarchicalkeyring + +import ( + "context" + "fmt" + + keystore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographykeystoresmithygenerated" + keystoretypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographykeystoresmithygeneratedtypes" + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/dynamodb" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +func SharedCacheExample(exampletext, keyStoreKMSKeyRegion, keyStoreRegion, keyStoreKMSKeyID, keyStoreName, logicalKeyStoreName string) { + // Step 1: Create the aws sdk clients + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + fmt.Println(err) + panic(err) + } + // Step 1a: Create the aws kms client + kmsClient := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = keyStoreKMSKeyRegion + }) + // Step 1b: Create the ddb client + ddbClient := dynamodb.NewFromConfig(cfg, func(options *dynamodb.Options) { + options.Region = keyStoreRegion + }) + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 3: Create the CryptographicMaterialsCache (CMC) to share across multiple Hierarchical Keyrings + // using the Material Providers Library + // This CMC takes in: + // - CacheType + cache := mpltypes.CacheTypeMemberDefault{ + Value: mpltypes.DefaultCache{ + EntryCapacity: 100, + }, + } + cmcCacheInput := mpltypes.CreateCryptographicMaterialsCacheInput{ + Cache: &cache, + } + sharedCryptographicMaterialsCache, err := matProv.CreateCryptographicMaterialsCache(context.Background(), cmcCacheInput) + if err != nil { + panic(err) + } + // Step 4: Create a CacheType object for the sharedCryptographicMaterialsCache + // Note that the `cache` parameter in the Hierarchical Keyring Input takes a `CacheType` as input + // Here, we pass a `Shared` CacheType that passes an already initialized shared cache. + + // If you want to use a Shared Cache, you need to initialize it only once, and + // pass the same cache `shared_cache` to different hierarchical keyrings. + + // CryptographicMaterialsCacheRef is an Rc (Reference Counted), so if you clone it to + // pass it to different Hierarchical Keyrings, it will still point to the same + // underlying cache, and increment the reference count accordingly. + shared_cache := mpltypes.CacheTypeMemberShared{sharedCryptographicMaterialsCache} + // Step 2: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + client, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 5: Configure your Key Store resource keyStore1. + // This SHOULD be the same configuration that you used + // to initially create and populate your physical Key Store. + // Note that key_store_table_name is the physical Key Store, + // and key_store1 is instances of this physical Key Store. + kmsConfig := keystoretypes.KMSConfigurationMemberkmsKeyArn{ + Value: keyStoreKMSKeyID, + } + keyStore1, err := keystore.NewClient(keystoretypes.KeyStoreConfig{ + DdbTableName: keyStoreName, + KmsConfiguration: &kmsConfig, + LogicalKeyStoreName: logicalKeyStoreName, + DdbClient: ddbClient, + KmsClient: kmsClient, + }) + if err != nil { + panic(err) + } + // Step 6: Call create_branch_key_id to create one new branch key + branchKeyId, err := createbranchkeyid(keyStoreName, logicalKeyStoreName, keyStoreKMSKeyID, ddbClient, kmsClient) + if err != nil { + panic(err) + } + // Step 7: Create the Hierarchical Keyring HK1 with Key Store instance K1, partition_id, + // the shared_cache and the branch_key_id. + // Note that we are now providing an already initialized shared cache instead of just mentioning + // the cache type and the Hierarchical Keyring initializing a cache at initialization. + // partition_id for this example is a random UUID + partitionId := "91c1b6a2-6fc3-4539-ad5e-938d597ed730" + // Please make sure that you read the guidance on how to set Partition ID, Logical Key Store Name and + // Branch Key ID at the top of this example before creating Hierarchical Keyrings with a Shared Cache + hkeyringInput := mpltypes.CreateAwsKmsHierarchicalKeyringInput{ + KeyStore: keyStore1, + BranchKeyId: &branchKeyId, + TtlSeconds: 600, + Cache: &shared_cache, + PartitionId: &partitionId, + } + keyring1, err := matProv.CreateAwsKmsHierarchicalKeyring(context.Background(), hkeyringInput) + // Step 8: Create encryption context for both tenants. + // The Branch Key Id supplier uses the encryption context to determine which branch key id will + // be used to encrypt data. + // Remember that your encryption context is NOT SECRET. + // For more information, see + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + + // Create encryption context for TenantA + encryptionContext := map[string]string{ + "tenant": "TenantA", + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 9: Encrypt the data for encryptionContext using keyring1 + encryptOutput, err := client.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampletext), + EncryptionContext: encryptionContext, + Keyring: keyring1, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(encryptOutput.Ciphertext) == exampletext { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 10: Decrypt your encrypted data using the same keyring HK1 you used on encrypt. + decryptOutput, err := client.Decrypt(context.Background(), esdktypes.DecryptInput{ + Ciphertext: encryptOutput.Ciphertext, + EncryptionContext: encryptionContext, + Keyring: keyring1, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutput.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampletext { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + fmt.Println("Shared Cache Example Completed Successfully") +} diff --git a/releases/go/encryption-sdk/examples/keyring/awskmshierarchicalkeyring/versionbranchkeyid.go b/releases/go/encryption-sdk/examples/keyring/awskmshierarchicalkeyring/versionbranchkeyid.go new file mode 100644 index 000000000..92ffe59fb --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/awskmshierarchicalkeyring/versionbranchkeyid.go @@ -0,0 +1,93 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package awskmshierarchicalkeyring + +import ( + "context" + "fmt" + + keystore "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographykeystoresmithygenerated" + keystoretypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographykeystoresmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/dynamodb" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +/* +This example demonstrates configuring a KeyStore and then +uses a helper method to version a branch key. +*/ +func versionBranchKeyId(keyStoreTableName, logicalKeyStoreName, kmsKeyArn, branchKeyId string) error { + // Load the AWS SDK configuration + cfg, err := config.LoadDefaultConfig(context.Background()) + if err != nil { + return err + } + // Create DDB and KMS clients + ddbClient := dynamodb.NewFromConfig(cfg) + kmsClient := kms.NewFromConfig(cfg) + // Create the keystore + // The KMS Configuration you use in the KeyStore MUST have the right access to the resources in the KeyStore. + kmsConfig := keystoretypes.KMSConfigurationMemberkmsKeyArn{ + Value: kmsKeyArn, + } + keyStore, err := keystore.NewClient(keystoretypes.KeyStoreConfig{ + DdbTableName: keyStoreTableName, + KmsConfiguration: &kmsConfig, + LogicalKeyStoreName: logicalKeyStoreName, + DdbClient: ddbClient, + KmsClient: kmsClient, + }) + if err != nil { + return err + } + // To version a branch key you MUST have access to kms:ReEncrypt* and kms:GenerateDataKeyWithoutPlaintext + _, err = keyStore.VersionKey(context.Background(), keystoretypes.VersionKeyInput{ + BranchKeyIdentifier: branchKeyId, + }) + if err != nil { + return err + } + return nil +} + +// Function to test versionBranchKeyId in main.go in examples directory +func CreateAndVersionBranchKeyId(keyStoreKMSKeyRegion, keyStoreRegion, keyStoreKMSKeyID, keyStoreName, logicalKeyStoreName string) error { + // Create the aws sdk clients + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + // Create the aws kms client + kmsClient := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = keyStoreKMSKeyRegion + }) + // Create the ddb client + ddbClient := dynamodb.NewFromConfig(cfg, func(options *dynamodb.Options) { + options.Region = keyStoreRegion + }) + // create branch key ID + branchKeyId, err := createbranchkeyid( + keyStoreName, + logicalKeyStoreName, + keyStoreKMSKeyID, + ddbClient, + kmsClient, + ) + if err != nil { + panic(err) + } + // Version Branch Key + err = versionBranchKeyId( + keyStoreName, + logicalKeyStoreName, + keyStoreKMSKeyID, + branchKeyId, + ) + if err != nil { + panic(err) + } + fmt.Println("Create and version branchKey Id Example Completed Successfully") + return nil +} diff --git a/releases/go/encryption-sdk/examples/keyring/awskmskeyring/awskmskeyring.go b/releases/go/encryption-sdk/examples/keyring/awskmskeyring/awskmskeyring.go new file mode 100644 index 000000000..acc0b995f --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/awskmskeyring/awskmskeyring.go @@ -0,0 +1,122 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +/* +This example sets up the AWS KMS Keyring +The AWS KMS keyring uses symmetric encryption KMS keys to generate, encrypt and +decrypt data keys. This example creates a KMS Keyring and then encrypts a custom input exampleText +with an encryption context. This example also includes some sanity checks for demonstration: +1. Ciphertext and plaintext data are not the same +2. Decrypted plaintext value matches exampleText +These sanity checks are for demonstration in the example only. You do not need these in your code. +AWS KMS keyrings can be used independently or in a multi-keyring with other keyrings +of the same or a different type. +For more information on how to use KMS keyrings, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-keyring.html +For more information on KMS Key identifiers, see +https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id +*/ + +package awskmskeyring + +import ( + "context" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +func AwsKmsKeyringExample(exampleText string, defaultKmsKeyId string, defaultKMSKeyAccountID string) { + // Step 1: Create the aws kms client + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + kmsClient := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = "us-west-2" + }) + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 3: Create the keyring + awsKmsKeyringInput := mpltypes.CreateAwsKmsKeyringInput{ + KmsClient: kmsClient, + KmsKeyId: defaultKmsKeyId, + } + awsKmsKeyring, err := matProv.CreateAwsKmsKeyring(context.Background(), awsKmsKeyringInput) + if err != nil { + panic(err) + } + // Step 4: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 5: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 6a: Encrypt + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + Keyring: awsKmsKeyring, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 6b: Decrypt + decryptOutput, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + EncryptionContext: encryptionContext, + Keyring: awsKmsKeyring, + Ciphertext: res.Ciphertext, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutput.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + fmt.Println("AWS KMS Keyring Example Completed Successfully") +} + +// This function only does subset matching because AWS Encryption SDK can add pairs, so don't require an exact match. +func validateEncryptionContext(expected, actual map[string]string) error { + for expectedKey, expectedValue := range expected { + actualValue, exists := actual[expectedKey] + if !exists || actualValue != expectedValue { + return fmt.Errorf("encryption context mismatch: expected key '%s' with value '%s'", + expectedKey, expectedValue) + } + } + return nil +} diff --git a/releases/go/encryption-sdk/examples/keyring/awskmsmrkdiscoverykeyring/awskmsmrkdiscoverykeyring.go b/releases/go/encryption-sdk/examples/keyring/awskmsmrkdiscoverykeyring/awskmsmrkdiscoverykeyring.go new file mode 100644 index 000000000..381aa129a --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/awskmsmrkdiscoverykeyring/awskmsmrkdiscoverykeyring.go @@ -0,0 +1,172 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +/* +This example sets up the AWS KMS MRK (multi-region key) Discovery Keyring +The AWS KMS discovery keyring is an AWS KMS keyring that doesn't specify any wrapping keys. +When decrypting, an MRK discovery keyring allows the AWS Encryption SDK to ask AWS KMS to decrypt +any encrypted data key by using the AWS KMS MRK that encrypted it, regardless of who owns or +has access to that AWS KMS key. The call succeeds only when the caller has kms:Decrypt +permission on the AWS KMS MRK. +The AWS Encryption SDK provides a standard AWS KMS discovery keyring and a discovery keyring +for AWS KMS multi-Region keys. Because it doesn't specify any wrapping keys, a discovery keyring +can't encrypt data. If you use a discovery keyring to encrypt data, alone or in a multi-keyring, +the encrypt operation fails. +The AWS Key Management Service (AWS KMS) MRK keyring interacts with AWS KMS to +create, encrypt, and decrypt data keys with multi-region AWS KMS keys (MRKs). +This example creates a KMS MRK Keyring and then encrypts a custom input exampleText +with an encryption context. This encrypted ciphertext is then decrypted using an +MRK Discovery keyring. This example also includes some sanity checks for demonstration: +1. Ciphertext and plaintext data are not the same +2. Decrypted plaintext value matches exampleText +These sanity checks are for demonstration in the example only. You do not need these in your code. +For information about using multi-Region keys with the AWS Encryption SDK, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/configure.html#config-mrks +For more info on KMS MRKs (multi-region keys), see the KMS documentation: +https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html +For more information on how to use KMS Discovery keyrings, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-keyring.html#kms-keyring-discovery +For more information on KMS Key identifiers, see +https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id +*/ +package awskmsmrkdiscoverykeyring + +import ( + "context" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +func AwsKmsMrkDiscoveryKeyringExample(exampleText, defaultRegionMrkKeyArn, defaultMRKKeyRegion, alternateRegionMrkKeyRegion, defaultKMSKeyAccountID string) { + // Step 1: Create the aws kms client + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + kmsClientEncrypt := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = defaultMRKKeyRegion + }) + kmsClientDecrypt := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = alternateRegionMrkKeyRegion + }) + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 3: Create the keyring + // Though this example highlights Discovery keyrings, Discovery keyrings + // cannot be used to encrypt, so for encryption we create a KMS MRK keyring. + // So, we create two keyrings. One for encryption, second one for decryption + // First Keyring: Create KMS MRK Keyring used for encryption + awsKmsMrkKeyringInputEncrypt := mpltypes.CreateAwsKmsMrkKeyringInput{ + KmsClient: kmsClientEncrypt, + KmsKeyId: defaultRegionMrkKeyArn, + } + awsKmsMrkKeyringEncrypt, err := matProv.CreateAwsKmsMrkKeyring(context.Background(), awsKmsMrkKeyringInputEncrypt) + if err != nil { + panic(err) + } + // Second Keyring: create a Discovery keyring to use for decryption. + discoveryFilter := mpltypes.DiscoveryFilter{ + AccountIds: []string{defaultKMSKeyAccountID}, + Partition: "aws", + } + // In order to illustrate the MRK behavior of this keyring, we configure + // the keyring to use the second KMS region where the MRK is replicated to. + // This example assumes you have already replicated your key, but since we + // are using a discovery keyring, we don't need to provide the mrk replica key id + awsKmsMrkDiscoveryInput := mpltypes.CreateAwsKmsMrkDiscoveryKeyringInput{ + KmsClient: kmsClientDecrypt, + Region: alternateRegionMrkKeyRegion, + DiscoveryFilter: &discoveryFilter, + } + awsKmsMrkDiscoveryKeyring, err := matProv.CreateAwsKmsMrkDiscoveryKeyring(context.Background(), awsKmsMrkDiscoveryInput) + if err != nil { + panic(err) + } + // Step 4: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 5: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 6a: Encrypt + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + Keyring: awsKmsMrkKeyringEncrypt, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption ARE the same") + } + // Step 6b: Decrypt + // Create a Discovery keyring to use for decryption. + // On Decrypt, the header of the encrypted message (ciphertext) will be parsed. + // The header contains the Encrypted Data Keys (EDKs), which, if the EDK + // was encrypted by a KMS Keyring, includes the KMS Key ARN. + // The Discovery Keyring filters these EDKs for + // EDKs encrypted by Single Region OR Multi Region KMS Keys. + // If a Discovery Filter is present, these KMS Keys must belong + // to an AWS Account ID in the discovery filter's AccountIds and + // must be from the discovery filter's partition. + // Finally, KMS is called to decrypt each filtered EDK until an EDK is + // successfully decrypted. The resulting data key is used to decrypt the + // ciphertext's message. + // If all calls to KMS fail, the decryption fails. + decryptOutput, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + EncryptionContext: encryptionContext, + Keyring: awsKmsMrkDiscoveryKeyring, + Ciphertext: res.Ciphertext, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutput.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + fmt.Println("AWS KMS MRK Discovery Keyring Example Completed Successfully") +} + +// This function only does subset matching because AWS Encryption SDK can add pairs, so don't require an exact match. +func validateEncryptionContext(expected, actual map[string]string) error { + for expectedKey, expectedValue := range expected { + actualValue, exists := actual[expectedKey] + if !exists || actualValue != expectedValue { + return fmt.Errorf("encryption context mismatch: expected key '%s' with value '%s'", + expectedKey, expectedValue) + } + } + return nil +} diff --git a/releases/go/encryption-sdk/examples/keyring/awskmsmrkdiscoverymultikeyring/awskmsmrkdiscoverymultikeyring.go b/releases/go/encryption-sdk/examples/keyring/awskmsmrkdiscoverymultikeyring/awskmsmrkdiscoverymultikeyring.go new file mode 100644 index 000000000..39d174fc8 --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/awskmsmrkdiscoverymultikeyring/awskmsmrkdiscoverymultikeyring.go @@ -0,0 +1,164 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +/* +This example sets up the AWS KMS MRK (multi-region key) Discovery Multi Keyring +AWS KMS MRK Discovery Multi Keyring is composed of multiple MRK discovery keyrings. +The AWS KMS discovery keyring is an AWS KMS keyring that doesn't specify any wrapping keys. +When decrypting, an MRK discovery keyring allows the AWS Encryption SDK to ask AWS KMS to decrypt +any encrypted data key by using the AWS KMS MRK that encrypted it, regardless of who owns or +has access to that AWS KMS key. The call succeeds only when the caller has kms:Decrypt +permission on the AWS KMS MRK. +The AWS Encryption SDK provides a standard AWS KMS discovery keyring and a discovery keyring +for AWS KMS multi-Region keys. Because it doesn't specify any wrapping keys, a discovery keyring +can't encrypt data. If you use a discovery keyring to encrypt data, alone or in a multi-keyring, +the encrypt operation fails. +The AWS Key Management Service (AWS KMS) MRK keyring interacts with AWS KMS to +create, encrypt, and decrypt data keys with multi-region AWS KMS keys (MRKs). +This example creates a KMS MRK Keyring and then encrypts a custom input exampleText +with an encryption context. This encrypted ciphertext is then decrypted using an +MRK Discovery Multi keyring. This example also includes some sanity checks for demonstration: +1. Ciphertext and plaintext data are not the same +2. Decrypted plaintext value matches exampleText +These sanity checks are for demonstration in the example only. You do not need these in your code. +For information about using multi-Region keys with the AWS Encryption SDK, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/configure.html#config-mrks +For more info on KMS MRKs (multi-region keys), see the KMS documentation: +https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html +For more information on how to use KMS Discovery keyrings, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-keyring.html#kms-keyring-discovery +For more information on KMS Key identifiers, see +https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id +*/ +package awskmsmrkdiscoverymultikeyring + +import ( + "context" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +func AwsKmsMrkDiscoveryMultiKeyringExample(exampleText, defaultRegionMrkKeyArn, defaultMRKKeyRegion, defaultKMSKeyAccountID string, regionsOfMRKKeys []string) { + // Step 1: Create the aws kms client + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + kmsClient := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = defaultMRKKeyRegion + }) + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 3: Create the keyring + // Though this example highlights Discovery keyrings, Discovery keyrings + // cannot be used to encrypt, so for encryption we create a KMS MRK keyring. + // So, we create two keyrings. One for encryption, second one for decryption + // First Keyring: Create KMS MRK Keyring used for encryption + awsKmsMrkKeyringInput := mpltypes.CreateAwsKmsMrkKeyringInput{ + KmsClient: kmsClient, + KmsKeyId: defaultRegionMrkKeyArn, + } + awsKmsMrkKeyring, err := matProv.CreateAwsKmsMrkKeyring(context.Background(), awsKmsMrkKeyringInput) + if err != nil { + panic(err) + } + // Second Keyring: Create a MRK Discovery Multi Keyring to use for decryption + // We'll add a discovery filter to limit the set of encrypted data keys + // we are willing to decrypt to only ones created by KMS keys in select + // accounts and the partition `aws`. + // MRK Discovery keyrings also filter encrypted data keys by the region + // the keyring is created with. + discoveryFilter := mpltypes.DiscoveryFilter{ + AccountIds: []string{defaultKMSKeyAccountID}, + Partition: "aws", + } + awsKmsMrkDiscoveryMultiKeyringInput := mpltypes.CreateAwsKmsMrkDiscoveryMultiKeyringInput{ + Regions: regionsOfMRKKeys, + DiscoveryFilter: &discoveryFilter, + } + awsKmsMrkDiscoveryMultiKeyring, err := matProv.CreateAwsKmsMrkDiscoveryMultiKeyring(context.Background(), awsKmsMrkDiscoveryMultiKeyringInput) + // Step 4: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 5: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 6a: Encrypt + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + Keyring: awsKmsMrkKeyring, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 6b: Decrypt + // On Decrypt, the header of the encrypted message (ciphertext) will be parsed. + // The header contains the Encrypted Data Keys (EDKs), which, if the EDK + // was encrypted by a KMS Keyring, includes the KMS Key ARN. + // The Discovery Keyring filters these EDKs for + // EDKs encrypted by Single Region OR Multi Region KMS Keys. + // If a Discovery Filter is present, these KMS Keys must belong + // to an AWS Account ID in the discovery filter's AccountIds and + // must be from the discovery filter's partition. + // Finally, KMS is called to decrypt each filtered EDK until an EDK is + // successfully decrypted. The resulting data key is used to decrypt the + // ciphertext's message. + // If all calls to KMS fail, the decryption fails. + decryptOutput, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + Keyring: awsKmsMrkDiscoveryMultiKeyring, + Ciphertext: res.Ciphertext, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutput.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + fmt.Println("AWS KMS MRK Discovery Multi Keyring Example Completed Successfully") +} + +// This function only does subset matching because AWS Encryption SDK can add pairs, so don't require an exact match. +func validateEncryptionContext(expected, actual map[string]string) error { + for expectedKey, expectedValue := range expected { + actualValue, exists := actual[expectedKey] + if !exists || actualValue != expectedValue { + return fmt.Errorf("encryption context mismatch: expected key '%s' with value '%s'", + expectedKey, expectedValue) + } + } + return nil +} diff --git a/releases/go/encryption-sdk/examples/keyring/awskmsmrkkeyring/awskmsmrkkeyring.go b/releases/go/encryption-sdk/examples/keyring/awskmsmrkkeyring/awskmsmrkkeyring.go new file mode 100644 index 000000000..18581b455 --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/awskmsmrkkeyring/awskmsmrkkeyring.go @@ -0,0 +1,152 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +/* +This example sets up the AWS KMS MRK (multi-region key) Keyring +The AWS Key Management Service (AWS KMS) MRK keyring interacts with AWS KMS to +create, encrypt, and decrypt data keys with multi-region AWS KMS keys (MRKs). +This example creates a KMS MRK Keyring and then encrypts a custom input exampleText +with an encryption context. This example also includes some sanity checks for demonstration: +1. Ciphertext and plaintext data are not the same +2. Decrypted plaintext value matches exampleText +These sanity checks are for demonstration in the example only. You do not need these in your code. +AWS KMS MRK keyrings can be used independently or in a multi-keyring with other keyrings +of the same or a different type. +For more information on how to use KMS keyrings, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-keyring.html +For more info on KMS MRK (multi-region keys), see the KMS documentation: +https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html +For more information on KMS Key identifiers, see +https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id +*/ +package awskmsmrkkeyring + +import ( + "context" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +func AwsKmsMrkKeyringExample(exampleText, defaultRegionMrkKeyArn, alternateRegionMrkKeyArn, defaultMRKKeyRegion, alternateRegionMrkKeyRegion string) { + // Step 1: Create the aws kms client + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + kmsClientEncrypt := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = defaultMRKKeyRegion + }) + kmsClientDecrypt := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = alternateRegionMrkKeyRegion + }) + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 3: Create the keyrings + // Create one keyring for encrypt with KMS client on defaultMRKKeyRegion region + // Create second keyring for decrypt with KMS client on alternateRegionMrkKeyRegion region. + // In order to illustrate the MRK behavior, we are creating two keyrings with two different regions + awsKmsMrkKeyringInputEncrypt := mpltypes.CreateAwsKmsMrkKeyringInput{ + KmsClient: kmsClientEncrypt, + KmsKeyId: defaultRegionMrkKeyArn, + } + awsKmsMrkKeyringInputDecrypt := mpltypes.CreateAwsKmsMrkKeyringInput{ + KmsClient: kmsClientDecrypt, + KmsKeyId: alternateRegionMrkKeyArn, + } + awsKmsMrkKeyringEncrypt, err := matProv.CreateAwsKmsMrkKeyring(context.Background(), awsKmsMrkKeyringInputEncrypt) + if err != nil { + panic(err) + } + awsKmsMrkKeyringDecrypt, err := matProv.CreateAwsKmsMrkKeyring(context.Background(), awsKmsMrkKeyringInputDecrypt) + if err != nil { + panic(err) + } + // Step 4: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 5: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 6a: Encrypt + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + Keyring: awsKmsMrkKeyringEncrypt, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 6b: Decrypt + // 1. Decrypt with the same keyring (same region) as encrypt + decryptOutputSameRegion, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + EncryptionContext: encryptionContext, + Keyring: awsKmsMrkKeyringEncrypt, + Ciphertext: res.Ciphertext, + }) + if err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutputSameRegion.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + // 2. Decrypt with different keyring on different region. + decryptOutputDifferentRegion, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + EncryptionContext: encryptionContext, + Keyring: awsKmsMrkKeyringDecrypt, + Ciphertext: res.Ciphertext, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutputDifferentRegion.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutputDifferentRegion.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + fmt.Println("AWS KMS MRK Keyring Example Completed Successfully") +} + +// This function only does subset matching because AWS Encryption SDK can add pairs, so don't require an exact match. +func validateEncryptionContext(expected, actual map[string]string) error { + for expectedKey, expectedValue := range expected { + actualValue, exists := actual[expectedKey] + if !exists || actualValue != expectedValue { + return fmt.Errorf("encryption context mismatch: expected key '%s' with value '%s'", + expectedKey, expectedValue) + } + } + return nil +} diff --git a/releases/go/encryption-sdk/examples/keyring/awskmsmrkmultikeyring/awskmsmrkmultikeyring.go b/releases/go/encryption-sdk/examples/keyring/awskmsmrkmultikeyring/awskmsmrkmultikeyring.go new file mode 100644 index 000000000..4c505fea5 --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/awskmsmrkmultikeyring/awskmsmrkmultikeyring.go @@ -0,0 +1,153 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +/* +This example sets up the AWS KMS MRK (multi-region key) Multi Keyring +The AWS Key Management Service (AWS KMS) MRK keyring interacts with AWS KMS to +create, encrypt, and decrypt data keys with AWS KMS MRK keys. +The KMS MRK multi-keyring consists of one or more individual keyrings of the +same or different type. The keys can either be regular KMS keys or MRKs. +The effect is like using several keyrings in a series. +This example creates a AwsKmsMrkMultiKeyring using an mrk_key_id (generator) and a kms_key_id +as a child key, and then encrypts a custom input exampleText with an encryption context. +Either KMS Key individually is capable of decrypting data encrypted under this keyring. +This example also includes some sanity checks for demonstration: +1. Ciphertext and plaintext data are not the same +2. Decrypted plaintext value matches exampleText +3. Ciphertext can be decrypted using an AwsKmsMrkKeyring containing a replica of the + MRK (from the multi-keyring used for encryption) copied from the first region into + the second region +These sanity checks are for demonstration in the example only. You do not need these in your code. +For more information on how to use KMS keyrings, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-keyring.html +For more info on KMS MRK (multi-region keys), see the KMS documentation: +https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html +For more information on KMS Key identifiers, see +https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id +*/ +package awskmsmrkmultikeyring + +import ( + "context" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +func AwsKmsMrkMultiKeyringExample(exampleText, defaultRegionMrkKeyArn, alternateRegionMrkKeyArn, defaultKMSKeyId, alternateRegionMrkKeyRegion string) { + // Step 1: Create the aws kms client + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + kmsClient := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = alternateRegionMrkKeyRegion + }) + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + defaultMrkKey := defaultRegionMrkKeyArn + // Step 3: Create the keyring + awsKmsMrkKeyringMultiInput := mpltypes.CreateAwsKmsMrkMultiKeyringInput{ + Generator: &defaultMrkKey, + KmsKeyIds: []string{defaultKMSKeyId}, + } + awsKmsMrkMultiKeyring, err := matProv.CreateAwsKmsMrkMultiKeyring(context.Background(), awsKmsMrkKeyringMultiInput) + if err != nil { + panic(err) + } + // Step 4: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 5: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 6a: Encrypt + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + Keyring: awsKmsMrkMultiKeyring, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 6b: Decrypt + decryptOutputMulti, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + EncryptionContext: encryptionContext, + Keyring: awsKmsMrkMultiKeyring, + Ciphertext: res.Ciphertext, + }) + if err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutputMulti.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + // Demonstrate that a single AwsKmsMrkKeyring configured with a replica of a MRK from the + // multi-keyring used to encrypt the data is also capable of decrypting the data. + awsKmsMrkKeyringInput := mpltypes.CreateAwsKmsMrkKeyringInput{ + KmsClient: kmsClient, + KmsKeyId: alternateRegionMrkKeyArn, + } + awsKmsMrkKeyring, err := matProv.CreateAwsKmsMrkKeyring(context.Background(), awsKmsMrkKeyringInput) + if err != nil { + panic(err) + } + decryptOutputMrk, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + EncryptionContext: encryptionContext, + Keyring: awsKmsMrkKeyring, + Ciphertext: res.Ciphertext, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutputMrk.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutputMrk.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + fmt.Println("AWS KMS MRK Multi Keyring Example Completed Successfully") +} + +// This function only does subset matching because AWS Encryption SDK can add pairs, so don't require an exact match. +func validateEncryptionContext(expected, actual map[string]string) error { + for expectedKey, expectedValue := range expected { + actualValue, exists := actual[expectedKey] + if !exists || actualValue != expectedValue { + return fmt.Errorf("encryption context mismatch: expected key '%s' with value '%s'", + expectedKey, expectedValue) + } + } + return nil +} diff --git a/releases/go/encryption-sdk/examples/keyring/awskmsmultikeyring/awskmsmultikeyring.go b/releases/go/encryption-sdk/examples/keyring/awskmsmultikeyring/awskmsmultikeyring.go new file mode 100644 index 000000000..37184aeae --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/awskmsmultikeyring/awskmsmultikeyring.go @@ -0,0 +1,172 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/* +This example sets up the AWS KMS Multi Keyring made up of multiple AWS KMS Keyrings. + +A multi-keyring is a keyring that consists of one or more individual keyrings of the +same or a different type. The effect is like using several keyrings in a series. +When you use a multi-keyring to encrypt data, any of the wrapping keys in any of its +keyrings can decrypt that data. + +When you create a multi-keyring to encrypt data, you designate one of the keyrings as +the generator keyring. All other keyrings are known as child keyrings. The generator keyring +generates and encrypts the plaintext data key. Then, all of the wrapping keys in all of the +child keyrings encrypt the same plaintext data key. The multi-keyring returns the plaintext +key and one encrypted data key for each wrapping key in the multi-keyring. If you create a +multi-keyring with no generator keyring, you can use it to decrypt data, but not to encrypt. +If the generator keyring is a KMS keyring, the generator key in the AWS KMS keyring generates +and encrypts the plaintext key. Then, all additional AWS KMS keys in the AWS KMS keyring, +and all wrapping keys in all child keyrings in the multi-keyring, encrypt the same plaintext key. + +When decrypting, the AWS Encryption SDK uses the keyrings to try to decrypt one of the encrypted +data keys. The keyrings are called in the order that they are specified in the multi-keyring. +Processing stops as soon as any key in any keyring can decrypt an encrypted data key. + +This example creates a Multi Keyring and then encrypts a custom input exampleText +with an encryption context. This example also includes some sanity checks for demonstration: +1. Ciphertext and plaintext data are not the same +2. Decryption of ciphertext is possible using the multi_keyring, + and every one of the keyrings from the multi_keyring separately +3. All decrypted plaintext value match exampleText +These sanity checks are for demonstration in the example only. You do not need these in your code. + +This example creates a multi_keyring using a KMS keyring as generator keyring and +another KMS keyring as a child keyring. + +For more information on how to use Multi keyrings, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-multi-keyring.html + +For more information on KMS Key identifiers, see +https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id +*/ + +package awskmsmultikeyring + +import ( + "context" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +func AwsKmsMultiKeyringExample(exampleText, defaultKMSKeyId, alternateRegionKMSKeyId, alternateRegionKMSKeyRegion string) { + // Step 1: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 2: Create an AwsKmsMultiKeyring that protects your data under two different KMS Keys. + // Either KMS Key individually is capable of decrypting data encrypted under this Multi Keyring. + generatorKeyId := defaultKMSKeyId + awsKmsMultiKeyringInput := mpltypes.CreateAwsKmsMultiKeyringInput{ + Generator: &generatorKeyId, + KmsKeyIds: []string{alternateRegionKMSKeyId}, + } + awsKmsMultiKeyring, err := matProv.CreateAwsKmsMultiKeyring(context.Background(), awsKmsMultiKeyringInput) + if err != nil { + panic(err) + } + // Step 3: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 4: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 5a: Encrypt + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + Keyring: awsKmsMultiKeyring, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 5b: Decrypt + decryptOutput, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + EncryptionContext: encryptionContext, + Keyring: awsKmsMultiKeyring, + Ciphertext: res.Ciphertext, + }) + if err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + // Demonstrate that a single AwsKmsKeyring configured with either KMS key + // is also capable of decrypting the data. + // Create the aws kms client + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + kmsClient := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = alternateRegionKMSKeyRegion + }) + // Create a single AwsKmsKeyring with the KMS key from our second region. + awsKmsKeyringInput := mpltypes.CreateAwsKmsKeyringInput{ + KmsClient: kmsClient, + KmsKeyId: alternateRegionKMSKeyId, + } + awsKmsKeyring, err := matProv.CreateAwsKmsKeyring(context.Background(), awsKmsKeyringInput) + if err != nil { + panic(err) + } + decryptOutputKmsKeyring, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + Ciphertext: res.Ciphertext, + EncryptionContext: encryptionContext, + Keyring: awsKmsKeyring, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutputKmsKeyring.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutputKmsKeyring.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + fmt.Println("KMS Multi Keyring Example Completed Successfully") +} + +// This function only does subset matching because AWS Encryption SDK can add pairs, so don't require an exact match. +func validateEncryptionContext(expected, actual map[string]string) error { + for expectedKey, expectedValue := range expected { + actualValue, exists := actual[expectedKey] + if !exists || actualValue != expectedValue { + return fmt.Errorf("encryption context mismatch: expected key '%s' with value '%s'", + expectedKey, expectedValue) + } + } + return nil +} diff --git a/releases/go/encryption-sdk/examples/keyring/awskmsrsakeyring/awskmsrsakeyring.go b/releases/go/encryption-sdk/examples/keyring/awskmsrsakeyring/awskmsrsakeyring.go new file mode 100644 index 000000000..15eeef5cc --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/awskmsrsakeyring/awskmsrsakeyring.go @@ -0,0 +1,127 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +/* +This example sets up the AWS KMS RSA Keyring +This example creates a KMS RSA Keyring and then encrypts a custom input +exampleText with an encryption context. +This example also includes some sanity checks for demonstration: + 1. Ciphertext and plaintext data are not the same + 2. Decrypted plaintext value matches exampleText +These sanity checks are for demonstration in the example only. You do not need these in your code. +# For more information on how to use KMS keyrings, see +# https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-keyring.html +For more information on KMS Key identifiers, see +https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id +*/ + +package awskmsrsakeyring + +import ( + "context" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/kms" + kmstypes "github.com/aws/aws-sdk-go-v2/service/kms/types" +) + +func AwsKmsRsaExample(exampleText string, kmsRsaKeyID string, kmsRSAPublicKey []byte) { + // Step 1: Create the aws kms client + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + kmsClient := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = "us-west-2" + }) + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient( + mpltypes.MaterialProvidersConfig{}, + ) + if err != nil { + panic(err) + } + // Step 3: Create the keyring + awsKmsRSAKeyringInput := mpltypes.CreateAwsKmsRsaKeyringInput{ + KmsClient: kmsClient, + KmsKeyId: kmsRsaKeyID, + PublicKey: kmsRSAPublicKey, + EncryptionAlgorithm: kmstypes.EncryptionAlgorithmSpecRsaesOaepSha256, + } + awsKmsRSAKeyring, err := matProv.CreateAwsKmsRsaKeyring(context.Background(), awsKmsRSAKeyringInput) + if err != nil { + panic(err) + } + // Step 4: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 5: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 6a: Encrypt + algorithmSuiteID := mpltypes.ESDKAlgorithmSuiteIdAlgAes256GcmHkdfSha512CommitKey + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + AlgorithmSuiteId: &algorithmSuiteID, + EncryptionContext: encryptionContext, + Keyring: awsKmsRSAKeyring, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 6b: Decrypt + decryptOutput, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + EncryptionContext: encryptionContext, + Keyring: awsKmsRSAKeyring, + Ciphertext: res.Ciphertext, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutput.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + fmt.Println("AWS KMS RSA Keyring Example Completed Successfully") +} + +// This function only does subset matching because AWS Encryption SDK can add pairs, so don't require an exact match. +func validateEncryptionContext(expected, actual map[string]string) error { + for expectedKey, expectedValue := range expected { + actualValue, exists := actual[expectedKey] + if !exists || actualValue != expectedValue { + return fmt.Errorf("encryption context mismatch: expected key '%s' with value '%s'", + expectedKey, expectedValue) + } + } + return nil +} diff --git a/releases/go/encryption-sdk/examples/keyring/ecdh/awskmsecdhdiscoverykeyring.go b/releases/go/encryption-sdk/examples/keyring/ecdh/awskmsecdhdiscoverykeyring.go new file mode 100644 index 000000000..6d11edfc8 --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/ecdh/awskmsecdhdiscoverykeyring.go @@ -0,0 +1,219 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/* +This example sets up the KMS ECDH Discovery Keyring. + +This example takes in the recipient's KMS ECC key ARN. +This example attempts to decrypt a ciphertext using the kmsEcdhKeyIdP256RecipientKeyId, +it does so by checking if the message header contains the recipient's public key. + +This example also requires access to a KMS ECC key. +Our tests provide a KMS ECC Key ARN that anyone can use, but you +can also provide your own KMS ECC key. +To use your own KMS ECC key, you must have: + - kms:GetPublicKey permissions on that key. +This example will call kms:GetPublicKey on keyring creation. +You must also have kms:DeriveSharedSecret permissions on the KMS ECC key. + +This example creates a KMS ECDH Discovery Keyring and then decrypts a ciphertext. +For getting the ciphertext, we create a KMS ECDH keyring without discovery +because kms_ecdh_discovery_keyring cannot encrypt data. +This example also includes some sanity checks for demonstration: +1. Decrypted plaintext value matches exampleText +These sanity checks are for demonstration in the example only. You do not need these in your code. + +For more information on this configuration see: +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-ecdh-keyring.html#kms-ecdh-discovery +*/ + +package ecdh + +import ( + "context" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + primitivestypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/awscryptographyprimitivessmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/utils" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +func AwsKmsEcdhDiscoveryKeyringExample( + exampleText string, + ecdhCurveSpec primitivestypes.ECDHCurveSpec, + kmsEcdhKeyIdP256RecipientKeyId string, + kmsEcdhKeyIdP256SenderKeyId string, + kmsEccPublicKeyFileNameSender string, + kmsEccPublicKeyFileNameRecipient string) { + // Step 1: Create the aws kms client + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + kmsClient := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = "us-west-2" + }) + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 3: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 4: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // For more information, see + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 5: Create the KMS ECDH keyring. + // This keyring uses the KmsPublicKeyDiscovery configuration. + // On encrypt, the keyring will fail as it is not allowed to encrypt data under this configuration. + // On decrypt, the keyring will check if its corresponding public key is stored in the message header. It + // will call AWS KMS to derive the shared from the recipient's KMS ECC Key ARN and the sender's public key; + // For more information on this configuration see: + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-ecdh-keyring.html#kms-ecdh-discovery + // This keyring takes in: + // - kmsClient + // - recipientKmsIdentifier: Must be an ARN representing a KMS ECC key meant for KeyAgreement + // - curveSpec: The curve name where the public keys lie + kmsEcdhDiscoveryStaticConfigurationInput := mpltypes.KmsPublicKeyDiscoveryInput{ + RecipientKmsIdentifier: kmsEcdhKeyIdP256RecipientKeyId, + } + kmsEcdhDiscoveryStaticConfiguration := &mpltypes.KmsEcdhStaticConfigurationsMemberKmsPublicKeyDiscovery{ + Value: kmsEcdhDiscoveryStaticConfigurationInput, + } + awsKmsEcdhDiscoveryKeyringInput := mpltypes.CreateAwsKmsEcdhKeyringInput{ + CurveSpec: ecdhCurveSpec, + KeyAgreementScheme: kmsEcdhDiscoveryStaticConfiguration, + KmsClient: kmsClient, + } + awsKmsEcdhDiscoveryKeyring, err := matProv.CreateAwsKmsEcdhKeyring(context.Background(), awsKmsEcdhDiscoveryKeyringInput) + if err != nil { + panic(err) + } + // Step 6: Get ciphertext by creating a KMS ECDH keyring WITHOUT discovery + // because the KMS ECDH keyring WITH discovery CANNOT encrypt data. + // We are generating a message intended for the kmsEcdhKeyIdP256RecipientKeyId recipient. + // Since a KMS ECDH keyring WITHOUT discovery cannot encrypt data, this example will ONLY decrypt + // messages where the configured key on the Discovery keyring is present on the message ciphertext. + // In this example we call `kms:GetPublicKey` to get the public key associated with the + // kmsEcdhKeyIdP256RecipientKeyId KMS key ID. + // If the message contains this public key, message decryption will be attempted. + cipherText := getCipherTextKmsEcdh(matProv, encryptionClient, ecdhCurveSpec, exampleText, encryptionContext, kmsClient, kmsEcdhKeyIdP256RecipientKeyId, kmsEcdhKeyIdP256SenderKeyId, kmsEccPublicKeyFileNameSender, kmsEccPublicKeyFileNameRecipient) + + // Step 7: Decrypt your encrypted data using the keyring with discovery behavior we created in step 5. + decryptOutput, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + Keyring: awsKmsEcdhDiscoveryKeyring, + EncryptionContext: encryptionContext, + Ciphertext: cipherText, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutput.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + if string(decryptOutput.Plaintext) == exampleText { + fmt.Println("AWS KMS ECDH Discovery Keyring Example Completed Successfully") + } else { + panic("FAILED!") + } +} + +// This function creates a AWS KMS ECDH keyring and encrypt the exampleText +func getCipherTextKmsEcdh( + matProv *mpl.Client, + encryptionClient *client.Client, + ecdhCurveSpec primitivestypes.ECDHCurveSpec, + exampleText string, + encryptionContext map[string]string, + kmsClient *kms.Client, + kmsEcdhKeyIdP256RecipientKeyId string, + kmsEcdhKeyIdP256SenderKeyId string, + kmsEccPublicKeyFileNameSender string, + kmsEccPublicKeyFileNameRecipient string) []byte { + // 1. Create the public key files for sender and recipient + // You may provide your own ECC keys. + // If not, this class will call the KMS ECC key, retrieve its public key, and store it + // in a PEM file for example use. + // Sender ECC key used in this example is retrieved with kmsEcdhKeyIdP256SenderKeyId + // Recipent ECC key used in this example is retrieved with kmsEcdhKeyIdP256RecipientKeyId + if !utils.FileExists(kmsEccPublicKeyFileNameSender) { + err := utils.WriteKmsEcdhEccPublicKey(kmsEcdhKeyIdP256SenderKeyId, kmsEccPublicKeyFileNameSender, kmsClient) + if err != nil { + panic(err) + } + } + if !utils.FileExists(kmsEccPublicKeyFileNameRecipient) { + err := utils.WriteKmsEcdhEccPublicKey(kmsEcdhKeyIdP256RecipientKeyId, kmsEccPublicKeyFileNameRecipient, kmsClient) + if err != nil { + panic(err) + } + } + // 2. Load public key from UTF-8 encoded PEM files into a DER encoded public key. + publicKeySender, err := utils.LoadPublicKeyFromPEM(kmsEccPublicKeyFileNameSender) + if err != nil { + panic(err) + } + publicKeyRecipient, err := utils.LoadPublicKeyFromPEM(kmsEccPublicKeyFileNameRecipient) + if err != nil { + panic(err) + } + // 3. Create the KmsPrivateKeyToStaticPublicKeyInput and kmsEcdhStaticConfiguration + kmsEcdhStaticConfigurationInput := mpltypes.KmsPrivateKeyToStaticPublicKeyInput{ + RecipientPublicKey: publicKeyRecipient, + SenderKmsIdentifier: kmsEcdhKeyIdP256SenderKeyId, + SenderPublicKey: publicKeySender, + } + kmsEcdhStaticConfiguration := &mpltypes.KmsEcdhStaticConfigurationsMemberKmsPrivateKeyToStaticPublicKey{ + Value: kmsEcdhStaticConfigurationInput, + } + // 4. Create the KMS ECDH keyring. + awsKmsEcdhKeyringInput := mpltypes.CreateAwsKmsEcdhKeyringInput{ + CurveSpec: ecdhCurveSpec, + KeyAgreementScheme: kmsEcdhStaticConfiguration, + KmsClient: kmsClient, + } + awsKmsEcdhKeyring, err := matProv.CreateAwsKmsEcdhKeyring(context.Background(), awsKmsEcdhKeyringInput) + if err != nil { + panic(err) + } + // 5. Encrypt the data with the encryption_context + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + Keyring: awsKmsEcdhKeyring, + }) + if err != nil { + panic(err) + } + // 6. Return the ciphertext + return res.Ciphertext +} diff --git a/releases/go/encryption-sdk/examples/keyring/ecdh/awskmsecdhkeyring.go b/releases/go/encryption-sdk/examples/keyring/ecdh/awskmsecdhkeyring.go new file mode 100644 index 000000000..6af3cc518 --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/ecdh/awskmsecdhkeyring.go @@ -0,0 +1,193 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/* +This example sets up the KMS ECDH Keyring. + +This example takes in the sender's KMS ECC key ARN, the sender's public key, +the recipient's public key, and the algorithm definition where the ECC keys lie. + +Both public keys MUST be UTF8 PEM-encoded X.509 public key, +also known as SubjectPublicKeyInfo (SPKI), + +This keyring, depending on its KeyAgreement scheme, +takes in the sender's KMS ECC Key ARN, and the recipient's ECC Public Key +to derive a shared secret. +The keyring uses the shared secret to derive a data key to protect the +data keys that encrypt and decrypt exampletext. + +This example also requires access to a KMS ECC key. +Our tests provide a KMS ECC Key ARN that you need permissions to, but you +can also provide your own KMS ECC key. +To use your own KMS ECC key, you must have either: +- Its public key downloaded in a UTF-8 encoded PEM file +- kms:GetPublicKey permissions on that key. +If you do not have the public key downloaded, running this example +through its main method will download the public key for you +by calling kms:GetPublicKey. +You must also have kms:DeriveSharedSecret permissions on the KMS ECC key. +This example also requires a recipient ECC Public Key that lies on the same +curve as the sender public key. This examples uses another distinct +KMS ECC Public Key, it does not have to be a KMS key; it can be a +valid SubjectPublicKeyInfo (SPKI) Public Key. + +This example creates a KMS ECDH Keyring and then encrypts a custom input exampleText +with an encryption context. This example also includes some sanity checks for demonstration: +1. Ciphertext and plaintext data are not the same +2. Decrypted plaintext value matches exampleText +These sanity checks are for demonstration in the example only. You do not need these in your code. + +For more information on this configuration see: +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-ecdh-keyring.html#kms-ecdh-create +*/ + +package ecdh + +import ( + "context" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + primitivestypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/awscryptographyprimitivessmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/utils" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +func AwsKmsEcdhKeyringExample( + exampleText string, + ecdhCurveSpec primitivestypes.ECDHCurveSpec, + kmsEcdhKeyIdP256RecipientKeyId string, + kmsEcdhKeyIdP256SenderKeyId string, + kmsEccPublicKeyFileNameSender string, + kmsEccPublicKeyFileNameRecipient string) { + // Step 1: Create the aws kms client + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + kmsClient := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = "us-west-2" + }) + // Step 2: Load public key from UTF-8 encoded PEM files into a DER encoded public key. + // You may provide your own ECC keys. + // If not, this class will call the KMS ECC key, retrieve its public key, and store it + // in a PEM file for example use. + if !utils.FileExists(kmsEccPublicKeyFileNameSender) { + err = utils.WriteKmsEcdhEccPublicKey(kmsEcdhKeyIdP256SenderKeyId, kmsEccPublicKeyFileNameSender, kmsClient) + if err != nil { + panic(err) + } + } + if !utils.FileExists(kmsEccPublicKeyFileNameRecipient) { + err = utils.WriteKmsEcdhEccPublicKey(kmsEcdhKeyIdP256RecipientKeyId, kmsEccPublicKeyFileNameRecipient, kmsClient) + if err != nil { + panic(err) + } + } + publicKeySender, err := utils.LoadPublicKeyFromPEM(kmsEccPublicKeyFileNameSender) + if err != nil { + panic(err) + } + publicKeyRecipient, err := utils.LoadPublicKeyFromPEM(kmsEccPublicKeyFileNameRecipient) + if err != nil { + panic(err) + } + // Step 3: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 4: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 5: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // For more information, see + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 6: Create the KMS ECDH keyring. + // This keyring uses the KmsPrivateKeyToStaticPublicKey configuration. This configuration calls for both of + // the keys to be on the same curve (P256, P384, P521). + // On encrypt, the keyring calls AWS KMS to derive the shared secret from the sender's KMS ECC Key ARN and the recipient's public key. + // For this example, on decrypt, the keyring calls AWS KMS to derive the shared secret from the sender's KMS ECC Key ARN and the recipient's public key; + // however, on decrypt, the recipient can construct a keyring such that the shared secret is calculated with + // the recipient's private key and the sender's public key. In both scenarios the shared secret will be the same. + // For more information on this configuration see: + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-ecdh-keyring.html#kms-ecdh-create + // This keyring takes in: + // - kmsClient + // - kmsKeyId: Must be an ARN representing a KMS ECC key meant for KeyAgreement + // - curveSpec: The curve name where the public keys lie + // - senderPublicKey: A ByteBuffer of a UTF-8 encoded public + // key for the key passed into kmsKeyId in DER format + // - recipientPublicKey: A ByteBuffer of a UTF-8 encoded public + // key for the key passed into kmsKeyId in DER format + kmsEcdhStaticConfigurationInput := mpltypes.KmsPrivateKeyToStaticPublicKeyInput{ + RecipientPublicKey: publicKeyRecipient, + SenderKmsIdentifier: kmsEcdhKeyIdP256SenderKeyId, + SenderPublicKey: publicKeySender, + } + kmsEcdhStaticConfiguration := &mpltypes.KmsEcdhStaticConfigurationsMemberKmsPrivateKeyToStaticPublicKey{ + Value: kmsEcdhStaticConfigurationInput, + } + awsKmsEcdhKeyringInput := mpltypes.CreateAwsKmsEcdhKeyringInput{ + CurveSpec: ecdhCurveSpec, + KeyAgreementScheme: kmsEcdhStaticConfiguration, + KmsClient: kmsClient, + } + awsKmsEcdhKeyring, err := matProv.CreateAwsKmsEcdhKeyring(context.Background(), awsKmsEcdhKeyringInput) + if err != nil { + panic(err) + } + // Step 7a: Encrypt the data + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + Keyring: awsKmsEcdhKeyring, + }) + if err != nil { + panic(err) + } + // Step 7b: Decrypt the data + decryptOutput, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + Ciphertext: res.Ciphertext, + EncryptionContext: encryptionContext, + Keyring: awsKmsEcdhKeyring, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutput.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + if string(decryptOutput.Plaintext) == exampleText { + fmt.Println("AWS KMS ECDH Keyring Example Completed Successfully") + } else { + panic("FAILED!") + } +} diff --git a/releases/go/encryption-sdk/examples/keyring/ecdh/ephemeralrawecdhkeyring.go b/releases/go/encryption-sdk/examples/keyring/ecdh/ephemeralrawecdhkeyring.go new file mode 100644 index 000000000..bf74b7cee --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/ecdh/ephemeralrawecdhkeyring.go @@ -0,0 +1,137 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/* +This example sets up the Ephemeral Raw ECDH Keyring. + +This example takes in the recipient's public key located at +eccPublicKeyFileNameRecipient as a +UTF8 PEM-encoded X.509 public key, +and the Curve Specification where the key lies. + +This example loads ECC keys from PEM files with paths defined in + - eccPublicKeyFileNameRecipient + +If you do not provide these files, running this example through this +class' main method will generate three files required for all raw ECDH examples +eccPrivateKeyFileNameSender, eccPrivateKeyFileNameRecipient +and eccPublicKeyFileNameRecipient for you. +In practice, users of this library should not generate new key pairs +like this, and should instead retrieve an existing key from a secure +key management system (e.g. an HSM). +You may also provide your own key pair by placing PEM files in the +directory where the example is run or modifying the paths in the code +below. These files must be valid PEM encodings of the key pair as UTF-8 +encoded bytes. If you do provide your own key pair, or if a key pair +already exists, this class' main method will not generate a new key pair. + +This examples creates a RawECDH keyring with the EphemeralPrivateKeyToStaticPublicKey key agreement scheme. +This configuration will always create a new key pair as the sender key pair for the key agreement operation. +The ephemeral configuration can only encrypt data and CANNOT decrypt messages. + +This example creates an Ephemeral Raw ECDH Keyring and then encrypts a custom input exampleText +with an encryption context. This example also includes some sanity checks for demonstration: +1. Ciphertext and plaintext data are not the same +These sanity checks are for demonstration in the example only. You do not need these in your code. + +For more information on this configuration see: +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-raw-ecdh-keyring.html#raw-ecdh-EphemeralPrivateKeyToStaticPublicKey +*/ + +package ecdh + +import ( + "context" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + primitivestypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/awscryptographyprimitivessmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/utils" +) + +func EphemeralRawECDHKeyringExample( + exampleText string, + ecdhCurveSpec primitivestypes.ECDHCurveSpec, + eccPublicKeyFileNameRecipient string) { + // Step 1: Generate Raw ECDH ECC keys and load public key. + // You may provide your own ECC keys in the files returned by eccPublicKeyFileNameRecipient + + // If you do not provide these files, running this example through this + // class' main method will generate three files required for all raw ECDH examples + // eccPrivateKeyFileNameSender, eccPrivateKeyFileNameRecipient + // and eccPublicKeyFileNameRecipient for you. + if !utils.FileExists(eccPublicKeyFileNameRecipient) { + err := utils.WriteRawEcdhEccKeys(ecdhCurveSpec) + if err != nil { + panic(err) + } + } + publicKeyRecipient, err := utils.LoadPublicKeyFromPEM(eccPublicKeyFileNameRecipient) + if err != nil { + panic(err) + } + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 3: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 4: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 5: Create the keyring. + // This keyring uses an ephemeral configuration. This configuration will always create a new + // key pair as the sender key pair for the key agreement operation. The ephemeral configuration can only + // encrypt data and CANNOT decrypt messages. + ephemeralRawEcdhStaticConfigurationInput := mpltypes.EphemeralPrivateKeyToStaticPublicKeyInput{ + RecipientPublicKey: publicKeyRecipient, + } + ephemeralRawECDHStaticConfiguration := + mpltypes.RawEcdhStaticConfigurationsMemberEphemeralPrivateKeyToStaticPublicKey{ + Value: ephemeralRawEcdhStaticConfigurationInput, + } + rawEcdhKeyRingInput := mpltypes.CreateRawEcdhKeyringInput{ + CurveSpec: ecdhCurveSpec, + KeyAgreementScheme: &ephemeralRawECDHStaticConfiguration, + } + ecdhKeyring, err := matProv.CreateRawEcdhKeyring(context.Background(), rawEcdhKeyRingInput) + if err != nil { + panic(err) + } + // Step 6: Encrypt + // A raw ecdh keyring with Ephemeral configuration cannot decrypt data since the key pair + // used as the sender is ephemeral. This means that at decrypt time it does not have + // the private key that corresponds to the public key that is stored on the message. + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + Keyring: ecdhKeyring, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + // (This is an example for demonstration; you do not need to do this in your own code.) + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + fmt.Println("Ephemeral Raw ECDH Keyring Example Completed Successfully") +} diff --git a/releases/go/encryption-sdk/examples/keyring/ecdh/publickeyrawdiscoveryecdhkeyring.go b/releases/go/encryption-sdk/examples/keyring/ecdh/publickeyrawdiscoveryecdhkeyring.go new file mode 100644 index 000000000..c9554e047 --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/ecdh/publickeyrawdiscoveryecdhkeyring.go @@ -0,0 +1,218 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/* +This example sets up the Public Key Discovery Raw ECDH Keyring. + +A public key discovery Raw ECDH Keyring takes in the recipient's private key located +at eccPrivateKeyFileNameRecipient +as a UTF8 PEM-encoded (PKCS #8 PrivateKeyInfo structures) private key, +and the Curve Specification where the key lies. + +If you provide the eccPrivateKeyFileNameRecipient, make sure to also +provide the recipient's public key located at eccPublicKeyFileNameRecipient +in the directory that you run this example. Even though the Public Key Discovery Raw ECDH keyring +uses the eccPrivateKeyFileNameRecipient to decrypt the data, +the eccPublicKeyFileNameRecipient is needed to generate the ciphertext to decrypt. + +This example loads ECC keys from PEM files and the ciphertext with paths defined in + - eccPrivateKeyFileNameRecipient + - eccPublicKeyFileNameRecipient + +If you do not provide these files, running this example through this +class' main method will generate three files required for all raw ECDH examples +eccPrivateKeyFilenameSender, eccPrivateKeyFileNameRecipient +and eccPublicKeyFileNameRecipient for you. +In practice, users of this library should not generate new key pairs +like this, and should instead retrieve an existing key from a secure +key management system (e.g. an HSM). +You may also provide your own key pair by placing PEM files in the +directory where the example is run or modifying the paths in the code +below. These files must be valid PEM encodings of the key pair as UTF-8 +encoded bytes. If you do provide your own key pair, or if a key pair +already exists, this class' main method will not generate a new key pair. + +This example creates a RawECDH keyring with the PublicKeyDiscovery key agreement scheme. +This scheme is only available on decrypt. + +This example creates a Public Key Discovery Raw ECDH Keyring and takes in a ciphertext to decrypt it. +This example also includes some sanity checks for demonstration: +1. Decrypted plaintext value matches exampleText +These sanity checks are for demonstration in the example only. You do not need these in your code. + +For more information on this configuration see: +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-raw-ecdh-keyring.html#raw-ecdh-PublicKeyDiscovery +*/ + +package ecdh + +import ( + "context" + "fmt" + "os" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + primitivestypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/awscryptographyprimitivessmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/utils" +) + +func PublicKeyRawEcdhDiscoveryKeyringExample( + exampleText string, + ecdhCurveSpec primitivestypes.ECDHCurveSpec, + eccPublicKeyFileNameRecipient string, + eccPrivateKeyFileNameRecipient string) { + // Step 1: Generate Raw ECDH ECC keys and load the recipient's private key. + // You may provide your own ECC keys in the files returned by eccPublicKeyFileNameRecipient + + // If you do not provide these files, running this example through this + // class' main method will generate three files required for all raw ECDH examples + // eccPrivateKeyFileNameSender, eccPrivateKeyFileNameRecipient + // and eccPublicKeyFileNameRecipient for you. + if !utils.FileExists(eccPublicKeyFileNameRecipient) { + err := utils.WriteRawEcdhEccKeys(ecdhCurveSpec) + if err != nil { + panic(err) + } + } + privateKeyRecipient, err := os.ReadFile(eccPrivateKeyFileNameRecipient) + if err != nil { + panic(err) + } + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 3: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 4: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // For more information, see + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 5: Create the Public Key Discovery Raw ECDH keyring. + // Create the keyring. + // This keyring uses a discovery configuration. This configuration will check on decrypt + // if it is meant to decrypt the message by checking if the configured public key is stored on the message. + // The discovery configuration can only decrypt messages and CANNOT encrypt messages. + discoveryRawEcdhStaticConfigurationInput := mpltypes.PublicKeyDiscoveryInput{ + RecipientStaticPrivateKey: privateKeyRecipient, + } + discoveryRawEcdhStaticConfiguration := &mpltypes.RawEcdhStaticConfigurationsMemberPublicKeyDiscovery{ + Value: discoveryRawEcdhStaticConfigurationInput, + } + discoveryRawEcdhKeyringInput := mpltypes.CreateRawEcdhKeyringInput{ + CurveSpec: ecdhCurveSpec, + KeyAgreementScheme: discoveryRawEcdhStaticConfiguration, + } + discoveryRawEcdhKeyring, err := matProv.CreateRawEcdhKeyring(context.Background(), discoveryRawEcdhKeyringInput) + if err != nil { + panic(err) + } + // Step 6a: Get the ciphertext + // Although this example highlights Public Key Discovery Raw ECDH Keyring keyring, Discovery keyrings cannot + // be used to encrypt, so for encryption we create a Ephemeral Raw ECDH keyring without discovery mode. + cipherText := getCipherTextRawEcdh(matProv, encryptionClient, ecdhCurveSpec, exampleText, encryptionContext, eccPublicKeyFileNameRecipient) + // Step 6b: Decrypt + decryptOutput, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + Keyring: discoveryRawEcdhKeyring, + EncryptionContext: encryptionContext, + Ciphertext: cipherText, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutput.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + if string(decryptOutput.Plaintext) == exampleText { + fmt.Println("Public Key Discovery Raw ECDH Keyring Example Completed Successfully") + } else { + panic("FAILED!") + } +} + +// This function creates a Ephemeral Raw ECDH keyring and encrypt the exampleText +func getCipherTextRawEcdh( + matProv *mpl.Client, + encryptionClient *client.Client, + ecdhCurveSpec primitivestypes.ECDHCurveSpec, + exampleText string, + encryptionContext map[string]string, + eccPublicKeyFileNameRecipient string) []byte { + // 1. Generate Raw ECDH ECC keys and load public key. + // You may provide your own ECC keys in the files returned by eccPublicKeyFileNameRecipient + + // If you do not provide these files, running this example through this + // class' main method will generate three files required for all raw ECDH examples + // eccPrivateKeyFileNameSender, eccPrivateKeyFileNameRecipient + // and eccPublicKeyFileNameRecipient for you. + // Load public key from UTF-8 encoded PEM files into a DER encoded public key. + if !utils.FileExists(eccPublicKeyFileNameRecipient) { + err := utils.WriteRawEcdhEccKeys(ecdhCurveSpec) + if err != nil { + panic(err) + } + } + publicKeyRecipient, err := utils.LoadPublicKeyFromPEM(eccPublicKeyFileNameRecipient) + if err != nil { + panic(err) + } + // Create the RawEcdhStaticConfigurations + ephemeralRawEcdhStaticConfigurationInput := mpltypes.EphemeralPrivateKeyToStaticPublicKeyInput{ + RecipientPublicKey: publicKeyRecipient, + } + ephemeralRawECDHStaticConfiguration := mpltypes.RawEcdhStaticConfigurationsMemberEphemeralPrivateKeyToStaticPublicKey{ + Value: ephemeralRawEcdhStaticConfigurationInput, + } + // Create the Ephemeral Raw ECDH keyring. + // This keyring uses an ephemeral configuration. This configuration will always create a new + // key pair as the sender key pair for the key agreement operation. The ephemeral configuration can only + // encrypt data and CANNOT decrypt messages. + rawEcdhKeyRingInput := mpltypes.CreateRawEcdhKeyringInput{ + CurveSpec: ecdhCurveSpec, + KeyAgreementScheme: &ephemeralRawECDHStaticConfiguration, + } + ecdhKeyring, err := matProv.CreateRawEcdhKeyring(context.Background(), rawEcdhKeyRingInput) + if err != nil { + panic(err) + } + // Encrypt the data + // A raw ecdh keyring with Ephemeral configuration cannot decrypt data since the key pair + // used as the sender is ephemeral. This means that at decrypt time it does not have + // the private key that corresponds to the public key that is stored on the message. + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + Keyring: ecdhKeyring, + }) + if err != nil { + panic(err) + } + return res.Ciphertext +} diff --git a/releases/go/encryption-sdk/examples/keyring/ecdh/rawecdhkeyring.go b/releases/go/encryption-sdk/examples/keyring/ecdh/rawecdhkeyring.go new file mode 100644 index 000000000..87cd5a9de --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/ecdh/rawecdhkeyring.go @@ -0,0 +1,194 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/* +This example sets up the Raw ECDH Keyring. + +This example takes in the sender's private key located at +eccPrivateKeyFileNameSender as a UTF8 PEM-encoded +(PKCS #8 PrivateKeyInfo structures) private key, +and the recipient's public key located at +eccPublicKeyFileNameRecipient as a +UTF8 PEM-encoded X.509 public key, +also known as SubjectPublicKeyInfo (SPKI), +and the Curve Specification where the keys lie. + +This example loads ECC keys from PEM files with paths defined in + - eccPrivateKeyFileNameSender + - eccPublicKeyFileNameRecipient + +If you do not provide these files, running this example through this +class' main method will generate three files required for all raw ECDH examples +eccPrivateKeyFileNameSender, eccPrivateKeyFileNameRecipient +and eccPublicKeyFileNameRecipient for you. +These files will be generated in the directory where the example is run. +In practice, users of this library should not generate new key pairs +like this, and should instead retrieve an existing key from a secure +key management system (e.g. an HSM). +You may also provide your own key pair by placing PEM files in the +directory where the example is run or modifying the paths in the code +below. These files must be valid PEM encodings of the key pair as UTF-8 +encoded bytes. If you do provide your own key pair, or if a key pair +already exists, this class' main method will not generate a new key pair. + +This example creates a RawECDH keyring with the RawPrivateKeyToStaticPublicKey key agreement scheme. +On encrypt, the shared secret is derived from the sender's private key and the recipient's public key. +On decrypt, the shared secret is derived from the sender's private key and the recipient's public key; +however, on decrypt the recipient can construct a keyring such that the shared secret is calculated with +the recipient's private key and the sender's public key. In both scenarios the shared secret will be the same. + +This example creates a Raw ECDH Keyring and then encrypts a custom input exampleText +with an encryption context. This example also includes some sanity checks for demonstration: +1. Ciphertext and plaintext data are not the same +2. Decrypted plaintext value matches exampleText +These sanity checks are for demonstration in the example only. You do not need these in your code. + +For more information on this configuration see: +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-raw-ecdh-keyring.html#raw-ecdh-RawPrivateKeyToStaticPublicKey +*/ + +package ecdh + +import ( + "context" + "fmt" + "os" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + primitivestypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/awscryptographyprimitivessmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/utils" +) + +func RawECDHKeyringExample( + exampleText string, + ecdhCurveSpec primitivestypes.ECDHCurveSpec, + eccPublicKeyFileNameRecipient string, + eccPrivateKeyFileNameSender string) { + // Step 1: Generate Raw ECDH ECC keys and load public key. + // You may provide your own ECC keys in the files returned by eccPublicKeyFileNameRecipient + + // If you do not provide these files, running this example through this + // class' main method will generate three files required for all raw ECDH examples + // eccPrivateKeyFileNameSender, eccPrivateKeyFileNameRecipient + // and eccPublicKeyFileNameRecipient for you. + if !utils.FileExists(eccPublicKeyFileNameRecipient) || !utils.FileExists(eccPrivateKeyFileNameSender) { + err := utils.WriteRawEcdhEccKeys(ecdhCurveSpec) + if err != nil { + panic(err) + } + } + privateKeySender, err := os.ReadFile(eccPrivateKeyFileNameSender) + if err != nil { + panic(err) + } + publicKeyRecipient, err := utils.LoadPublicKeyFromPEM(eccPublicKeyFileNameRecipient) + if err != nil { + panic(err) + } + + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 3: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 4: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // For more information, see + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 5: Create the Raw ECDH keyring. + // This keyring uses static sender and recipient keys. This configuration calls for both of + // the keys to be on the same curve (P256 / P384 / P521). + // On encrypt, the shared secret is derived from the sender's private key and the recipient's public key. + // For this example, on decrypt, the shared secret is derived from the sender's private key and the recipient's public key; + // However, on decrypt, the recipient can construct a keyring such that the shared secret is calculated with + // the recipient's private key and the sender's public key. In both scenarios the shared secret will be the same. + RawEcdhStaticConfigurationInput := mpltypes.RawPrivateKeyToStaticPublicKeyInput{ + SenderStaticPrivateKey: privateKeySender, + RecipientPublicKey: publicKeyRecipient, + } + RawECDHStaticConfiguration := &mpltypes.RawEcdhStaticConfigurationsMemberRawPrivateKeyToStaticPublicKey{ + Value: RawEcdhStaticConfigurationInput, + } + rawEcdhKeyRingInput := mpltypes.CreateRawEcdhKeyringInput{ + CurveSpec: ecdhCurveSpec, + KeyAgreementScheme: RawECDHStaticConfiguration, + } + rawEcdhKeyring, err := matProv.CreateRawEcdhKeyring(context.Background(), rawEcdhKeyRingInput) + if err != nil { + panic(err) + } + // Step 6a: Encrypt + // A raw ecdh keyring with Ephemeral configuration cannot decrypt data since the key pair + // used as the sender is ephemeral. This means that at decrypt time it does not have + // the private key that corresponds to the public key that is stored on the message. + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + Keyring: rawEcdhKeyring, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + // (This is an example for demonstration; you do not need to do this in your own code.) + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 6b: Decrypt + decryptOutput, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + Ciphertext: res.Ciphertext, + EncryptionContext: encryptionContext, + Keyring: rawEcdhKeyring, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutput.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + if string(decryptOutput.Plaintext) == exampleText { + fmt.Println("Raw ECDH Keyring Example Completed Successfully") + } else { + panic("FAILED!") + } +} + +// This function only does subset matching because AWS Encryption SDK can add pairs, so don't require an exact match. +func validateEncryptionContext(expected, actual map[string]string) error { + for expectedKey, expectedValue := range expected { + actualValue, exists := actual[expectedKey] + if !exists || actualValue != expectedValue { + return fmt.Errorf("encryption context mismatch: expected key '%s' with value '%s'", + expectedKey, expectedValue) + } + } + return nil +} diff --git a/releases/go/encryption-sdk/examples/keyring/multikeyring/multikeyring.go b/releases/go/encryption-sdk/examples/keyring/multikeyring/multikeyring.go new file mode 100644 index 000000000..9853f7fa6 --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/multikeyring/multikeyring.go @@ -0,0 +1,233 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/* +This example sets up the Multi Keyring + +A multi-keyring is a keyring that consists of one or more individual keyrings of the +same or a different type. The effect is like using several keyrings in a series. +When you use a multi-keyring to encrypt data, any of the wrapping keys in any of its +keyrings can decrypt that data. + +When you create a multi-keyring to encrypt data, you designate one of the keyrings as +the generator keyring. All other keyrings are known as child keyrings. The generator keyring +generates and encrypts the plaintext data key. Then, all of the wrapping keys in all of the +child keyrings encrypt the same plaintext data key. The multi-keyring returns the plaintext +key and one encrypted data key for each wrapping key in the multi-keyring. If you create a +multi-keyring with no generator keyring, you can use it to decrypt data, but not to encrypt. +If the generator keyring is a KMS keyring, the generator key in the AWS KMS keyring generates +and encrypts the plaintext key. Then, all additional AWS KMS keys in the AWS KMS keyring, +and all wrapping keys in all child keyrings in the multi-keyring, encrypt the same plaintext key. + +When decrypting, the AWS Encryption SDK uses the keyrings to try to decrypt one of the encrypted +data keys. The keyrings are called in the order that they are specified in the multi-keyring. +Processing stops as soon as any key in any keyring can decrypt an encrypted data key. + +This example creates a Multi Keyring and then encrypts a custom input exampleText +with an encryption context. This example also includes some sanity checks for demonstration: +1. Ciphertext and plaintext data are not the same +2. Decryption of ciphertext is possible using the multi_keyring, +and every one of the keyrings from the multi_keyring separately +3. All decrypted plaintext value match exampleText +These sanity checks are for demonstration in the example only. You do not need these in your code. + +This example creates a multi_keyring using a KMS keyring as generator keyring and a raw AES keyring +as a child keyring. You can use different combinations of keyrings in the multi_keyring. + +For more information on how to use Multi keyrings, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-multi-keyring.html + +For more information on KMS Key identifiers, see +https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id +*/ + +package multikeyring + +import ( + "context" + "crypto/rand" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +func MultiKeyringExample(exampleText, defaultKMSKeyId, defaultKmsKeyRegion string) { + // Step 1: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 2: Create the MultiKeyring that consists of the KMS Keyring as generator and Raw AES Keyring as child keyring + // When using this MultiKeyring to encrypt data, either KMS Keyring or + // Raw AES Keyring (or a MultiKeyring containing either) may be used to decrypt the data + awsKmsKeyring := getKMSKeyring(defaultKMSKeyId, defaultKmsKeyRegion, matProv) + rawAESKeyring := getRawAESKeyring(matProv) + createMultiKeyringInput := mpltypes.CreateMultiKeyringInput{ + Generator: awsKmsKeyring, + ChildKeyrings: []mpltypes.IKeyring{rawAESKeyring}, + } + multiKeyring, err := matProv.CreateMultiKeyring(context.Background(), createMultiKeyringInput) + if err != nil { + panic(err) + } + // Step 3: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 4: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 5a: Encrypt + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + Keyring: multiKeyring, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 5b: Decrypt + decryptOutput, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + EncryptionContext: encryptionContext, + Keyring: multiKeyring, + Ciphertext: res.Ciphertext, + }) + if err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + // Demonstrate that you can also successfully decrypt data using the `rawAESKeyring` directly. + // Because you used a MultiKeyring on Encrypt, you can use either the `kmsKeyring` or + // `rawAESKeyring` individually to decrypt the data. + decryptOutputRawAES, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + Ciphertext: res.Ciphertext, + EncryptionContext: encryptionContext, + Keyring: rawAESKeyring, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutputRawAES.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutputRawAES.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + // Demonstrate that you can also successfully decrypt data using the `awsKmsKeyring` directly. + decryptOutputAwsKms, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + Ciphertext: res.Ciphertext, + EncryptionContext: encryptionContext, + Keyring: awsKmsKeyring, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutputAwsKms.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutputAwsKms.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + fmt.Println("Multi Keyring Example Completed Successfully") +} +func getKMSKeyring(kmsKeyId string, kmsRegion string, matProv *mpl.Client) mpltypes.IKeyring { + // 1. Create the aws kms client + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + kmsClient := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = kmsRegion + }) + // 2. Create Aws Kms keyring + awsKmsKeyringInput := mpltypes.CreateAwsKmsKeyringInput{ + KmsClient: kmsClient, + KmsKeyId: kmsKeyId, + } + awsKmsKeyring, err := matProv.CreateAwsKmsKeyring(context.Background(), awsKmsKeyringInput) + if err != nil { + panic(err) + } + return awsKmsKeyring +} +func getRawAESKeyring(matProv *mpl.Client) mpltypes.IKeyring { + // 1. Generate a 256-bit AES key to use with your keyring. + // In practice, you should get this key from a secure key management system such as an HSM. + key, err := generateAes256KeyBytes() + if err != nil { + panic(err) + } + // The key namespace and key name are defined by you + // and are used by the raw AES keyring to determine + // whether it should attempt to decrypt an encrypted data key. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-raw-aes-keyring + var keyNamespace = "A managed aes keys" + var keyName = "My 256-bit AES wrapping key" + // 2. Create the keyring + aesKeyRingInput := mpltypes.CreateRawAesKeyringInput{ + KeyName: keyName, + KeyNamespace: keyNamespace, + WrappingKey: key, + WrappingAlg: mpltypes.AesWrappingAlgAlgAes256GcmIv12Tag16, + } + aesKeyring, err := matProv.CreateRawAesKeyring(context.Background(), aesKeyRingInput) + return aesKeyring +} +func generateAes256KeyBytes() ([]byte, error) { + const keySize = 32 // 256 bits = 32 bytes + key := make([]byte, keySize) + // Use crypto/rand for cryptographically secure random numbers + _, err := rand.Read(key) + if err != nil { + return nil, err + } + return key, nil +} + +// This function only does subset matching because AWS Encryption SDK can add pairs, so don't require an exact match. +func validateEncryptionContext(expected, actual map[string]string) error { + for expectedKey, expectedValue := range expected { + actualValue, exists := actual[expectedKey] + if !exists || actualValue != expectedValue { + return fmt.Errorf("encryption context mismatch: expected key '%s' with value '%s'", + expectedKey, expectedValue) + } + } + return nil +} diff --git a/releases/go/encryption-sdk/examples/keyring/rawaeskeyring/rawaeskeyring.go b/releases/go/encryption-sdk/examples/keyring/rawaeskeyring/rawaeskeyring.go new file mode 100644 index 000000000..5350416f9 --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/rawaeskeyring/rawaeskeyring.go @@ -0,0 +1,138 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +/* +This example sets up the Raw AES Keyring +The Raw AES keyring lets you use an AES symmetric key that you provide as a wrapping key that +protects your data key. You need to generate, store, and protect the key material, +preferably in a hardware security module (HSM) or key management system. Use a Raw AES keyring +when you need to provide the wrapping key and encrypt the data keys locally or offline. +This example creates a Raw AES Keyring and then encrypts a custom input exampleText +with an encryption context. This example also includes some sanity checks for demonstration: +1. Ciphertext and plaintext data are not the same +2. Decrypted plaintext value matches exampleText +These sanity checks are for demonstration in the example only. You do not need these in your code. +The Raw AES keyring encrypts data by using the AES-GCM algorithm and a wrapping key that +you specify as a byte array. You can specify only one wrapping key in each Raw AES keyring, +but you can include multiple Raw AES keyrings, alone or with other keyrings, in a multi-keyring. +For more information on how to use Raw AES keyrings, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-raw-aes-keyring.html +*/ +package rawaeskeyring + +import ( + "context" + "crypto/rand" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" +) + +func RawAesExample(exampleText string) { + // Step 1: Generate a 256-bit AES key to use with your keyring. + // In practice, you should get this key from a secure key management system such as an HSM. + key, err := generateAes256KeyBytes() + if err != nil { + panic(err) + } + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 3: Create the keyring + // The key namespace and key name are defined by you + // and are used by the raw AES keyring to determine + // whether it should attempt to decrypt an encrypted data key. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-raw-aes-keyring + var keyNamespace = "A managed aes keys" + var keyName = "My 256-bit AES wrapping key" + aesKeyRingInput := mpltypes.CreateRawAesKeyringInput{ + KeyName: keyName, + KeyNamespace: keyNamespace, + WrappingKey: key, + WrappingAlg: mpltypes.AesWrappingAlgAlgAes256GcmIv12Tag16, + } + aesKeyring, err := matProv.CreateRawAesKeyring(context.Background(), aesKeyRingInput) + if err != nil { + panic(err) + } + // Step 4: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 5: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 6a: Encrypt + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + Keyring: aesKeyring, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 6b: Decrypt + decryptOutput, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + Ciphertext: res.Ciphertext, + EncryptionContext: encryptionContext, + Keyring: aesKeyring, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutput.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + fmt.Println("Raw AES Keyring Example Completed Successfully") +} + +func generateAes256KeyBytes() ([]byte, error) { + key := make([]byte, 32) // 256 bits = 32 bytes + // Use crypto/rand for cryptographically secure random numbers + _, err := rand.Read(key) + if err != nil { + return nil, err + } + return key, nil +} + +// This function only does subset matching because AWS Encryption SDK can add pairs, so don't require an exact match. +func validateEncryptionContext(expected, actual map[string]string) error { + for expectedKey, expectedValue := range expected { + actualValue, exists := actual[expectedKey] + if !exists || actualValue != expectedValue { + return fmt.Errorf("encryption context mismatch: expected key '%s' with value '%s'", + expectedKey, expectedValue) + } + } + return nil +} diff --git a/releases/go/encryption-sdk/examples/keyring/rawrsakeyring/rawrasakeyring.go b/releases/go/encryption-sdk/examples/keyring/rawrsakeyring/rawrasakeyring.go new file mode 100644 index 000000000..612556deb --- /dev/null +++ b/releases/go/encryption-sdk/examples/keyring/rawrsakeyring/rawrasakeyring.go @@ -0,0 +1,178 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +/* +This example sets up the Raw RSA Keyring +The Raw RSA keyring performs asymmetric encryption and decryption of data keys in local memory +with RSA public and private keys that you provide. +This keyring accepts PEM encodings of the key pair as UTF-8 interpreted bytes. +The encryption function encrypts the data key under the RSA public key. The decryption function +decrypts the data key using the private key. +This example generate private and public key pairs. +In practice, users of this library should not generate new key pairs +like this, and should instead retrieve an existing key from a secure +key management system (e.g. an HSM). +You may also provide your own key pair by placing PEM files in the +directory where the example is run or modifying the paths in the code +below. These files must be valid PEM encodings of the key pair as UTF-8 +encoded bytes. If you do provide your own key pair, or if a key pair +already exists, this class' main method will not generate a new key pair. +This example creates a Raw RSA Keyring and then encrypts a custom input exampleText +with an encryption context. This example also includes some sanity checks for demonstration: +1. Ciphertext and plaintext data are not the same +2. Decrypted plaintext value matches exampleText +These sanity checks are for demonstration in the example only. You do not need these in your code. +A Raw RSA keyring that encrypts and decrypts must include an asymmetric public key and private +key pair. However, you can encrypt data with a Raw RSA keyring that has only a public key, +and you can decrypt data with a Raw RSA keyring that has only a private key. This example requires +the user to either provide both private and public keys, or not provide any keys and the example +generates both to test encryption and decryption. If you configure a Raw RSA keyring with a +public and private key, be sure that they are part of the same key pair. Some language +implementations of the AWS Encryption SDK will not construct a Raw RSA keyring with keys +from different pairs. Others rely on you to verify that your keys are from the same key pair. +You can include any Raw RSA keyring in a multi-keyring. +For more information on how to use Raw RSA keyrings, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-raw-rsa-keyring.html +*/ + +package rawrsakeyring + +import ( + "context" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "encoding/pem" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" +) + +func RawRsaExample(exampleText string) { + // Step 1: Generate the key-pairs + publicKeyBlock, privateKeyBlock, err := generateKeyPair() + if err != nil { + panic(err) + } + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 3: Create the keyring + // The key namespace and key name are defined by you + // and are used by the raw RSA keyring to determine + // whether it should attempt to decrypt an encrypted data key. + // + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-raw-rsa-keyring + keyNamespace := "Some managed raw keys" + keyName := "My 2048-bit RSA wrapping key" + rsaKeyRingInput := mpltypes.CreateRawRsaKeyringInput{ + KeyName: keyName, + KeyNamespace: keyNamespace, + PaddingScheme: mpltypes.PaddingSchemeOaepSha512Mgf1, + PublicKey: pem.EncodeToMemory(publicKeyBlock), + PrivateKey: pem.EncodeToMemory(privateKeyBlock), + } + rsaKeyring, err := matProv.CreateRawRsaKeyring(context.Background(), rsaKeyRingInput) + if err != nil { + panic(err) + } + // Step 4: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + cryptoClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 5: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 6a: Encrypt + res, err := cryptoClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + Keyring: rsaKeyring, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 6b: Decrypt + // You do not need to specify the encryption context on decrypt + // because the header of the encrypted message includes the encryption context. + decryptOutput, err := cryptoClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + Ciphertext: res.Ciphertext, + Keyring: rsaKeyring, + EncryptionContext: encryptionContext, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutput.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + fmt.Println("Raw RSA Keyring Example Completed Successfully") +} + +// This function only does subset matching because AWS Encryption SDK can add pairs, so don't require an exact match. +func validateEncryptionContext(expected, actual map[string]string) error { + for expectedKey, expectedValue := range expected { + actualValue, exists := actual[expectedKey] + if !exists || actualValue != expectedValue { + return fmt.Errorf("encryption context mismatch: expected key '%s' with value '%s'", + expectedKey, expectedValue) + } + } + return nil +} + +func generateKeyPair() (*pem.Block, *pem.Block, error) { + privateKey, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + return nil, nil, err + } + // Extract public key from the private key + publicKey := &privateKey.PublicKey + // Encode public key to PKCS1 DER format + publicKeyDER, err := x509.MarshalPKIXPublicKey(publicKey) + if err != nil { + return nil, nil, err + } + privateKeyDer, err := x509.MarshalPKCS8PrivateKey(privateKey) + if err != nil { + return nil, nil, err + } + // Encode to PEM format + publicKeyBlock := &pem.Block{ + Type: "RSA PUBLIC KEY", + Bytes: publicKeyDER, + } + privateKeyBlock := &pem.Block{ + Type: "PRIVATE KEY", + Bytes: privateKeyDer, + } + return publicKeyBlock, privateKeyBlock, nil +} diff --git a/releases/go/encryption-sdk/examples/main.go b/releases/go/encryption-sdk/examples/main.go new file mode 100644 index 000000000..b58ec215b --- /dev/null +++ b/releases/go/encryption-sdk/examples/main.go @@ -0,0 +1,168 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package main + +import ( + primitivestypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/awscryptographyprimitivessmithygeneratedtypes" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/clientsupplier" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/cryptographicmaterialsmanager/requiredencryptioncontext" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/cryptographicmaterialsmanager/restrictalgorithmsuite" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/keyring/awskmsdiscoverykeyring" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/keyring/awskmsdiscoverymultikeyring" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/keyring/awskmshierarchicalkeyring" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/keyring/awskmskeyring" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/keyring/awskmsmrkdiscoverykeyring" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/keyring/awskmsmrkdiscoverymultikeyring" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/keyring/awskmsmrkkeyring" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/keyring/awskmsmrkmultikeyring" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/keyring/awskmsmultikeyring" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/keyring/awskmsrsakeyring" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/keyring/ecdh" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/keyring/multikeyring" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/keyring/rawaeskeyring" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/keyring/rawrsakeyring" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/misc" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/multithreading" + "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/examples/utils" +) + +func main() { + const stringToEncrypt = "Text To encrypt" + const numOfString = 10000 + clientsupplier.ClientSupplierExample( + stringToEncrypt, + utils.DefaultRegionMrkKeyArn(), + utils.DefaultKMSKeyAccountID(), + []string{utils.AlternateRegionMrkKeyRegion()}) + misc.CommitmentPolicyExample( + stringToEncrypt, + utils.DefaultKMSKeyId(), + utils.DefaultKmsKeyRegion()) + misc.SetEncryptionAlgorithmSuiteExample(stringToEncrypt) + var maxEncryptedDataKeys int64 = 3 + misc.LimitEncryptedDataKeyExample( + stringToEncrypt, + utils.DefaultKMSKeyId(), + utils.DefaultKmsKeyRegion(), + maxEncryptedDataKeys) + requiredencryptioncontext.RequiredEncryptionContextExample( + stringToEncrypt, + utils.DefaultKMSKeyId(), + utils.DefaultKmsKeyRegion()) + restrictalgorithmsuite.SigningOnlyExample( + stringToEncrypt, + utils.DefaultKMSKeyId(), + utils.DefaultKmsKeyRegion()) + // keyrings + ecdh.PublicKeyRawEcdhDiscoveryKeyringExample( + stringToEncrypt, + primitivestypes.ECDHCurveSpecEccNistP256, + utils.EccPublicKeyFileNameRecipient(), + utils.EccPrivateKeyFileNameRecipient()) + ecdh.EphemeralRawECDHKeyringExample( + stringToEncrypt, + primitivestypes.ECDHCurveSpecEccNistP256, + utils.EccPublicKeyFileNameRecipient()) + ecdh.RawECDHKeyringExample( + stringToEncrypt, + primitivestypes.ECDHCurveSpecEccNistP256, + utils.EccPublicKeyFileNameRecipient(), + utils.EccPrivateKeyFileNameSender()) + ecdh.AwsKmsEcdhKeyringExample( + stringToEncrypt, + primitivestypes.ECDHCurveSpecEccNistP256, + utils.KmsEcdhKeyIdP256RecipientKeyId(), + utils.KmsEcdhKeyIdP256SenderKeyId(), + utils.KmsEccPublicKeyFileNameSender(), + utils.KmsEccPublicKeyFileNameRecipient()) + ecdh.AwsKmsEcdhDiscoveryKeyringExample( + stringToEncrypt, + primitivestypes.ECDHCurveSpecEccNistP256, + utils.KmsEcdhKeyIdP256RecipientKeyId(), + utils.KmsEcdhKeyIdP256SenderKeyId(), + utils.KmsEccPublicKeyFileNameSender(), + utils.KmsEccPublicKeyFileNameRecipient()) + awskmskeyring.AwsKmsKeyringExample( + stringToEncrypt, + utils.DefaultKMSKeyId(), + utils.DefaultKMSKeyAccountID()) + awskmsrsakeyring.AwsKmsRsaExample( + stringToEncrypt, + utils.TestKmsRsaKeyID(), + utils.KmsRSAPublicKey()) + awskmsmultikeyring.AwsKmsMultiKeyringExample( + stringToEncrypt, + utils.DefaultKMSKeyId(), + utils.AlternateRegionKMSKeyId(), + utils.AlternateRegionKMSKeyRegion()) + awskmsdiscoverykeyring.AwsKmsDiscoveryKeyringExample( + stringToEncrypt, + utils.DefaultKMSKeyId(), + utils.DefaultKMSKeyAccountID()) + awskmsdiscoverymultikeyring.AwsKmsDiscoveryMultiKeyringExample( + stringToEncrypt, + utils.DefaultKMSKeyId(), + utils.DefaultKMSKeyAccountID(), + utils.Regions()) + rawrsakeyring.RawRsaExample(stringToEncrypt) + awskmsmrkkeyring.AwsKmsMrkKeyringExample( + stringToEncrypt, + utils.DefaultRegionMrkKeyArn(), + utils.AlternateRegionMrkKeyArn(), + utils.DefaultMRKKeyRegion(), + utils.AlternateRegionMrkKeyRegion()) + awskmsmrkmultikeyring.AwsKmsMrkMultiKeyringExample( + stringToEncrypt, + utils.DefaultRegionMrkKeyArn(), + utils.AlternateRegionMrkKeyArn(), + utils.DefaultKMSKeyId(), + utils.AlternateRegionMrkKeyRegion()) + awskmsmrkdiscoverykeyring.AwsKmsMrkDiscoveryKeyringExample( + stringToEncrypt, + utils.DefaultRegionMrkKeyArn(), + utils.DefaultMRKKeyRegion(), + utils.AlternateRegionMrkKeyRegion(), + utils.DefaultKMSKeyAccountID()) + awskmsmrkdiscoverymultikeyring.AwsKmsMrkDiscoveryMultiKeyringExample( + stringToEncrypt, + utils.DefaultRegionMrkKeyArn(), + utils.DefaultMRKKeyRegion(), + utils.DefaultKMSKeyAccountID(), + utils.RegionsOfMRKKeys(), + ) + awskmshierarchicalkeyring.AwsKmsHKeyExample( + stringToEncrypt, + utils.KeyStoreKMSKeyRegion(), + utils.KeyStoreRegion(), + utils.KeyStoreKMSKeyID(), + utils.KeyStoreName(), + utils.LogicalKeyStoreName(), + ) + awskmshierarchicalkeyring.CreateAndVersionBranchKeyId( + utils.KeyStoreKMSKeyRegion(), + utils.KeyStoreRegion(), + utils.KeyStoreKMSKeyID(), + utils.KeyStoreName(), + utils.LogicalKeyStoreName(), + ) + awskmshierarchicalkeyring.SharedCacheExample( + stringToEncrypt, + utils.KeyStoreKMSKeyRegion(), + utils.KeyStoreRegion(), + utils.KeyStoreKMSKeyID(), + utils.KeyStoreName(), + utils.LogicalKeyStoreName(), + ) + rawaeskeyring.RawAesExample(stringToEncrypt) + multikeyring.MultiKeyringExample( + stringToEncrypt, + utils.DefaultKMSKeyId(), + utils.DefaultKmsKeyRegion(), + ) + // Example with multithreading + multithreading.AWSKMSMultiThreadTest( + utils.GenerateUUIDTestData(numOfString), + utils.DefaultKMSKeyId(), + utils.DefaultKmsKeyRegion()) +} diff --git a/releases/go/encryption-sdk/examples/misc/commitmentpolicy.go b/releases/go/encryption-sdk/examples/misc/commitmentpolicy.go new file mode 100644 index 000000000..e6ca48000 --- /dev/null +++ b/releases/go/encryption-sdk/examples/misc/commitmentpolicy.go @@ -0,0 +1,149 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/* +This example configures a client with a specific commitment policy for the +AWS Encryption SDK client, then encrypts and decrypts data using an AWS KMS Keyring. + +The commitment policy in this example (ForbidEncryptAllowDecrypt) should only be +used as part of a migration from version 1.x to 2.x, or for advanced users with +specialized requirements. Most AWS Encryption SDK users should use the default +commitment policy (RequireEncryptRequireDecrypt). + +This example creates a KMS Keyring and then encrypts a custom input exampleText +with an encryption context for the commitment policy ForbidEncryptAllowDecrypt. +This example also includes some sanity checks for demonstration: +1. Ciphertext and plaintext data are not the same +2. Decrypted plaintext value matches exampleText +These sanity checks are for demonstration in the example only. You do not need these in your code. + +For more information on setting your commitment policy, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#commitment-policy + +For more information on KMS Key identifiers, see +https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id +*/ + +package misc + +import ( + "context" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +func CommitmentPolicyExample(exampleText, defaultKMSKeyId, defaultKmsKeyRegion string) { + // Step 1: Create the aws kms client + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + kmsClient := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = defaultKmsKeyRegion + }) + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 3: Create the keyring + awsKmsKeyringInput := mpltypes.CreateAwsKmsKeyringInput{ + KmsClient: kmsClient, + KmsKeyId: defaultKMSKeyId, + } + awsKmsKeyring, err := matProv.CreateAwsKmsKeyring(context.Background(), awsKmsKeyringInput) + if err != nil { + panic(err) + } + // Step 4: Instantiate the encryption SDK client. + // Build the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + + // Create one with the commitment policy RequireEncryptAllowDecrypt and another with ForbidEncryptAllowDecrypt. + // Read more about commitment policies here: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#commitment-policy + commitPolicyRequireEncryptRequireDecrypt := mpltypes.ESDKCommitmentPolicyRequireEncryptRequireDecrypt + commitPolicyForbidEncryptAllowDecrypt := mpltypes.ESDKCommitmentPolicyForbidEncryptAllowDecrypt + forbidEncryptClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{CommitmentPolicy: &commitPolicyForbidEncryptAllowDecrypt}) + if err != nil { + panic(err) + } + requireEncryptClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{CommitmentPolicy: &commitPolicyRequireEncryptRequireDecrypt}) + if err != nil { + panic(err) + } + // Step 5: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 6a: Encrypt + // Make sure you use a non-committing algorithm with the commitment policy ForbidEncryptAllowDecrypt. + // Otherwise encrypt() will throw + // Error: AwsCryptographicMaterialProvidersError + // { + // error: InvalidAlgorithmSuiteInfoOnEncrypt + // { + // message: "Configuration conflict. Commitment policy requires only non-committing algorithm suites" + // } + // } + // By default for ForbidEncryptAllowDecrypt, the algorithm used is + // AlgAes256GcmIv12Tag16HkdfSha384EcdsaP384 which is a non-committing algorithm. + res, err := forbidEncryptClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + Keyring: awsKmsKeyring, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 6b: Decrypt + decryptOutput, err := forbidEncryptClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + EncryptionContext: encryptionContext, + Keyring: awsKmsKeyring, + Ciphertext: res.Ciphertext, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutput.EncryptionContext); err != nil { + panic(err) + } + // Demonstrate that an EncryptionSDK that enforces Key Commitment on Decryption + // will fail to decrypt the encrypted message (as it was encrypted without Key Commitment). + _, err = requireEncryptClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + EncryptionContext: encryptionContext, + Keyring: awsKmsKeyring, + Ciphertext: res.Ciphertext, + }) + // We expect this to fail + if err == nil { + panic("Expected error but error is nil") + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + fmt.Println("Set Commitment Policy Example Completed Successfully") +} diff --git a/releases/go/encryption-sdk/examples/misc/limitencrypteddatakeysexample.go b/releases/go/encryption-sdk/examples/misc/limitencrypteddatakeysexample.go new file mode 100644 index 000000000..f5f66186e --- /dev/null +++ b/releases/go/encryption-sdk/examples/misc/limitencrypteddatakeysexample.go @@ -0,0 +1,176 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/* +Demonstrate limiting the number of Encrypted Data Keys [EDKs] allowed +when encrypting or decrypting a message. +Limiting encrypted data keys is most valuable when you are decrypting +messages from an untrusted source. +By default, the ESDK will allow up to 65,535 encrypted data keys. +A malicious actor might construct an encrypted message with thousands of +encrypted data keys, none of which can be decrypted. +As a result, the AWS Encryption SDK would attempt to decrypt each +encrypted data key until it exhausted the encrypted data keys in the message. + +For more information on limiting EDKs, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/configure.html#config-limit-keys +*/ + +package misc + +import ( + "context" + "crypto/rand" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" +) + +func LimitEncryptedDataKeyExample(exampleText, defaultKMSKeyId, defaultKmsKeyRegion string, maxEncryptedDataKeys int64) { + // Step 1: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 2: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + // Also, set the EncryptionSDK's MaxEncryptedDataKeys parameter here + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{ + MaxEncryptedDataKeys: &maxEncryptedDataKeys, + }) + if err != nil { + panic(err) + } + // Step 3: Generate `maxEncryptedDataKeys` AES keyrings to use with your keyring. + // In practice, you should get this key from a secure key management system such as an HSM. + rawAESKeyrings := make([]mpltypes.IKeyring, 0, maxEncryptedDataKeys) + var i int64 = 0 + for i < maxEncryptedDataKeys { + rawAESKeyrings = append(rawAESKeyrings, getRawAESKeyring(matProv)) + i++ + } + // Step 4: Create a Multi Keyring with `maxEncryptedDataKeys` AES Keyrings + createMultiKeyringInput := mpltypes.CreateMultiKeyringInput{ + Generator: rawAESKeyrings[0], + ChildKeyrings: rawAESKeyrings[1:], + } + multiKeyring, err := matProv.CreateMultiKeyring(context.Background(), createMultiKeyringInput) + if err != nil { + panic(err) + } + // Step 4: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 5a: Encrypt + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + Keyring: multiKeyring, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 5b: Decrypt + decryptOutput, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + EncryptionContext: encryptionContext, + Keyring: multiKeyring, + Ciphertext: res.Ciphertext, + }) + if err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutput.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + // Demonstrate that an EncryptionSDK with a lower MaxEncryptedDataKeys + // will fail to decrypt the encrypted message. + // (This is an example for demonstration; you do not need to do this in your own code.) + lowerMaxEncryptedDataKeys := maxEncryptedDataKeys - 1 + encryptionClientIncorrectMaxEncryptedKeys, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{ + MaxEncryptedDataKeys: &lowerMaxEncryptedDataKeys, + }) + if err != nil { + panic(err) + } + _, err = encryptionClientIncorrectMaxEncryptedKeys.Decrypt(context.Background(), esdktypes.DecryptInput{ + EncryptionContext: encryptionContext, + Keyring: multiKeyring, + Ciphertext: res.Ciphertext, + }) + if err == nil { + panic("Expected error not found.") + } + // Swallow the AwsCryptographicMaterialProvidersException but you may choose how to handle the exception + switch err.(type) { + case esdktypes.AwsEncryptionSdkException: + // You may choose how to handle the exception in this switch case. + default: + panic("Decryption using lower then max encrypted data keys MUST raise AwsEncryptionSdkException") + } + fmt.Println("Limit Encrypted Data Key Example completed successfully") +} + +func getRawAESKeyring(matProv *mpl.Client) mpltypes.IKeyring { + // 1. Generate a 256-bit AES key to use with your keyring. + // In practice, you should get this key from a secure key management system such as an HSM. + key, err := generate256KeyBytesAES() + if err != nil { + panic(err) + } + // The key namespace and key name are defined by you + // and are used by the raw AES keyring to determine + // whether it should attempt to decrypt an encrypted data key. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-raw-aes-keyring + var keyNamespace = "A managed aes keys" + var keyName = "My 256-bit AES wrapping key" + // 2. Create the keyring + aesKeyRingInput := mpltypes.CreateRawAesKeyringInput{ + KeyName: keyName, + KeyNamespace: keyNamespace, + WrappingKey: key, + WrappingAlg: mpltypes.AesWrappingAlgAlgAes256GcmIv12Tag16, + } + aesKeyring, err := matProv.CreateRawAesKeyring(context.Background(), aesKeyRingInput) + return aesKeyring +} + +func generate256KeyBytesAES() ([]byte, error) { + const keySize = 32 // 256 bits = 32 bytes + key := make([]byte, keySize) + // Use crypto/rand for cryptographically secure random numbers + _, err := rand.Read(key) + if err != nil { + return nil, err + } + return key, nil +} diff --git a/releases/go/encryption-sdk/examples/misc/setencryptionalgorithmsuite.go b/releases/go/encryption-sdk/examples/misc/setencryptionalgorithmsuite.go new file mode 100644 index 000000000..0a0050de8 --- /dev/null +++ b/releases/go/encryption-sdk/examples/misc/setencryptionalgorithmsuite.go @@ -0,0 +1,171 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/* +This example demonstrates how to set an algorithm suite while using the Raw AES Keyring +in the AWS Encryption SDK. + +The algorithm suite used in the encrypt() method is the algorithm used to protect your +data using the data key. By setting this algorithm, you can configure the algorithm used +to encrypt and decrypt your data. + +Algorithm suites can be set in a similar manner in other keyrings as well. However, +please make sure that you're using a logical algorithm suite that is compatible with your +keyring. For more information on algorithm suites supported by the AWS Encryption SDK, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/supported-algorithms.html + +The AES wrapping algorithm (AesWrappingAlg::AlgAes256GcmIv12Tag16) protects your data key using +the user-provided wrapping key. In contrast, the algorithm suite used in the encrypt() method +is the algorithm used to protect your data using the data key. This example demonstrates setting the +latter, which is the algorithm suite for protecting your data. When the commitment policy is +RequireEncryptRequireDecrypt, the default algorithm used in the encrypt method is +AlgAes256GcmHkdfSha512CommitKeyEcdsaP384, which is a committing and signing algorithm. +Signature verification ensures the integrity of a digital message as it goes across trust +boundaries. However, signature verification adds a significant performance cost to encryption +and decryption. If encryptors and decryptors are equally trusted, we can consider using an algorithm +suite that does not include signing. This example sets the algorithm suite as +AlgAes256GcmHkdfSha512CommitKey, which is a committing but non-signing algorithm. +For more information on digital signatures, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#digital-sigs + +This example creates a Raw AES Keyring and then encrypts a custom input EXAMPLE_DATA +with an encryption context and the algorithm suite AlgAes256GcmHkdfSha512CommitKey. +This example also includes some sanity checks for demonstration: +1. Ciphertext and plaintext data are not the same +2. Decrypted plaintext value matches EXAMPLE_DATA +These sanity checks are for demonstration in the example only. You do not need these in your code. + +For more information on how to use Raw AES keyrings, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-raw-aes-keyring.html +*/ + +package misc + +import ( + "context" + "crypto/rand" + "fmt" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" +) + +func SetEncryptionAlgorithmSuiteExample(exampleText string) { + // Step 1: Generate a 256-bit AES key to use with your keyring. + // In practice, you should get this key from a secure key management system such as an HSM. + key, err := generateAes256KeyBytes() + if err != nil { + panic(err) + } + // Step 2: Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Step 3: Create the keyring + // The key namespace and key name are defined by you + // and are used by the raw AES keyring to determine + // whether it should attempt to decrypt an encrypted data key. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-raw-aes-keyring + var keyNamespace = "A managed aes keys" + var keyName = "My 256-bit AES wrapping key" + // Note: The wrapping algorithm here is NOT the algorithm suite we set in this example. + aesKeyRingInput := mpltypes.CreateRawAesKeyringInput{ + KeyName: keyName, + KeyNamespace: keyNamespace, + WrappingKey: key, + WrappingAlg: mpltypes.AesWrappingAlgAlgAes256GcmIv12Tag16, + } + aesKeyring, err := matProv.CreateRawAesKeyring(context.Background(), aesKeyRingInput) + if err != nil { + panic(err) + } + // Step 4: Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Step 5: Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Step 6a: Encrypt + // Here, we customize the Algorithm Suite that is used to Encrypt the plaintext. + // In particular, we use an Algorithm Suite without Signing. + // Signature verification adds a significant performance cost on decryption. + // If the users encrypting data and the users decrypting data are equally trusted, + // consider using an algorithm suite that does not include signing. + // See more about Digital Signatures: + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#digital-sigs + algorithmSuiteId := mpltypes.ESDKAlgorithmSuiteIdAlgAes256GcmHkdfSha512CommitKey + res, err := encryptionClient.Encrypt(context.Background(), esdktypes.EncryptInput{ + Plaintext: []byte(exampleText), + EncryptionContext: encryptionContext, + Keyring: aesKeyring, + AlgorithmSuiteId: &algorithmSuiteId, + }) + if err != nil { + panic(err) + } + // Validate Ciphertext and Plaintext before encryption are NOT the same + if string(res.Ciphertext) == exampleText { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Step 6b: Decrypt + decryptOutput, err := encryptionClient.Decrypt(context.Background(), esdktypes.DecryptInput{ + Ciphertext: res.Ciphertext, + EncryptionContext: encryptionContext, + Keyring: aesKeyring, + }) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err = validateEncryptionContext(encryptionContext, decryptOutput.EncryptionContext); err != nil { + panic(err) + } + // Validate Plaintext after decryption and Plaintext before encryption ARE the same + if string(decryptOutput.Plaintext) != exampleText { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + fmt.Println("Set Encryption Algorithm Suite Example Completed Successfully") +} + +func generateAes256KeyBytes() ([]byte, error) { + numOfBytes := 32 // 256 bits = 32 bytes + key := make([]byte, numOfBytes) + // Use crypto/rand for cryptographically secure random numbers + _, err := rand.Read(key) + if err != nil { + return nil, err + } + return key, nil +} + +// This function only does subset matching because AWS Encryption SDK can add pairs, so don't require an exact match. +func validateEncryptionContext(expected, actual map[string]string) error { + for expectedKey, expectedValue := range expected { + actualValue, exists := actual[expectedKey] + if !exists || actualValue != expectedValue { + return fmt.Errorf("encryption context mismatch: expected key '%s' with value '%s'", + expectedKey, expectedValue) + } + } + return nil +} diff --git a/releases/go/encryption-sdk/examples/multithreading/awskmskeyring.go b/releases/go/encryption-sdk/examples/multithreading/awskmskeyring.go new file mode 100644 index 000000000..8ef6dfcfe --- /dev/null +++ b/releases/go/encryption-sdk/examples/multithreading/awskmskeyring.go @@ -0,0 +1,193 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +/* +This example sets up the AWS KMS Keyring in an multithreaded environment. +The AWS KMS keyring uses symmetric encryption KMS keys to generate, encrypt and +decrypt data keys. This example creates a KMS Keyring and then encrypts a custom input exampleText +with an encryption context. This example also includes some sanity checks for demonstration: +1. Ciphertext and plaintext data are not the same +2. Decrypted plaintext value matches exampleText +These sanity checks are for demonstration in the example only. You do not need these in your code. +AWS KMS keyrings can be used independently or in a multi-keyring with other keyrings +of the same or a different type. +For more information on how to use KMS keyrings, see +https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-keyring.html +For more information on KMS Key identifiers, see +https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id +*/ + +package multithreading + +import ( + "context" + "fmt" + "sync" + + mpl "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygenerated" + mpltypes "github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl/awscryptographymaterialproviderssmithygeneratedtypes" + client "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygenerated" + esdktypes "github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk/awscryptographyencryptionsdksmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/kms" +) + +// Function to handle encryption +func encryptData( + ctx context.Context, + encryptionClient *client.Client, + plaintext string, + encryptionContext map[string]string, + keyring mpltypes.IKeyring) (*esdktypes.EncryptOutput, error) { + res, err := encryptionClient.Encrypt(ctx, esdktypes.EncryptInput{ + Plaintext: []byte(plaintext), + EncryptionContext: encryptionContext, + Keyring: keyring, + }) + return res, err +} + +// Function to handle decryption +func decryptData( + ctx context.Context, + encryptionClient *client.Client, + ciphertext []byte, + encryptionContext map[string]string, + keyring mpltypes.IKeyring) (*esdktypes.DecryptOutput, error) { + res, err := encryptionClient.Decrypt(ctx, esdktypes.DecryptInput{ + EncryptionContext: encryptionContext, + Keyring: keyring, + Ciphertext: ciphertext, + }) + return res, err +} + +func processEncryptionWorker( + ctx context.Context, + wg *sync.WaitGroup, + jobs <-chan string, + encryptionClient *client.Client, + awsKmsKeyring mpltypes.IKeyring, + encryptionContext map[string]string, +) { + defer wg.Done() + for plaintext := range jobs { + // Perform encryption + encryptResult, err := encryptData( + ctx, + encryptionClient, + plaintext, + encryptionContext, + awsKmsKeyring) + if err != nil { + panic(err) + } + // Verify ciphertext is different from plaintext + if string(encryptResult.Ciphertext) == plaintext { + panic("Ciphertext and Plaintext before encryption are the same") + } + // Perform decryption + decryptResult, err := decryptData( + ctx, + encryptionClient, + encryptResult.Ciphertext, + encryptionContext, + awsKmsKeyring, + ) + if err != nil { + panic(err) + } + // If you do not specify the encryption context on Decrypt, it's recommended to check if the resulting encryption context matches. + // The encryption context was specified on decrypt; we are validating the encryption context for demonstration only. + // Before your application uses plaintext data, verify that the encryption context that + // you used to encrypt the message is included in the encryption context that was used to + // decrypt the message. The AWS Encryption SDK can add pairs, so don't require an exact match. + if err := validateEncryptionContext(encryptionContext, decryptResult.EncryptionContext); err != nil { + panic(err) + } + if string(decryptResult.Plaintext) != plaintext { + panic("Plaintext after decryption and Plaintext before encryption are NOT the same") + } + } +} + +func AWSKMSMultiThreadTest(texts []string, defaultKmsKeyID, defaultKmsKeyRegion string) { + // Create the AWS KMS client + cfg, err := config.LoadDefaultConfig(context.TODO()) + if err != nil { + panic(err) + } + kmsClient := kms.NewFromConfig(cfg, func(o *kms.Options) { + o.Region = defaultKmsKeyRegion + }) + // Initialize the mpl client + matProv, err := mpl.NewClient(mpltypes.MaterialProvidersConfig{}) + if err != nil { + panic(err) + } + // Create the keyring + ctx := context.Background() + awsKmsKeyringInput := mpltypes.CreateAwsKmsKeyringInput{ + KmsClient: kmsClient, + KmsKeyId: defaultKmsKeyID, + } + awsKmsKeyring, err := matProv.CreateAwsKmsKeyring(ctx, awsKmsKeyringInput) + if err != nil { + panic(err) + } + // Instantiate the encryption SDK client. + // This builds the default client with the RequireEncryptRequireDecrypt commitment policy, + // which enforces that this client only encrypts using committing algorithm suites and enforces + // that this client will only decrypt encrypted messages that were created with a committing + // algorithm suite. + encryptionClient, err := client.NewClient(esdktypes.AwsEncryptionSdkConfig{}) + if err != nil { + panic(err) + } + // Create your encryption context (Optional). + // Remember that your encryption context is NOT SECRET. + // https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context + encryptionContext := map[string]string{ + "encryption": "context", + "is not": "secret", + "but adds": "useful metadata", + "that can help you": "be confident that", + "the data you are handling": "is what you think it is", + } + // Create buffered channels to handle multiple operations + // As an example, we will have 10 workers, adjust this number as needed. + numWorkers := 10 + + // Create a wait group to track all goroutines + var wg sync.WaitGroup + + // Create a channel to send a plaintext + jobs := make(chan string, len(texts)) + + // Start worker pool + for range numWorkers { + wg.Add(1) + go processEncryptionWorker(ctx, &wg, jobs, encryptionClient, awsKmsKeyring, encryptionContext) + } + + // Send jobs to workers + for _, text := range texts { + jobs <- text + } + close(jobs) + // Wait for all workers to complete + wg.Wait() + fmt.Println("AWS KMS Keyring example in multithreaded environment completed successfully.") +} + +// This function only does subset matching because AWS Encryption SDK can add pairs, so don't require an exact match. +func validateEncryptionContext(expected, actual map[string]string) error { + for expectedKey, expectedValue := range expected { + actualValue, exists := actual[expectedKey] + if !exists || actualValue != expectedValue { + return fmt.Errorf("encryption context mismatch: expected key '%s' with value '%s'", + expectedKey, expectedValue) + } + } + return nil +} diff --git a/releases/go/encryption-sdk/examples/utils/exampleUtils.go b/releases/go/encryption-sdk/examples/utils/exampleUtils.go new file mode 100644 index 000000000..0c02b1148 --- /dev/null +++ b/releases/go/encryption-sdk/examples/utils/exampleUtils.go @@ -0,0 +1,336 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package utils + +import ( + "context" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/x509" + "encoding/pem" + "errors" + "fmt" + "os" + + "github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives/awscryptographyprimitivessmithygeneratedtypes" + "github.com/aws/aws-sdk-go-v2/service/kms" + "github.com/google/uuid" +) + +const ( + testKmsRsaPublicKey = `-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA27Uc/fBaMVhxCE/SpCMQ +oSBRSzQJw+o2hBaA+FiPGtiJ/aPy7sn18aCkelaSj4kwoC79b/arNHlkjc7OJFsN +/GoFKgNvaiY4lOeJqEiWQGSSgHtsJLdbO2u4OOSxh8qIRAMKbMgQDVX4FR/PLKeK +fc2aCDvcNSpAM++8NlNmv7+xQBJydr5ce91eISbHkFRkK3/bAM+1iddupoRw4Wo2 +r3avzrg5xBHmzR7u1FTab22Op3Hgb2dBLZH43wNKAceVwKqKA8UNAxashFON7xK9 +yy4kfOL0Z/nhxRKe4jRZ/5v508qIzgzCksYy7Y3QbMejAtiYnr7s5/d5KWw0swou +twIDAQAB +-----END PUBLIC KEY-----` + testKmsRsaKeyID = "arn:aws:kms:us-west-2:370957321024:key/mrk-63d386cb70614ea59b32ad65c9315297" + testDefaultKMSKeyId = "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f" + defaultKmsKeyRegion = "us-west-2" + testAlternateRegionKMSKeyId = "arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2" + testAlternateRegionKMSKeyRegion = "eu-central-1" + testDefaultMRKKeyId = "arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7" + defaultMRKKeyRegion = "us-east-1" + testAlternateRegionMrkKeyId = "arn:aws:kms:eu-west-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7" + alternateRegionMrkKeyRegion = "eu-west-1" + testKeyStoreKMSKeyRegion = "us-west-2" + testKeyStoreKMSKeyID = "arn:aws:kms:us-west-2:370957321024:key/9d989aa2-2f9c-438c-a745-cc57d3ad0126" + testLogicalKeyStoreName = "KeyStoreDdbTable" + testKeyStoreName = "KeyStoreDdbTable" + testKeyStoreRegion = "us-west-2" + defaultKMSKeyAccountID = "658956600833" + eccPrivateKeyFileNameSender = "sender_private.pem" + eccPrivateKeyFileNameRecipient = "recipient_private.pem" + eccPublicKeyFileNameRecipient = "recipient_public.pem" + kmsEccPublicKeyFileNameRecipient = "KmsEccKeyringExamplePublicKeyRecipient.pem" + kmsEccPublicKeyFileNameSender = "KmsEccKeyringExamplePublicKeySender.pem" + testKmsEcdhKeyIdP256SenderKeyId = "arn:aws:kms:us-west-2:370957321024:key/eabdf483-6be2-4d2d-8ee4-8c2583d416e9" + testKmsEcdhKeyIdP256RecipientKeyId = "arn:aws:kms:us-west-2:370957321024:key/0265c8e9-5b6a-4055-8f70-63719e09fda5" +) + +// Getter functions + +func KmsEcdhKeyIdP256SenderKeyId() string { + return testKmsEcdhKeyIdP256SenderKeyId +} + +func KmsEcdhKeyIdP256RecipientKeyId() string { + return testKmsEcdhKeyIdP256RecipientKeyId +} + +func KmsEccPublicKeyFileNameRecipient() string { + return kmsEccPublicKeyFileNameRecipient +} + +func KmsEccPublicKeyFileNameSender() string { + return kmsEccPublicKeyFileNameSender +} + +func EccPrivateKeyFileNameSender() string { + return eccPrivateKeyFileNameSender +} + +func EccPrivateKeyFileNameRecipient() string { + return eccPrivateKeyFileNameRecipient +} + +func EccPublicKeyFileNameRecipient() string { + return eccPublicKeyFileNameRecipient +} + +func RegionsOfMRKKeys() []string { + return []string{defaultMRKKeyRegion, alternateRegionMrkKeyRegion} +} + +func Regions() []string { + return []string{defaultKmsKeyRegion, testAlternateRegionKMSKeyRegion} +} + +func DefaultKmsKeyRegion() string { + return defaultKmsKeyRegion +} + +func DefaultMRKKeyRegion() string { + return defaultMRKKeyRegion +} + +func AlternateRegionMrkKeyRegion() string { + return alternateRegionMrkKeyRegion +} + +func AlternateRegionMrkKeyArn() string { + return testAlternateRegionMrkKeyId +} + +func DefaultRegionMrkKeyArn() string { + return testDefaultMRKKeyId +} + +func AlternateRegionKMSKeyRegion() string { + return testAlternateRegionKMSKeyRegion +} + +func AlternateRegionKMSKeyId() string { + return testAlternateRegionKMSKeyId +} + +func DefaultKMSKeyAccountID() string { + return defaultKMSKeyAccountID +} + +func DefaultKMSKeyId() string { + return testDefaultKMSKeyId +} + +func TestKmsRsaKeyID() string { + return testKmsRsaKeyID +} + +func KmsRSAPublicKey() []byte { + return []byte(testKmsRsaPublicKey) +} + +func KeyStoreRegion() string { + return testKeyStoreRegion +} + +func KeyStoreKMSKeyRegion() string { + return testKeyStoreKMSKeyRegion +} + +func KeyStoreKMSKeyID() string { + return testKeyStoreKMSKeyID +} + +func LogicalKeyStoreName() string { + return testLogicalKeyStoreName +} + +func KeyStoreName() string { + return testKeyStoreName +} + +// Utility functions + +func WriteRawEcdhEccKeys(ecdhCurveSpec awscryptographyprimitivessmithygeneratedtypes.ECDHCurveSpec) error { + // Safety check: Validate neither file is present + if FileExists(eccPrivateKeyFileNameSender) || + FileExists(eccPrivateKeyFileNameRecipient) || + FileExists(eccPublicKeyFileNameRecipient) { + return errors.New("WriteRawEcdhEccKeys will not overwrite existing PEM files") + } + + // Generate key pairs + _, privateKeySender, err := generateRawEccKeyPair(ecdhCurveSpec) + if err != nil { + return err + } + + publicKeyRecipient, privateKeyRecipient, err := generateRawEccKeyPair(ecdhCurveSpec) + if err != nil { + return err + } + + // Create PEM blocks + privateKeySenderPEM := &pem.Block{ + Type: "PRIVATE KEY", + Bytes: privateKeySender, + } + + privateKeyRecipientPEM := &pem.Block{ + Type: "PRIVATE KEY", + Bytes: privateKeyRecipient, + } + + publicKeyRecipientPEM := &pem.Block{ + Type: "PUBLIC KEY", + Bytes: publicKeyRecipient, + } + + // Write private key for sender in PEM format + err = os.WriteFile( + eccPrivateKeyFileNameSender, + pem.EncodeToMemory(privateKeySenderPEM), + 0600, + ) + if err != nil { + return fmt.Errorf("failed to write sender's private key: %w", err) + } + + // Write private key for recipient in PEM format + err = os.WriteFile( + eccPrivateKeyFileNameRecipient, + pem.EncodeToMemory(privateKeyRecipientPEM), + 0600, + ) + if err != nil { + return fmt.Errorf("failed to write recipient's private key: %w", err) + } + + // Write public key for recipient in PEM format + err = os.WriteFile( + eccPublicKeyFileNameRecipient, + pem.EncodeToMemory(publicKeyRecipientPEM), + 0600, + ) + if err != nil { + return fmt.Errorf("failed to write recipient's public key: %w", err) + } + + return nil +} + +func LoadPublicKeyFromPEM(filename string) ([]byte, error) { + // Read the PEM file content as string + pemContent, err := os.ReadFile(filename) + if err != nil { + return nil, fmt.Errorf("failed to read PEM file: %w", err) + } + // Parse PEM block + block, _ := pem.Decode(pemContent) + + if block == nil { + return nil, fmt.Errorf("failed to decode PEM block") + } + + // The block.Bytes contains the DER encoded key + return block.Bytes, nil +} + +func FileExists(filename string) bool { + _, err := os.Stat(filename) + return !os.IsNotExist(err) +} + +func generateRawEccKeyPair(curveSpec awscryptographyprimitivessmithygeneratedtypes.ECDHCurveSpec) ([]byte, []byte, error) { + // Select the appropriate elliptic curve based on the specification + var curve elliptic.Curve + switch curveSpec { + case awscryptographyprimitivessmithygeneratedtypes.ECDHCurveSpecEccNistP256: + curve = elliptic.P256() + case awscryptographyprimitivessmithygeneratedtypes.ECDHCurveSpecEccNistP384: + curve = elliptic.P384() + case awscryptographyprimitivessmithygeneratedtypes.ECDHCurveSpecEccNistP521: + curve = elliptic.P521() + default: + return nil, nil, fmt.Errorf("unsupported curve specification: %s", curveSpec) + } + // Generate the private key + privateKey, err := ecdsa.GenerateKey(curve, rand.Reader) + if err != nil { + return nil, nil, fmt.Errorf("failed to generate private key: %w", err) + } + // Extract the public key + publicKey := &privateKey.PublicKey + // Marshal the private key to bytes (X.509 PKCS#8 format) + privateKeyBytes, err := x509.MarshalPKCS8PrivateKey(privateKey) + if err != nil { + return nil, nil, fmt.Errorf("failed to marshal private key: %w", err) + } + // Marshal the public key to bytes (X.509 SPKI format) + publicKeyBytes, err := x509.MarshalPKIXPublicKey(publicKey) + if err != nil { + return nil, nil, fmt.Errorf("failed to marshal public key: %w", err) + } + return publicKeyBytes, privateKeyBytes, nil +} + +func WriteKmsEcdhEccPublicKey(eccKeyArn, publicKeyFileName string, kmsClient *kms.Client) error { + // Safety check: Validate neither file is present + if FileExists(publicKeyFileName) { + return errors.New("WriteKmsEcdhEccPublicKey will not overwrite existing PEM files") + } + // Generate public key + publicKey, err := GenerateKmsEccPublicKey(eccKeyArn, kmsClient) + if err != nil { + return fmt.Errorf("failed to generate public key: %w", err) + } + // Create PEM block + pemBlock := &pem.Block{ + Type: "PUBLIC KEY", + Bytes: publicKey, + } + // Encode PEM + pemData := pem.EncodeToMemory(pemBlock) + if pemData == nil { + return errors.New("failed to encode PEM data") + } + // Write file with proper permissions + err = os.WriteFile(publicKeyFileName, pemData, 0600) + if err != nil { + return fmt.Errorf("failed to write public key file: %w", err) + } + return nil +} + +func GenerateKmsEccPublicKey(eccKeyArn string, kmsClient *kms.Client) ([]byte, error) { + ctx := context.Background() + // Get public key from KMS + response, err := kmsClient.GetPublicKey(ctx, &kms.GetPublicKeyInput{ + KeyId: &eccKeyArn, + }) + if err != nil { + return nil, fmt.Errorf("failed to get public key from KMS: %w", err) + } + // Check if public key is present + if response.PublicKey == nil { + return nil, errors.New("no public key in KMS response") + } + return response.PublicKey, nil +} + +// GenerateUUIDTestData creates an array of random UUID strings +func GenerateUUIDTestData(count int) []string { + testData := make([]string, count) + for i := 0; i < count; i++ { + // Generate a random UUID + uuid := uuid.New() + testData[i] = uuid.String() + } + return testData +} diff --git a/releases/go/encryption-sdk/go.mod b/releases/go/encryption-sdk/go.mod new file mode 100644 index 000000000..58728527f --- /dev/null +++ b/releases/go/encryption-sdk/go.mod @@ -0,0 +1,35 @@ +module github.com/aws/aws-encryption-sdk/releases/go/encryption-sdk + +go 1.23.0 + +require github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library v0.0.1 + +require ( + github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb v0.0.3 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms v0.0.1 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl v0.0.1 + github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives v0.0.1 + github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2 + +) + +require ( + github.com/aws/aws-sdk-go-v2 v1.33.0 // indirect + github.com/aws/aws-sdk-go-v2/config v1.29.0 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.53 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect + github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.9 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 // indirect + github.com/aws/aws-sdk-go-v2/service/kms v1.37.12 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.10 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.9 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.8 // indirect + github.com/aws/smithy-go v1.22.1 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect +) diff --git a/releases/go/encryption-sdk/go.sum b/releases/go/encryption-sdk/go.sum new file mode 100644 index 000000000..274e59dc0 --- /dev/null +++ b/releases/go/encryption-sdk/go.sum @@ -0,0 +1,58 @@ +github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb v0.0.3 h1:JY/4eTs5ObPqZFk6dDNvoCkomUvKtYGBtFp5rvfIV20= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/dynamodb v0.0.3/go.mod h1:8mHZUqK00Oga2z7H6Kp8LZGkEBKSWUUT/nkeoIR8GiM= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms v0.0.1 h1:jvMM4fgVZ116L8VPfdEa3GxJiU7ic/krHCAIyeIcPJY= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/kms v0.0.1/go.mod h1:6QCmXRQJNf1XId129cnFqpWK9DHamyyqmC7GKxHmcEE= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl v0.0.1 h1:0FVo3F6hsrrYhV9AtFUr/Z0TpRwvSO5l/W1bOdWtg4c= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/mpl v0.0.1/go.mod h1:+QLHsXYeIZqA4WDjQBXNDm5r5T3zyIxE0q/k2l76apc= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives v0.0.1 h1:Iy8Va/0Aa43JQkzGKlTjOvBlecTyZCIOg1JqRRyWH9g= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/primitives v0.0.1/go.mod h1:aPCFt/cDDuUlg6aWLSTPW6ZPqivNt3pNzDWCsBFRQtE= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library v0.0.1 h1:GMsJ9YTY+JcaZDlaTDOtiqrOXvR909fjXQtv9ed8Ip4= +github.com/aws/aws-cryptographic-material-providers-library/releases/go/smithy-dafny-standard-library v0.0.1/go.mod h1:m3mzHKiNiSC0LWeWX6ZAxSe6mKbJHgliux1Yu/sjCYI= +github.com/aws/aws-sdk-go-v2 v1.33.0 h1:Evgm4DI9imD81V0WwD+TN4DCwjUMdc94TrduMLbgZJs= +github.com/aws/aws-sdk-go-v2 v1.33.0/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2/config v1.29.0 h1:Vk/u4jof33or1qAQLdofpjKV7mQQT7DcUpnYx8kdmxY= +github.com/aws/aws-sdk-go-v2/config v1.29.0/go.mod h1:iXAZK3Gxvpq3tA+B9WaDYpZis7M8KFgdrDPMmHrgbJM= +github.com/aws/aws-sdk-go-v2/credentials v1.17.53 h1:lwrVhiEDW5yXsuVKlFVUnR2R50zt2DklhOyeLETqDuE= +github.com/aws/aws-sdk-go-v2/credentials v1.17.53/go.mod h1:CkqM1bIw/xjEpBMhBnvqUXYZbpCFuj6dnCAyDk2AtAY= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24 h1:5grmdTdMsovn9kPZPI23Hhvp0ZyNm5cRO+IZFIYiAfw= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.24/go.mod h1:zqi7TVKTswH3Ozq28PkmBmgzG1tona7mo9G2IJg4Cis= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28 h1:igORFSiH3bfq4lxKFkTSYDhJEUCYo6C8VKiWJjYwQuQ= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.28/go.mod h1:3So8EA/aAYm36L7XIvCVwLa0s5N0P7o2b1oqnx/2R4g= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28 h1:1mOW9zAUMhTSrMDssEHS/ajx8JcAj/IcftzcmNlmVLI= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.28/go.mod h1:kGlXVIWDfvt2Ox5zEaNglmq0hXPHgQFNMix33Tw22jA= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.4 h1:pK2f6BM2vfbWOvjirUIabQH52fa1MycnFi1F8Ismeog= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.39.4/go.mod h1:2xlKGs8OTgN92fRVfP4EgFgQGhYwVI7LQ2PLQ0tIFAQ= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.9 h1:ramlTFqWSsOt4Y/skpd30D8oI0kfKf5wd1Yu9C5HhPw= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.9/go.mod h1:+B//vxKaB6Z/HfJfRV4ikLz0M7nIcKheHKm96FuaRrs= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9 h1:TQmKDyETFGiXVhZfQ/I0cCFziqqX58pi4tKJGYGFSz0= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.9/go.mod h1:HVLPK2iHQBUx7HfZeOQSEu3v2ubZaAY2YPbAm5/WUyY= +github.com/aws/aws-sdk-go-v2/service/kms v1.37.12 h1:jkZNsp+0NwC2isvmcRb2p1EYm188weJTfgcVr+3E9Pc= +github.com/aws/aws-sdk-go-v2/service/kms v1.37.12/go.mod h1:TTGECZ6vGfx8k/pmzQKokSJy7ux2PJID4r96QCh5L0A= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.10 h1:DyZUj3xSw3FR3TXSwDhPhuZkkT14QHBiacdbUVcD0Dg= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.10/go.mod h1:Ro744S4fKiCCuZECXgOi760TiYylUM8ZBf6OGiZzJtY= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.9 h1:I1TsPEs34vbpOnR81GIcAq4/3Ud+jRHVGwx6qLQUHLs= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.9/go.mod h1:Fzsj6lZEb8AkTE5S68OhcbBqeWPsR8RnGuKPr8Todl8= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.8 h1:pqEJQtlKWvnv3B6VRt60ZmsHy3SotlEBvfUBPB1KVcM= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.8/go.mod h1:f6vjfZER1M17Fokn0IzssOTMT2N8ZSq+7jnNF0tArvw= +github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= +github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2 h1:g/xAj4F7Zt9wXJ6QjfbfocVi/ZYlAFpNddHCFyfzRDg= +github.com/dafny-lang/DafnyRuntimeGo/v4 v4.9.2/go.mod h1:l2Tm4N2DKuq3ljONC2vOATeM9PUpXbIc8SgXdwwqEto= +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=