* Changed state variable(s) to enumeration type

Jellix · web-flow · commit 9249b175d9d8 · 2018-02-05T14:02:46.000+01:00
The two Booleans Setup_Key_Called and Nonce_Setup_Called have been replaced by an enumeration type indicating the current Phase.
diff --git a/artifacts/gnatprove.out b/artifacts/gnatprove.out
@@ -1,4 +1,4 @@
-date               : 2017-10-23 14:52:55
+date               : 2018-02-05 12:57:40
 gnatprove version  : 2017 (20170515)
 host               : Windows 32 bits
 command line       : gnatprove.exe --assumptions --output-header -P security.gpr
@@ -8,19 +8,19 @@ gnatprove switches : --mode=all --prover=cvc4,z3,altergo --proof=progressive --s
 Summary of SPARK analysis
 =========================
 
--------------------------------------------------------------------------------------------------------------------------------------
-SPARK Analysis results        Total         Flow   Interval   CodePeer                                 Provers   Justified   Unproved
--------------------------------------------------------------------------------------------------------------------------------------
-Data Dependencies                 .            .          .          .                                       .           .          .
-Flow Dependencies                 .            .          .          .                                       .           .          .
-Initialization                  171          164          .          .                                       .           7          .
-Non-Aliasing                      .            .          .          .                                       .           .          .
-Run-time Checks                 187            .          .          .    187 (CVC4  99%, Z3  1%, altergo  0%)           .          .
-Assertions                       22            .          .          .                  22 (CVC4  98%, Z3  2%)           .          .
-Functional Contracts             21            .          .          .                  21 (CVC4  99%, Z3  1%)           .          .
-LSP Verification                  .            .          .          .                                       .           .          .
--------------------------------------------------------------------------------------------------------------------------------------
-Total                           401    164 (41%)          .          .                               230 (57%)      7 (2%)          .
+-------------------------------------------------------------------------------------------------------------------------
+SPARK Analysis results        Total         Flow   Interval   CodePeer                     Provers   Justified   Unproved
+-------------------------------------------------------------------------------------------------------------------------
+Data Dependencies                 .            .          .          .                           .           .          .
+Flow Dependencies                 .            .          .          .                           .           .          .
+Initialization                  166          159          .          .                           .           7          .
+Non-Aliasing                      .            .          .          .                           .           .          .
+Run-time Checks                 187            .          .          .    187 (CVC4  100%, Z3  0%)           .          .
+Assertions                       22            .          .          .                   22 (CVC4)           .          .
+Functional Contracts             21            .          .          .                   21 (CVC4)           .          .
+LSP Verification                  .            .          .          .                           .           .          .
+-------------------------------------------------------------------------------------------------------------------------
+Total                           396    159 (40%)          .          .                   230 (58%)      7 (2%)          .
 
 
 Analyzed 2 units
@@ -52,17 +52,14 @@ effects on parameters and Global variables of Crypto.To_Unsigned depends on
 absence of run-time errors of Crypto.To_Unsigned depends on
   effects on parameters and Global variables of Interfaces.Shift_Left
   absence of run-time errors of Interfaces.Shift_Left
-in unit crypto-phelix, 26 subprograms and packages out of 26 analyzed
+in unit crypto-phelix, 25 subprograms and packages out of 25 analyzed
   Crypto.Phelix at crypto-phelix.ads:57 flow analyzed (0 errors and 0 warnings) and proved (1 checks)
 absence of run-time errors of Crypto.Phelix fully established
   Crypto.Phelix.Context at crypto-phelix.ads:72 flow analyzed (0 errors and 0 warnings) and proved (0 checks)
 absence of run-time errors of Crypto.Phelix.Context fully established
   Crypto.Phelix.Ctx_AAD_Len at crypto-phelix.ads:75 flow analyzed (0 errors and 0 warnings) and proved (0 checks)
 effects on parameters and Global variables of Crypto.Phelix.Ctx_AAD_Len fully established
 absence of run-time errors of Crypto.Phelix.Ctx_AAD_Len fully established
-  Crypto.Phelix.Ctx_AAD_Xor at crypto-phelix.ads:371 flow analyzed (0 errors and 0 warnings) and proved (0 checks)
-effects on parameters and Global variables of Crypto.Phelix.Ctx_AAD_Xor fully established
-absence of run-time errors of Crypto.Phelix.Ctx_AAD_Xor fully established
   Crypto.Phelix.Ctx_I at crypto-phelix.ads:79 flow analyzed (0 errors and 0 warnings) and proved (0 checks)
 effects on parameters and Global variables of Crypto.Phelix.Ctx_I fully established
 absence of run-time errors of Crypto.Phelix.Ctx_I fully established
diff --git a/src/phelix/crypto-phelix.adb b/src/phelix/crypto-phelix.adb
@@ -182,7 +182,7 @@ package body Crypto.Phelix is
                               Increases => Src_Idx,
                               Increases => Dst_Idx,
                               Increases => Dst_Nxt);
-         pragma Loop_Invariant (Src_Idx = Source'Last      - Msg_Len + 1                                  and
+         pragma Loop_Invariant (Src_Idx = Source'Last - Msg_Len + 1                                       and
                                 Dst_Idx >= Destination'First and Dst_Idx = Destination'Last - Msg_Len + 1 and
                                 Dst_Nxt >= Destination'First and Dst_Nxt - 1 <= Destination'Last          and
                                 (for all X of Destination (Destination'First .. Dst_Nxt - 1) => X in Byte));
@@ -395,7 +395,7 @@ package body Crypto.Phelix is
 
       --  We finalized the stream, so the previous Nonce should never be reused.
       --  Ensure at least part of this condition by marking the current Nonce as invalid.
-      This.Nonce_Set := False;
+      This.Setup_Phase := Key_Has_Been_Setup;
    end Finalize;
 
    --
@@ -564,8 +564,7 @@ package body Crypto.Phelix is
       end;
 
       --  Key has been set up. Require a Nonce later.
-      This.Key_Set   := True;
-      This.Nonce_Set := False;
+      This.Setup_Phase := Key_Has_Been_Setup;
    end Setup_Key;
 
    --
@@ -611,7 +610,7 @@ package body Crypto.Phelix is
       This.CS.I := 8;
 
       --  Nonce has been set.
-      This.Nonce_Set := True;
+      This.Setup_Phase := Nonce_Has_Been_Setup;
    end Setup_Nonce;
 
 end Crypto.Phelix;
diff --git a/src/phelix/crypto-phelix.ads b/src/phelix/crypto-phelix.ads
@@ -92,7 +92,7 @@ is
      Ghost  => True,
      Global => null;
 
-   --  As the order in which calls are made are important, we define some proof
+   --  As the order in which calls are made is important, we define some proof
    --  functions to be used as precondition.
    function Setup_Key_Called (Ctx : Context) return Boolean with
      Ghost  => True,
@@ -353,24 +353,34 @@ private
          AAD_Xor : Word_32;      --  aadXor constant
       end record;
 
+   type Phase is (Uninitialized, Key_Has_Been_Setup, Nonce_Has_Been_Setup);
+   --  Ensure proper call sequence. State changes are:
+   --
+   --     (Uninitialized)
+   --           |
+   --           v
+   --   (Key_Has_Been_Setup) <-.
+   --           |              |
+   --           v              |
+   --  (Nonce_Has_Been_Setup)  |
+   --           |              |
+   --           `--------------'
+
    type Context is
       record
          KS        : Key_Schedule;
          CS        : Cipher_State;
-         --  This state variables are merely here to ensure proper call sequences as precondition.
-         --  Also, they need to be automatically initialized.
-         Key_Set   : Boolean := False;
-         Nonce_Set : Boolean := False;
+         --  This state variable is merely here to ensure proper call sequences
+         --  as precondition.
+         --  Also, we need it to be automatically initialized.
+         Setup_Phase : Phase := Uninitialized;
       end record;
 
    --  Proof functions
 
    function Ctx_AAD_Len (Ctx : Context) return Stream_Count is
      (Ctx.CS.AAD_Len);
 
-   function Ctx_AAD_Xor (Ctx : Context) return Word_32 is
-     (Ctx.CS.AAD_Xor);
-
    function Ctx_I (Ctx : Context) return Word_32 is
      (Ctx.CS.I);
 
@@ -384,9 +394,9 @@ private
      (Ctx.CS.Msg_Len);
 
    function Setup_Key_Called (Ctx : Context) return Boolean is
-     (Ctx.Key_Set);
+     (Ctx.Setup_Phase in Key_Has_Been_Setup .. Nonce_Has_Been_Setup);
 
    function Setup_Nonce_Called (Ctx : Context) return Boolean is
-     (Ctx.Key_Set and then Ctx.Nonce_Set);
+     (Ctx.Setup_Phase in Nonce_Has_Been_Setup);
 
 end Crypto.Phelix;
