Skip to content

Commit 8c9b346

Browse files
andres-erbsenandres-erbsen
committed
more paperification of top-level spec details
1 parent 4d8deca commit 8c9b346

File tree

2 files changed

+17
-14
lines changed

2 files changed

+17
-14
lines changed

src/Bedrock/End2End/X25519/GarageDoor.v

+14-13
Original file line numberDiff line numberDiff line change
@@ -181,14 +181,14 @@ Goal True.
181181
Abort.
182182

183183
Definition protocol_step : state -> list MMIO -> state -> Prop :=
184-
fun '(Build_state seed sk) ioh '(Build_state SEED SK) =>
184+
fun '(Build_state seed x25519_ephemeral_secret) ioh '(Build_state SEED SK) =>
185185
(lightbulb_spec.lan9250_recv_no_packet _ ioh \/
186186
lightbulb_spec.lan9250_recv_packet_too_long _ ioh \/
187-
TracePredicate.concat TracePredicate.any (lightbulb_spec.spi_timeout _) ioh) /\ SEED=seed /\ SK=sk \/
187+
TracePredicate.concat TracePredicate.any (lightbulb_spec.spi_timeout _) ioh) /\ SEED=seed /\ SK=x25519_ephemeral_secret \/
188188
(exists incoming, lightbulb_spec.lan9250_recv _ incoming ioh /\
189189
let ethertype := le_combine (rev (firstn 2 (skipn 12 incoming))) in ethertype < 1536 \/
190190
let ipproto := nth 23 incoming x00 in (ipproto <> x11 \/
191-
length incoming <> 14+20+8 +2+16 +4 /\ length incoming <> 14+20+8 +2+32 +4)%nat) /\ SEED=seed /\ SK=sk \/
191+
length incoming <> 14+20+8 +2+16 +4 /\ length incoming <> 14+20+8 +2+32 +4)%nat) /\ SEED=seed /\ SK=x25519_ephemeral_secret \/
192192
exists (mac_local mac_remote : tuple byte 6),
193193
exists (ethertype : Z) (ih_const : tuple byte 2) (ip_length : Z) (ip_idff : tuple byte 5),
194194
exists (ipproto := x11) (ip_checksum : Z) (ip_local ip_remote : tuple byte 4),
@@ -209,28 +209,29 @@ Definition protocol_step : state -> list MMIO -> state -> Prop :=
209209
(TracePredicate.one ("st", lightbulb_spec.GPIO_DATA_ADDR _, action))) ioh
210210
/\ (
211211
let m := firstn 16 garagedoor_payload in
212-
let v := x25519_spec sk garageowner_P in
212+
let v := x25519_spec x25519_ephemeral_secret garageowner_P in
213213
exists set0 set1 : Naive.word32,
214214
(word.unsigned set0 = 1 <-> firstn 16 v = m) /\
215215
(word.unsigned set1 = 1 <-> skipn 16 v = m) /\
216216
action = word.or (word.and doorstate (word.of_Z (Z.clearbit (Z.clearbit (2^32-1) 11) 12))) (word.slu (word.or (word.slu set1 (word.of_Z 1)) set0) (word.of_Z 11)) /\
217-
(word.unsigned (word.or set0 set1) = 0 -> SEED=seed /\ SK=sk) /\
217+
(word.unsigned (word.or set0 set1) = 0 -> SEED=seed /\ SK=x25519_ephemeral_secret) /\
218218
(word.unsigned (word.or set0 set1) <> 0 -> SEED++SK = RupicolaCrypto.Spec.chacha20_block seed (ChaCha20.le_split 4 (word.of_Z 0) ++ firstn 12 garageowner))
219219
)) \/
220220
TracePredicate.concat (lightbulb_spec.lan9250_recv _ incoming)
221221
(lightbulb_spec.lan9250_send _
222222
(let ip_length := 62 in
223223
let udp_length := 42 in
224+
224225
mac_remote ++ mac_local ++ be2 ethertype ++
225-
let ih C := ih_const ++ be2 ip_length ++
226-
ip_idff ++ [ipproto] ++ le_split 2 C ++
227-
ip_local ++ ip_remote in
228-
ih (Spec.ip_checksum (ih 0)) ++
229-
udp_local ++ udp_remote ++
230-
be2 udp_length ++ be2 0 ++
226+
let ip_hdr checksum := ih_const ++ be2 ip_length ++
227+
ip_idff ++ [ipproto] ++ le_split 2 checksum ++
228+
ip_local ++ ip_remote in
229+
ip_hdr (IPChecksum.Spec.ip_checksum (ip_hdr 0)) ++
230+
udp_local ++ udp_remote ++ be2 udp_length ++ be2 0 ++
231231
garagedoor_header ++
232-
x25519_spec sk Curve25519.M.B))
233-
ioh /\ SEED=seed /\ SK=sk.
232+
x25519_spec x25519_ephemeral_secret Curve25519.M.B
233+
234+
)) ioh /\ SEED=seed /\ SK=x25519_ephemeral_secret.
234235

235236
Local Instance spec_of_recvEthernet : spec_of "recvEthernet" := spec_of_recvEthernet.
236237
Local Instance spec_of_lan9250_tx : spec_of "lan9250_tx" := spec_of_lan9250_tx.

src/Bedrock/End2End/X25519/GarageDoorTop.v

+3-1
Original file line numberDiff line numberDiff line change
@@ -173,7 +173,7 @@ Local Notation labeled_transitions := stateful.
173173
Local Notation boot_seq := BootSeq.
174174

175175
Definition protocol_spec l := exists s s', labeled_transitions protocol_step s s' l.
176-
Definition io_spec : list LogItem -> Prop := only_mmio_satisfying (boot_seq +++ protocol_spec).
176+
Definition io_spec : list _ -> Prop := only_mmio_satisfying (boot_seq +++ protocol_spec).
177177

178178
Import ExprImpEventLoopSpec.
179179
Definition garagedoor_spec : ProgramSpec := {|
@@ -258,7 +258,9 @@ Import bedrock2.Map.Separation. Local Open Scope sep_scope.
258258
Require Import bedrock2.ReversedListNotations.
259259
Local Notation run1 := (mcomp_sat (run1 Decode.RV32IM)).
260260
Local Notation RiscvMachine := MetricRiscvMachine.
261+
Local Notation MMIO := (string * word.rep * word.rep)%type.
261262
Goal True.
263+
pose (fun bs => lan9250_writepacket _ (bs : list byte) : list MMIO -> Prop).
262264
pose (run1 : RiscvMachine -> (RiscvMachine -> Prop) -> Prop).
263265
pose (always(iset:=Decode.RV32IM) : (RiscvMachine -> Prop) -> RiscvMachine -> Prop).
264266
Abort.

0 commit comments

Comments
 (0)