def specification(self): ty = array_ty(2, array_ty(4, i32)) i = self.fresh_var(ty, "w.i") pw = self.alloc(struct_ty(ty), points_to=struct(i)) self.execute_func(pw) self.points_to(pw, struct(cryptol('zero:[2][4][32]'))) self.returns(void)
def specification(self): (_, x_p) = ptr_to_fresh(self, ty.array(2, ty.i32), "x") p = self.alloc(ty.alias('struct.s'), points_to=struct(x_p)) self.execute_func(p) self.points_to(p, struct(x_p)) self.points_to(x_p, cryptol('[0, 0] : [2][32]')) self.returns(void)
def alloc_pointsto_buffer_readonly(spec: Contract, length: int, data: SetupVal) -> SetupVal: buf = alloc_buffer_aligned_readonly(spec, length) spec.points_to(buf, struct(int_to_64_cryptol(length)), check_target_type=None) return buf
def specification(self): (x, x_p) = ptr_to_fresh(self, ty.array(2, ty.i32), "x") p = self.alloc(ty.alias('struct.s'), points_to=struct(x_p)) self.execute_func(p) self.returns(p)
def specification(self): (x, x_p) = ptr_to_fresh(self, array_ty(2, i32), "x") p = self.alloc(alias_ty('struct.s'), points_to=struct(x_p)) self.execute_func(p) self.returns(cryptol(f'{x.name()}@0 + {x.name()}@1'))
def setup_hash_state(c: Contract, pstate: SetupVal) -> Tuple[Any, FreshVar]: alg0 = c.fresh_var(ty.i32, "alg") h0 = c.fresh_var(ty.array(8, ty.i64), "h0") Nl0 = c.fresh_var(ty.i64, "Nl") Nh0 = c.fresh_var(ty.i64, "Nh") u0 = c.fresh_var(ty.array(16, ty.i64), "u") num0 = c.fresh_var(ty.i32, "h0") is_ready_for_input0 = c.fresh_var(ty.i8, "is_ready_for_input") currently_in_hash0 = c.fresh_var(ty.i64, "currently_in_hash") md_len0 = c.fresh_var(ty.i32, "md_len") (_, pimpl) = ptr_to_fresh(c, ty.alias('struct.s2n_hash'), "impl", read_only=True) c.points_to( pstate, struct(pimpl, alg0, is_ready_for_input0, currently_in_hash0, struct(struct(struct(h0, Nl0, Nh0, struct(u0), num0, md_len0)))))
def specification(self) -> None: message = self.alloc(alias_ty("struct.signal_message")) (_, sender_identity_key_data, sender_identity_key) = alloc_ec_public_key(self) (_, receiver_identity_key_data, receiver_identity_key) = alloc_ec_public_key(self) mac_key_data = self.fresh_var(array_ty(self.mac_key_len, i8), "mac_key_data") mac_key = self.alloc(array_ty(self.mac_key_len, i8), points_to=mac_key_data) global_context_unused_as_far_as_i_can_tell = self.alloc( signal_context_ty, read_only=True) base = self.fresh_var(alias_ty("struct.signal_type_base"), "base") message_type = self.fresh_var(i32, "message_type") global_context = self.alloc(signal_context_ty, read_only=True) self.points_to(field(global_context, "crypto_provider"), dummy_signal_crypto_provider) serialized_message_len = self.serialized_len - SIGNAL_MESSAGE_MAC_LENGTH serialized_message_data = self.fresh_var( array_ty(serialized_message_len, i8), "serialized_message_data") expected_mac_data = mk_hmac(serialized_message_len, serialized_message_data, receiver_identity_key_data, sender_identity_key_data, self.mac_key_len, mac_key_data) serialized = alloc_buffer_aligned(self, self.serialized_len) self.points_to(elem(serialized, 0), int_to_64_cryptol(self.serialized_len), check_target_type=None) self.points_to(elem(serialized, 8), serialized_message_data, check_target_type=None) self.points_to(elem(serialized, 8 + serialized_message_len), expected_mac_data, check_target_type=None) base_message = struct(base, message_type, global_context, serialized) self.points_to(field(message, "base_message"), base_message) self.points_to(field(message, "message_version"), int_to_8_cryptol(message_version)) self.execute_func(message, sender_identity_key, receiver_identity_key, mac_key, int_to_64_cryptol(self.mac_key_len), global_context_unused_as_far_as_i_can_tell) self.returns(int_to_32_cryptol(1))
def specification(self) -> None: length = DJB_KEY_LEN + 1 signal_type_base_ty = alias_ty("struct.signal_type_base") djb_array_ty = array_ty(DJB_KEY_LEN, i8) buffer_ = self.alloc(ptr_ty(buffer_type(length))) key_base = self.fresh_var(signal_type_base_ty, "key_base") key_data = self.fresh_var(djb_array_ty, "key_data") key = self.alloc(struct_ty(signal_type_base_ty, djb_array_ty), points_to=struct(key_base, key_data)) self.execute_func(buffer_, key) buf = alloc_pointsto_buffer( self, length, cryptol(f"[`({DJB_TYPE})] # {key_data.name()} : [{length}][8]")) self.points_to(buffer_, buf) self.returns(int_to_32_cryptol(0))
cryptol_load_file("cryptol/HMAC.cry") signal_context_ty = alias_ty("struct.signal_context") message_version = 3 HMAC_CONTEXT_LENGTH = 1 RATCHET_MAC_KEY_LENGTH = 32 SERIALIZED_LENGTH = 42 SIGNAL_MESSAGE_MAC_LENGTH = 8 dummy_signal_crypto_provider = struct( global_var("dummy_random_func"), global_var("dummy_hmac_sha256_init_func"), global_var("dummy_hmac_sha256_update_func"), global_var("dummy_hmac_sha256_final_func"), global_var("dummy_hmac_sha256_cleanup_func"), global_var("dummy_sha512_digest_init_func"), global_var("dummy_sha512_digest_update_func"), global_var("dummy_sha512_digest_final_func"), global_var("dummy_sha512_digest_cleanup_func"), global_var("dummy_encrypt_func"), global_var("dummy_decrypt_func"), null()) class SignalHmacSha256InitSpec(Contract): key_len: int def __init__(self, key_len: int): super().__init__() self.key_len = key_len def specification(self) -> None: context = self.alloc(signal_context_ty, read_only=True)