def specification(self) -> None: value = self.fresh_var(i32, "value") shift = self.fresh_var(i32, "shift") self.proclaim(shift > cryptol("0")) self.proclaim(shift < cryptol("32")) self.execute_func(value, shift) self.returns(cryptol("(<<<)")(value, shift))
def specification(self): (k, k_p) = ptr_to_fresh(self, LLVMArrayType(i8, 32)) (v, v_p) = ptr_to_fresh(self, LLVMArrayType(i8, 8)) (m, m_p) = ptr_to_fresh(self, LLVMArrayType(i8, self.size)) self.execute_func(k_p, v_p, cryptol('0 : [32]'), m_p, cryptol(f'{self.size!r} : [32]')) self.returns(cryptol('0 : [32]')) self.points_to(m_p, cryptol("Salsa20_encrypt")((k, v, m)))
def specification(self) -> None: ref_count = self.fresh_var(i32, "ref_count") self.precondition(cryptol(f"{ref_count.name()} > 0")) instance = self.alloc(alias_ty("struct.signal_type_base")) self.points_to(field(instance, "ref_count"), ref_count) self.execute_func(instance) self.points_to(field(instance, "ref_count"), cryptol(f"{ref_count.name()} + 1")) self.returns(void)
def specification(self): (x, x_p) = ptr_to_fresh(self, ty.array(2, ty.i32), "x") p = self.alloc(ty.alias('struct.s'), points_to=struct(x_p)) self.execute_func(p) self.returns(cryptol(f'{x.name()}@0 + {x.name()}@1'))
def specification(self): ty = array_ty(2, array_ty(4, i32)) i = self.fresh_var(ty, "w.i") pw = self.alloc(struct_ty(ty), points_to=struct(i)) self.execute_func(pw) self.points_to(pw, struct(cryptol('zero:[2][4][32]'))) self.returns(void)
def specification(self) -> None: x = self.fresh_var(ty.array(2, ty.i32), "x") p = self.alloc(ty.array(4, ty.i32)) self.points_to(p, x, check_target_type=self.check_x_type) self.execute_func(p) self.points_to(p, cryptol("{x} # {x}".format(x=x.name()))) self.returns(void)
def specification(self): x = self.alloc(ptr_ty(i8)) self.execute_func(x) p = self.alloc(i8) self.points_to(x, p) self.points_to(p, cryptol("42 : [8]")) self.returns(void)
def specification(self): (_, x_p) = ptr_to_fresh(self, ty.array(2, ty.i32), "x") p = self.alloc(ty.alias('struct.s'), points_to=struct(x_p)) self.execute_func(p) self.points_to(p, struct(x_p)) self.points_to(x_p, cryptol('[0, 0] : [2][32]')) self.returns(void)
def mk_hmac(serialized_len: int, serialized_data: FreshVar, receiver_identity_key_data: FreshVar, sender_identity_key_data: FreshVar, mac_key_len: int, mac_key_data: FreshVar) -> SetupVal: sender_identity_buf = f"[{DJB_TYPE}] # {sender_identity_key_data.name()} : [{DJB_KEY_LEN} + 1][8]" receiver_identity_buf = f"[{DJB_TYPE}] # {receiver_identity_key_data.name()} : [{DJB_KEY_LEN} + 1][8]" return cryptol( f"hmac_final (hmac_update`{{ {serialized_len} }} {serialized_data.name()} (hmac_update`{{ {DJB_KEY_LEN}+1 }} ({receiver_identity_buf}) (hmac_update`{{ {DJB_KEY_LEN}+1 }} ({sender_identity_buf}) (hmac_init`{{ {mac_key_len} }} {mac_key_data.name()}))))" )
def specification(self) -> None: (s1, s1p) = ptr_to_fresh(self, array_ty(self.n, i8), name="s1") (s2, s2p) = ptr_to_fresh(self, array_ty(self.n, i8), name="s2") nval = int_to_64_cryptol(self.n) self.execute_func(s1p, s2p, nval) self.returns( cryptol( f"zext`{{32}} (foldl (||) zero (zipWith (^) {s1.name()} {s2.name()}))" ))
def oneptr_update_func(c: Contract, ty: LLVMType, fn_name: str) -> None: """Upcates contract ``c`` to declare calling it with a pointer of type ``ty`` updates that pointer with the result, which is equal to calling the Cryptol function ``fn_name``.""" (x, x_p) = ptr_to_fresh(c, ty) c.execute_func(x_p) c.points_to(x_p, cryptol(fn_name)(x)) c.returns(void) return None
def specification(self) -> None: data = self.fresh_var(array_ty(self.length, i8), "data") buf = alloc_pointsto_buffer_readonly(self, self.length, data) self.execute_func(buf, int_to_64_cryptol(self.n)) new_length = min(self.length, self.n) new_buf = alloc_pointsto_buffer( self, new_length, cryptol(f"take`{{ {new_length} }} {data.name()}")) self.returns(new_buf)
def specification(self): k = self.fresh_var(LLVMArrayType(i8, 32)) n = self.fresh_var(LLVMArrayType(i8, 16)) k_p = self.alloc(LLVMArrayType(i8, 32)) n_p = self.alloc(LLVMArrayType(i8, 16)) ks_p = self.alloc(LLVMArrayType(i8, 64)) self.points_to(k_p, k) self.points_to(n_p, n) self.execute_func(k_p, n_p, ks_p) self.returns(void) self.points_to(ks_p, cryptol("Salsa20_expansion`{a=2}")((k, n)))
def specification(self) -> None: y0 = self.fresh_var(i32, "y0") y1 = self.fresh_var(i32, "y1") y2 = self.fresh_var(i32, "y2") y3 = self.fresh_var(i32, "y3") y0_p = self.alloc(i32, points_to=y0) y1_p = self.alloc(i32, points_to=y1) y2_p = self.alloc(i32, points_to=y2) y3_p = self.alloc(i32, points_to=y3) self.execute_func(y0_p, y1_p, y2_p, y3_p) res = cryptol("quarterround")([y0, y1, y2, y3]) self.points_to(y0_p, cryptol("(@)")(res, cryptol("0"))) self.points_to(y1_p, cryptol("(@)")(res, cryptol("1"))) self.points_to(y2_p, cryptol("(@)")(res, cryptol("2"))) self.points_to(y3_p, cryptol("(@)")(res, cryptol("3"))) self.returns(void)
def specification(self) -> None: buf_data = self.fresh_var(array_ty(self.buf_length, i8), "buffer_data") buf = alloc_pointsto_buffer(self, self.buf_length, buf_data) (additional_data, additional_datap) = ptr_to_fresh(self, array_ty(self.additional_length, i8), name="additional_data") self.execute_func(buf, additional_datap, int_to_64_cryptol(self.additional_length)) new_length = self.buf_length + self.additional_length new_buf = alloc_pointsto_buffer( self, new_length, cryptol(f"{buf_data.name()} # {additional_data.name()}")) self.returns(new_buf)
def specification(self) -> None: length = DJB_KEY_LEN + 1 signal_type_base_ty = alias_ty("struct.signal_type_base") djb_array_ty = array_ty(DJB_KEY_LEN, i8) buffer_ = self.alloc(ptr_ty(buffer_type(length))) key_base = self.fresh_var(signal_type_base_ty, "key_base") key_data = self.fresh_var(djb_array_ty, "key_data") key = self.alloc(struct_ty(signal_type_base_ty, djb_array_ty), points_to=struct(key_base, key_data)) self.execute_func(buffer_, key) buf = alloc_pointsto_buffer( self, length, cryptol(f"[`({DJB_TYPE})] # {key_data.name()} : [{length}][8]")) self.points_to(buffer_, buf) self.returns(int_to_32_cryptol(0))
def specification(self) -> None: context = self.alloc(signal_context_ty, read_only=True) hmac_context_data = self.fresh_var(array_ty(HMAC_CONTEXT_LENGTH, i8), "hmac_context_data") hmac_context = self.alloc(array_ty(HMAC_CONTEXT_LENGTH, i8), points_to=hmac_context_data) output = self.alloc(ptr_ty(buffer_type(SIGNAL_MESSAGE_MAC_LENGTH))) self.points_to(field(context, "crypto_provider"), dummy_signal_crypto_provider) self.execute_func(context, hmac_context, output) # output_buffer = alloc_buffer_aligned(self, SIGNAL_MESSAGE_MAC_LENGTH) # self.points_to(elem(output_buffer, 0), int_to_64_cryptol(SIGNAL_MESSAGE_MAC_LENGTH), check_target_type = i64) output_buffer = alloc_pointsto_buffer( self, SIGNAL_MESSAGE_MAC_LENGTH, cryptol(f"hmac_final {hmac_context_data.name()}")) self.points_to(output, output_buffer) self.returns(int_to_32_cryptol(0))
def specification(self) -> None: context = self.alloc(signal_context_ty, read_only=True) hmac_context_ptr = self.alloc(ptr_ty(array_ty(HMAC_CONTEXT_LENGTH, i8))) key_data = self.fresh_var(array_ty(self.key_len, i8), "key_data") key = self.alloc(array_ty(self.key_len, i8), points_to=key_data) self.points_to(field(context, "crypto_provider"), dummy_signal_crypto_provider) self.execute_func(context, hmac_context_ptr, key, int_to_64_cryptol(self.key_len)) dummy_hmac_context = self.alloc(array_ty(HMAC_CONTEXT_LENGTH, i8), points_to=array(int_to_8_cryptol(42))) # self.points_to(hmac_context_ptr, dummy_hmac_context) dummy_hmac_context = self.alloc( array_ty(HMAC_CONTEXT_LENGTH, i8), points_to=cryptol( f"hmac_init`{{ {self.key_len} }} {key_data.name()}")) self.points_to(hmac_context_ptr, dummy_hmac_context) self.returns(int_to_32_cryptol(0))
def specification(self) -> None: context = self.alloc(signal_context_ty, read_only=True) hmac_context_data = self.fresh_var(array_ty(HMAC_CONTEXT_LENGTH, i8), "hmac_context_data") hmac_context = self.alloc(array_ty(HMAC_CONTEXT_LENGTH, i8), points_to=hmac_context_data) data_data = self.fresh_var(array_ty(self.data_len, i8), "data_data") data = self.alloc(array_ty(self.data_len, i8), points_to=data_data) self.points_to(field(context, "crypto_provider"), dummy_signal_crypto_provider) self.execute_func(context, hmac_context, data, int_to_64_cryptol(self.data_len)) # self.points_to(hmac_context, hmac_context_data) self.points_to( hmac_context, cryptol( f"hmac_update`{{ {self.data_len} }} {data_data.name()} {hmac_context_data.name()}" )) self.returns(int_to_32_cryptol(0))
def specification(self): self.execute_func(null()) self.returns(cryptol("1 : [32]"))
def int_to_8_cryptol(length: int): return cryptol("`{i}:[8]".format(i=length))
def int_to_32_cryptol(length: int): return cryptol("`{i}:[32]".format(i=length))
def int_to_64_cryptol(length: int): return cryptol("`{i}:[64]".format(i=length))
def specification(self): p = self.alloc(i32) self.execute_func(p) self.returns(cryptol("0 : [32]"))