Commit e3e5ff3d authored by Benoit Viguier's avatar Benoit Viguier
Browse files

packaging

parent f5059abf
...@@ -38,7 +38,8 @@ Doc ...@@ -38,7 +38,8 @@ Doc
usenix* usenix*
.coqdeps.d .coqdeps.d
Makefile.conf Makefile.conf
Makefile proofs/*/Makefile
.dist
# Created by https://www.gitignore.io/api/latex,c++,coq,c,ocaml,sublimetext,vim,emacs # Created by https://www.gitignore.io/api/latex,c++,coq,c,ocaml,sublimetext,vim,emacs
...@@ -79,6 +80,7 @@ Makefile ...@@ -79,6 +80,7 @@ Makefile
*.vrb *.vrb
*.xdy *.xdy
*.tdo *.tdo
coq-verif-tweetnacl*
### C++ ### ### C++ ###
# Compiled Object files # Compiled Object files
......
DIST=coq-verif-tweetnacl
all: coq-tweetnacl-spec coq-tweetnacl-vst
readme:
less README.md
# DEFINE GENERIC ROUTINES (hidden via . prefix)
.configure1 .configure2:
cd $P && $(SHELL) configure.sh
.building1 .building2:
cd $P && $(MAKE) -j
cd $P && $(MAKE) install
.dusting1 .dusting2:
cd $P && $(MAKE) clean
cd $P && rm _CoqProject
cd $P && rm Makefile
cd $P && rm Makefile.conf
# DEFINE REAL TARGETS
coq-tweetnacl-spec: P=proofs/spec
coq-tweetnacl-spec: .configure1 .building1
clean-spec: P=proofs/spec
clean-spec: .configure1 .dusting1
coq-tweetnacl-vst: P=proofs/vst
coq-tweetnacl-vst: coq-tweetnacl-spec .configure2 .building2
clean-vst: P=proofs/vst
clean-vst: .configure2 .dusting2
clean: clean-spec clean-vst clean-dist
# build paper
paper:
cd paper && $(MAKE)
clean-paper:
cd paper && $(MAKE) clean
# generate artefact
$(DIST):
mkdir $(DIST)
dist: $(DIST)
cp -r proofs $(DIST)
mkdir $(DIST)/packages
cp -r packages/coq-compcert $(DIST)/packages/
cp -r packages/coq-reciprocity $(DIST)/packages/
cp -r packages/coq-ssr-elliptic-curves $(DIST)/packages/
cp -r packages/coq-vst $(DIST)/packages/
cp repo $(DIST)/
cp version $(DIST)/
cp README.md $(DIST)/
cp Makefile $(DIST)/
tar -czvf $(DIST).tar.gz $(DIST)
clean-dist: $(DIST)
rm -r $(DIST)
-rm $(DIST).tar.gz
...@@ -39,14 +39,7 @@ opam repo add coq-extra-dev https://coq.inria.fr/opam/extra-dev ...@@ -39,14 +39,7 @@ opam repo add coq-extra-dev https://coq.inria.fr/opam/extra-dev
### 4. Set up project related dependencies (dependencies at specific commit number.) ### 4. Set up project related dependencies (dependencies at specific commit number.)
Add the repository by using the address:
```bash ```bash
opam repo add tweetnacl git://gitlab.science.ru.nl/benoit/tweetnacl/
```
Or by cloning it:
```bash
git clone https://gitlab.science.ru.nl/benoit/tweetnacl/ coq-verif-tweetnacl
cd coq-verif-tweetnacl cd coq-verif-tweetnacl
opam repo add tweetnacl . opam repo add tweetnacl .
``` ```
...@@ -55,12 +48,18 @@ opam repo add tweetnacl . ...@@ -55,12 +48,18 @@ opam repo add tweetnacl .
```bash ```bash
opam update opam update
# if you want coqide # if you want coqide (may require additional dependencies)
opam install coqide.8.8.2 opam install coqide.8.8.2
```
Pin the current repository as an opam to be able to fetch the dependencies
```bash
opam pin add -n coq-verif-tweetnacl .
# install dependencies # install dependencies
opam install --deps-only coq-verif-tweetnacl opam install --deps-only coq-verif-tweetnacl
``` ```
### 6. Install the full Verification ### 6. Install the full Verification
Everything is compiled the following command: Everything is compiled the following command:
...@@ -71,12 +70,6 @@ opam install coq-verif-tweetnacl ...@@ -71,12 +70,6 @@ opam install coq-verif-tweetnacl
However if you want to compile each part you can follow these steps: However if you want to compile each part you can follow these steps:
Clone the repository:
```bash
git clone https://gitlab.science.ru.nl/benoit/tweetnacl/ coq-verif-tweetnacl
cd coq-verif-tweetnacl
```
##### 6.1 Install TweetNacl Mathematical Model and Specification ##### 6.1 Install TweetNacl Mathematical Model and Specification
To compile manually: To compile manually:
...@@ -122,7 +115,7 @@ opam install coq-tweetnacl-vst ...@@ -122,7 +115,7 @@ opam install coq-tweetnacl-vst
### Benchmarks ### Benchmarks
``` ```bash
time opam install coq-verif-tweetnacl time opam install coq-verif-tweetnacl
The following actions will be performed: The following actions will be performed:
install camlp5 7.06.10-g84ce6cc4 [required by coq] install camlp5 7.06.10-g84ce6cc4 [required by coq]
......
all: coq-tweetnacl-spec coq-tweetnacl-vst
coq-tweetnacl-spec:
cd proofs/spec ;\
./configure.sh ;\
$(MAKE) -j ;\
$(MAKE) install
coq-tweetnacl-vst: coq-tweetnacl-spec
cd proofs/vst ;\
./configure.sh ;\
$(MAKE) -j ;\
$(MAKE) install
opam-version: "2.0" opam-version: "2.0"
name: "coq-tweetnacl-spec" name: "coq-verif-tweetnacl"
maintainer: "benoit@cs.ru.nl" maintainer: "benoit@cs.ru.nl"
homepage: "https://gitlab.science.ru.nl/benoit/tweetnacl/" homepage: "https://gitlab.science.ru.nl/benoit/tweetnacl/"
license: "MIT" license: "MIT"
build: [ build: []
["./configure.sh"]
[make "-j%{jobs}%"]
]
install: [ install: [
[make "install"] [make "-j%{jobs}%" "all"]
] ]
remove: ["rm" "-R" "%{lib}%/coq/user-contrib/Tweetnacl"] remove: []
depends: [ depends: [
"coq" {>= "8.7.0" & < "8.9"} "coq" {>= "8.7.0" & < "8.9"}
"coq-coqprime" {= "1.0.3"} "coq-coqprime" {= "1.0.3"}
...@@ -19,14 +16,14 @@ depends: [ ...@@ -19,14 +16,14 @@ depends: [
"coq-mathcomp-multinomials" "coq-mathcomp-multinomials"
"coq-mathcomp-ssreflect" {= "1.7.0"} "coq-mathcomp-ssreflect" {= "1.7.0"}
"coq-reciprocity" "coq-reciprocity"
"coq-vst" {= "2.0"}
] ]
author: [ author: [
"benoit@cs.ru.nl" "benoit@cs.ru.nl"
"timmy@timmyweerwag.nl"
] ]
description: """ description: """
Verifying the Tweetnacl implementation: Specification Verifying the TweetNaCl implementation
""" """
url { url {
src: "git+https://github.com/ildyria/coq-tweetnacl-verif/tree/master/proofs/spec" src: "git+https://gitlab.science.ru.nl/benoit/tweetnacl/"
} }
...@@ -22,5 +22,5 @@ description:""" ...@@ -22,5 +22,5 @@ description:"""
Various proofs in Coq. As of now, only contains the proof of the theorem of quadratic reciprocity. Various proofs in Coq. As of now, only contains the proof of the theorem of quadratic reciprocity.
""" """
url { url {
src: "git+https://github.com/ildyria/coq-proofs.git" src: "git+https://github.com/ildyria/coq-proofs.git#fork"
} }
opam-version: "2.0"
name: "coq-tweetnacl-vst"
maintainer: "benoit@cs.ru.nl"
homepage: "https://gitlab.science.ru.nl/benoit/tweetnacl/"
license: "MIT"
build: [
["./configure.sh"]
[make "-j%{jobs}%"]
]
install: [
[make "install"]
]
remove: ["rm" "-R" "%{lib}%/coq/user-contrib/Tweetnacl_verif"]
depends: [
"coq" {>= "8.7.0" & < "8.9"}
"coq-coqprime" {= "1.0.3"}
"coq-stdpp" {= "1.1.0"}
"coq-ssr-elliptic-curves"
"coq-mathcomp-ssreflect"
"coq-vst" {= "2.0"}
"coq-tweetnacl-spec"
]
author: [
"benoit@cs.ru.nl"
]
description: """
Verifying the Tweetnacl implementation: VST
"""
url {
src: "git+https://github.com/ildyria/coq-tweetnacl-verif/master/tree/proofs/vst"
}
opam-version: "2.0" opam-version: "2.0"
name: "coq-tweetnacl-verif" name: "coq-verif-tweetnacl"
maintainer: "benoit@cs.ru.nl" maintainer: "benoit@cs.ru.nl"
homepage: "https://gitlab.science.ru.nl/benoit/tweetnacl/" homepage: "https://gitlab.science.ru.nl/benoit/tweetnacl/"
license: "MIT" license: "MIT"
...@@ -22,7 +22,7 @@ author: [ ...@@ -22,7 +22,7 @@ author: [
"benoit@cs.ru.nl" "benoit@cs.ru.nl"
] ]
description: """ description: """
Verifying the Tweetnacl implementation Verifying the TweetNaCl implementation
""" """
url { url {
src: "git+https://gitlab.science.ru.nl/benoit/tweetnacl/" src: "git+https://gitlab.science.ru.nl/benoit/tweetnacl/"
......
#include <stdio.h>
#include <stdbool.h>
typedef long long i64;
typedef i64 gf[16];
#define BYTE_TO_BINARY_PATTERN "%c%c%c%c%c%c%c%c"
#define BYTE_TO_BINARY(byte) \
(byte & 0x80 ? '1' : '0'), \
(byte & 0x40 ? '1' : '0'), \
(byte & 0x20 ? '1' : '0'), \
(byte & 0x10 ? '1' : '0'), \
(byte & 0x08 ? '1' : '0'), \
(byte & 0x04 ? '1' : '0'), \
(byte & 0x02 ? '1' : '0'), \
(byte & 0x01 ? '1' : '0')
static void print_bin64(i64 val)
{
printf(" "BYTE_TO_BINARY_PATTERN" "BYTE_TO_BINARY_PATTERN" "BYTE_TO_BINARY_PATTERN" "BYTE_TO_BINARY_PATTERN,
BYTE_TO_BINARY(val>>56), BYTE_TO_BINARY(val>>48), BYTE_TO_BINARY(val>>40), BYTE_TO_BINARY(val >> 32));
printf(" "BYTE_TO_BINARY_PATTERN" "BYTE_TO_BINARY_PATTERN" "BYTE_TO_BINARY_PATTERN" "BYTE_TO_BINARY_PATTERN,
BYTE_TO_BINARY(val>>24), BYTE_TO_BINARY(val>>16), BYTE_TO_BINARY(val>>8), BYTE_TO_BINARY(val));
printf("\n");
}
static void print_o(gf o)
{
for (int j = 0; j < 16; ++j)
{
printf("%2i: ", j);
print_bin64(o[j]);
}
}
static void car25519(gf o, bool b)
{
int i;
i64 c;
for (i = 0;i < 16;++i) {
// o[i]+=(1LL<<16);
c=o[i]>>16;
// o[(i+1)*(i<15)]+=c-1+37*(c-1)*(i==15);
o[(i+1)*(i<15)]+=c+37*(c)*(i==15);
o[i]-=c<<16;
if(b){
// added to have a look at what is going on in there
printf("%2i : ---------------------------------------------\n",i);
for (int j = 0; j < 16; ++j)
{
printf("%2i: ", j);
print_bin64(o[j]);
}
}
}
}
int main(int argc, char const *argv[])
{
gf o;
i64 val = 0xFFFF;
for (int i = 0; i < 16; ++i)
{
o[i] = val;
}
o[15] = val | (val << 32);
for (int i = 0; i < 16; ++i)
{
printf("%2i: ", i);
print_bin64(o[i]);
}
printf("#################################################### EXP: 2 carry is not enough\n");
printf("carry 1\n");
car25519(o,0);
printf("result carry 1:__________________________________________\n");
print_o(o);
printf("carry 2\n");
car25519(o,0);
printf("result carry 2:__________________________________________\n");
print_o(o);
printf("#################################################### EXP: -15, 1 step\n");
for (int i = 0; i < 16; ++i)
{
o[i] = 0;
}
o[0] = -15;
print_o(o);
print_bin64(o[0]);
o[0]+=(1LL<<16);
i64 c;
printf("o[0]+=(1LL<<16)\n");
print_bin64(o[0]);
c=o[0]>>16;
printf("c=o[0]>>16;\n");
print_bin64(c);
o[1]+=c-1;
printf("o[1]+=c-1;\n");
print_bin64(o[1]);
o[0]-=c<<16;
printf("o[0]-=c<<16;\n");
print_bin64(o[0]);
printf("result carry step 1:_____________________________________\n");
print_o(o);
printf("#################################################### EXP: -15 all steps\n");
for (int i = 0; i < 16; ++i)
{
o[i] = 0;
}
o[15] = -1;
print_o(o);
car25519(o,0);
printf("result carry 1:__________________________________________\n");
print_o(o);
car25519(o,0);
printf("result carry 2:__________________________________________\n");
print_o(o);
car25519(o,0);
printf("result carry 3:__________________________________________\n");
print_o(o);
printf("####################################################\n");
i64 t = -0xFFFFF;
printf("%li\n", t);
print_bin64(t);
t -= (t >> 16) << 16;
printf("%li\n", t);
print_bin64(t);
printf("####################################################\n");
t = -0xFFFC5;
printf("%li\n", t);
print_bin64(t);
i64 tt = t >> 16;
printf("%li\n", tt);
print_bin64(tt);
tt <<= 16;
printf("%li\n", tt);
print_bin64(tt);
t -= tt;
printf("%li\n", t);
print_bin64(t);
return 0;
}
#include "tweetnacl.h"
#define FOR(i,n) for (i = 0;i < n;++i)
#define sv static void
typedef unsigned char u8;
typedef unsigned long u32;
typedef unsigned long long u64;
typedef long long i64;
typedef i64 gf[16];
extern void randombytes(u8 *,u64);
static const u8
_0[16],
_9[32] = {9};
static const gf
gf0,
gf1 = {1},
_121665 = {0xDB41,1},
D = {0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203},
D2 = {0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406},
X = {0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169},
Y = {0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666},
I = {0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83};
static u32 L32(u32 x,int c) { return (x << c) | ((x&0xffffffff) >> (32 - c)); }
static u32 ld32(const u8 *x)
{
u32 u = x[3];
u = (u<<8)|x[2];
u = (u<<8)|x[1];
return (u<<8)|x[0];
}
static u64 dl64(const u8 *x)
{
u64 i,u=0;
FOR(i,8) u=(u<<8)|x[i];
return u;
}
sv st32(u8 *x,u32 u)
{
int i;
FOR(i,4) { x[i] = u; u >>= 8; }
}
sv ts64(u8 *x,u64 u)
{
int i;
for (i = 7;i >= 0;--i) { x[i] = u; u >>= 8; }
}
static int vn(const u8 *x,const u8 *y,int n)
{
u32 i,d = 0;
FOR(i,n) d |= x[i]^y[i];
return (1 & ((d - 1) >> 8)) - 1;
}
int crypto_verify_16(const u8 *x,const u8 *y)
{
return vn(x,y,16);
}
int crypto_verify_32(const u8 *x,const u8 *y)
{
return vn(x,y,32);
}
sv core(u8 *out,const u8 *in,const u8 *k,const u8 *c,int h)
{
u32 w[16],x[16],y[16],t[4];
int i,j,m;
FOR(i,4) {
x[5*i] = ld32(c+4*i);
x[1+i] = ld32(k+4*i);
x[6+i] = ld32(in+4*i);
x[11+i] = ld32(k+16+4*i);
}
FOR(i,16) y[i] = x[i];
FOR(i,20) {
FOR(j,4) {
FOR(m,4) t[m] = x[(5*j+4*m)%16];
t[1] ^= L32(t[0]+t[3], 7);
t[2] ^= L32(t[1]+t[0], 9);
t[3] ^= L32(t[2]+t[1],13);
t[0] ^= L32(t[3]+t[2],18);
FOR(m,4) w[4*j+(j+m)%4] = t[m];
}
FOR(m,16) x[m] = w[m];
}
if (h) {
FOR(i,16) x[i] += y[i];
FOR(i,4) {
x[5*i] -= ld32(c+4*i);
x[6+i] -= ld32(in+4*i);
}
FOR(i,4) {
st32(out+4*i,x[5*i]);
st32(out+16+4*i,x[6+i]);
}
} else
FOR(i,16) st32(out + 4 * i,x[i] + y[i]);
}
int crypto_core_salsa20(u8 *out,const u8 *in,const u8 *k,const u8 *c)
{
core(out,in,k,c,0);
return 0;
}
int crypto_core_hsalsa20(u8 *out,const u8 *in,const u8 *k,const u8 *c)
{
core(out,in,k,c,1);
return 0;
}
static const u8 sigma[16] = "expand 32-byte k";
int crypto_stream_salsa20_xor(u8 *c,const u8 *m,u64 b,const u8 *n,const u8 *k)
{
u8 z[16],x[64];
u32 u,i;
if (!b) return 0;
FOR(i,16) z[i] = 0;
FOR(i,8) z[i] = n[i];
while (b >= 64) {
crypto_core_salsa20(x,z,k,sigma);
FOR(i,64) c[i] = (m?m[i]:0) ^ x[i];
u = 1;
for (i = 8;i < 16;++i) {
u += (u32) z[i];
z[i] = u;
u >>= 8;
}
b -= 64;
c += 64;
if (m) m += 64;
}
if (b) {
crypto_core_salsa20(x,z,k,sigma);
FOR(i,b) c[i] = (m?m[i]:0) ^ x[i];
}
return 0;
}
int crypto_stream_salsa20(u8 *c,u64 d,const u8 *n,const u8 *k)
{
return crypto_stream_salsa20_xor(c,0,d,n,k);
}
int crypto_str