def specification(self) -> None: n = pre_counter(self, self.counter) i = self.fresh_var(i32, "i") self.precondition(i < cryptol("512")) self.execute_func(i) post_counter(self, self.counter, n) self.returns(cryptol("(*)")(i, n))
def specification(self) -> None: value = self.fresh_var(i32, "value") shift = self.fresh_var(i32, "shift") self.precondition(shift > cryptol("0")) self.precondition(shift < cryptol("32")) self.execute_func(value, shift) self.returns(cryptol("(<<<)")(value, shift))
def specification(self): (k, k_p) = ptr_to_fresh(self, LLVMArrayType(i8, 32)) (v, v_p) = ptr_to_fresh(self, LLVMArrayType(i8, 8)) (m, m_p) = ptr_to_fresh(self, LLVMArrayType(i8, self.size)) self.execute_func(k_p, v_p, cryptol('0 : [32]'), m_p, cryptol(f'{self.size!r} : [32]')) self.points_to(m_p, cryptol("Salsa20_encrypt")((k, v, m))) self.returns(cryptol('0 : [32]'))
def specification(self): x = self.alloc(ptr_ty(i8)) self.execute_func(x) p = self.alloc(i8) self.points_to(x, p) self.points_to(p, cryptol("42 : [8]")) self.returns(void)
def specification(self) -> None: x = self.fresh_var(array_ty(2, i32), "x") p = self.alloc(array_ty(4, i32)) self.points_to(p, x, check_target_type = self.check_x_type) self.execute_func(p) self.points_to(p, cryptol("{x} # {x}".format(x=x.name()))) self.returns(void)
def oneptr_update_func(c: Contract, ty: LLVMType, fn_name: str) -> None: """Updates contract ``c`` to declare calling it with a pointer of type ``ty`` updates that pointer with the result, which is equal to calling the Cryptol function ``fn_name``.""" (x, x_p) = ptr_to_fresh(c, ty) c.execute_func(x_p) c.points_to(x_p, cryptol(fn_name)(x)) c.returns(void) return None
def mk_hmac(serialized_len: int, serialized_data: FreshVar, receiver_identity_key_data: FreshVar, sender_identity_key_data: FreshVar, mac_key_len: int, mac_key_data: FreshVar) -> SetupVal: sender_identity_buf = f"[{DJB_TYPE}] # {sender_identity_key_data.name()} : [{DJB_KEY_LEN} + 1][8]" receiver_identity_buf = f"[{DJB_TYPE}] # {receiver_identity_key_data.name()} : [{DJB_KEY_LEN} + 1][8]" return cryptol(f""" hmac_final (hmac_update`{{ {serialized_len} }} {serialized_data.name()} (hmac_update`{{ {DJB_KEY_LEN}+1 }} ({receiver_identity_buf}) (hmac_update`{{ {DJB_KEY_LEN}+1 }} ({sender_identity_buf}) (hmac_init`{{ {mac_key_len} }} {mac_key_data.name()})))) """ )
def specification(self): k = self.fresh_var(LLVMArrayType(i8, 32)) n = self.fresh_var(LLVMArrayType(i8, 16)) k_p = self.alloc(LLVMArrayType(i8, 32), read_only=True) n_p = self.alloc(LLVMArrayType(i8, 16), read_only=True) ks_p = self.alloc(LLVMArrayType(i8, 64)) self.points_to(k_p, k) self.points_to(n_p, n) self.execute_func(k_p, n_p, ks_p) self.returns(void) self.points_to(ks_p, cryptol("Salsa20_expansion`{a=2}")((k, n)))
def specification(self) -> None: y0 = self.fresh_var(i32, "y0") y1 = self.fresh_var(i32, "y1") y2 = self.fresh_var(i32, "y2") y3 = self.fresh_var(i32, "y3") y0_p = self.alloc(i32, points_to=y0) y1_p = self.alloc(i32, points_to=y1) y2_p = self.alloc(i32, points_to=y2) y3_p = self.alloc(i32, points_to=y3) self.execute_func(y0_p, y1_p, y2_p, y3_p) res = cryptol("quarterround")([y0, y1, y2, y3]) self.points_to(y0_p, cryptol("(@)")(res, cryptol("0"))) self.points_to(y1_p, cryptol("(@)")(res, cryptol("1"))) self.points_to(y2_p, cryptol("(@)")(res, cryptol("2"))) self.points_to(y3_p, cryptol("(@)")(res, cryptol("3"))) self.returns(void)
def specification(self) -> None: context = self.alloc(signal_context_ty, read_only=True) (hmac_context_data, hmac_context) = ptr_to_fresh(self, array_ty(HMAC_CONTEXT_LENGTH, i8), "hmac_context_data") output = self.alloc(ptr_ty(buffer_type(SIGNAL_MESSAGE_MAC_LENGTH))) self.points_to(context["crypto_provider"], dummy_signal_crypto_provider) self.execute_func(context, hmac_context, output) # output_buffer = alloc_buffer_aligned(self, SIGNAL_MESSAGE_MAC_LENGTH) # self.points_to(output_buffer[0], int_to_64_cryptol(SIGNAL_MESSAGE_MAC_LENGTH), check_target_type = i64) output_buffer = alloc_pointsto_buffer( self, SIGNAL_MESSAGE_MAC_LENGTH, cryptol(f"hmac_final {hmac_context_data.name()}")) self.points_to(output, output_buffer) self.returns(int_to_32_cryptol(0))
def specification(self) -> None: context = self.alloc(signal_context_ty, read_only=True) (hmac_context_data, hmac_context) = ptr_to_fresh(self, array_ty(HMAC_CONTEXT_LENGTH, i8), "hmac_context_data") (data_data, data) = ptr_to_fresh(self, array_ty(self.data_len, i8), "data_data") self.points_to(context["crypto_provider"], dummy_signal_crypto_provider) self.execute_func(context, hmac_context, data, int_to_64_cryptol(self.data_len)) # self.points_to(hmac_context, hmac_context_data) self.points_to( hmac_context, cryptol( f"hmac_update`{{ {self.data_len} }} {data_data.name()} {hmac_context_data.name()}" )) self.returns(int_to_32_cryptol(0))
def specification(self) -> None: context = self.alloc(signal_context_ty, read_only=True) hmac_context_ptr = self.alloc(ptr_ty(array_ty(HMAC_CONTEXT_LENGTH, i8))) (key_data, key) = ptr_to_fresh(self, array_ty(self.key_len, i8), "key_data") self.points_to(context["crypto_provider"], dummy_signal_crypto_provider) self.execute_func(context, hmac_context_ptr, key, int_to_64_cryptol(self.key_len)) # dummy_hmac_context = self.alloc(array_ty(HMAC_CONTEXT_LENGTH, i8), # points_to = array(int_to_8_cryptol(42))) # self.points_to(hmac_context_ptr, dummy_hmac_context) dummy_hmac_context = self.alloc( array_ty(HMAC_CONTEXT_LENGTH, i8), points_to=cryptol( f"hmac_init`{{ {self.key_len} }} {key_data.name()}")) self.points_to(hmac_context_ptr, dummy_hmac_context) self.returns(int_to_32_cryptol(0))
def int_to_64_cryptol(length: int): return cryptol("`{i}:[64]".format(i=length))
def specification(self): p = self.alloc(i32) self.execute_func(p) self.returns(cryptol("0 : [32]"))
def specification(self): self.execute_func(null()) self.returns(cryptol("1 : [32]"))
def int_to_32_cryptol(length: int): return cryptol("`{i}:[32]".format(i=length))
def int_to_8_cryptol(length: int): return cryptol("`{i}:[8]".format(i=length))
def post_counter(contract: Contract, counter: GhostVariable, n: CryptolTerm): contract.ghost_value(counter, cryptol("(+)")(n, cryptol("1")))
def pre_counter(contract: Contract, counter: GhostVariable): n = contract.fresh_var(i32, "n") contract.precondition(n < cryptol("128")) contract.ghost_value(counter, n) return n