def specification(self) -> None:
message = self.alloc(alias_ty("struct.signal_message"))
(_, sender_identity_key_data,
sender_identity_key) = alloc_ec_public_key(self)
(_, receiver_identity_key_data,
receiver_identity_key) = alloc_ec_public_key(self)
(mac_key_data, mac_key) = ptr_to_fresh(self,
array_ty(self.mac_key_len, i8),
"mac_key_data")
global_context_unused_as_far_as_i_can_tell = self.alloc(
signal_context_ty, read_only=True)
base = self.fresh_var(alias_ty("struct.signal_type_base"), "base")
message_type = self.fresh_var(i32, "message_type")
global_context = self.alloc(signal_context_ty, read_only=True)
self.points_to(global_context["crypto_provider"],
dummy_signal_crypto_provider)
serialized_message_len = self.serialized_len - SIGNAL_MESSAGE_MAC_LENGTH
serialized_message_data = self.fresh_var(
array_ty(serialized_message_len, i8), "serialized_message_data")
expected_mac_data = mk_hmac(serialized_message_len,
serialized_message_data,
receiver_identity_key_data,
sender_identity_key_data, self.mac_key_len,
mac_key_data)
serialized = alloc_buffer_aligned(self, self.serialized_len)
self.points_to(serialized[0],
int_to_64_cryptol(self.serialized_len),
check_target_type=None)
self.points_to(serialized[8],
serialized_message_data,
check_target_type=None)
self.points_to(serialized[8 + serialized_message_len],
expected_mac_data,
check_target_type=None)
base_message = struct(base, message_type, global_context, serialized)
self.points_to(message["base_message"], base_message)
self.points_to(message["message_version"],
int_to_8_cryptol(message_version))
self.execute_func(message, sender_identity_key, receiver_identity_key,
mac_key, int_to_64_cryptol(self.mac_key_len),
global_context_unused_as_far_as_i_can_tell)
self.returns(int_to_32_cryptol(1))
def specification(self):
(x, x_p) = ptr_to_fresh(self, array_ty(2, i32), "x")
p = self.alloc(alias_ty('struct.s'), points_to=struct(x_p))
self.execute_func(p)
self.returns(p)
def specification(self) -> None:
ec_public_key = alias_ty("struct.ec_public_key")
buffer_ = self.alloc(ptr_ty(buffer_type(SIGNAL_MESSAGE_MAC_LENGTH)))
(_, sender_identity_key_data,
sender_identity_key) = alloc_ec_public_key(self)
(_, receiver_identity_key_data,
receiver_identity_key) = alloc_ec_public_key(self)
(mac_key_data, mac_key) = ptr_to_fresh(self,
array_ty(self.mac_key_len, i8),
"mac_key_data")
(serialized_data,
serialized) = ptr_to_fresh(self, array_ty(self.serialized_len, i8),
"serialized_data")
global_context = self.alloc(signal_context_ty, read_only=True)
self.points_to(global_context["crypto_provider"],
dummy_signal_crypto_provider)
self.execute_func(buffer_, int_to_8_cryptol(message_version),
sender_identity_key, receiver_identity_key, mac_key,
int_to_64_cryptol(self.mac_key_len), serialized,
int_to_64_cryptol(self.serialized_len),
global_context)
expected = mk_hmac(self.serialized_len, serialized_data,
receiver_identity_key_data,
sender_identity_key_data, self.mac_key_len,
mac_key_data)
# buffer_buf = alloc_buffer_aligned(self, SIGNAL_MESSAGE_MAC_LENGTH)
# self.points_to(buffer_buf[0], int_to_64_cryptol(SIGNAL_MESSAGE_MAC_LENGTH), check_target_type = i64)
buffer_buf = alloc_pointsto_buffer(self, SIGNAL_MESSAGE_MAC_LENGTH,
expected)
self.points_to(buffer_, buffer_buf)
self.returns(int_to_32_cryptol(0))
def specification(self):
tp = self.alloc(alias_ty('struct.t'))
b = self.fresh_var(i32, "b")
self.points_to(tp['n']['b'], b)
self.execute_func(tp)
self.returns(b)
def alloc_ec_public_key(spec: Contract) -> Tuple[FreshVar, FreshVar, SetupVal]:
signal_type_base_ty = alias_ty("struct.signal_type_base")
djb_array_ty = array_ty(DJB_KEY_LEN, i8)
key_base = spec.fresh_var(signal_type_base_ty, "key_base")
key_data = spec.fresh_var(djb_array_ty, "key_data")
key = spec.alloc(struct_ty(signal_type_base_ty, djb_array_ty),
points_to=struct(key_base, key_data))
return (key_base, key_data, key)
def y_spec(c: Contract) -> None:
ss = c.alloc(alias_ty('struct.s'))
z = c.fresh_var(i1, 'z')
c.execute_func(ss, z)
c.points_to_bitfield(ss, 'y', z)
c.returns(void)
def specification(self):
ss = self.alloc(alias_ty('struct.s'))
z = self.fresh_var(i2, 'z')
self.execute_func(ss, cry_f('zext {z} : [8]'))
self.points_to_bitfield(ss, 'x2', z)
self.returns(void)
def specification(self):
ss = self.alloc(alias_ty('struct.s'))
z = self.fresh_var(i1, 'z')
self.points_to_bitfield(ss, 'y', z)
self.execute_func(ss)
self.returns(z)
def specification(self):
tp = self.alloc(alias_ty('struct.t'))
b = self.fresh_var(i32, "b")
self.points_to(field(field(tp, "n"), "b"), b)
self.execute_func(tp)
self.returns(b)
def specification(self):
(_, x_p) = ptr_to_fresh(self, array_ty(2, i32), "x")
p = self.alloc(alias_ty('struct.s'), points_to=struct(x_p))
self.execute_func(p)
self.points_to(p, struct(x_p))
self.points_to(x_p, cry('[0, 0] : [2][32]'))
self.returns(void)
def drbg_state(spec, n):
state = spec.alloc(alias_ty("struct.s2n_drbg"))
(key, keyp) = ptr_to_fresh(spec, "key", ctx_type)
bytes_used = spec.fresh_var(i64, n + "bytes_used")
mixes = spec.fresh_var(i64, n + "mixes")
v = spec.fresh_var(bytes_type(blocksize), n + "v")
spec.points_to(llvm.field(state, "bytes_used"), bytes_used)
spec.points_to(llvm.field(state, "mixes"), mixes)
spec.points_to(llvm.field(state, "ctx"), keyp)
spec.points_to(llvm.field(state, "v"), v)
return (
state, keyp,
cry_f(
"{{ bytes_used = {bytes_used}, ctx = {{ key = join {key} }}, v = join {v} }}"
))
cryptol_load_file(cryname)
cryptol_load_file(drbghelpers)
mod = llvm_load_module(bcname)
def bytes_type(size):
return array_ty(size, i8)
blocksize = 16 # blocklen / 8
keysize = 16 # keylen / 8
seedsize = 32
blob_type = alias_ty('struct.s2n_blob')
ctx_type = bytes_type(keysize)
def alloc_bytes(spec, n):
return spec.alloc(bytes_type(n))
def alloc_blob(spec, n):
p = spec.alloc(type=blob_type, read_only=True)
datap = alloc_bytes(spec, n)
spec.points_to(llvm.field(p, "data"), datap)
spec.points_to(llvm.field(p, "size"), cry_f("`{n}:[32]"))
spec.points_to(llvm.field(p, "allocated"), cry("0:[32]"))
spec.points_to(llvm.field(p, "growable"), cry("0:[8]"))
return (p, datap)
import os
import os.path
from saw_client import cryptol_load_file, llvm_assume, llvm_verify
from saw_client.llvm import Contract, alias_ty, array, array_ty, cryptol, elem, field, global_var, i8, i32, i64, null, ptr_ty, struct, void
from saw_client.proofscript import ProofScript, z3
from buffer_helpers import *
from curve import *
from load import *
from saw_helpers import *
cryptol_load_file("cryptol/HMAC.cry")
signal_context_ty = alias_ty("struct.signal_context")
message_version = 3
HMAC_CONTEXT_LENGTH = 1
RATCHET_MAC_KEY_LENGTH = 32
SERIALIZED_LENGTH = 42
SIGNAL_MESSAGE_MAC_LENGTH = 8
dummy_signal_crypto_provider = struct(
global_var("dummy_random_func"), global_var("dummy_hmac_sha256_init_func"),
global_var("dummy_hmac_sha256_update_func"),
global_var("dummy_hmac_sha256_final_func"),
global_var("dummy_hmac_sha256_cleanup_func"),
global_var("dummy_sha512_digest_init_func"),
global_var("dummy_sha512_digest_update_func"),
global_var("dummy_sha512_digest_final_func"),