adapts DH initiator implementation to verify again

Author: ArquintL

dh/implementation/initiator/initiator.go

@@ -6,7 +6,8 @@ import . "dh-gobra/library"
 //@ import ft "dh-gobra/verification/fact"
 //@ import pl "dh-gobra/verification/place"
 //@ import io "dh-gobra/verification/iospec"
-//@ import tm "dh-gobra/verification/util"
+//@ import tm "dh-gobra/verification/utilterm"
+//@ import ay "dh-gobra/verification/utilbytes"
 //@ import am "dh-gobra/verification/term"
 //@ import p "dh-gobra/verification/pattern"
 //@ import pub "dh-gobra/verification/pub"
@@ -27,13 +28,15 @@ pred (i *Initiator) Mem(skAT, skBT tm.Term) {
 }
 
 ghost
+decreases
 requires acc(i.Mem(skAT, skBT), _)
 pure
 func (i *Initiator) getIdA(skAT, skBT tm.Term) uint32 {
 	return unfolding acc(i.Mem(skAT, skBT), _) in i.idA
 }
 
 ghost
+decreases
 requires acc(i.Mem(skAT, skBT), _)
 pure
 func (i *Initiator) getIdB(skAT, skBT tm.Term) uint32 {
@@ -43,14 +46,14 @@ func (i *Initiator) getIdB(skAT, skBT tm.Term) uint32 {
 
 //@ requires l.Mem()
 //@ requires pl.token(t) && io.P_Alice(t, am.freshTerm(fresh.fr_integer32(rid)), mset[ft.Fact]{})
-//@ requires rid != 0 && rid != 1
+//@ requires rid < 0 || 2 < rid
 //@ ensures  l.Mem()
 func RunInitiator(l *LibState, rid uint32 /*@, ghost t pl.Place @*/) (err error) {
 	//@ ridT := tm.integer32(rid)
 	//@ s := mset[ft.Fact]{}
 
 	//@ unfold io.P_Alice(t, ridT, s)
-	//@ unfold io.phiRF_Alice_5(t, ridT, s)
+	//@ unfold io.phiRF_Alice_7(t, ridT, s)
 	//@ assert acc(io.e_Setup_Alice(t, ridT))
 	//@ skAT := io.get_e_Setup_Alice_r3(t, ridT)
 	//@ skBT := io.get_e_Setup_Alice_r4(t, ridT)
@@ -74,7 +77,7 @@ func RunInitiator(l *LibState, rid uint32 /*@, ghost t pl.Place @*/) (err error)
 
 	// create x
 	//@ unfold io.P_Alice(t1, ridT, s1)
-	//@ unfold io.phiRF_Alice_3(t1, ridT, s1)
+	//@ unfold io.phiRF_Alice_5(t1, ridT, s1)
 	//@ assert acc(io.e_FrFact(t1, ridT))
 	//@ xT := io.get_e_FrFact_r1(t1, ridT)
 	var x []byte
@@ -170,7 +173,7 @@ func (i *Initiator) sendMsg1(X []byte /*@, ghost skAT tm.Term, ghost skBT tm.Ter
 	}
 
 	//@ unfold io.P_Alice(t1, ridT, s1)
-	//@ unfold io.phiRG_Alice_2(t1, ridT, s1)
+	//@ unfold io.phiRG_Alice_4(t1, ridT, s1)
 	//@ assert io.e_OutFact(t1, ridT, XT)
 	err /*@, t1 @*/ = i.l.Send(msg1Data /*@, t1, ridT, XT @*/)
 	//@ s1 = s1 setminus mset[ft.Fact]{ ft.OutFact_Alice(ridT, XT) }
@@ -190,7 +193,7 @@ func (i *Initiator) sendMsg1(X []byte /*@, ghost skAT tm.Term, ghost skBT tm.Ter
 func (i *Initiator) recvMsg2(X []byte, /*@ ghost skAT tm.Term, ghost skBT tm.Term, ghost xT tm.Term, ghost t pl.Place, ghost ridT tm.Term, ghost s mset[ft.Fact] @*/) (receivedY []byte, err error /*@, ghost YT tm.Term, ghost t1 pl.Place, ghost s1 mset[ft.Fact] @*/) {
 	//@ unfold acc(i.Mem(skAT, skBT), 1/2)
 	//@ unfold io.P_Alice(t, ridT, s)
-	//@ unfold io.phiRF_Alice_4(t, ridT, s)
+	//@ unfold io.phiRF_Alice_6(t, ridT, s)
 	//@ assert io.e_InFact(t, ridT)
 	var signedMsg2 []byte
 	//@ ghost var msg2T tm.Term
@@ -232,8 +235,9 @@ func (i *Initiator) recvMsg2(X []byte, /*@ ghost skAT tm.Term, ghost skBT tm.Ter
 	//@ idBT := tm.integer32(i.getIdB(skAT, skBT))
 	//@ XT := tm.exp(tm.generator(), xT)
 	//@ YT := p.patternRequirement2(ridT, idAT, idBT, skAT, skBT, xT, by.oneTerm(Abs(receivedY)), msg2T, t1, s1)
-	// the following assert stmt is needed for triggering reasons:
-	//@ assert by.getMsgB(Abs(signedMsg2)) == Abs(msg2Data)
+	// the following 2 assert stmts are needed for triggering reasons:
+	//@ assert ay.getMsgB(Abs(signedMsg2)) == Abs(msg2Data)
+	//@ assert by.ex55B(Abs(msg2Data)) == Abs(receivedY)
 	//@ assert Abs(receivedY) == by.gamma(YT)
 
 	//@ unfold io.P_Alice(t1, ridT, s1)
@@ -246,7 +250,8 @@ func (i *Initiator) recvMsg2(X []byte, /*@ ghost skAT tm.Term, ghost skBT tm.Ter
 		cl.IN_ALICE(YT, tm.tuple5(tm.integer32(Msg2Tag), idBT, idAT, XT, YT)),
         cl.Secret(idAT, idBT, tm.exp(YT, xT)),
         cl.Running(tm.idR(), tm.idI(), tm.tuple3(idAT, idBT, tm.exp(YT, xT))),
-        cl.Commit(tm.idI(), tm.idR(), tm.tuple3(idAT, idBT, tm.exp(YT, xT))) }
+        cl.Commit(tm.idI(), tm.idR(), tm.tuple3(idAT, idBT, tm.exp(YT, xT))),
+		cl.AliceHsDone(tm.exp(YT, xT)) }
 	r := mset[ft.Fact]{ ft.St_Alice_2(ridT, idAT, idBT, skAT, skBT, xT, YT),
 		ft.OutFact_Alice(ridT, msg3T) }
 	@*/
@@ -287,7 +292,7 @@ func (i *Initiator) sendMsg3(X, receivedY []byte /*@, ghost skAT tm.Term, ghost
 	//@ XT := tm.exp(tm.generator(), xT)
 	//@ msgT := tm.sign(tm.tuple5(tm.integer32(Msg3Tag), idAT, idBT, YT, XT), skAT)
 	//@ unfold io.P_Alice(t, ridT, s)
-	//@ unfold io.phiRG_Alice_2(t, ridT, s)
+	//@ unfold io.phiRG_Alice_4(t, ridT, s)
 	//@ assert acc(io.e_OutFact(t, ridT, msgT))
 	err /*@, t1 @*/ = i.l.Send(signedMsg3 /*@, t, ridT, msgT @*/)
 	//@ s1 = s setminus mset[ft.Fact]{ ft.OutFact_Alice(ridT, msgT) }

dh/implementation/library/crypto.go

@@ -11,7 +11,8 @@ import sign "golang.org/x/crypto/nacl/sign"
 //@ import . "dh-gobra/verification/place"
 //@ import . "dh-gobra/verification/iospec"
 //@ import am "dh-gobra/verification/term"
-//@ import tm "dh-gobra/verification/util"
+//@ import by "dh-gobra/verification/utilbytes"
+//@ import tm "dh-gobra/verification/utilterm"
 
 const NonceLength = 24
 
@@ -97,7 +98,7 @@ func (l *LibState) expMod(base, exp []byte) (res []byte, err error) {
 //@ preserves acc(l.Mem(), 1/16)
 //@ preserves acc(Mem(exp), 1/16)
 //@ ensures err == nil ==> Mem(res)
-//@ ensures err == nil ==> Abs(res) == expB(generatorB(), Abs(exp))
+//@ ensures err == nil ==> Abs(res) == expB(by.generatorB(), Abs(exp))
 // arg is big-endian
 func (l *LibState) DhExp(exp []byte) (res []byte, err error) {
 	g := big.NewInt(GroupGenerator)
@@ -156,6 +157,7 @@ func (l *LibState) Open(signedData []byte, pk []byte /*@, ghost skT tm.Term @*/)
 }
 
 //@ trusted
+//@ decreases
 //@ requires acc(Mem(s1), 1/16) && acc(Mem(s2), 1/16)
 //@ ensures  res == (Abs(s1) == Abs(s2))
 //@ pure

dh/implementation/library/io.go

@@ -5,7 +5,7 @@ import fmt "fmt"
 //@ import . "dh-gobra/verification/bytes"
 //@ import . "dh-gobra/verification/place"
 //@ import . "dh-gobra/verification/iospec"
-//@ import tm "dh-gobra/verification/util"
+//@ import tm "dh-gobra/verification/utilterm"
 
 const MAX_DATA_SIZE = 1024
 

dh/implementation/library/marshal.go

@@ -3,6 +3,7 @@ package library
 import binary "encoding/binary"
 import errors "errors"
 //@ import . "dh-gobra/verification/bytes"
+//@ import by "dh-gobra/verification/utilbytes"
 
 const Msg2Tag uint32 = 0
 const Msg3Tag uint32 = 1
@@ -52,7 +53,7 @@ func (l *LibState) MarshalMsg1(msg1 *Msg1) (res []byte, err error) {
 //@ trusted
 //@ preserves acc(Mem(data), 1/16)
 //@ ensures err == nil ==> res.Mem()
-//@ ensures err == nil ==> Abs(data) == (unfolding acc(res.Mem(), 1/16) in tuple5B(integer32B(Msg2Tag), integer32B(res.IdB), integer32B(res.IdA), Abs(res.X), Abs(res.Y)))
+//@ ensures err == nil ==> Abs(data) == (unfolding acc(res.Mem(), 1/16) in by.tuple5B(by.integer32B(Msg2Tag), by.integer32B(res.IdB), by.integer32B(res.IdA), Abs(res.X), Abs(res.Y)))
 func (l *LibState) UnmarshalMsg2(data []byte) (res *Msg2, err error) {
 	if len(data) < 2 * DHHalfKeyLength + 12 {
 		return nil, errors.New("msg2 is too short")
@@ -75,7 +76,7 @@ func (l *LibState) UnmarshalMsg2(data []byte) (res *Msg2, err error) {
 //@ trusted
 //@ preserves acc(msg3.Mem(), 1/16)
 //@ ensures err == nil ==> Mem(res)
-//@ ensures err == nil ==> Abs(res) == (unfolding acc(msg3.Mem(), 1/16) in tuple5B(integer32B(Msg3Tag), integer32B(msg3.IdA), integer32B(msg3.IdB), Abs(msg3.Y), Abs(msg3.X)))
+//@ ensures err == nil ==> Abs(res) == (unfolding acc(msg3.Mem(), 1/16) in by.tuple5B(by.integer32B(Msg3Tag), by.integer32B(msg3.IdA), by.integer32B(msg3.IdB), Abs(msg3.Y), Abs(msg3.X)))
 func (l *LibState) MarshalMsg3(msg3 *Msg3) (res []byte, err error) {
 	res = make([]byte, 12)
 	binary.BigEndian.PutUint32(res[:4], Msg3Tag)

dh/implementation/library/state.go

@@ -18,6 +18,7 @@ pred (l *LibState) Mem()
 pred Mem(data []byte)
 
 ghost
+decreases
 requires acc(Mem(b), _)
 pure func Abs(b []byte) (res by.Bytes)
 @*/