Closed Bug 1432431 Opened 8 years ago Closed 8 years ago

Land Cryptol/SAW specs for Poly1305

Categories

(NSS :: Test, enhancement)

Product:
NSS
Component:
Test
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: ttaubert, Assigned: ttaubert)

Details

Attachments

(1 file)

Bug 1432431 - Land Cryptol/SAW specs for Poly1305 r=franziskus
45 bytes, text/x-phabricator-request
franziskus
: review+
franziskus
: review+
Details | Review
I wrote Cryptol and SAW specs for Poly1305 that are able to verify our implementations for a single input/key pair. The 128-bit multiplication isn't verifiable as-is. It takes forever, probably literally. We would need to take the HACL* approach and gently guide Z3 to link the mathematical spec to the optimized spec. Let's not do this now, let's just land the specs so we have them in the repo.
Comment on attachment 8944672 [details] Bug 1432431 - Land Cryptol/SAW specs for Poly1305 r=franziskus Franziskus Kiefer [:fkiefer or :franziskus] has approved the revision. https://phabricator.services.mozilla.com/D430
Attachment #8944672 - Flags: review+
Comment on attachment 8944672 [details] Bug 1432431 - Land Cryptol/SAW specs for Poly1305 r=franziskus Franziskus Kiefer [:fkiefer or :franziskus] has approved the revision. https://phabricator.services.mozilla.com/D430#10707
Attachment #8944672 - Flags: review+
https://hg.mozilla.org/projects/nss/rev/28bc767eccd1
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.36
Hey Tim, do you think that there is any value in providing a tool for building and running these?
Flags: needinfo?(ttaubert)
(In reply to Martin Thomson [:mt:] from comment #5) > Hey Tim, do you think that there is any value in providing a tool for > building and running these? We actually have a tool, or rather a Docker image called "docker-saw" that runs ChaCha20 and bmul verification already: https://phabricator.services.mozilla.com/D388 I wrote the Poly1305 specs to test whether we can (re-)verify that code too, although I was quite sure it wouldn't work as-is. We need to help z3 along here, and I haven't found the time to do that yet. I tried with bmul64() but wasn't very successful thus far.
Flags: needinfo?(ttaubert)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: