def specification(self):
ty = array_ty(2, array_ty(4, i32))
i = self.fresh_var(ty, "w.i")
pw = self.alloc(struct_ty(ty), points_to=struct(i))
self.execute_func(pw)
self.points_to(pw, struct(cryptol('zero:[2][4][32]')))
self.returns(void)
def specification(self):
(_, x_p) = ptr_to_fresh(self, ty.array(2, ty.i32), "x")
p = self.alloc(ty.alias('struct.s'), points_to=struct(x_p))
self.execute_func(p)
self.points_to(p, struct(x_p))
self.points_to(x_p, cryptol('[0, 0] : [2][32]'))
self.returns(void)
def alloc_pointsto_buffer_readonly(spec: Contract, length: int,
data: SetupVal) -> SetupVal:
buf = alloc_buffer_aligned_readonly(spec, length)
spec.points_to(buf,
struct(int_to_64_cryptol(length)),
check_target_type=None)
return buf
def specification(self):
(x, x_p) = ptr_to_fresh(self, ty.array(2, ty.i32), "x")
p = self.alloc(ty.alias('struct.s'), points_to=struct(x_p))
self.execute_func(p)
self.returns(p)
def specification(self):
(x, x_p) = ptr_to_fresh(self, array_ty(2, i32), "x")
p = self.alloc(alias_ty('struct.s'), points_to=struct(x_p))
self.execute_func(p)
self.returns(cryptol(f'{x.name()}@0 + {x.name()}@1'))
def setup_hash_state(c: Contract, pstate: SetupVal) -> Tuple[Any, FreshVar]:
alg0 = c.fresh_var(ty.i32, "alg")
h0 = c.fresh_var(ty.array(8, ty.i64), "h0")
Nl0 = c.fresh_var(ty.i64, "Nl")
Nh0 = c.fresh_var(ty.i64, "Nh")
u0 = c.fresh_var(ty.array(16, ty.i64), "u")
num0 = c.fresh_var(ty.i32, "h0")
is_ready_for_input0 = c.fresh_var(ty.i8, "is_ready_for_input")
currently_in_hash0 = c.fresh_var(ty.i64, "currently_in_hash")
md_len0 = c.fresh_var(ty.i32, "md_len")
(_, pimpl) = ptr_to_fresh(c,
ty.alias('struct.s2n_hash'),
"impl",
read_only=True)
c.points_to(
pstate,
struct(pimpl, alg0, is_ready_for_input0, currently_in_hash0,
struct(struct(struct(h0, Nl0, Nh0, struct(u0), num0,
md_len0)))))
def specification(self) -> None:
message = self.alloc(alias_ty("struct.signal_message"))
(_, sender_identity_key_data,
sender_identity_key) = alloc_ec_public_key(self)
(_, receiver_identity_key_data,
receiver_identity_key) = alloc_ec_public_key(self)
mac_key_data = self.fresh_var(array_ty(self.mac_key_len, i8),
"mac_key_data")
mac_key = self.alloc(array_ty(self.mac_key_len, i8),
points_to=mac_key_data)
global_context_unused_as_far_as_i_can_tell = self.alloc(
signal_context_ty, read_only=True)
base = self.fresh_var(alias_ty("struct.signal_type_base"), "base")
message_type = self.fresh_var(i32, "message_type")
global_context = self.alloc(signal_context_ty, read_only=True)
self.points_to(field(global_context, "crypto_provider"),
dummy_signal_crypto_provider)
serialized_message_len = self.serialized_len - SIGNAL_MESSAGE_MAC_LENGTH
serialized_message_data = self.fresh_var(
array_ty(serialized_message_len, i8), "serialized_message_data")
expected_mac_data = mk_hmac(serialized_message_len,
serialized_message_data,
receiver_identity_key_data,
sender_identity_key_data, self.mac_key_len,
mac_key_data)
serialized = alloc_buffer_aligned(self, self.serialized_len)
self.points_to(elem(serialized, 0),
int_to_64_cryptol(self.serialized_len),
check_target_type=None)
self.points_to(elem(serialized, 8),
serialized_message_data,
check_target_type=None)
self.points_to(elem(serialized, 8 + serialized_message_len),
expected_mac_data,
check_target_type=None)
base_message = struct(base, message_type, global_context, serialized)
self.points_to(field(message, "base_message"), base_message)
self.points_to(field(message, "message_version"),
int_to_8_cryptol(message_version))
self.execute_func(message, sender_identity_key, receiver_identity_key,
mac_key, int_to_64_cryptol(self.mac_key_len),
global_context_unused_as_far_as_i_can_tell)
self.returns(int_to_32_cryptol(1))
def specification(self) -> None:
length = DJB_KEY_LEN + 1
signal_type_base_ty = alias_ty("struct.signal_type_base")
djb_array_ty = array_ty(DJB_KEY_LEN, i8)
buffer_ = self.alloc(ptr_ty(buffer_type(length)))
key_base = self.fresh_var(signal_type_base_ty, "key_base")
key_data = self.fresh_var(djb_array_ty, "key_data")
key = self.alloc(struct_ty(signal_type_base_ty, djb_array_ty),
points_to=struct(key_base, key_data))
self.execute_func(buffer_, key)
buf = alloc_pointsto_buffer(
self, length,
cryptol(f"[`({DJB_TYPE})] # {key_data.name()} : [{length}][8]"))
self.points_to(buffer_, buf)
self.returns(int_to_32_cryptol(0))
cryptol_load_file("cryptol/HMAC.cry")
signal_context_ty = alias_ty("struct.signal_context")
message_version = 3
HMAC_CONTEXT_LENGTH = 1
RATCHET_MAC_KEY_LENGTH = 32
SERIALIZED_LENGTH = 42
SIGNAL_MESSAGE_MAC_LENGTH = 8
dummy_signal_crypto_provider = struct(
global_var("dummy_random_func"), global_var("dummy_hmac_sha256_init_func"),
global_var("dummy_hmac_sha256_update_func"),
global_var("dummy_hmac_sha256_final_func"),
global_var("dummy_hmac_sha256_cleanup_func"),
global_var("dummy_sha512_digest_init_func"),
global_var("dummy_sha512_digest_update_func"),
global_var("dummy_sha512_digest_final_func"),
global_var("dummy_sha512_digest_cleanup_func"),
global_var("dummy_encrypt_func"), global_var("dummy_decrypt_func"), null())
class SignalHmacSha256InitSpec(Contract):
key_len: int
def __init__(self, key_len: int):
super().__init__()
self.key_len = key_len
def specification(self) -> None:
context = self.alloc(signal_context_ty, read_only=True)
