@@ -268,8 +268,11 @@ val sign_message_proof:
268268 is_publishable tr pk /\
269269 ( exists plain_payload nonce .
270270 payload == pke_enc pk nonce plain_payload /\
271- ( match parse ( encryption_input a ) #( parseable_serializeable_bytes_encryption_input # a ) plain_payload with
272- | Some ( Signed plain_payload_parsed ) -> comm_conf_auth_send_event_triggered tr sender receiver plain_payload_parsed
271+ ( match parse ( encryption_input a ) plain_payload with
272+ | Some ( Signed sender' receiver' plain_payload_parsed ) -> (
273+ sender == sender' /\ receiver == receiver' /\
274+ comm_conf_auth_send_event_triggered tr sender receiver plain_payload_parsed
275+ )
273276 | _ -> False )
274277 )
275278 )
@@ -293,7 +296,7 @@ let sign_message_proof #cinvs #a #config tr sender receiver input sk_sender nonc
293296 ()
294297 )
295298 | Inr ( payload , pk ) -> (
296- let sig_input : signature_input a = Encrypted sender receiver payload pk in
299+ let sig_input : signature_input a = Encrypted payload pk in
297300 let sig_input_bytes = serialize ( signature_input a ) sig_input in
298301 serialize_wf_lemma ( signature_input a ) ( is_publishable tr ) sig_input ;
299302 let signature = sign sk_sender nonce sig_input_bytes in
@@ -327,22 +330,22 @@ val send_authenticated_proof:
327330 SMTPat ( send_authenticated comm_keys_ids sender receiver payload tr );
328331 SMTPat ( core_comm_layer_lemmas_enabled higher_layer_preds )]
329332let send_authenticated_proof # invs # a tr higher_layer_preds comm_keys_ids sender receiver payload =
330- reveal_opaque (` %send_authenticated ) ( send_authenticated # a );
331- match send_authenticated comm_keys_ids sender receiver payload tr with
332- | ( None , tr_out ) -> ()
333- | ( Some _ , tr_out ) -> (
334- let ( Some sk_sender , tr' ) = get_private_key sender comm_keys_ids . private_keys ( LongTermSigKey ( comm_layer_sign_tag a )) tr in
335- let ( nonce , tr' ) = mk_rand SigNonce ( long_term_key_label sender ) 32 tr' in
336- higher_layer_preds . send_auth_later tr tr' sender payload ;
337- let ((), tr' ) = trigger_event sender ( CommAuthSendMsg sender payload <: communication_core_event a ) tr' in
338- assert ( comm_auth_send_event_triggered tr' sender payload );
339- sign_message_proof # invs . crypto_invs # a tr' sender receiver ( Inl payload ) sk_sender nonce ;
340- let msg_signed = sign_message # a sender receiver ( Inl payload ) sk_sender nonce in
341- let ( msg_id , tr' ) = send_msg msg_signed tr' in
342- assert ( tr_out == tr' );
343- assert ( trace_invariant tr_out );
344- ()
345- )
333+ reveal_opaque (` %send_authenticated ) ( send_authenticated # a );
334+ match send_authenticated comm_keys_ids sender receiver payload tr with
335+ | ( None , tr_out ) -> ()
336+ | ( Some _ , tr_out ) -> (
337+ let ( Some sk_sender , tr' ) = get_private_key sender comm_keys_ids . private_keys ( LongTermSigKey ( comm_layer_sign_tag a )) tr in
338+ let ( nonce , tr' ) = mk_rand SigNonce ( long_term_key_label sender ) 32 tr' in
339+ higher_layer_preds . send_auth_later tr tr' sender payload ;
340+ let ((), tr' ) = trigger_event sender ( CommAuthSendMsg sender payload <: communication_core_event a ) tr' in
341+ assert ( comm_auth_send_event_triggered tr' sender payload );
342+ sign_message_proof # invs . crypto_invs # a tr' sender receiver ( Inl payload ) sk_sender nonce ;
343+ let msg_signed = sign_message # a sender receiver ( Inl payload ) sk_sender nonce in
344+ let ( msg_id , tr' ) = send_msg msg_signed tr' in
345+ assert ( tr_out == tr' );
346+ assert ( trace_invariant tr_out );
347+ ()
348+ )
346349
347350
348351# push - options " --z3rlimit 20"
@@ -357,16 +360,17 @@ val verify_message_proof:
357360 ( requires
358361 has_communication_layer_core_crypto_predicates a /\
359362 is_publishable tr msg_bytes /\
360- is_public_key_for tr vk_sender ( LongTermSigKey ( comm_layer_sign_tag a )) sender
363+ is_public_key_for tr vk_sender ( LongTermSigKey ( comm_layer_sign_tag a )) sender /\
364+ Some sender == get_sender # a msg_bytes sk_receiver_opt
361365 )
362366 ( ensures (
363- match verify_message # a receiver msg_bytes sk_receiver_opt vk_sender with
367+ match verify_message # a sender receiver msg_bytes sk_receiver_opt vk_sender with
364368 | Some payload -> (
365369 let Some ( SigMessage msg_signed ) = parse comm_message_t msg_bytes in
366370 let Some sign_input = parse ( signature_input a ) msg_signed . msg in
367371 (
368- match sign_input with
369- | Plain sender' receiver' payload_bytes' -> (
372+ match sign_input , sk_receiver_opt with
373+ | Plain sender' receiver' payload_bytes' , None -> (
370374 is_well_formed a ( is_publishable tr ) ( Inl ?. v payload ) /\
371375 (
372376 sender == sender' /\
@@ -375,43 +379,79 @@ val verify_message_proof:
375379 is_corrupt tr ( long_term_key_label sender )
376380 )
377381 )
378- | Encrypted sender' receiver' payload_bytes' pk_receiver -> (
382+ | Encrypted payload_bytes' pk_receiver , Some sk_receiver -> (
379383 is_publishable tr ( Inr ?. v payload ) /\
380- (
381- sender == sender' /\
382- receiver == receiver' /\
383- (
384- exists plain_payload nonce .
385- ( Inr ?. v payload ) == pke_enc pk_receiver nonce plain_payload /\
386- ( match parse ( encryption_input a ) plain_payload with
387- | Some ( Signed plain_payload_parsed ) -> comm_conf_auth_send_event_triggered tr sender receiver plain_payload_parsed
388- | _ -> False )
389- ) \/ (
390- is_corrupt tr ( long_term_key_label sender )
391- )
384+ (
385+ let Some plaintext = pke_dec sk_receiver payload_bytes' in
386+ let Some enc_input = parse ( encryption_input a ) plaintext in
387+ let Signed sender' receiver' plain_payload_parsed = enc_input in
388+ sender == sender' /\ receiver == receiver' /\
389+ ( comm_conf_auth_send_event_triggered tr sender receiver plain_payload_parsed \/
390+ is_corrupt tr ( long_term_key_label sender ))
391+
392392 )
393393 )
394+ | _ -> False
394395 )
395396 )
396397 | _ -> True
397398 ))
398399let verify_message_proof # cinvs # a # config tr sender receiver msg_bytes sk_receiver_opt vk_sender =
399400 assert ( get_signkey_label tr vk_sender == long_term_key_label sender );
400- match verify_message # a receiver msg_bytes sk_receiver_opt vk_sender with
401+ match verify_message # a sender receiver msg_bytes sk_receiver_opt vk_sender with
401402 | None -> ()
402403 | Some payload -> (
403404 parse_wf_lemma comm_message_t ( is_publishable tr ) msg_bytes ;
404405 let Some msg_signed_t = parse comm_message_t msg_bytes in
405406 let SigMessage msg_signed = msg_signed_t in
406407 parse_wf_lemma ( signature_input a ) ( is_publishable tr ) msg_signed . msg ;
407408 let Some sign_input = parse ( signature_input a ) msg_signed . msg in
408- match sign_input with
409- | Plain sender' receiver' payload_bytes' -> (
409+ match sign_input , sk_receiver_opt with
410+ | Plain sender' receiver' payload_bytes' , None -> (
410411 ()
411412 )
412- | Encrypted sender' receiver' payload_bytes' pk_receiver -> (
413- ()
413+ | Encrypted payload_bytes pk_receiver , Some sk_receiver -> (
414+ let Some plaintext = pke_dec sk_receiver payload_bytes in
415+ let Some enc_input = parse ( encryption_input a ) plaintext in
416+ let Signed sender' receiver' plain_payload_parsed = enc_input in
417+ eliminate (
418+ exists plain_payload nonce .
419+ payload_bytes == pke_enc pk_receiver nonce plain_payload /\
420+ ( match parse ( encryption_input a ) plain_payload with
421+ | Some ( Signed sender'' receiver'' plain_payload_parsed ) -> (
422+ event_triggered tr sender'' ( CommConfAuthSendMsg sender'' receiver'' plain_payload_parsed <: communication_core_event a )
423+ )
424+ | _ -> False )
425+ ) \/ is_corrupt tr ( long_term_key_label sender )
426+ returns ( comm_conf_auth_send_event_triggered tr sender receiver plain_payload_parsed \/
427+ is_corrupt tr ( long_term_key_label sender ))
428+ with _ . (
429+ eliminate exists ( plain_payload : bytes ). ( exists ( nonce : bytes ).
430+ payload_bytes == pke_enc pk_receiver nonce plain_payload /\
431+ ( match parse ( encryption_input a ) plain_payload with
432+ | Some ( Signed sender'' receiver'' plain_payload_parsed ) -> (
433+ event_triggered tr sender'' ( CommConfAuthSendMsg sender'' receiver'' plain_payload_parsed <: communication_core_event a )
434+ )
435+ | _ -> False ))
436+ returns _
437+ with _ . (
438+ eliminate exists ( nonce : bytes ).
439+ payload_bytes == pke_enc pk_receiver nonce plain_payload /\
440+ ( match parse ( encryption_input a ) plain_payload with
441+ | Some ( Signed sender'' receiver'' plain_payload_parsed ) -> (
442+ event_triggered tr sender'' ( CommConfAuthSendMsg sender'' receiver'' plain_payload_parsed <: communication_core_event a )
443+ )
444+ | _ -> False )
445+ returns _
446+ with _ . (
447+ pke_dec_enc sk_receiver nonce plain_payload ;
448+ ()
449+ )
450+ )
451+ )
452+ and _ . ()
414453 )
454+ | _ -> ()
415455 )
416456# pop - options
417457
@@ -447,10 +487,10 @@ let receive_authenticated_proof #invs #a tr higher_layer_preds comm_keys_ids rec
447487 | ( None , tr_out ) -> ()
448488 | ( Some cm' , tr_out ) -> (
449489 let ( Some msg_signed_bytes , tr ) = recv_msg msg_id tr in
450- let Some sender = get_sender # a msg_signed_bytes in
490+ let Some sender = get_sender # a msg_signed_bytes None in
451491 let ( Some vk_sender , tr ) = get_public_key receiver comm_keys_ids . pki ( LongTermSigKey ( comm_layer_sign_tag a )) sender tr in
452492 verify_message_proof # invs . crypto_invs # a tr sender receiver msg_signed_bytes None vk_sender ;
453- match verify_message # a receiver msg_signed_bytes None vk_sender with
493+ match verify_message # a sender receiver msg_signed_bytes None vk_sender with
454494 | None -> ()
455495 | Some ( Inl payload ) -> (
456496 let ((), tr ) = trigger_event receiver ( CommAuthReceiveMsg sender receiver payload <: communication_core_event a ) tr in
@@ -487,8 +527,8 @@ val encrypt_and_sign_message_proof:
487527 )
488528let encrypt_and_sign_message_proof # cinvs # a tr sender receiver payload pk_receiver sk_sender enc_nonce sign_nonce =
489529 reveal_opaque (` %encrypt_and_sign_message ) ( encrypt_and_sign_message # a );
490- assert ( is_well_formed ( encryption_input a ) #( parseable_serializeable_bytes_encryption_input # a ) ( is_knowable_by ( comm_label sender receiver ) tr ) ( Signed payload ));
491- let enc_payload = pke_enc pk_receiver enc_nonce ( serialize ( encryption_input a ) ( Signed payload )) in
530+ assert ( is_well_formed ( encryption_input a ) #( parseable_serializeable_bytes_encryption_input # a ) ( is_knowable_by ( comm_label sender receiver ) tr ) ( Signed sender receiver payload ));
531+ let enc_payload = pke_enc pk_receiver enc_nonce ( serialize ( encryption_input a ) ( Signed sender receiver payload )) in
492532 sign_message_proof # cinvs # a tr sender receiver ( Inr ( enc_payload , pk_receiver )) sk_sender sign_nonce ;
493533 ()
494534
@@ -540,7 +580,6 @@ let send_confidential_authenticated_proof #invs #a tr higher_layer_preds comm_ke
540580# pop - options
541581
542582
543- # push - options " --ifuel 1 --z3rlimit 40"
544583val verify_and_decrypt_message_proof :
545584 {| cinvs : crypto_invariants |} ->
546585 # a :Type -> {| comm_layer_core_config a |} ->
@@ -552,14 +591,15 @@ val verify_and_decrypt_message_proof:
552591 has_communication_layer_core_crypto_predicates a /\
553592 is_publishable tr msg_encrypted_signed /\
554593 is_private_key_for tr sk_receiver ( LongTermPkeKey ( comm_layer_pkenc_tag a )) receiver /\
555- is_public_key_for tr vk_sender ( LongTermSigKey ( comm_layer_sign_tag a )) sender
594+ is_public_key_for tr vk_sender ( LongTermSigKey ( comm_layer_sign_tag a )) sender /\
595+ Some sender == get_sender # a msg_encrypted_signed ( Some sk_receiver )
556596 )
557597 ( ensures (
558- match verify_and_decrypt_message # a receiver sk_receiver vk_sender msg_encrypted_signed with
598+ match verify_and_decrypt_message # a sender receiver sk_receiver vk_sender msg_encrypted_signed with
559599 | None -> True
560600 | Some cm -> (
561601 (
562- ( exists sender . comm_conf_auth_send_event_triggered tr sender receiver cm . payload ) \/
602+ comm_conf_auth_send_event_triggered tr sender receiver cm . payload \/
563603 is_well_formed a ( is_publishable tr ) cm . payload
564604 ) /\ (
565605 comm_conf_auth_send_event_triggered tr sender receiver cm . payload \/
@@ -570,41 +610,25 @@ val verify_and_decrypt_message_proof:
570610let verify_and_decrypt_message_proof # cinvs # a tr sender receiver msg_encrypted_signed sk_receiver vk_sender =
571611 reveal_opaque (` %verify_and_decrypt_message ) ( verify_and_decrypt_message # a );
572612 reveal_opaque (` %decrypt_message ) ( decrypt_message # a );
573- match verify_and_decrypt_message # a receiver sk_receiver vk_sender msg_encrypted_signed with
613+ match verify_and_decrypt_message # a sender receiver sk_receiver vk_sender msg_encrypted_signed with
574614 | None -> ()
575615 | Some cm -> (
576616 verify_message_proof # cinvs # a tr sender receiver msg_encrypted_signed ( Some sk_receiver ) vk_sender ;
577- let Some ( Inr payload_enc ) = verify_message # a receiver msg_encrypted_signed ( Some sk_receiver ) vk_sender in
617+ let Some ( Inr payload_enc ) = verify_message # a sender receiver msg_encrypted_signed ( Some sk_receiver ) vk_sender in
578618 let Some msg_signed_t = parse comm_message_t msg_encrypted_signed in
579619 let SigMessage msg_signed = msg_signed_t in
580620 let Some sign_input = parse ( signature_input a ) msg_signed . msg in
581- let Encrypted _ _ _ pk_receiver = sign_input in
621+ let Encrypted _ pk_receiver = sign_input in
582622 assert ( pk_receiver == pk sk_receiver );
583623
584624 let Some plaintext = pke_dec sk_receiver payload_enc in
585625 let Some payload = parse ( encryption_input a ) plaintext in
586- let Signed payload = payload in
626+ let Signed sender receiver payload = payload in
587627
588628 FStar.Classical. move_requires ( parse_wf_lemma ( encryption_input a ) ( is_publishable tr )) plaintext ;
589- assert ( exists sender . event_triggered tr sender ( CommConfAuthSendMsg sender receiver payload <: communication_core_event a ) \/ is_well_formed a ( is_publishable tr ) payload );
590-
591- introduce (~( is_corrupt tr ( long_term_key_label sender ))) ==> (
592- comm_conf_auth_send_event_triggered tr sender receiver cm . payload
593- )
594- with _ . (
595- eliminate exists plain_payload nonce .
596- payload_enc == pke_enc pk_receiver nonce plain_payload /\
597- Some ? ( parse ( encryption_input a ) plain_payload ) /\
598- Signed ? ( Some ?. v ( parse ( encryption_input a ) plain_payload )) /\
599- comm_conf_auth_send_event_triggered tr sender receiver ( Signed ?. payload ( Some ?. v ( parse ( encryption_input a ) plain_payload )))
600- returns comm_conf_auth_send_event_triggered tr sender receiver cm . payload
601- with _ . (
602- pke_dec_enc sk_receiver nonce plain_payload ;
603- ()
604- )
605- )
629+ assert ( event_triggered tr sender ( CommConfAuthSendMsg sender receiver payload <: communication_core_event a ) \/ is_well_formed a ( is_publishable tr ) payload );
630+ ()
606631 )
607- # pop - options
608632
609633# push - options " --z3rlimit 50"
610634val receive_confidential_authenticated_proof :
@@ -640,11 +664,11 @@ let receive_confidential_authenticated_proof #invs #a tr higher_layer_preds comm
640664 | ( Some cm , tr_out ) -> (
641665 let ( Some msg_encrypted_signed , tr ) = recv_msg msg_id tr in
642666 let ( Some sk_receiver , tr ) = get_private_key receiver comm_keys_ids . private_keys ( LongTermPkeKey ( comm_layer_pkenc_tag a )) tr in
643- let Some sender = get_sender # a msg_encrypted_signed in
667+ let Some sender = get_sender # a msg_encrypted_signed ( Some sk_receiver ) in
644668 assert ( sender == cm . sender );
645669 let ( Some vk_sender , tr ) = get_public_key receiver comm_keys_ids . pki ( LongTermSigKey ( comm_layer_sign_tag a )) sender tr in
646670 verify_and_decrypt_message_proof # invs . crypto_invs # a tr sender receiver msg_encrypted_signed sk_receiver vk_sender ;
647- let Some cm = verify_and_decrypt_message # a receiver sk_receiver vk_sender msg_encrypted_signed in
671+ let Some cm = verify_and_decrypt_message # a sender receiver sk_receiver vk_sender msg_encrypted_signed in
648672 let ((), tr ) = trigger_event receiver ( CommConfAuthReceiveMsg sender receiver cm . payload <: communication_core_event a ) tr in
649673 assert ( trace_invariant tr );
650674 assert ( tr == tr_out );
0 commit comments