Commit Graph

92 Commits

Author SHA1 Message Date
Brian Huffman
a5a7a393be Add definitions of SHAKE128 and SHAKE256 to keccak.cry 2017-10-04 10:39:10 -07:00
brianhuffman
73de3f787f Merge pull request #453 from GaloisInc/blocks-padding
Implement `blocks` and `padding` operators for numeric types.
2017-10-04 07:11:19 -07:00
Brian Huffman
9773782ba4 Tweak correctness property to match keccak documentation. 2017-10-04 07:02:55 -07:00
Brian Huffman
16e949b0d7 Fix bugs/warnings in keccak.cry, and add test vectors and other properties.
The switch to Cryptol 2 introduced some endianness bugs.
Also, the original version omitted the 0b01 "suffix" that is
specified by SHA3.
2017-10-03 18:06:52 -07:00
robdockins
fc4fe4dc1e Merge pull request #309 from clinty/cast5
CAST5 example
2017-10-03 15:27:30 -07:00
Brian Huffman
7802747a1e Simplify keccak.cry using new type operators for padding. 2017-10-03 13:57:16 -07:00
Brian Huffman
3b03545552 Merge branch 'master' into blocks-padding 2017-10-03 13:44:32 -07:00
Brian Huffman
96bff5c4a8 Update keccak.cry example to work with Cryptol 2.x
Fixes #458.
2017-10-03 13:41:07 -07:00
Brian Huffman
b107e606a2 Update example cryptol code to use infix syntax. 2017-10-03 12:31:37 -07:00
Rob Dockins
b1c6ae22c7 Add MD5 example 2017-10-03 11:27:15 -07:00
Rob Dockins
f1161dd282 Add a Karatsuba multiplier to the examples 2017-10-03 11:27:15 -07:00
Brian Huffman
7e34c25e4d Switch to infix syntax for blocks and padding operators.
"x /^ y" is x/y rounded up, i.e. the least n such that x <= y*n.
"x %^ y" is the least k such that x+k is a multiple of y.

For comparison,
"x / y" is x/y rounded down, i.e. the greatest n such that x >= y*n.
"x % y" is the least k such that x-k is a multiple of y.

The new syntax is much more suggestive of the relation to "/" and "%".
2017-09-28 10:26:31 -07:00
Brian Huffman
f04908a551 Adapt example code to use new blocks and padding operators. 2017-09-27 13:55:55 -07:00
Iavor S. Diatchki
ca2136fab9 Merge pull request #440 from sliverdragon37/master
Adds the :ast and :extract-coq commands for printing out a parseable AST
2017-08-15 10:25:08 -07:00
Aaron Tomb
e40b15cc5d Fix type signatures in MiniLock SCrypt example 2017-08-07 08:37:20 -07:00
Robert Dockins
dcc143e3f4 Back out workaround for issue #375. 2017-08-01 15:08:04 -07:00
Eric Mullen
50c6454482 more example 2017-07-13 10:55:44 -07:00
Eric Mullen
3eab3eb6cb lots of running examples 2017-07-06 16:51:25 -07:00
Eric Mullen
f80d791c97 HMAC example now loads into cryptol 2017-06-27 14:00:45 -07:00
Eric Mullen
3dfb3e147e adding some examples 2017-06-26 15:27:36 -07:00
Aaron Tomb
49e847387e Simplify some type signatures in examples
These examples weren't type checking, and now do, with type constraints
that are no more awkward, and arguably less awkward, than before.
2017-06-22 10:09:13 -07:00
Trevor Elliott
5a43c1d1fe More precise definition of chunks
Use `padding` directly in the definition of `chunks`, giving an aligned
value to the division.
2017-03-27 16:37:55 -07:00
Trevor Elliott
b93f84cf78 Remove unnecessary constraint that was preventing malicious_SHA1.cry from loading
Cryptol could not prove that subtracting `65 + padding` from `512 * chunks`
in the constraint `msgLen == 512 * chunks - (65 + padding)` was well
defined, and rejected the function. This constraint was redundant, so
removing it allowed the function to typecheck.
2017-03-27 16:36:09 -07:00
Trevor Elliott
4dc5eda23a Expand the width table, and fix a bug in CryptoBox (Thanks @tommd)
The width table in CryptolTC.z3 wasn't large enough to solve constraints
about the width of 64-bit words. This change is a bit of a band-aid, as
larger words will expose the same problem. Longer-term, we should try to
solve these constraints after the SMT-based phase, using some other
approach.

The constraints in CryptoBox were too permissive, and when adjusted to
represent the true intent (that values fit within 64-bits), and the
width table was updated, the example will type-check again.

Thanks to @tommd for tracking both of these down.
2017-03-27 13:45:50 -07:00
Robert Dockins
14af3690c6 Update the SIV example to avoid issue #375. 2016-08-23 14:08:15 -07:00
Robert Dockins
cd9ffed00b Update examples to use (/\) instead of (&&) where appropriate,
and to squash other warnings related to the upcomming precedence change.
2016-08-22 18:14:44 -07:00
Iavor S. Diatchki
8c36992904 Merge pull request #344 from adrianherrera/enhancement/MISTY1
Crytol spec for MISTY1 cipher
2016-07-18 11:19:53 -07:00
Adam C. Foltzer
2c428804bc remove splitBy and update documentation
Closes #291
2016-07-05 09:58:49 -07:00
Adrian Herrera
bedeeb0883 Crytol spec for MISTY1 cipher (as described in RFC 2994) 2016-06-07 22:42:16 +10:00
Brian Huffman
df27f577a4 Fix typo in comment, whitespace 2016-05-24 08:21:55 -07:00
Thomas M. DuBuisson
8b577828f6 Simplify constraints of Minilock prims.
Cryptol 2.3-alpha couldn't math, but thanks to @yav's hard work, Cryptol 2.3 and
later can math!  So with our new found powers comes great simplification.  Not
all is perfect, much like Dori-Mic's situation, but things are much better.
See the width constraints in SCrypt.cry for areas that could be improved with
some semi-obvious statements (forall x. 1 + width x >= width (x - 1)).
2016-04-12 15:53:12 -07:00
Brian Huffman
5e5184d5ee Add alternative implementations of bivium and trivium ciphers 2016-02-19 14:24:07 -08:00
Brian Huffman
ab82097033 Fix bug/typo in Trivium example implementation
See also the Trivium specification:
http://www.ecrypt.eu.org/stream/ciphers/trivium/trivium.pdf
2016-02-19 14:04:52 -08:00
Brian Huffman
1322156d28 Remove trailing whitespace 2016-02-19 10:08:20 -08:00
Aaron Tomb
9809e176eb Add examples from Alexander Semenov
A new Cryptol user! Alexander Semenov from the Russian Academy of
Sciences is the developer of the Transalg tool, which can also translate
cryptographic algorithms (written in imperative form) into SAT problems.
He recently started experimenting with Cryptol, and wrote up
implementations of several stream ciphers, included in this commit.
2016-02-18 15:08:17 -08:00
Clint Adams
07088eddef CAST5 example 2016-02-05 15:26:25 -05:00
Thomas M. DuBuisson
9b8d153692 Import ::Extras in minilock modules. 2016-01-20 09:45:13 -08:00
Adam C. Foltzer
bf294a60b8 integrate MiniLock example 2016-01-19 18:19:35 -08:00
Thomas M. DuBuisson
a4e42b8429 Example: miniLock in Cryptol 2016-01-19 18:19:35 -08:00
Adam C. Foltzer
58a605e8ff update examples and documentation 2016-01-19 18:19:35 -08:00
Adam C. Foltzer
4d3fc9a413 Update copyright dates and add missing headers 2016-01-19 18:19:35 -08:00
Adam C. Foltzer
ee99873e43 fix FoxChickenCorn example
The new type signature for popCount is simpler, and more importantly
passes the typechecker. The old one really _ought_ to typecheck, though,
so a shrunken version of it is now in the test suite for #126
2016-01-19 18:18:03 -08:00
Adam C. Foltzer
07da2018b7 switch to more portable seeding for random
The `random` primitive previously took a `[32]` seed, but this causes
inconsistency between 32-bit and 64-bit platforms when the seed is large
enough to wrap around in GHC's representation of an `Int`. This patch
switches to an API that seeds directly with four 64-bit words, and so
should behave the same way on our supported platforms.
2016-01-19 18:17:34 -08:00
Thomas M. DuBuisson
46599a03b5 make SHA1 typecheck with Cryptol 2.3
There were some spurious constraints to help the previous typechecker figure
things out that now confuse the new one... ugh.
2016-01-12 17:22:22 -08:00
Thomas M. DuBuisson
fc04e415d7 Don't expose internal type in the Function API.
I've found that exposing helper types that are only of internal concern to the
function to be bad form.  These values should be in where clauses both to help
the type checker not get distracted and to keep the user-facing API as clean as
possible.
2016-01-12 16:52:40 -08:00
Adam C. Foltzer
9e179d14bc finally add Even-Mansour example; closes #124 2016-01-12 16:49:47 -08:00
Thomas M. DuBuisson
17abf37b7d A rough cut at SIV. 2015-09-16 09:19:27 -07:00
Thomas M. DuBuisson
7643a17182 Fix #272 Don't full blocks in ChaChaPoly8675309 2015-08-28 15:22:03 -07:00
Aaron Tomb
44f8bcd310 Fix comment in Keccak example
Note: this is actually Cryptol 1 code. We should port it. I've started
the process, but don't have a complete port yet.
2015-08-28 09:49:29 -07:00
Dylan McNamee
f12f7d82eb lg2 -> width 2015-04-20 10:00:25 -07:00