Skip to content

Commit

Permalink
chore: remove assert to fix verification (#1360)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ajewellamz
ajewellamz committed Sep 13, 2024
1 parent 303a8bd commit 8849c1e
Show file tree
Hide file tree
Showing 2 changed files with 0 additions and 20 deletions.
10 changes: 0 additions & 10 deletions DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/QueryTransform.dfy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,16 +92,6 @@ module QueryTransform {
var decryptRes := tableConfig.itemEncryptor.DecryptItem(decryptInput);
var decrypted :- MapError(decryptRes);

// If the decrypted result was plaintext, i.e. has no parsedHeader
// then this is expected IFF the table config allows plaintext read
assert decrypted.parsedHeader.None? ==>
&& EncOps.IsPlaintextItem(encryptedItems[x])
&& !tableConfig.plaintextOverride.FORBID_PLAINTEXT_WRITE_FORBID_PLAINTEXT_READ?
&& (
|| tableConfig.plaintextOverride.FORBID_PLAINTEXT_WRITE_ALLOW_PLAINTEXT_READ?
|| tableConfig.plaintextOverride.FORCE_PLAINTEXT_WRITE_ALLOW_PLAINTEXT_READ?
);

if keyId.KeyId? && decrypted.parsedHeader.Some? {
:- Need(|decrypted.parsedHeader.value.encryptedDataKeys| == 1, E("Query result has more than one Encrypted Data Key"));
if decrypted.parsedHeader.value.encryptedDataKeys[0].keyProviderInfo == keyIdUtf8 {
Expand Down
10 changes: 0 additions & 10 deletions DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/ScanTransform.dfy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,16 +90,6 @@ module ScanTransform {
var decryptRes := tableConfig.itemEncryptor.DecryptItem(decryptInput);
var decrypted :- MapError(decryptRes);

// If the decrypted result was plaintext, i.e. has no parsedHeader
// then this is expected IFF the table config allows plaintext read
assert decrypted.parsedHeader.None? ==>
&& EncOps.IsPlaintextItem(encryptedItems[x])
&& !tableConfig.plaintextOverride.FORBID_PLAINTEXT_WRITE_FORBID_PLAINTEXT_READ?
&& (
|| tableConfig.plaintextOverride.FORBID_PLAINTEXT_WRITE_ALLOW_PLAINTEXT_READ?
|| tableConfig.plaintextOverride.FORCE_PLAINTEXT_WRITE_ALLOW_PLAINTEXT_READ?
);

if keyId.KeyId? && decrypted.parsedHeader.Some? {
:- Need(|decrypted.parsedHeader.value.encryptedDataKeys| == 1, E("Scan result has more than one Encrypted Data Key"));
if decrypted.parsedHeader.value.encryptedDataKeys[0].keyProviderInfo == keyIdUtf8 {
Expand Down

0 comments on commit 8849c1e

Please sign in to comment.