Skip to content

Commit

Permalink
jazzct: add --doit argument
Browse files Browse the repository at this point in the history
Co-authored-by:  Ján Jančár <[email protected]>
  • Loading branch information
vbgl and J08nY committed Jun 13, 2024
1 parent e0e05ce commit 4c3e4bd
Show file tree
Hide file tree
Showing 6 changed files with 42 additions and 7 deletions.
6 changes: 6 additions & 0 deletions compiler/CCT/fail/doit/x86_64/rol.jazz
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
// This is CT in the ordinary sense, but not DOIT as ROL is not DOIT.
export fn rol(#secret reg u32 x) -> #secret reg u32 {
x <<r = 5;
x = x;
return x;
}
7 changes: 7 additions & 0 deletions compiler/CCT/fail/doit/x86_64/xchg.jazz
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
// This is CT in the ordinary sense, but not DOIT as XCHG is not DOIT.
export fn xchange(#secret reg u32 a, #secret reg u32 b) -> #secret reg u32, #secret reg u32 {
a = a;
b = b;
a, b = #swap(a, b);
return a, b;
}
6 changes: 6 additions & 0 deletions compiler/CCT/success/doit/by_stack.jazz
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
export fn id(#secret reg u32 x) -> #secret reg u32 {
stack u32 s;
s = x;
x = s;
return x;
}
2 changes: 1 addition & 1 deletion compiler/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ CHECK := $(CHECKPY) scripts/runtest --jobs="$(JSJOBS)"
CHECK += config/tests.config
CHECKCATS ?= \
safety \
CCT \
CCT CCT-DOIT \
x86-64-ATT \
x86-64-Intel \
x86-64-print \
Expand Down
7 changes: 7 additions & 0 deletions compiler/config/tests.config
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,13 @@ kodirs = safety/fail
bin = ./scripts/check-cct
okdirs = CCT/success
kodirs = CCT/fail
exclude = CCT/success/doit CCT/fail/doit

[test-CCT-DOIT]
bin = ./scripts/check-cct
args = --doit
okdirs = CCT/success/doit
kodirs = CCT/fail/doit

[test-SCT]
bin = ./scripts/check-cct
Expand Down
21 changes: 15 additions & 6 deletions compiler/entry/jazzct.ml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ open Utils

let parse_and_check arch call_conv =
let module A = (val get_arch_module arch call_conv) in
let check infer ct_list speculative pass file =
let check ~doit infer ct_list speculative pass file =
let _env, pprog, _ast =
try Compile.parse_file A.arch_info file with
| Annot.AnnotationError (loc, code) ->
Expand Down Expand Up @@ -44,7 +44,7 @@ let parse_and_check arch call_conv =
in

if speculative then
match Sct_checker_forward.ty_prog A.is_ct_sopn prog ct_list with
match Sct_checker_forward.ty_prog (A.is_ct_sopn ~doit) prog ct_list with
| exception Annot.AnnotationError (loc, code) ->
hierror ~loc:(Lone loc) ~kind:"annotation error" "%t" code
| sigs ->
Expand All @@ -53,7 +53,7 @@ let parse_and_check arch call_conv =
sigs
else
let sigs, errs =
Ct_checker_forward.ty_prog A.is_ct_sopn ~infer prog ct_list
Ct_checker_forward.ty_prog (A.is_ct_sopn ~doit) ~infer prog ct_list
in
Format.printf "/* Security types:\n@[<v>%a@]*/@."
(pp_list "@ " (Ct_checker_forward.pp_signature prog))
Expand All @@ -63,8 +63,13 @@ let parse_and_check arch call_conv =
in
Stdlib.Option.iter on_err errs
in
fun infer ct_list speculative compile file ->
match check infer ct_list speculative compile file with
fun infer ct_list speculative compile file doit ->
let compile =
if doit && compile < Compiler.PropagateInline then
Compiler.PropagateInline
else compile
in
match check ~doit infer ct_list speculative compile file with
| () -> ()
| exception HiError e ->
Format.eprintf "%a@." pp_hierror e;
Expand Down Expand Up @@ -104,6 +109,10 @@ let file =
let doc = "The Jasmin source file to verify" in
Arg.(required & pos 0 (some non_dir_file) None & info [] ~docv:"JAZZ" ~doc)

let doit =
let doc = "Allow only DOIT instructions on secrets" in
Arg.(value & flag & info [ "doit" ] ~doc)

let () =
let doc = "Check Constant-Time security of Jasmin programs" in
let man =
Expand All @@ -118,5 +127,5 @@ let () =
Cmd.v info
Term.(
const parse_and_check $ arch $ call_conv $ infer $ slice $ speculative
$ compile $ file)
$ compile $ file $ doit)
|> Cmd.eval |> exit

0 comments on commit 4c3e4bd

Please sign in to comment.