diff --git a/mlkem/native/api.h b/mlkem/native/api.h index c39f63211..def32be36 100644 --- a/mlkem/native/api.h +++ b/mlkem/native/api.h @@ -319,7 +319,15 @@ __contract__( * len). **************************************************/ static INLINE int rej_uniform_native(int16_t *r, unsigned int len, - const uint8_t *buf, unsigned int buflen); + const uint8_t *buf, unsigned int buflen) +__contract__( + requires(len <= 4096 && buflen <= 4096 && buflen % 3 == 0) + requires(memory_no_alias(r, sizeof(int16_t) * len)) + requires(memory_no_alias(buf, buflen)) + assigns(memory_slice(r, sizeof(int16_t) * len)) + ensures(return_value == -1 || (0 <= return_value && return_value <= len)) + ensures(return_value != -1 ==> array_bound(r, 0, (unsigned) return_value, 0, MLKEM_Q)) +); #endif /* MLKEM_USE_NATIVE_REJ_UNIFORM */ #endif /* MLKEM_NATIVE_ARITH_NATIVE_API_H */ diff --git a/proofs/cbmc/rej_uniform_native/Makefile b/proofs/cbmc/rej_uniform_native/Makefile new file mode 100644 index 000000000..013c1bc6c --- /dev/null +++ b/proofs/cbmc/rej_uniform_native/Makefile @@ -0,0 +1,56 @@ +# SPDX-License-Identifier: Apache-2.0 + +include ../Makefile_params.common + +HARNESS_ENTRY = harness +HARNESS_FILE = rej_uniform_native_harness + +# This should be a unique identifier for this proof, and will appear on the +# Litani dashboard. It can be human-readable and contain spaces if you wish. +PROOF_UID = rej_uniform_native + +DEFINES += -DMLKEM_USE_NATIVE_BACKEND_ARITH -DMLKEM_NATIVE_ARITH_BACKEND_FILE="\"dummy_backend.h\"" +INCLUDES += + +REMOVE_FUNCTION_BODY += +UNWINDSET += + +PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c +PROJECT_SOURCES += $(SRCDIR)/mlkem/sampling.c + +CHECK_FUNCTION_CONTRACTS=$(MLKEM_NAMESPACE)rej_uniform +USE_FUNCTION_CONTRACTS=rej_uniform_native $(MLKEM_NAMESPACE)rej_uniform_scalar +APPLY_LOOP_CONTRACTS=on +USE_DYNAMIC_FRAMES=1 + +# Disable any setting of EXTERNAL_SAT_SOLVER, and choose SMT backend instead +EXTERNAL_SAT_SOLVER= +CBMCFLAGS=--bitwuzla + +#CBMCFLAGS += --no-array-field-sensitivity --arrays-uf-always --slice-formula + +FUNCTION_NAME = rej_uniform_native + +# If this proof is found to consume huge amounts of RAM, you can set the +# EXPENSIVE variable. With new enough versions of the proof tools, this will +# restrict the number of EXPENSIVE CBMC jobs running at once. See the +# documentation in Makefile.common under the "Job Pools" heading for details. +# EXPENSIVE = true + +# This function is large enough to need... +CBMC_OBJECT_BITS = 8 + +# If you require access to a file-local ("static") function or object to conduct +# your proof, set the following (and do not include the original source file +# ("mlkem/poly.c") in PROJECT_SOURCES). +# REWRITTEN_SOURCES = $(PROOFDIR)/<__SOURCE_FILE_BASENAME__>.i +# include ../Makefile.common +# $(PROOFDIR)/<__SOURCE_FILE_BASENAME__>.i_SOURCE = $(SRCDIR)/mlkem/poly.c +# $(PROOFDIR)/<__SOURCE_FILE_BASENAME__>.i_FUNCTIONS = foo bar +# $(PROOFDIR)/<__SOURCE_FILE_BASENAME__>.i_OBJECTS = baz +# Care is required with variables on the left-hand side: REWRITTEN_SOURCES must +# be set before including Makefile.common, but any use of variables on the +# left-hand side requires those variables to be defined. Hence, _SOURCE, +# _FUNCTIONS, _OBJECTS is set after including Makefile.common. + +include ../Makefile.common diff --git a/proofs/cbmc/rej_uniform_native/cbmc-proof.txt b/proofs/cbmc/rej_uniform_native/cbmc-proof.txt new file mode 100644 index 000000000..3d1913ebf --- /dev/null +++ b/proofs/cbmc/rej_uniform_native/cbmc-proof.txt @@ -0,0 +1,3 @@ +# SPDX-License-Identifier: Apache-2.0 + +# This file marks this directory as containing a CBMC proof. diff --git a/proofs/cbmc/rej_uniform_native/rej_uniform_native_harness.c b/proofs/cbmc/rej_uniform_native/rej_uniform_native_harness.c new file mode 100644 index 000000000..eccac7a54 --- /dev/null +++ b/proofs/cbmc/rej_uniform_native/rej_uniform_native_harness.c @@ -0,0 +1,19 @@ +// Copyright (c) 2024 The mlkem-native project authors +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: MIT-0 + +#include +#include "cbmc.h" + +#define rej_uniform MLKEM_NAMESPACE(rej_uniform) +unsigned int rej_uniform(int16_t *r, unsigned int target, unsigned int offset, + const uint8_t *buf, unsigned int buflen); + +void harness(void) +{ + unsigned int target, offset, inlen; + int16_t *r; + uint8_t *buf; + + rej_uniform(r, target, offset, buf, inlen); +}