REPROSEC · TWal · Jul 17, 2024 · Jul 18, 2024
@@ -99,7 +99,7 @@ let all_sessions = [
 /// List of all local event predicates.
 
 let all_events = [
-  (dh_event_instance.tag, compile_event_pred dh_event_pred)
+  (dh_event_instance.tag, compile_event_pred dh_event_pred);
 ]
 
 /// Create the global trace invariants.
@@ -116,33 +116,21 @@ instance dh_protocol_invs: protocol_invariants = {
 
 /// Lemmas that the global state predicate contains all the local ones
 
-val all_sessions_has_all_sessions: unit -> Lemma (norm [delta_only [`%all_sessions; `%for_allP]; iota; zeta] (for_allP (has_local_bytes_state_predicate dh_protocol_invs) all_sessions))
-let all_sessions_has_all_sessions () =
+val all_sessions_has_all_sessions: squash (norm [delta_only [`%all_sessions; `%for_allP]; iota; zeta] (for_allP (has_local_bytes_state_predicate dh_protocol_invs) all_sessions))
+let all_sessions_has_all_sessions =
   assert_norm(List.Tot.no_repeats_p (List.Tot.map fst (all_sessions)));
   mk_global_local_bytes_state_predicate_correct dh_protocol_invs all_sessions;
   norm_spec [delta_only [`%all_sessions; `%for_allP]; iota; zeta] (for_allP (has_local_bytes_state_predicate dh_protocol_invs) all_sessions)
 
-val full_dh_session_pred_has_pki_invariant: squash (has_pki_invariant dh_protocol_invs)
-let full_dh_session_pred_has_pki_invariant = all_sessions_has_all_sessions ()
-
-val full_dh_session_pred_has_private_keys_invariant: squash (has_private_keys_invariant dh_protocol_invs)
-let full_dh_session_pred_has_private_keys_invariant = all_sessions_has_all_sessions ()
-
-val full_dh_session_pred_has_dh_invariant: squash (has_local_state_predicate dh_protocol_invs dh_session_pred)
-let full_dh_session_pred_has_dh_invariant = all_sessions_has_all_sessions ()
-
 /// Lemmas that the global event predicate contains all the local ones
 
-val all_events_has_all_events: unit -> Lemma (norm [delta_only [`%all_events; `%for_allP]; iota; zeta] (for_allP (has_compiled_event_pred dh_protocol_invs) all_events))
-let all_events_has_all_events () =
+#push-options "--fuel 1" // fuel is a workaround for FStarLang/FStar#3360
+val all_events_has_all_events: squash (norm [delta_only [`%all_events; `%for_allP]; iota; zeta] (for_allP (has_compiled_event_pred dh_protocol_invs) all_events))
+let all_events_has_all_events =
   assert_norm(List.Tot.no_repeats_p (List.Tot.map fst (all_events)));
   mk_event_pred_correct dh_protocol_invs all_events;
-  norm_spec [delta_only [`%all_events; `%for_allP]; iota; zeta] (for_allP (has_compiled_event_pred dh_protocol_invs) all_events);
-  let dumb_lemma (x:prop) (y:prop): Lemma (requires x /\ x == y) (ensures y) = () in
-  dumb_lemma (for_allP (has_compiled_event_pred dh_protocol_invs) all_events) (norm [delta_only [`%all_events; `%for_allP]; iota; zeta] (for_allP (has_compiled_event_pred dh_protocol_invs) all_events))
-
-val full_dh_event_pred_has_dh_invariant: squash (has_event_pred dh_protocol_invs dh_event_pred)
-let full_dh_event_pred_has_dh_invariant = all_events_has_all_events ()
+  norm_spec [delta_only [`%all_events; `%for_allP]; iota; zeta] (for_allP (has_compiled_event_pred dh_protocol_invs) all_events)
+#pop-options
 
 (*** Proofs ****)
 

@@ -17,9 +17,6 @@ type dh_session =
 %splice [ps_dh_session] (gen_parser (`dh_session))
 %splice [ps_dh_session_is_well_formed] (gen_is_well_formed_lemma (`dh_session))
 
-instance dh_session_parseable_serializeable: parseable_serializeable bytes dh_session
- = mk_parseable_serializeable ps_dh_session
-
 (*** Definition of events ***)
 [@@ with_bytes bytes]
 type dh_event =
@@ -146,4 +143,3 @@ let verify_msg3 global_sess_id alice bob msg_id bob_si =
     return (Some ())
   )
   | _ -> return None
-
@@ -90,7 +90,7 @@ let all_sessions = [
 /// List of all local event predicates.
 
 let all_events = [
-  (event_nsl_event.tag, compile_event_pred event_predicate_nsl)
+  (event_nsl_event.tag, compile_event_pred event_predicate_nsl);
 ]
 
 /// Create the global trace invariants.
@@ -107,33 +107,21 @@ instance protocol_invariants_nsl: protocol_invariants = {
 
 /// Lemmas that the global state predicate contains all the local ones
 
-val all_sessions_has_all_sessions: unit -> Lemma (norm [delta_only [`%all_sessions; `%for_allP]; iota; zeta] (for_allP (has_local_bytes_state_predicate protocol_invariants_nsl) all_sessions))
-let all_sessions_has_all_sessions () =
+val all_sessions_has_all_sessions: squash (norm [delta_only [`%all_sessions; `%for_allP]; iota; zeta] (for_allP (has_local_bytes_state_predicate protocol_invariants_nsl) all_sessions))
+let all_sessions_has_all_sessions =
   assert_norm(List.Tot.no_repeats_p (List.Tot.map fst (all_sessions)));
   mk_global_local_bytes_state_predicate_correct protocol_invariants_nsl all_sessions;
   norm_spec [delta_only [`%all_sessions; `%for_allP]; iota; zeta] (for_allP (has_local_bytes_state_predicate protocol_invariants_nsl) all_sessions)
 
-val protocol_invariants_nsl_has_pki_invariant: squash (has_pki_invariant protocol_invariants_nsl)
-let protocol_invariants_nsl_has_pki_invariant = all_sessions_has_all_sessions ()
-
-val protocol_invariants_nsl_has_private_keys_invariant: squash (has_private_keys_invariant protocol_invariants_nsl)
-let protocol_invariants_nsl_has_private_keys_invariant = all_sessions_has_all_sessions ()
-
-val protocol_invariants_nsl_has_nsl_session_invariant: squash (has_local_state_predicate protocol_invariants_nsl state_predicate_nsl)
-let protocol_invariants_nsl_has_nsl_session_invariant = all_sessions_has_all_sessions ()
-
 /// Lemmas that the global event predicate contains all the local ones
 
-val all_events_has_all_events: unit -> Lemma (norm [delta_only [`%all_events; `%for_allP]; iota; zeta] (for_allP (has_compiled_event_pred protocol_invariants_nsl) all_events))
-let all_events_has_all_events () =
+#push-options "--fuel 1" // fuel is a workaround for FStarLang/FStar#3360
+val all_events_has_all_events: squash (norm [delta_only [`%all_events; `%for_allP]; iota; zeta] (for_allP (has_compiled_event_pred protocol_invariants_nsl) all_events))
+let all_events_has_all_events =
   assert_norm(List.Tot.no_repeats_p (List.Tot.map fst (all_events)));
   mk_event_pred_correct protocol_invariants_nsl all_events;
-  norm_spec [delta_only [`%all_events; `%for_allP]; iota; zeta] (for_allP (has_compiled_event_pred protocol_invariants_nsl) all_events);
-  let dumb_lemma (x:prop) (y:prop): Lemma (requires x /\ x == y) (ensures y) = () in
-  dumb_lemma (for_allP (has_compiled_event_pred protocol_invariants_nsl) all_events) (norm [delta_only [`%all_events; `%for_allP]; iota; zeta] (for_allP (has_compiled_event_pred protocol_invariants_nsl) all_events))
-
-val protocol_invariants_nsl_has_nsl_event_invariant: squash (has_event_pred protocol_invariants_nsl event_predicate_nsl)
-let protocol_invariants_nsl_has_nsl_event_invariant = all_events_has_all_events ()
+  norm_spec [delta_only [`%all_events; `%for_allP]; iota; zeta] (for_allP (has_compiled_event_pred protocol_invariants_nsl) all_events)
+#pop-options
 
 (*** Proofs ***)
 

@@ -23,12 +23,9 @@ type nsl_session =
 %splice [ps_nsl_session] (gen_parser (`nsl_session))
 %splice [ps_nsl_session_is_well_formed] (gen_is_well_formed_lemma (`nsl_session))
 
-instance parseable_serializeable_bytes_nsl_session: parseable_serializeable bytes nsl_session
- = mk_parseable_serializeable ps_nsl_session
-
 instance local_state_nsl_session: local_state nsl_session = {
   tag = "NSL.Session";
-  format = parseable_serializeable_bytes_nsl_session;
+  format = mk_parseable_serializeable ps_nsl_session;
 }
 
 (*** Event type ***)

@@ -85,6 +85,7 @@ val has_compiled_event_pred:
 let has_compiled_event_pred invs (tag, epred) =
   has_local_pred split_event_pred_func event_pred (tag, epred)
 
+unfold
 val has_event_pred:
   #a:Type0 -> {|event a|} ->
   protocol_invariants -> event_predicate a -> prop

@@ -56,11 +56,9 @@ noeq type map (key_t:eqtype) (value_t:Type0) {|mt:map_types key_t value_t|} = {
 %splice [ps_map] (gen_parser (`map))
 %splice [ps_map_is_well_formed] (gen_is_well_formed_lemma (`map))
 
-instance parseable_serializeable_bytes_map (key_t:eqtype) (value_t:Type0) {|map_types key_t value_t|} : parseable_serializeable bytes (map key_t value_t) = mk_parseable_serializeable (ps_map key_t value_t)
-
 instance local_state_map (key_t:eqtype) (value_t:Type0) {|mt:map_types key_t value_t|}: local_state (map key_t value_t) = {
   tag = mt.tag;
-  format = (parseable_serializeable_bytes_map key_t value_t);
+  format = mk_parseable_serializeable (ps_map key_t value_t);
 }
 
 val map_elem_invariant:
@@ -116,6 +114,7 @@ let map_session_invariant #cinvs #key_t #value_t #mt mpred = {
   );
 }
 
+unfold
 val has_map_session_invariant:
   #key_t:eqtype -> #value_t:Type0 -> {|map_types key_t value_t|} ->
   protocol_invariants -> map_predicate key_t value_t -> prop

@@ -76,12 +76,13 @@ let pki_pred #cinvs = {
   pred_knowable = (fun tr prin sess_id key value -> ());
 }
 
+unfold
 val has_pki_invariant: protocol_invariants -> prop
 let has_pki_invariant invs =
   has_map_session_invariant invs pki_pred
 
 val pki_tag_and_invariant: {|crypto_invariants|} -> string & local_bytes_state_predicate
-let pki_tag_and_invariant #ci = (map_types_pki.tag, local_state_predicate_to_local_bytes_state_predicate (map_session_invariant pki_pred))
+let pki_tag_and_invariant #ci = ((local_state_map pki_key pki_value #map_types_pki).tag, local_state_predicate_to_local_bytes_state_predicate (map_session_invariant pki_pred))
 
 (*** PKI API ***)
 

@@ -68,12 +68,13 @@ let private_keys_pred #cinvs = {
   pred_knowable = (fun tr prin sess_id key value -> ());
 }
 
+unfold
 val has_private_keys_invariant: protocol_invariants -> prop
 let has_private_keys_invariant invs =
   has_map_session_invariant invs private_keys_pred
 
 val private_keys_tag_and_invariant: {|crypto_invariants|} -> string & local_bytes_state_predicate
-let private_keys_tag_and_invariant #ci = (map_types_private_keys.tag, local_state_predicate_to_local_bytes_state_predicate (map_session_invariant private_keys_pred))
+let private_keys_tag_and_invariant #ci = ((local_state_map private_key_key private_key_value #map_types_private_keys).tag, local_state_predicate_to_local_bytes_state_predicate (map_session_invariant private_keys_pred))
 
 val private_key_type_to_usage:
   private_key_type ->

@@ -60,6 +60,7 @@ let local_state_predicate_to_local_bytes_state_predicate #cinvs #a #ps_a tspred
     );
   }
 
+unfold
 val has_local_state_predicate:
   #a:Type -> {|local_state a|} ->
   invs:protocol_invariants -> local_state_predicate a ->