def specification(self) -> None:
value = self.fresh_var(i32, "value")
shift = self.fresh_var(i32, "shift")
self.proclaim(shift > cryptol("0"))
self.proclaim(shift < cryptol("32"))
self.execute_func(value, shift)
self.returns(cryptol("(<<<)")(value, shift))
def specification(self):
(k, k_p) = ptr_to_fresh(self, LLVMArrayType(i8, 32))
(v, v_p) = ptr_to_fresh(self, LLVMArrayType(i8, 8))
(m, m_p) = ptr_to_fresh(self, LLVMArrayType(i8, self.size))
self.execute_func(k_p, v_p, cryptol('0 : [32]'), m_p,
cryptol(f'{self.size!r} : [32]'))
self.returns(cryptol('0 : [32]'))
self.points_to(m_p, cryptol("Salsa20_encrypt")((k, v, m)))
def specification(self) -> None:
ref_count = self.fresh_var(i32, "ref_count")
self.precondition(cryptol(f"{ref_count.name()} > 0"))
instance = self.alloc(alias_ty("struct.signal_type_base"))
self.points_to(field(instance, "ref_count"), ref_count)
self.execute_func(instance)
self.points_to(field(instance, "ref_count"),
cryptol(f"{ref_count.name()} + 1"))
self.returns(void)
def specification(self):
(x, x_p) = ptr_to_fresh(self, ty.array(2, ty.i32), "x")
p = self.alloc(ty.alias('struct.s'), points_to=struct(x_p))
self.execute_func(p)
self.returns(cryptol(f'{x.name()}@0 + {x.name()}@1'))
def specification(self):
ty = array_ty(2, array_ty(4, i32))
i = self.fresh_var(ty, "w.i")
pw = self.alloc(struct_ty(ty), points_to=struct(i))
self.execute_func(pw)
self.points_to(pw, struct(cryptol('zero:[2][4][32]')))
self.returns(void)
def specification(self) -> None:
x = self.fresh_var(ty.array(2, ty.i32), "x")
p = self.alloc(ty.array(4, ty.i32))
self.points_to(p, x, check_target_type=self.check_x_type)
self.execute_func(p)
self.points_to(p, cryptol("{x} # {x}".format(x=x.name())))
self.returns(void)
def specification(self):
x = self.alloc(ptr_ty(i8))
self.execute_func(x)
p = self.alloc(i8)
self.points_to(x, p)
self.points_to(p, cryptol("42 : [8]"))
self.returns(void)
def specification(self):
(_, x_p) = ptr_to_fresh(self, ty.array(2, ty.i32), "x")
p = self.alloc(ty.alias('struct.s'), points_to=struct(x_p))
self.execute_func(p)
self.points_to(p, struct(x_p))
self.points_to(x_p, cryptol('[0, 0] : [2][32]'))
self.returns(void)
def mk_hmac(serialized_len: int, serialized_data: FreshVar,
receiver_identity_key_data: FreshVar,
sender_identity_key_data: FreshVar, mac_key_len: int,
mac_key_data: FreshVar) -> SetupVal:
sender_identity_buf = f"[{DJB_TYPE}] # {sender_identity_key_data.name()} : [{DJB_KEY_LEN} + 1][8]"
receiver_identity_buf = f"[{DJB_TYPE}] # {receiver_identity_key_data.name()} : [{DJB_KEY_LEN} + 1][8]"
return cryptol(
f"hmac_final (hmac_update`{{ {serialized_len} }} {serialized_data.name()} (hmac_update`{{ {DJB_KEY_LEN}+1 }} ({receiver_identity_buf}) (hmac_update`{{ {DJB_KEY_LEN}+1 }} ({sender_identity_buf}) (hmac_init`{{ {mac_key_len} }} {mac_key_data.name()}))))"
)
def specification(self) -> None:
(s1, s1p) = ptr_to_fresh(self, array_ty(self.n, i8), name="s1")
(s2, s2p) = ptr_to_fresh(self, array_ty(self.n, i8), name="s2")
nval = int_to_64_cryptol(self.n)
self.execute_func(s1p, s2p, nval)
self.returns(
cryptol(
f"zext`{{32}} (foldl (||) zero (zipWith (^) {s1.name()} {s2.name()}))"
))
def oneptr_update_func(c: Contract, ty: LLVMType, fn_name: str) -> None:
"""Upcates contract ``c`` to declare calling it with a pointer of type ``ty``
updates that pointer with the result, which is equal to calling the
Cryptol function ``fn_name``."""
(x, x_p) = ptr_to_fresh(c, ty)
c.execute_func(x_p)
c.points_to(x_p, cryptol(fn_name)(x))
c.returns(void)
return None
def specification(self) -> None:
data = self.fresh_var(array_ty(self.length, i8), "data")
buf = alloc_pointsto_buffer_readonly(self, self.length, data)
self.execute_func(buf, int_to_64_cryptol(self.n))
new_length = min(self.length, self.n)
new_buf = alloc_pointsto_buffer(
self, new_length,
cryptol(f"take`{{ {new_length} }} {data.name()}"))
self.returns(new_buf)
def specification(self):
k = self.fresh_var(LLVMArrayType(i8, 32))
n = self.fresh_var(LLVMArrayType(i8, 16))
k_p = self.alloc(LLVMArrayType(i8, 32))
n_p = self.alloc(LLVMArrayType(i8, 16))
ks_p = self.alloc(LLVMArrayType(i8, 64))
self.points_to(k_p, k)
self.points_to(n_p, n)
self.execute_func(k_p, n_p, ks_p)
self.returns(void)
self.points_to(ks_p, cryptol("Salsa20_expansion`{a=2}")((k, n)))
def specification(self) -> None:
y0 = self.fresh_var(i32, "y0")
y1 = self.fresh_var(i32, "y1")
y2 = self.fresh_var(i32, "y2")
y3 = self.fresh_var(i32, "y3")
y0_p = self.alloc(i32, points_to=y0)
y1_p = self.alloc(i32, points_to=y1)
y2_p = self.alloc(i32, points_to=y2)
y3_p = self.alloc(i32, points_to=y3)
self.execute_func(y0_p, y1_p, y2_p, y3_p)
res = cryptol("quarterround")([y0, y1, y2, y3])
self.points_to(y0_p, cryptol("(@)")(res, cryptol("0")))
self.points_to(y1_p, cryptol("(@)")(res, cryptol("1")))
self.points_to(y2_p, cryptol("(@)")(res, cryptol("2")))
self.points_to(y3_p, cryptol("(@)")(res, cryptol("3")))
self.returns(void)
def specification(self) -> None:
buf_data = self.fresh_var(array_ty(self.buf_length, i8), "buffer_data")
buf = alloc_pointsto_buffer(self, self.buf_length, buf_data)
(additional_data,
additional_datap) = ptr_to_fresh(self,
array_ty(self.additional_length, i8),
name="additional_data")
self.execute_func(buf, additional_datap,
int_to_64_cryptol(self.additional_length))
new_length = self.buf_length + self.additional_length
new_buf = alloc_pointsto_buffer(
self, new_length,
cryptol(f"{buf_data.name()} # {additional_data.name()}"))
self.returns(new_buf)
def specification(self) -> None:
length = DJB_KEY_LEN + 1
signal_type_base_ty = alias_ty("struct.signal_type_base")
djb_array_ty = array_ty(DJB_KEY_LEN, i8)
buffer_ = self.alloc(ptr_ty(buffer_type(length)))
key_base = self.fresh_var(signal_type_base_ty, "key_base")
key_data = self.fresh_var(djb_array_ty, "key_data")
key = self.alloc(struct_ty(signal_type_base_ty, djb_array_ty),
points_to=struct(key_base, key_data))
self.execute_func(buffer_, key)
buf = alloc_pointsto_buffer(
self, length,
cryptol(f"[`({DJB_TYPE})] # {key_data.name()} : [{length}][8]"))
self.points_to(buffer_, buf)
self.returns(int_to_32_cryptol(0))
def specification(self) -> None:
context = self.alloc(signal_context_ty, read_only=True)
hmac_context_data = self.fresh_var(array_ty(HMAC_CONTEXT_LENGTH, i8),
"hmac_context_data")
hmac_context = self.alloc(array_ty(HMAC_CONTEXT_LENGTH, i8),
points_to=hmac_context_data)
output = self.alloc(ptr_ty(buffer_type(SIGNAL_MESSAGE_MAC_LENGTH)))
self.points_to(field(context, "crypto_provider"),
dummy_signal_crypto_provider)
self.execute_func(context, hmac_context, output)
# output_buffer = alloc_buffer_aligned(self, SIGNAL_MESSAGE_MAC_LENGTH)
# self.points_to(elem(output_buffer, 0), int_to_64_cryptol(SIGNAL_MESSAGE_MAC_LENGTH), check_target_type = i64)
output_buffer = alloc_pointsto_buffer(
self, SIGNAL_MESSAGE_MAC_LENGTH,
cryptol(f"hmac_final {hmac_context_data.name()}"))
self.points_to(output, output_buffer)
self.returns(int_to_32_cryptol(0))
def specification(self) -> None:
context = self.alloc(signal_context_ty, read_only=True)
hmac_context_ptr = self.alloc(ptr_ty(array_ty(HMAC_CONTEXT_LENGTH,
i8)))
key_data = self.fresh_var(array_ty(self.key_len, i8), "key_data")
key = self.alloc(array_ty(self.key_len, i8), points_to=key_data)
self.points_to(field(context, "crypto_provider"),
dummy_signal_crypto_provider)
self.execute_func(context, hmac_context_ptr, key,
int_to_64_cryptol(self.key_len))
dummy_hmac_context = self.alloc(array_ty(HMAC_CONTEXT_LENGTH, i8),
points_to=array(int_to_8_cryptol(42)))
# self.points_to(hmac_context_ptr, dummy_hmac_context)
dummy_hmac_context = self.alloc(
array_ty(HMAC_CONTEXT_LENGTH, i8),
points_to=cryptol(
f"hmac_init`{{ {self.key_len} }} {key_data.name()}"))
self.points_to(hmac_context_ptr, dummy_hmac_context)
self.returns(int_to_32_cryptol(0))
def specification(self) -> None:
context = self.alloc(signal_context_ty, read_only=True)
hmac_context_data = self.fresh_var(array_ty(HMAC_CONTEXT_LENGTH, i8),
"hmac_context_data")
hmac_context = self.alloc(array_ty(HMAC_CONTEXT_LENGTH, i8),
points_to=hmac_context_data)
data_data = self.fresh_var(array_ty(self.data_len, i8), "data_data")
data = self.alloc(array_ty(self.data_len, i8), points_to=data_data)
self.points_to(field(context, "crypto_provider"),
dummy_signal_crypto_provider)
self.execute_func(context, hmac_context, data,
int_to_64_cryptol(self.data_len))
# self.points_to(hmac_context, hmac_context_data)
self.points_to(
hmac_context,
cryptol(
f"hmac_update`{{ {self.data_len} }} {data_data.name()} {hmac_context_data.name()}"
))
self.returns(int_to_32_cryptol(0))
def specification(self):
self.execute_func(null())
self.returns(cryptol("1 : [32]"))
def int_to_8_cryptol(length: int):
return cryptol("`{i}:[8]".format(i=length))
def int_to_32_cryptol(length: int):
return cryptol("`{i}:[32]".format(i=length))
def int_to_64_cryptol(length: int):
return cryptol("`{i}:[64]".format(i=length))
def specification(self):
p = self.alloc(i32)
self.execute_func(p)
self.returns(cryptol("0 : [32]"))
