├── src ├── .gitignore ├── sparknacl-hashing.ads ├── sparknacl-sign-utils.ads ├── sparknacl-sign-utils.adb ├── sparknacl-pdebug.ads ├── sparknacl-sanitize_u16.adb ├── sparknacl-sanitize_u32.adb ├── sparknacl-sanitize_u64.adb ├── sparknacl-sanitize.adb ├── sparknacl-sanitize_gf32.adb ├── sparknacl-sanitize_i64_seq.adb ├── sparknacl-sanitize_gf16.adb ├── sparknacl-sanitize_gf64_pa.adb ├── sparknacl-sanitize_u32_seq.adb ├── sparknacl-scalar.ads ├── sparknacl-sanitize_boolean.adb ├── sparknacl-debug.ads ├── sparknacl-car.ads ├── sparknacl-hashing-sha384.ads ├── sparknacl-hashing-sha512.ads ├── sparknacl-hashing-sha256.ads ├── sparknacl.adc ├── Makefile ├── sparknacl_no_elab.adc ├── sparknacl-hashing-rfsb509.ads ├── sparknacl-hashing-sha2_common.ads ├── sparknacl-pdebug.adb ├── sparknacl-hashing-sha512.adb ├── sparknacl-hashing-sha384.adb ├── sparknacl-mac.ads ├── sparknacl-hkdf.adb ├── sparknacl-hkdf.ads ├── sparknacl-utils.ads ├── sparknacl-sign.ads ├── sparknacl-debug.adb ├── sparknacl-secretbox.ads ├── sparknacl-scalar.adb ├── sparknacl-cryptobox.adb ├── sparknacl-stream.ads ├── sparknacl-core.ads ├── sparknacl-cryptobox.ads └── sparknacl-aes.ads ├── lib └── .gitignore ├── perf ├── fenceit.h ├── perf.ld ├── aes128 │ ├── aes128.ld │ ├── makefile │ ├── src │ │ ├── io.ads │ │ ├── aes128.adb │ │ └── io.adb │ └── aes128.gpr ├── aes256 │ ├── aes256.ld │ ├── makefile │ ├── src │ │ ├── io.ads │ │ ├── aes256.adb │ │ └── io.adb │ └── aes256.gpr ├── rfsb509 │ ├── rfsb509.ld │ ├── makefile │ ├── src │ │ ├── io.ads │ │ ├── rfsb509.adb │ │ └── io.adb │ └── rfsb509.gpr ├── fenceit.c ├── tweetcount.h ├── d.h ├── tweetcount.c ├── devurandom.h ├── tsm.gpr ├── tbox.gpr ├── tcore.gpr ├── tsign.gpr ├── tsize.gpr ├── devurandom.c ├── perf.adc ├── tsm.mk ├── d.c ├── tbox.mk ├── tcore.mk ├── io.ads ├── tsize.mk ├── tsign.mk ├── csrs.s ├── perf.gpr ├── io.adb ├── tweetnacl_api.ads ├── tsm.adb └── tcore.adb ├── tests ├── .gitignore ├── scalarspeed.gpr ├── src │ ├── c │ │ ├── supercop-20230530_rfsb509_hash.h │ │ ├── supercop-20230530_sha256_blocks.h │ │ ├── supercop-20230530_rfsb509_compress.h │ │ ├── supercop-20230530_rfsb509_hash.c │ │ └── supercop-20230530_rfsb509_compress.c │ └── ada │ │ ├── supercop_rfsb509_api.ads │ │ ├── random.ads │ │ ├── scalarmult2.adb │ │ ├── scalarmult.adb │ │ ├── random.adb │ │ ├── badbox.adb │ │ ├── scalarmult6.adb │ │ ├── scalarmult5.adb │ │ ├── stream3.adb │ │ ├── stream2.adb │ │ ├── stream.adb │ │ ├── ecdh.adb │ │ ├── sign.adb │ │ ├── secretbox7.adb │ │ ├── stream6.adb │ │ ├── box7.adb │ │ ├── hash.adb │ │ ├── core1.adb │ │ ├── core3.adb │ │ ├── aes128_cipher_composition.adb │ │ ├── aes256_cipher_composition.adb │ │ ├── secretbox9.adb │ │ ├── secretbox3.adb │ │ ├── scalarspeed.adb │ │ ├── rfsb509_supercop_regression.adb │ │ ├── onetimeauth7.adb │ │ ├── secretbox8.adb │ │ ├── onetimeauth.adb │ │ ├── box8.adb │ │ ├── onetimeauth2.adb │ │ ├── stream5.adb │ │ ├── secretbox.adb │ │ ├── stream4.adb │ │ ├── secretbox2.adb │ │ ├── testall.adb │ │ ├── aes128_cipher_kat.adb │ │ └── box.adb ├── testall.gpr └── Makefile ├── stress ├── gf_stress.adb ├── car_stress.adb ├── pack_stress.adb ├── diff_car_stress.adb ├── stressall.gpr ├── sparknacl-tests.ads └── stressall.adb ├── .gitignore ├── alire.toml └── LICENCE.md /src/.gitignore: -------------------------------------------------------------------------------- 1 | gnatprove/ 2 | -------------------------------------------------------------------------------- /lib/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /perf/fenceit.h: -------------------------------------------------------------------------------- 1 | void fenceit(void); 2 | -------------------------------------------------------------------------------- /perf/perf.ld: -------------------------------------------------------------------------------- 1 | __stack_size = 11*1024; 2 | -------------------------------------------------------------------------------- /perf/aes128/aes128.ld: -------------------------------------------------------------------------------- 1 | __stack_size = 11*1024; 2 | -------------------------------------------------------------------------------- /perf/aes256/aes256.ld: -------------------------------------------------------------------------------- 1 | __stack_size = 11*1024; 2 | -------------------------------------------------------------------------------- /perf/rfsb509/rfsb509.ld: -------------------------------------------------------------------------------- 1 | __stack_size = 11*1024; 2 | -------------------------------------------------------------------------------- /tests/.gitignore: -------------------------------------------------------------------------------- 1 | b__testall.adb 2 | b__testall.ads 3 | new_test_results 4 | testall 5 | -------------------------------------------------------------------------------- /perf/fenceit.c: -------------------------------------------------------------------------------- 1 | void fenceit() 2 | { 3 | static unsigned long long fencecount = 0; 4 | fencecount++; 5 | } 6 | -------------------------------------------------------------------------------- /src/sparknacl-hashing.ads: -------------------------------------------------------------------------------- 1 | package SPARKNaCl.Hashing 2 | with Pure, 3 | SPARK_Mode => On 4 | is 5 | 6 | end SPARKNaCl.Hashing; 7 | -------------------------------------------------------------------------------- /stress/gf_stress.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl.Tests; 2 | procedure GF_Stress 3 | is 4 | begin 5 | SPARKNaCl.Tests.GF_Stress; 6 | end GF_Stress; 7 | -------------------------------------------------------------------------------- /stress/car_stress.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl.Tests; 2 | procedure Car_Stress 3 | is 4 | begin 5 | SPARKNaCl.Tests.Car_Stress; 6 | end Car_Stress; 7 | -------------------------------------------------------------------------------- /stress/pack_stress.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl.Tests; 2 | procedure Pack_Stress 3 | is 4 | begin 5 | SPARKNaCl.Tests.Pack_Stress; 6 | end Pack_Stress; 7 | -------------------------------------------------------------------------------- /stress/diff_car_stress.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl.Tests; 2 | procedure Diff_Car_Stress 3 | is 4 | begin 5 | SPARKNaCl.Tests.Diff_Car_Stress; 6 | end Diff_Car_Stress; 7 | -------------------------------------------------------------------------------- /perf/tweetcount.h: -------------------------------------------------------------------------------- 1 | extern unsigned long long tweet_gf_add; 2 | extern unsigned long long tweet_gf_sub; 3 | extern unsigned long long tweet_gf_mul; 4 | extern unsigned long long tweet_gf_car; 5 | 6 | void tweet_reset(void); 7 | -------------------------------------------------------------------------------- /perf/d.h: -------------------------------------------------------------------------------- 1 | void dh (const char *s, const unsigned char *d, const int n); 2 | 3 | void dgf (const char *s, const long long *d); 4 | 5 | void dll (const char *s, const long long d); 6 | 7 | void dgs (const char *s, const long long *d); 8 | -------------------------------------------------------------------------------- /src/sparknacl-sign-utils.ads: -------------------------------------------------------------------------------- 1 | package SPARKNaCl.Sign.Utils 2 | with Pure, 3 | SPARK_Mode => On 4 | is 5 | procedure Construct (X : in Bytes_64; 6 | Y : out Signing_SK); 7 | 8 | end SPARKNaCl.Sign.Utils; 9 | -------------------------------------------------------------------------------- /stress/stressall.gpr: -------------------------------------------------------------------------------- 1 | with "../sparknacl.gpr"; 2 | project Stressall is 3 | 4 | for Create_Missing_Dirs use "True"; 5 | for Object_Dir use "."; 6 | for Source_Dirs use ("."); 7 | for Main use ("stressall.adb"); 8 | 9 | end Stressall; 10 | -------------------------------------------------------------------------------- /tests/scalarspeed.gpr: -------------------------------------------------------------------------------- 1 | with "../sparknacl.gpr"; 2 | project Scalarspeed is 3 | 4 | for Create_Missing_Dirs use "True"; 5 | for Object_Dir use "obj"; 6 | for Source_Dirs use ("src/c", "src/ada"); 7 | for Main use ("scalarspeed.adb"); 8 | 9 | end Scalarspeed; 10 | -------------------------------------------------------------------------------- /src/sparknacl-sign-utils.adb: -------------------------------------------------------------------------------- 1 | package body SPARKNaCl.Sign.Utils 2 | with SPARK_Mode => On 3 | is 4 | procedure Construct (X : in Bytes_64; 5 | Y : out Signing_SK) 6 | is 7 | begin 8 | Y.F := X; 9 | end Construct; 10 | 11 | end SPARKNaCl.Sign.Utils; 12 | -------------------------------------------------------------------------------- /perf/tweetcount.c: -------------------------------------------------------------------------------- 1 | unsigned long long tweet_gf_add; 2 | unsigned long long tweet_gf_sub; 3 | unsigned long long tweet_gf_mul; 4 | unsigned long long tweet_gf_car; 5 | 6 | void tweet_reset(void) 7 | { 8 | tweet_gf_add = 0; 9 | tweet_gf_sub = 0; 10 | tweet_gf_mul = 0; 11 | tweet_gf_car = 0; 12 | } 13 | -------------------------------------------------------------------------------- /src/sparknacl-pdebug.ads: -------------------------------------------------------------------------------- 1 | private package SPARKNaCl.PDebug 2 | with SPARK_Mode => On 3 | is 4 | 5 | procedure DH16 (S : in String; D : in Normal_GF); 6 | 7 | procedure DH32 (S : in String; D : in GF32); 8 | 9 | procedure DH64 (S : in String; D : in GF64); 10 | 11 | end SPARKNaCl.PDebug; 12 | -------------------------------------------------------------------------------- /tests/src/c/supercop-20230530_rfsb509_hash.h: -------------------------------------------------------------------------------- 1 | #ifndef H_SUPERCOP_20230530_RFSB509_HASH_H 2 | #define H_SUPERCOP_20230530_RFSB509_HASH_H 3 | 4 | int rfsb509_crypto_hash( 5 | unsigned char *out, 6 | const unsigned char *in, 7 | unsigned long long inlen 8 | ); 9 | #endif // H_SUPERCOP_20230530_RFSB509_HASH_H 10 | -------------------------------------------------------------------------------- /tests/src/c/supercop-20230530_sha256_blocks.h: -------------------------------------------------------------------------------- 1 | #ifndef H_SUPERCOP_20230530_SHA512_BLOCKS_H 2 | #define H_SUPERCOP_20230530_SHA512_BLOCKS_H 3 | 4 | int sha256_crypto_hashblocks( 5 | unsigned char *statebytes, 6 | const unsigned char *in, 7 | unsigned long long inlen 8 | ); 9 | #endif // H_SUPERCOP_20230530_SHA512_BLOCKS_H 10 | -------------------------------------------------------------------------------- /tests/src/c/supercop-20230530_rfsb509_compress.h: -------------------------------------------------------------------------------- 1 | #ifndef H_SUPERCOP_20230530_RFSB509_COMPRESS_H 2 | #define H_SUPERCOP_20230530_RFSB509_COMPRESS_H 3 | 4 | int rfsb509_crypto_hashblocks( 5 | unsigned char *r, 6 | const unsigned char *b, 7 | unsigned long long blen 8 | ); 9 | #endif // H_SUPERCOP_20230530_RFSB509_COMPRESS_H 10 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | **/*.o 2 | **/*.ads.stderr 3 | **/*.ads.stdout 4 | **/*.adb.stderr 5 | **/*.adb.stdout 6 | **/*.c.stderr 7 | **/*.c.stdout 8 | **/*.ads.rep 9 | **/*.adb.rep 10 | **/*.ali 11 | **/*.ci 12 | **/*.bexch 13 | **/*.cswi 14 | **/*.lexch 15 | **/*.asm 16 | **/*.hex 17 | **/*.map 18 | **/b__*.ads 19 | **/b__*.adb 20 | **/undefined.ciu 21 | *.ksh 22 | gnatinspect.db 23 | obj/ 24 | lib/ 25 | alire/ 26 | -------------------------------------------------------------------------------- /src/sparknacl-sanitize_u16.adb: -------------------------------------------------------------------------------- 1 | separate (SPARKNaCl) 2 | procedure Sanitize_U16 (R : out U16) is 3 | begin 4 | R := 0; 5 | pragma Inspection_Point (R); -- See RM H3.2 (9) 6 | 7 | -- Add target-dependent code here to 8 | -- 1. flush and invalidate data cache, 9 | -- 2. wait until writes have committed (e.g. a memory-fence instruction) 10 | -- 3. whatever else is required. 11 | end Sanitize_U16; 12 | -------------------------------------------------------------------------------- /src/sparknacl-sanitize_u32.adb: -------------------------------------------------------------------------------- 1 | separate (SPARKNaCl) 2 | procedure Sanitize_U32 (R : out U32) is 3 | begin 4 | R := 0; 5 | pragma Inspection_Point (R); -- See RM H3.2 (9) 6 | 7 | -- Add target-dependent code here to 8 | -- 1. flush and invalidate data cache, 9 | -- 2. wait until writes have committed (e.g. a memory-fence instruction) 10 | -- 3. whatever else is required. 11 | end Sanitize_U32; 12 | -------------------------------------------------------------------------------- /src/sparknacl-sanitize_u64.adb: -------------------------------------------------------------------------------- 1 | separate (SPARKNaCl) 2 | procedure Sanitize_U64 (R : out U64) is 3 | begin 4 | R := 0; 5 | pragma Inspection_Point (R); -- See RM H3.2 (9) 6 | 7 | -- Add target-dependent code here to 8 | -- 1. flush and invalidate data cache, 9 | -- 2. wait until writes have committed (e.g. a memory-fence instruction) 10 | -- 3. whatever else is required. 11 | end Sanitize_U64; 12 | -------------------------------------------------------------------------------- /src/sparknacl-sanitize.adb: -------------------------------------------------------------------------------- 1 | separate (SPARKNaCl) 2 | procedure Sanitize (R : out Byte_Seq) is 3 | begin 4 | R := (others => 0); 5 | pragma Inspection_Point (R); -- See RM H3.2 (9) 6 | 7 | -- Add target-dependent code here to 8 | -- 1. flush and invalidate data cache, 9 | -- 2. wait until writes have committed (e.g. a memory-fence instruction) 10 | -- 3. whatever else is required. 11 | end Sanitize; 12 | -------------------------------------------------------------------------------- /stress/sparknacl-tests.ads: -------------------------------------------------------------------------------- 1 | package SPARKNaCl.Tests 2 | is 3 | -- Additional stress test cases for NaCl operations. 4 | 5 | -- This is a child package of SPARKNaCl so these bodies 6 | -- can see the private part and operations of SPARKNaCl. 7 | procedure GF_Stress; 8 | 9 | procedure Car_Stress; 10 | 11 | procedure Diff_Car_Stress; 12 | 13 | procedure Pack_Stress; 14 | 15 | end SPARKNaCl.Tests; 16 | -------------------------------------------------------------------------------- /src/sparknacl-sanitize_gf32.adb: -------------------------------------------------------------------------------- 1 | separate (SPARKNaCl) 2 | procedure Sanitize_GF32 (R : out GF32) is 3 | begin 4 | R := GF32'(others => 0); 5 | pragma Inspection_Point (R); -- See RM H3.2 (9) 6 | 7 | -- Add target-dependent code here to 8 | -- 1. flush and invalidate data cache, 9 | -- 2. wait until writes have committed (e.g. a memory-fence instruction) 10 | -- 3. whatever else is required. 11 | end Sanitize_GF32; 12 | -------------------------------------------------------------------------------- /src/sparknacl-sanitize_i64_seq.adb: -------------------------------------------------------------------------------- 1 | separate (SPARKNaCl) 2 | procedure Sanitize_I64_Seq (R : out I64_Seq) is 3 | begin 4 | R := (others => 0); 5 | pragma Inspection_Point (R); -- See RM H3.2 (9) 6 | 7 | -- Add target-dependent code here to 8 | -- 1. flush and invalidate data cache, 9 | -- 2. wait until writes have committed (e.g. a memory-fence instruction) 10 | -- 3. whatever else is required. 11 | end Sanitize_I64_Seq; 12 | -------------------------------------------------------------------------------- /src/sparknacl-sanitize_gf16.adb: -------------------------------------------------------------------------------- 1 | separate (SPARKNaCl) 2 | procedure Sanitize_GF16 (R : out Normal_GF) is 3 | begin 4 | R := Normal_GF'(others => 0); 5 | pragma Inspection_Point (R); -- See RM H3.2 (9) 6 | 7 | -- Add target-dependent code here to 8 | -- 1. flush and invalidate data cache, 9 | -- 2. wait until writes have committed (e.g. a memory-fence instruction) 10 | -- 3. whatever else is required. 11 | end Sanitize_GF16; 12 | -------------------------------------------------------------------------------- /src/sparknacl-sanitize_gf64_pa.adb: -------------------------------------------------------------------------------- 1 | separate (SPARKNaCl) 2 | procedure Sanitize_GF64_PA (R : out GF64_PA) is 3 | begin 4 | R := GF64_PA'(others => 0); 5 | pragma Inspection_Point (R); -- See RM H3.2 (9) 6 | 7 | -- Add target-dependent code here to 8 | -- 1. flush and invalidate data cache, 9 | -- 2. wait until writes have committed (e.g. a memory-fence instruction) 10 | -- 3. whatever else is required. 11 | end Sanitize_GF64_PA; 12 | -------------------------------------------------------------------------------- /src/sparknacl-sanitize_u32_seq.adb: -------------------------------------------------------------------------------- 1 | separate (SPARKNaCl) 2 | procedure Sanitize_U32_Seq (R : out U32_Seq) is 3 | begin 4 | R := (others => 0); 5 | pragma Inspection_Point (R); -- See RM H3.2 (9) 6 | 7 | -- Add target-dependent code here to 8 | -- 1. flush and invalidate data cache, 9 | -- 2. wait until writes have committed (e.g. a memory-fence instruction) 10 | -- 3. whatever else is required. 11 | end Sanitize_U32_Seq; 12 | -------------------------------------------------------------------------------- /perf/devurandom.h: -------------------------------------------------------------------------------- 1 | /* 2 | randombytes/devurandom.h version 20080713 3 | D. J. Bernstein 4 | Public domain. 5 | */ 6 | 7 | #ifndef randombytes_devurandom_H 8 | #define randombytes_devurandom_H 9 | 10 | #ifdef __cplusplus 11 | extern "C" { 12 | #endif 13 | 14 | extern void randombytes(unsigned char *,unsigned long long); 15 | 16 | #ifdef __cplusplus 17 | } 18 | #endif 19 | 20 | #ifndef randombytes_implementation 21 | #define randombytes_implementation "devurandom" 22 | #endif 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /tests/src/ada/supercop_rfsb509_api.ads: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with Interfaces; use Interfaces; 3 | with Interfaces.C; 4 | package SUPERCOP_RFSB509_API 5 | is 6 | function SUPERCOP_RFSB509_Hash 7 | (Output : out Byte_Seq; 8 | Input : in Byte_Seq; 9 | Input_Length : in Unsigned_64) return Interfaces.C.Int 10 | with Import => True, 11 | Convention => C, 12 | External_Name => "rfsb509_crypto_hash"; 13 | 14 | end SUPERCOP_RFSB509_API; 15 | -------------------------------------------------------------------------------- /tests/src/ada/random.ads: -------------------------------------------------------------------------------- 1 | with Interfaces; 2 | with SPARKNaCl; 3 | package Random 4 | with SPARK_Mode => On, 5 | Abstract_State => (Entropy with External => Async_Writers) 6 | is 7 | --=========================== 8 | -- Exported subprograms 9 | --=========================== 10 | 11 | function Random_Byte return Interfaces.Unsigned_8 12 | with Global => Entropy, 13 | Volatile_Function; 14 | 15 | procedure Random_Bytes (R : out SPARKNaCl.Byte_Seq) 16 | with Global => Entropy; 17 | 18 | end Random; 19 | -------------------------------------------------------------------------------- /src/sparknacl-scalar.ads: -------------------------------------------------------------------------------- 1 | package SPARKNaCl.Scalar 2 | with Pure, 3 | SPARK_Mode => On 4 | is 5 | -------------------------------------------------------- 6 | -- Scalar multiplication 7 | -------------------------------------------------------- 8 | 9 | function Mult (N : in Bytes_32; 10 | P : in Bytes_32) return Bytes_32 11 | with Global => null, 12 | Pure_Function; 13 | 14 | function Mult_Base (N : in Bytes_32) return Bytes_32 15 | with Global => null, 16 | Pure_Function; 17 | 18 | end SPARKNaCl.Scalar; 19 | -------------------------------------------------------------------------------- /src/sparknacl-sanitize_boolean.adb: -------------------------------------------------------------------------------- 1 | separate (SPARKNaCl) 2 | procedure Sanitize_Boolean (R : out Boolean) is 3 | begin 4 | R := False; -- Boolean'Pos (0) 5 | 6 | -- It seems an inspection point is not possible on R here, since 7 | -- it is passed by copy in a register 8 | -- pragma Inspection_Point (R); -- See RM H3.2 (9) 9 | 10 | -- Add target-dependent code here to 11 | -- 1. flush and invalidate data cache, 12 | -- 2. wait until writes have committed (e.g. a memory-fence instruction) 13 | -- 3. whatever else is required. 14 | end Sanitize_Boolean; 15 | -------------------------------------------------------------------------------- /perf/tsm.gpr: -------------------------------------------------------------------------------- 1 | with "../../AdaCore/Ada_Drivers_Library/boards/HiFive1_rev_B/hifive1_rev_b_zfp.gpr"; 2 | with "../sparknacl.gpr"; 3 | with "perf.gpr"; 4 | 5 | project TSM is 6 | 7 | for Runtime ("ada") use HiFive1_rev_B_ZFP'Runtime ("Ada"); 8 | for Target use "riscv32-elf"; 9 | for Languages use ("Ada", "C", "Asm"); 10 | for Source_Dirs use ("."); 11 | for Object_Dir use "."; 12 | for Create_Missing_Dirs use "True"; 13 | 14 | for Main use ("tsm.adb"); 15 | 16 | package Compiler renames Perf.Compiler; 17 | package Linker renames Perf.Linker; 18 | package Ide renames Perf.Ide; 19 | 20 | end TSM; 21 | -------------------------------------------------------------------------------- /perf/tbox.gpr: -------------------------------------------------------------------------------- 1 | with "../../AdaCore/Ada_Drivers_Library/boards/HiFive1_rev_B/hifive1_rev_b_zfp.gpr"; 2 | with "../sparknacl.gpr"; 3 | with "perf.gpr"; 4 | 5 | project TBox is 6 | 7 | for Runtime ("ada") use HiFive1_rev_B_ZFP'Runtime ("Ada"); 8 | for Target use "riscv32-elf"; 9 | for Languages use ("Ada", "C", "Asm"); 10 | for Source_Dirs use ("."); 11 | for Object_Dir use "."; 12 | for Create_Missing_Dirs use "True"; 13 | 14 | for Main use ("tbox.adb"); 15 | 16 | package Compiler renames Perf.Compiler; 17 | package Linker renames Perf.Linker; 18 | package Ide renames Perf.Ide; 19 | 20 | end TBox; 21 | -------------------------------------------------------------------------------- /src/sparknacl-debug.ads: -------------------------------------------------------------------------------- 1 | package SPARKNaCl.Debug 2 | with SPARK_Mode => On 3 | is 4 | -- as per Boolean'Image (B) but does not violate the 5 | -- No_Enumeration_Maps restriction 6 | function Img (B : in Boolean) return String is 7 | (if B then "TRUE" else "FALSE"); 8 | 9 | procedure DH (S : in String; D : in Byte_Seq); 10 | procedure DH (S : in String; D : in U32_Seq); 11 | procedure DH (S : in String; D : in Boolean); 12 | 13 | procedure DH (S : in String; D : in I64); 14 | -- Same but output in hex 15 | procedure DHH (S : in String; D : in I64); 16 | 17 | end SPARKNaCl.Debug; 18 | -------------------------------------------------------------------------------- /perf/tcore.gpr: -------------------------------------------------------------------------------- 1 | with "../../AdaCore/Ada_Drivers_Library/boards/HiFive1_rev_B/hifive1_rev_b_zfp.gpr"; 2 | with "../sparknacl.gpr"; 3 | with "perf.gpr"; 4 | 5 | project TCore is 6 | 7 | for Runtime ("ada") use HiFive1_rev_B_ZFP'Runtime ("Ada"); 8 | for Target use "riscv32-elf"; 9 | for Languages use ("Ada", "C", "Asm"); 10 | for Source_Dirs use ("."); 11 | for Object_Dir use "."; 12 | for Create_Missing_Dirs use "True"; 13 | 14 | for Main use ("tcore.adb"); 15 | 16 | package Compiler renames Perf.Compiler; 17 | package Linker renames Perf.Linker; 18 | package Ide renames Perf.Ide; 19 | 20 | end TCore; 21 | -------------------------------------------------------------------------------- /perf/tsign.gpr: -------------------------------------------------------------------------------- 1 | with "../../AdaCore/Ada_Drivers_Library/boards/HiFive1_rev_B/hifive1_rev_b_zfp.gpr"; 2 | with "../sparknacl.gpr"; 3 | with "perf.gpr"; 4 | 5 | project TSign is 6 | 7 | for Runtime ("ada") use HiFive1_rev_B_ZFP'Runtime ("Ada"); 8 | for Target use "riscv64-elf"; 9 | for Languages use ("Ada", "C", "Asm"); 10 | for Source_Dirs use ("."); 11 | for Object_Dir use "."; 12 | for Create_Missing_Dirs use "True"; 13 | 14 | for Main use ("tsign.adb"); 15 | 16 | package Compiler renames Perf.Compiler; 17 | package Linker renames Perf.Linker; 18 | package Ide renames Perf.Ide; 19 | 20 | end TSign; 21 | -------------------------------------------------------------------------------- /perf/tsize.gpr: -------------------------------------------------------------------------------- 1 | with "../../AdaCore/Ada_Drivers_Library/boards/HiFive1_rev_B/hifive1_rev_b_zfp.gpr"; 2 | with "../sparknacl.gpr"; 3 | with "perf.gpr"; 4 | 5 | project TSize is 6 | 7 | for Runtime ("ada") use HiFive1_rev_B_ZFP'Runtime ("Ada"); 8 | for Target use "riscv32-elf"; 9 | for Languages use ("Ada", "C", "Asm"); 10 | for Source_Dirs use ("."); 11 | for Object_Dir use "."; 12 | for Create_Missing_Dirs use "True"; 13 | 14 | for Main use ("tsize.adb"); 15 | 16 | package Compiler renames Perf.Compiler; 17 | package Linker renames Perf.Linker; 18 | package Ide renames Perf.Ide; 19 | 20 | end TSize; 21 | -------------------------------------------------------------------------------- /tests/src/ada/scalarmult2.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 3 | with SPARKNaCl.Scalar; use SPARKNaCl.Scalar; 4 | procedure Scalarmult2 5 | is 6 | BobSK : constant Bytes_32 := 7 | (16#5d#, 16#ab#, 16#08#, 16#7e#, 16#62#, 16#4a#, 16#8a#, 16#4b#, 8 | 16#79#, 16#e1#, 16#7f#, 16#8b#, 16#83#, 16#80#, 16#0e#, 16#e6#, 9 | 16#6f#, 16#3b#, 16#b1#, 16#29#, 16#26#, 16#18#, 16#b6#, 16#fd#, 10 | 16#1c#, 16#2f#, 16#8b#, 16#27#, 16#ff#, 16#88#, 16#e0#, 16#eb#); 11 | BobPK : Bytes_32; 12 | begin 13 | BobPK := Mult_Base (BobSK); 14 | DH ("BobPK is", BobPK); 15 | end Scalarmult2; 16 | -------------------------------------------------------------------------------- /tests/src/ada/scalarmult.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 3 | with SPARKNaCl.Scalar; use SPARKNaCl.Scalar; 4 | procedure Scalarmult 5 | is 6 | AliceSK : constant Bytes_32 := 7 | (16#77#, 16#07#, 16#6d#, 16#0a#, 16#73#, 16#18#, 16#a5#, 16#7d#, 8 | 16#3c#, 16#16#, 16#c1#, 16#72#, 16#51#, 16#b2#, 16#66#, 16#45#, 9 | 16#df#, 16#4c#, 16#2f#, 16#87#, 16#eb#, 16#c0#, 16#99#, 16#2a#, 10 | 16#b1#, 16#77#, 16#fb#, 16#a5#, 16#1d#, 16#b9#, 16#2c#, 16#2a#); 11 | AlicePK : Bytes_32; 12 | begin 13 | AlicePK := Mult_Base (AliceSK); 14 | DH ("AlicePK is", AlicePK); 15 | end Scalarmult; 16 | -------------------------------------------------------------------------------- /perf/devurandom.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | /* it's really stupid that there isn't a syscall for this */ 7 | 8 | static int fd = -1; 9 | 10 | void randombytes(unsigned char *x,unsigned long long xlen) 11 | { 12 | int i; 13 | 14 | if (fd == -1) { 15 | for (;;) { 16 | fd = open("/dev/urandom",O_RDONLY); 17 | if (fd != -1) break; 18 | sleep(1); 19 | } 20 | } 21 | 22 | while (xlen > 0) { 23 | if (xlen < 1048576) i = xlen; else i = 1048576; 24 | 25 | i = read(fd,x,i); 26 | if (i < 1) { 27 | sleep(1); 28 | continue; 29 | } 30 | 31 | x += i; 32 | xlen -= i; 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /stress/stressall.adb: -------------------------------------------------------------------------------- 1 | with GF_Stress; 2 | with Diff_Car_Stress; 3 | with Car_Stress; 4 | with Pack_Stress; 5 | 6 | with Ada.Text_IO; use Ada.Text_IO; 7 | with Ada.Exceptions; use Ada.Exceptions; 8 | with GNAT.Traceback.Symbolic; use GNAT.Traceback.Symbolic; 9 | 10 | procedure Stressall 11 | is 12 | begin 13 | Put_Line ("GF Stress"); 14 | GF_Stress; 15 | Put_Line ("Diff Car Stress"); 16 | Diff_Car_Stress; 17 | Put_Line ("Car Stress"); 18 | Car_Stress; 19 | Put_Line ("Pack Stress"); 20 | Pack_Stress; 21 | exception 22 | when E : others => 23 | Put_Line (Exception_Message (E)); 24 | Put_Line (Exception_Information (E)); 25 | Put_Line (Symbolic_Traceback (E)); 26 | end Stressall; 27 | -------------------------------------------------------------------------------- /src/sparknacl-car.ads: -------------------------------------------------------------------------------- 1 | private package SPARKNaCl.Car 2 | with Pure, 3 | SPARK_Mode => On 4 | is 5 | --========================================== 6 | -- Functions supporting normalization 7 | -- of GF values following "+", "-" or "*" 8 | -- operations. 9 | -- 10 | -- See the specific subtype declarations 11 | -- in the private part of the specification 12 | -- of SPARKNaCl for precise details of the 13 | -- formal parameter and return value for 14 | -- each function. 15 | --========================================== 16 | 17 | function Nearlynormal_To_Normal 18 | (X : in Nearlynormal_GF) return Normal_GF 19 | with Pure_Function, 20 | Global => null; 21 | 22 | end SPARKNaCl.Car; 23 | -------------------------------------------------------------------------------- /perf/perf.adc: -------------------------------------------------------------------------------- 1 | pragma Restrictions (No_Tasking); 2 | pragma Restrictions (No_Allocators); 3 | pragma Restrictions (No_Anonymous_Allocators); 4 | pragma Restrictions (No_Delay); 5 | pragma Restrictions (No_Dispatching_Calls); 6 | pragma Restrictions (No_Enumeration_Maps); 7 | pragma Restrictions (No_Finalization); 8 | pragma Restrictions (No_Fixed_Point); 9 | pragma Restrictions (No_Floating_Point); 10 | pragma Restrictions (No_Implicit_Dynamic_Code); 11 | pragma Restrictions (No_Implicit_Heap_Allocations); 12 | pragma Restrictions (No_Implicit_Protected_Object_Allocations); 13 | pragma Restrictions (No_Implicit_Task_Allocations); 14 | pragma Restrictions (No_Recursion); 15 | pragma Restrictions (No_Relative_Delay); 16 | pragma Assume_No_Invalid_Values (On); 17 | -------------------------------------------------------------------------------- /src/sparknacl-hashing-sha384.ads: -------------------------------------------------------------------------------- 1 | package SPARKNaCl.Hashing.SHA384 2 | with Pure, 3 | SPARK_Mode => On 4 | is 5 | subtype Digest is Bytes_48; 6 | 7 | -------------------------------------------------------- 8 | -- Procedural interface. Faster assuming Output is 9 | -- passed by reference 10 | -------------------------------------------------------- 11 | 12 | procedure Hash (Output : out Digest; 13 | M : in Byte_Seq) 14 | with Global => null; 15 | 16 | -------------------------------------------------------- 17 | -- Functional interfaces 18 | -------------------------------------------------------- 19 | 20 | function Hash (M : in Byte_Seq) return Digest 21 | with Global => null; 22 | 23 | end SPARKNaCl.Hashing.SHA384; -------------------------------------------------------------------------------- /src/sparknacl-hashing-sha512.ads: -------------------------------------------------------------------------------- 1 | package SPARKNaCl.Hashing.SHA512 2 | with Pure, 3 | SPARK_Mode => On 4 | is 5 | subtype Digest is Bytes_64; 6 | 7 | -------------------------------------------------------- 8 | -- Procedural interface. Faster assuming Output is 9 | -- passed by reference 10 | -------------------------------------------------------- 11 | 12 | procedure Hash (Output : out Digest; 13 | M : in Byte_Seq) 14 | with Global => null; 15 | 16 | -------------------------------------------------------- 17 | -- Functional interfaces 18 | -------------------------------------------------------- 19 | 20 | function Hash (M : in Byte_Seq) return Digest 21 | with Global => null; 22 | 23 | end SPARKNaCl.Hashing.SHA512; 24 | -------------------------------------------------------------------------------- /tests/src/ada/random.adb: -------------------------------------------------------------------------------- 1 | with Ada.Numerics.Discrete_Random; 2 | package body Random 3 | with SPARK_Mode => Off 4 | is 5 | pragma Compile_Time_Warning 6 | (True, "This PRNG is not cryptographically secure."); 7 | 8 | package PRNG is new Ada.Numerics.Discrete_Random (Interfaces.Unsigned_8); 9 | 10 | Gen : PRNG.Generator; 11 | 12 | function Random_Byte return Interfaces.Unsigned_8 13 | is 14 | begin 15 | return PRNG.Random (Gen); 16 | end Random_Byte; 17 | 18 | procedure Random_Bytes (R : out SPARKNaCl.Byte_Seq) 19 | is 20 | begin 21 | for I in R'Range loop 22 | pragma Loop_Optimize (No_Unroll); 23 | R (I) := Random_Byte; 24 | end loop; 25 | end Random_Bytes; 26 | 27 | begin 28 | PRNG.Reset (Gen); -- time dependent 29 | end Random; 30 | -------------------------------------------------------------------------------- /tests/src/ada/badbox.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Cryptobox; use SPARKNaCl.Cryptobox; 3 | with SPARKNaCl.Stream; 4 | with Ada.Text_IO; use Ada.Text_IO; 5 | procedure BadBox 6 | is 7 | AliceSK, BobSK : Secret_Key; 8 | AlicePK, BobPK : Public_Key; 9 | N : Stream.HSalsa20_Nonce; 10 | S, S2 : Boolean; 11 | 12 | subtype Text is Byte_Seq (0 .. 100); 13 | M, C, M2 : Text := (others => 0); 14 | begin 15 | Keypair (AlicePK, AliceSK); 16 | Keypair (BobPK, BobSK); 17 | Random_Bytes (Bytes_24 (N)); 18 | 19 | Random_Bytes (M (Plaintext_Zero_Bytes .. M'Last)); 20 | 21 | -- Final 2 params wrong way round 22 | Create (C, S, M, N, AliceSK, BobPK); 23 | 24 | -- Final 2 params wrong way round 25 | Open (M2, S2, C, N, BobSK, AlicePK); 26 | end BadBox; 27 | -------------------------------------------------------------------------------- /src/sparknacl-hashing-sha256.ads: -------------------------------------------------------------------------------- 1 | package SPARKNaCl.Hashing.SHA256 2 | with Pure, 3 | SPARK_Mode => On 4 | is 5 | subtype Digest is Bytes_32; 6 | 7 | -------------------------------------------------------- 8 | -- Procedural interface. Faster assuming Output is 9 | -- passed by reference 10 | -------------------------------------------------------- 11 | 12 | procedure Hash (Output : out Digest; 13 | M : in Byte_Seq) 14 | with Global => null, 15 | Always_Terminates; 16 | 17 | -------------------------------------------------------- 18 | -- Functional interfaces 19 | -------------------------------------------------------- 20 | 21 | function Hash (M : in Byte_Seq) return Digest 22 | with Global => null; 23 | 24 | end SPARKNaCl.Hashing.SHA256; 25 | -------------------------------------------------------------------------------- /perf/tsm.mk: -------------------------------------------------------------------------------- 1 | all: tsm.hex tsm.asm 2 | 3 | tsm: tsm.adb io.adb io.ads tweetnacl_api.ads tweetnacl.c 4 | gprbuild -Ptsm -v -XSPARKNACL_RUNTIME_MODE=zfp -XSPARKNACL_RUNTIME_CHECKS=disabled -XSPARKNACL_CONTRACTS=disabled 5 | @mv main.map tsm.map 6 | @grep "^.data" tsm.map 7 | @grep "^.bss" tsm.map 8 | @grep "__stack_start =" tsm.map 9 | @grep "__stack_end =" tsm.map 10 | @grep "__bss_start =" tsm.map 11 | @grep "__bss_end =" tsm.map 12 | 13 | tsm.hex: tsm 14 | riscv32-elf-objcopy -O ihex tsm tsm.hex 15 | 16 | tsm.asm: tsm 17 | riscv32-elf-objdump -S tsm >tsm.asm 18 | 19 | stack: tsm 20 | gnatstack -Ptsm 21 | 22 | run: tsm.hex 23 | cp tsm.hex /media/rchapman/HiFive 24 | 25 | clean: 26 | rm -f tsm.hex 27 | rm -f tsm.map 28 | rm -f d.ci 29 | rm -f devurandom.ci 30 | rm -f graph.vcg 31 | rm -f tweetnacl.ci 32 | rm -f undefined.ciu 33 | gprclean -Ptsm 34 | -------------------------------------------------------------------------------- /perf/d.c: -------------------------------------------------------------------------------- 1 | #include 2 | void dh (const char *s, const unsigned char *d, const int n) 3 | { 4 | int i; 5 | printf ("%s\n", s); 6 | for (i = 0; i < n; i++) 7 | { 8 | printf ("16#%02X# ",(unsigned int) d[i]); 9 | if (i % 8 == 7) printf("\n"); 10 | } 11 | printf("\n"); 12 | } 13 | 14 | 15 | void dgf (const char *s, const long long *d) 16 | { 17 | int i; 18 | printf ("%s\n", s); 19 | for (i = 0; i < 16; i++) 20 | { 21 | printf (" %lld", d[i]); 22 | } 23 | printf("\n"); 24 | } 25 | 26 | void dgs (const char *s, const long long *d) 27 | { 28 | int i; 29 | printf ("%s\n", s); 30 | for (i = 0; i < 64; i++) 31 | { 32 | printf (" %lld", d[i]); 33 | } 34 | printf("\n"); 35 | } 36 | 37 | void dll (const char *s, const long long d) 38 | { 39 | printf ("%s\n", s); 40 | printf ("%lld\n", d); 41 | } 42 | -------------------------------------------------------------------------------- /perf/tbox.mk: -------------------------------------------------------------------------------- 1 | all: tbox.hex tbox.asm 2 | 3 | tbox: tbox.adb io.adb io.ads tweetnacl_api.ads tweetnacl.c 4 | gprbuild -Ptbox -v -XSPARKNACL_RUNTIME_MODE=zfp -XSPARKNACL_RUNTIME_CHECKS=disabled -XSPARKNACL_CONTRACTS=disabled 5 | @mv main.map tbox.map 6 | @grep "^.data" tbox.map 7 | @grep "^.bss" tbox.map 8 | @grep "__stack_start =" tbox.map 9 | @grep "__stack_end =" tbox.map 10 | @grep "__bss_start =" tbox.map 11 | @grep "__bss_end =" tbox.map 12 | 13 | tbox.hex: tbox 14 | riscv32-elf-objcopy -O ihex tbox tbox.hex 15 | 16 | tbox.asm: tbox 17 | riscv32-elf-objdump -S tbox >tbox.asm 18 | 19 | stack: tbox 20 | gnatstack -Ptbox 21 | 22 | run: tbox.hex 23 | cp tbox.hex /media/rchapman/HiFive 24 | 25 | clean: 26 | rm -f tbox.hex 27 | rm -f tbox.map 28 | rm -f d.ci 29 | rm -f devurandom.ci 30 | rm -f graph.vcg 31 | rm -f tweetnacl.ci 32 | rm -f undefined.ciu 33 | gprclean -Ptbox 34 | -------------------------------------------------------------------------------- /src/sparknacl.adc: -------------------------------------------------------------------------------- 1 | -- Partition-wide restrictions 2 | pragma Restriction_Warnings (No_Tasking); 3 | pragma Restriction_Warnings (No_Allocators); 4 | pragma Restriction_Warnings (No_Anonymous_Allocators); 5 | pragma Restriction_Warnings (No_Delay); 6 | pragma Restriction_Warnings (No_Dispatching_Calls); 7 | pragma Restriction_Warnings (No_Enumeration_Maps); 8 | pragma Restriction_Warnings (No_Finalization); 9 | pragma Restriction_Warnings (No_Fixed_Point); 10 | pragma Restriction_Warnings (No_Floating_Point); 11 | pragma Restriction_Warnings (No_Implicit_Dynamic_Code); 12 | pragma Restriction_Warnings (No_Implicit_Heap_Allocations); 13 | pragma Restriction_Warnings (No_Implicit_Protected_Object_Allocations); 14 | pragma Restriction_Warnings (No_Implicit_Task_Allocations); 15 | pragma Restriction_Warnings (No_Recursion); 16 | pragma Restriction_Warnings (No_Relative_Delay); 17 | 18 | -- Compilation unit restrictions 19 | -------------------------------------------------------------------------------- /perf/tcore.mk: -------------------------------------------------------------------------------- 1 | all: tcore.hex tcore.asm 2 | 3 | tcore: tcore.adb io.adb io.ads tweetnacl_api.ads tweetnacl.c 4 | gprbuild -Ptcore -v -XSPARKNACL_RUNTIME_MODE=zfp -XSPARKNACL_RUNTIME_CHECKS=disabled -XSPARKNACL_CONTRACTS=disabled 5 | @mv main.map tcore.map 6 | @grep "^.data" tcore.map 7 | @grep "^.bss" tcore.map 8 | @grep "__stack_start =" tcore.map 9 | @grep "__stack_end =" tcore.map 10 | @grep "__bss_start =" tcore.map 11 | @grep "__bss_end =" tcore.map 12 | 13 | tcore.hex: tcore 14 | riscv32-elf-objcopy -O ihex tcore tcore.hex 15 | 16 | tcore.asm: tcore 17 | riscv32-elf-objdump -S tcore >tcore.asm 18 | 19 | stack: tcore 20 | gnatstack -Ptcore 21 | 22 | run: tcore.hex 23 | cp tcore.hex /media/rchapman/HiFive 24 | 25 | clean: 26 | rm -f tcore.hex 27 | rm -f tcore.map 28 | rm -f d.ci 29 | rm -f devurandom.ci 30 | rm -f graph.vcg 31 | rm -f tweetnacl.ci 32 | rm -f undefined.ciu 33 | gprclean -Ptcore 34 | -------------------------------------------------------------------------------- /perf/aes128/makefile: -------------------------------------------------------------------------------- 1 | NAME:=aes128 2 | 3 | FGNAT:=-v -XSPARKNACL_RUNTIME_MODE=zfp -XSPARKNACL_RUNTIME_CHECKS=disabled 4 | FGNAT+= -XSPARKNACL_CONTRACTS=disabled -XSPARKNACL_BUILD_MODE=O2 5 | 6 | SRCS:=$(shell find src -type f -name ".ad[s|b]") 7 | CONF:=$(NAME).gpr $(NAME).ld 8 | 9 | all: $(NAME).hex $(NAME).asm 10 | 11 | obj/$(NAME): $(CONF) $(SRCS) 12 | gprbuild -j4 -P$(NAME) $(FGNAT) -XSPARKNACL_TARGET_ARCH=rv32imc_a4 13 | @grep "^.data" obj/$(NAME).map 14 | @grep "^.bss" obj/$(NAME).map 15 | @grep "__stack_start =" obj/$(NAME).map 16 | @grep "__stack_end =" obj/$(NAME).map 17 | @grep "__bss_start =" obj/$(NAME).map 18 | @grep "__bss_end =" obj/$(NAME).map 19 | 20 | $(NAME).hex: obj/$(NAME) 21 | riscv64-elf-objcopy -O ihex $^ $@ 22 | 23 | $(NAME).asm: obj/$(NAME) 24 | riscv64-elf-objdump -S $^ > $@ 25 | 26 | .PHONY: all clean 27 | clean: 28 | rm -f $(NAME).hex 29 | rm -f $(NAME).asm 30 | gprclean -P$(NAME) -r 31 | -------------------------------------------------------------------------------- /perf/aes256/makefile: -------------------------------------------------------------------------------- 1 | NAME:=aes256 2 | 3 | FGNAT:=-v -XSPARKNACL_RUNTIME_MODE=zfp -XSPARKNACL_RUNTIME_CHECKS=disabled 4 | FGNAT+= -XSPARKNACL_CONTRACTS=disabled -XSPARKNACL_BUILD_MODE=O2 5 | 6 | SRCS:=$(shell find src -type f -name ".ad[s|b]") 7 | CONF:=$(NAME).gpr $(NAME).ld 8 | 9 | all: $(NAME).hex $(NAME).asm 10 | 11 | obj/$(NAME): $(CONF) $(SRCS) 12 | gprbuild -j4 -P$(NAME) $(FGNAT) -XSPARKNACL_TARGET_ARCH=rv32imc_a4 13 | @grep "^.data" obj/$(NAME).map 14 | @grep "^.bss" obj/$(NAME).map 15 | @grep "__stack_start =" obj/$(NAME).map 16 | @grep "__stack_end =" obj/$(NAME).map 17 | @grep "__bss_start =" obj/$(NAME).map 18 | @grep "__bss_end =" obj/$(NAME).map 19 | 20 | $(NAME).hex: obj/$(NAME) 21 | riscv64-elf-objcopy -O ihex $^ $@ 22 | 23 | $(NAME).asm: obj/$(NAME) 24 | riscv64-elf-objdump -S $^ > $@ 25 | 26 | .PHONY: all clean 27 | clean: 28 | rm -f $(NAME).hex 29 | rm -f $(NAME).asm 30 | gprclean -P$(NAME) -r 31 | -------------------------------------------------------------------------------- /perf/rfsb509/makefile: -------------------------------------------------------------------------------- 1 | NAME:=rfsb509 2 | 3 | FGNAT:=-v -XSPARKNACL_RUNTIME_MODE=zfp -XSPARKNACL_RUNTIME_CHECKS=disabled 4 | FGNAT+= -XSPARKNACL_CONTRACTS=disabled -XSPARKNACL_BUILD_MODE=O2 5 | 6 | SRCS:=$(shell find src -type f -name ".ad[s|b]") 7 | CONF:=$(NAME).gpr $(NAME).ld 8 | 9 | all: $(NAME).hex $(NAME).asm 10 | 11 | obj/$(NAME): $(CONF) $(SRCS) 12 | gprbuild -j4 -P$(NAME) $(FGNAT) -XSPARKNACL_TARGET_ARCH=rv32imc_a4 13 | @grep "^.data" obj/$(NAME).map 14 | @grep "^.bss" obj/$(NAME).map 15 | @grep "__stack_start =" obj/$(NAME).map 16 | @grep "__stack_end =" obj/$(NAME).map 17 | @grep "__bss_start =" obj/$(NAME).map 18 | @grep "__bss_end =" obj/$(NAME).map 19 | 20 | $(NAME).hex: obj/$(NAME) 21 | riscv64-elf-objcopy -O ihex $^ $@ 22 | 23 | $(NAME).asm: obj/$(NAME) 24 | riscv64-elf-objdump -S $^ > $@ 25 | 26 | .PHONY: all clean 27 | clean: 28 | rm -f $(NAME).hex 29 | rm -f $(NAME).asm 30 | gprclean -P$(NAME) -r 31 | -------------------------------------------------------------------------------- /src/Makefile: -------------------------------------------------------------------------------- 1 | SPARK_Bodies := sparknacl.adb sparknacl-core.adb sparknacl-stream.adb sparknacl-hashing.adb sparknacl-scalar.adb sparknacl-mac.adb sparknacl-secretbox.adb sparknacl-cryptobox.adb sparknacl-sign.adb sparknacl-utils.adb sparknacl-car.adb 2 | 3 | Non_SPARK_Bodies := sparknacl-debug.adb sparknacl-pdebug.adb random.adb sparknacl-sanitize*.adb 4 | 5 | all: build 6 | 7 | build: $(SPARK_Bodies) $(Non_SPARK_Bodies) *.ads 8 | gprbuild -j0 9 | 10 | zfp: $(SPARK_Bodies) $(Non_SPARK_Bodies) *.ads 11 | gprbuild -j0 -Xbuild=zfp 12 | 13 | flow: $(SPARK_Bodies) 14 | gnatprove -Psparknacl --mode=flow --report=fail -u $(SPARK_Bodies) 15 | 16 | flowall: $(SPARK_Bodies) 17 | gnatprove -Psparknacl --mode=flow --report=all -u $(SPARK_Bodies) 18 | 19 | proof: $(SPARK_Bodies) 20 | gnatprove -Psparknacl --report=fail -u $(SPARK_Bodies) 21 | 22 | proofall: $(SPARK_Bodies) 23 | gnatprove -Psparknacl --report=all -u $(SPARK_Bodies) 24 | 25 | clean: 26 | gprclean -Psparknacl 27 | -------------------------------------------------------------------------------- /src/sparknacl_no_elab.adc: -------------------------------------------------------------------------------- 1 | -- Partition-wide restrictions 2 | pragma Restriction_Warnings (No_Tasking); 3 | pragma Restriction_Warnings (No_Allocators); 4 | pragma Restriction_Warnings (No_Anonymous_Allocators); 5 | pragma Restriction_Warnings (No_Delay); 6 | pragma Restriction_Warnings (No_Dispatching_Calls); 7 | pragma Restriction_Warnings (No_Enumeration_Maps); 8 | pragma Restriction_Warnings (No_Finalization); 9 | pragma Restriction_Warnings (No_Fixed_Point); 10 | pragma Restriction_Warnings (No_Floating_Point); 11 | pragma Restriction_Warnings (No_Implicit_Dynamic_Code); 12 | pragma Restriction_Warnings (No_Implicit_Heap_Allocations); 13 | pragma Restriction_Warnings (No_Implicit_Protected_Object_Allocations); 14 | pragma Restriction_Warnings (No_Implicit_Task_Allocations); 15 | pragma Restriction_Warnings (No_Recursion); 16 | pragma Restriction_Warnings (No_Relative_Delay); 17 | 18 | -- Compilation unit restrictions 19 | pragma Restriction_Warnings (No_Elaboration_Code); 20 | -------------------------------------------------------------------------------- /tests/src/ada/scalarmult6.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 3 | with SPARKNaCl.Scalar; use SPARKNaCl.Scalar; 4 | procedure Scalarmult6 5 | is 6 | BobSK : constant Bytes_32 := 7 | (16#5d#, 16#ab#, 16#08#, 16#7e#, 16#62#, 16#4a#, 16#8a#, 16#4b#, 8 | 16#79#, 16#e1#, 16#7f#, 16#8b#, 16#83#, 16#80#, 16#0e#, 16#e6#, 9 | 16#6f#, 16#3b#, 16#b1#, 16#29#, 16#26#, 16#18#, 16#b6#, 16#fd#, 10 | 16#1c#, 16#2f#, 16#8b#, 16#27#, 16#ff#, 16#88#, 16#e0#, 16#eb#); 11 | 12 | 13 | AlicePK : constant Bytes_32 := 14 | (16#85#, 16#20#, 16#f0#, 16#09#, 16#89#, 16#30#, 16#a7#, 16#54#, 15 | 16#74#, 16#8b#, 16#7d#, 16#dc#, 16#b4#, 16#3e#, 16#f7#, 16#5a#, 16 | 16#0d#, 16#bf#, 16#3a#, 16#0d#, 16#26#, 16#38#, 16#1a#, 16#f4#, 17 | 16#eb#, 16#a4#, 16#a9#, 16#8e#, 16#aa#, 16#9b#, 16#4e#, 16#6a#); 18 | 19 | K : Bytes_32; 20 | begin 21 | K := Mult (BobSK, AlicePK); 22 | DH ("K is", K); 23 | end Scalarmult6; 24 | -------------------------------------------------------------------------------- /tests/src/ada/scalarmult5.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 3 | with SPARKNaCl.Scalar; use SPARKNaCl.Scalar; 4 | procedure Scalarmult5 5 | is 6 | AliceSK : constant Bytes_32 := 7 | (16#77#, 16#07#, 16#6d#, 16#0a#, 16#73#, 16#18#, 16#a5#, 16#7d#, 8 | 16#3c#, 16#16#, 16#c1#, 16#72#, 16#51#, 16#b2#, 16#66#, 16#45#, 9 | 16#df#, 16#4c#, 16#2f#, 16#87#, 16#eb#, 16#c0#, 16#99#, 16#2a#, 10 | 16#b1#, 16#77#, 16#fb#, 16#a5#, 16#1d#, 16#b9#, 16#2c#, 16#2a#); 11 | 12 | 13 | BobPK : constant Bytes_32 := 14 | (16#de#, 16#9e#, 16#db#, 16#7d#, 16#7b#, 16#7d#, 16#c1#, 16#b4#, 15 | 16#d3#, 16#5b#, 16#61#, 16#c2#, 16#ec#, 16#e4#, 16#35#, 16#37#, 16 | 16#3f#, 16#83#, 16#43#, 16#c8#, 16#5b#, 16#78#, 16#67#, 16#4d#, 17 | 16#ad#, 16#fc#, 16#7e#, 16#14#, 16#6f#, 16#88#, 16#2b#, 16#4f#); 18 | 19 | K : Bytes_32; 20 | 21 | begin 22 | K := Mult (AliceSK, BobPK); 23 | DH ("K is", K); 24 | end Scalarmult5; 25 | -------------------------------------------------------------------------------- /perf/io.ads: -------------------------------------------------------------------------------- 1 | with HAL; use HAL; 2 | with SPARKNaCl; use SPARKNaCl; 3 | with Interfaces; use Interfaces; 4 | package IO is 5 | 6 | procedure Put (X : Integer); 7 | -- Output integer to specified file, or to current output file, same 8 | -- output as if Ada.Text_IO.Integer_IO had been instantiated for Integer. 9 | 10 | procedure Put (X : UInt64); 11 | 12 | procedure Put (C : Character); 13 | -- Output character to specified file, or to current output file 14 | 15 | procedure Put (S : String); 16 | -- Output string to specified file, or to current output file 17 | 18 | procedure Put_Line (S : String); 19 | -- Output string followed by new line to stdout 20 | 21 | procedure Put_Line (S : String; X : Unsigned_64); 22 | -- Output string followed by X, then new line to stdout 23 | 24 | procedure New_Line (Spacing : Positive := 1); 25 | -- Output new line character to specified file, or to current output file 26 | 27 | procedure Put (B : in Byte); 28 | 29 | procedure Put (S : in String; D : in Byte_Seq); 30 | 31 | end IO; 32 | -------------------------------------------------------------------------------- /tests/src/ada/stream3.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Core; use SPARKNaCl.Core; 3 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 4 | with SPARKNaCl.Stream; use SPARKNaCl.Stream; 5 | procedure Stream3 6 | is 7 | Firstkey : constant Salsa20_Key := 8 | Construct ((16#1b#, 16#27#, 16#55#, 16#64#, 9 | 16#73#, 16#e9#, 16#85#, 16#d4#, 10 | 16#62#, 16#cd#, 16#51#, 16#19#, 11 | 16#7a#, 16#9a#, 16#46#, 16#c7#, 12 | 16#60#, 16#09#, 16#54#, 16#9e#, 13 | 16#ac#, 16#64#, 16#74#, 16#f2#, 14 | 16#06#, 16#c4#, 16#ee#, 16#08#, 15 | 16#44#, 16#f6#, 16#83#, 16#89#)); 16 | 17 | Nonce : constant HSalsa20_Nonce := 18 | (16#69#, 16#69#, 16#6e#, 16#e9#, 16#55#, 16#b6#, 16#2b#, 16#73#, 19 | 16#cd#, 16#62#, 16#bd#, 16#a8#, 16#75#, 16#fc#, 16#73#, 16#d6#, 20 | 16#82#, 16#19#, 16#e0#, 16#03#, 16#6b#, 16#7a#, 16#0b#, 16#37#); 21 | 22 | RS : Bytes_32; 23 | begin 24 | HSalsa20 (RS, Nonce, Firstkey); 25 | DH ("RS is", RS); 26 | end Stream3; 27 | -------------------------------------------------------------------------------- /perf/aes128/src/io.ads: -------------------------------------------------------------------------------- 1 | with HAL; use HAL; 2 | with SPARKNaCl; use SPARKNaCl; 3 | with Interfaces; use Interfaces; 4 | package IO is 5 | 6 | procedure Put (X : Integer); 7 | -- Output integer to specified file, or to current output file, same 8 | -- output as if Ada.Text_IO.Integer_IO had been instantiated for Integer. 9 | 10 | procedure Put (X : UInt64); 11 | 12 | procedure Put (C : Character); 13 | -- Output character to specified file, or to current output file 14 | 15 | procedure Put (S : String); 16 | -- Output string to specified file, or to current output file 17 | 18 | procedure Put_Line (S : String); 19 | -- Output string followed by new line to stdout 20 | 21 | procedure Put_Line (S : String; X : Unsigned_64); 22 | -- Output string followed by X, then new line to stdout 23 | 24 | procedure New_Line (Spacing : Positive := 1); 25 | -- Output new line character to specified file, or to current output file 26 | 27 | procedure Put (B : in Byte); 28 | 29 | procedure Put (S : in String; D : in Byte_Seq); 30 | 31 | end IO; 32 | -------------------------------------------------------------------------------- /perf/aes256/src/io.ads: -------------------------------------------------------------------------------- 1 | with HAL; use HAL; 2 | with SPARKNaCl; use SPARKNaCl; 3 | with Interfaces; use Interfaces; 4 | package IO is 5 | 6 | procedure Put (X : Integer); 7 | -- Output integer to specified file, or to current output file, same 8 | -- output as if Ada.Text_IO.Integer_IO had been instantiated for Integer. 9 | 10 | procedure Put (X : UInt64); 11 | 12 | procedure Put (C : Character); 13 | -- Output character to specified file, or to current output file 14 | 15 | procedure Put (S : String); 16 | -- Output string to specified file, or to current output file 17 | 18 | procedure Put_Line (S : String); 19 | -- Output string followed by new line to stdout 20 | 21 | procedure Put_Line (S : String; X : Unsigned_64); 22 | -- Output string followed by X, then new line to stdout 23 | 24 | procedure New_Line (Spacing : Positive := 1); 25 | -- Output new line character to specified file, or to current output file 26 | 27 | procedure Put (B : in Byte); 28 | 29 | procedure Put (S : in String; D : in Byte_Seq); 30 | 31 | end IO; 32 | -------------------------------------------------------------------------------- /perf/rfsb509/src/io.ads: -------------------------------------------------------------------------------- 1 | with HAL; use HAL; 2 | with SPARKNaCl; use SPARKNaCl; 3 | with Interfaces; use Interfaces; 4 | package IO is 5 | 6 | procedure Put (X : Integer); 7 | -- Output integer to specified file, or to current output file, same 8 | -- output as if Ada.Text_IO.Integer_IO had been instantiated for Integer. 9 | 10 | procedure Put (X : UInt64); 11 | 12 | procedure Put (C : Character); 13 | -- Output character to specified file, or to current output file 14 | 15 | procedure Put (S : String); 16 | -- Output string to specified file, or to current output file 17 | 18 | procedure Put_Line (S : String); 19 | -- Output string followed by new line to stdout 20 | 21 | procedure Put_Line (S : String; X : Unsigned_64); 22 | -- Output string followed by X, then new line to stdout 23 | 24 | procedure New_Line (Spacing : Positive := 1); 25 | -- Output new line character to specified file, or to current output file 26 | 27 | procedure Put (B : in Byte); 28 | 29 | procedure Put (S : in String; D : in Byte_Seq); 30 | 31 | end IO; 32 | -------------------------------------------------------------------------------- /tests/src/ada/stream2.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Core; use SPARKNaCl.Core; 3 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 4 | with SPARKNaCl.Stream; use SPARKNaCl.Stream; 5 | with SPARKNaCl.Hashing.SHA512; use SPARKNaCl.Hashing.SHA512; 6 | procedure Stream2 7 | is 8 | SecondKey : constant Salsa20_Key := 9 | Construct ((16#dc#, 16#90#, 16#8d#, 16#da#, 10 | 16#0b#, 16#93#, 16#44#, 16#a9#, 11 | 16#53#, 16#62#, 16#9b#, 16#73#, 12 | 16#38#, 16#20#, 16#77#, 16#88#, 13 | 16#80#, 16#f3#, 16#ce#, 16#b4#, 14 | 16#21#, 16#bb#, 16#61#, 16#b9#, 15 | 16#1c#, 16#bd#, 16#4c#, 16#3e#, 16 | 16#66#, 16#25#, 16#6c#, 16#e4#)); 17 | 18 | NonceSuffix : constant Salsa20_Nonce := 19 | (16#82#, 16#19#, 16#e0#, 16#03#, 16#6b#, 16#7a#, 16#0b#, 16#37#); 20 | 21 | Output : Byte_Seq (0 .. 4_194_303); 22 | H : Bytes_64; 23 | begin 24 | Salsa20 (Output, NonceSuffix, SecondKey); 25 | Hash (H, Output); 26 | DH ("H is", H); 27 | end Stream2; 28 | -------------------------------------------------------------------------------- /alire.toml: -------------------------------------------------------------------------------- 1 | name = "sparknacl" 2 | description = "Verified SPARK 2014 re-implementation of TweetNaCl cryptographic library" 3 | long-description = "SPARK 2014 re-implementation of TweetNaCl cryptographic library, with fully automated proofs of type safety and some correctness properties" 4 | version = "4.0.0" 5 | tags = ["spark", "cryptography", "security", "nacl", "curve25519", "ed25519", "tweetnacl"] 6 | licenses = "BSD-3-Clause" 7 | website = "https://github.com/rod-chapman/SPARKNaCl" 8 | 9 | authors = ["Rod Chapman"] 10 | maintainers = ["Rod Chapman "] 11 | maintainers-logins = ["rod-chapman"] 12 | 13 | [[depends-on]] 14 | gnat=">=14.2.1" 15 | 16 | [gpr-externals] 17 | SPARKNACL_LIBRARY_TYPE = ["relocatable", "static", "static-pic"] 18 | SPARKNACL_COMPILE_CHECKS = ["enabled", "disabled"] 19 | SPARKNACL_RUNTIME_CHECKS = ["enabled", "disabled"] 20 | SPARKNACL_STYLE_CHECKS = ["enabled", "disabled"] 21 | SPARKNACL_CONTRACTS = ["enabled", "disabled"] 22 | SPARKNACL_RUNTIME_MODE = ["full", "zfp"] 23 | SPARKNACL_BUILD_MODE = ["debug", "O1", "O2", "O3", "Os"] 24 | SPARKNACL_TARGET_ARCH = ["unspecified", "rv32im", "rv32imc", "rv32imc_a4"] 25 | 26 | [[depends-on]] 27 | gnatprove = "^14.1.1" 28 | -------------------------------------------------------------------------------- /src/sparknacl-hashing-rfsb509.ads: -------------------------------------------------------------------------------- 1 | with SPARKNaCl.AES; use SPARKNaCl.AES; 2 | package SPARKNaCl.Hashing.RFSB509 3 | with Pure, 4 | SPARK_Mode => On 5 | is 6 | subtype Digest is Bytes_32; 7 | 8 | -- This package implements the keyed variant of the RFSB509 hash function. 9 | -- Thus, both of the following subprograms take the "Key" parameter. In 10 | -- order to have the subprograms behave like the reference implementation 11 | -- use an all 0 key i.e (others => 0). 12 | 13 | -------------------------------------------------------- 14 | -- Procedural interface. Faster assuming Output is 15 | -- passed by reference 16 | -------------------------------------------------------- 17 | 18 | procedure Hash (Output : out Digest; 19 | Input : in Byte_Seq; 20 | Key : in AES128_Key) 21 | with Global => null; 22 | 23 | -------------------------------------------------------- 24 | -- Functional interfaces 25 | -------------------------------------------------------- 26 | 27 | function Hash (Input : in Byte_Seq; 28 | Key : in AES128_Key) return Digest 29 | with Global => null; 30 | 31 | end SPARKNaCl.Hashing.RFSB509; 32 | -------------------------------------------------------------------------------- /src/sparknacl-hashing-sha2_common.ads: -------------------------------------------------------------------------------- 1 | package SPARKNaCl.Hashing.SHA2_Common 2 | with Pure, 3 | SPARK_Mode => On 4 | is 5 | 6 | -------------------------------------------------------- 7 | -- Equivalent to TS64 in TweetNaCl 8 | -------------------------------------------------------- 9 | 10 | function Big_Endian_Unpack (Input : in U64) return Bytes_8 11 | with Global => null, 12 | Post => (for all I in Index_8 => Big_Endian_Unpack'Result (I) = 13 | Big_Endian_Get_Byte (Input, I)); 14 | 15 | function Big_Endian_Get_Byte (Input : in U64; 16 | Index : in Index_8) return Byte 17 | with Ghost, 18 | Global => null, 19 | Post => Big_Endian_Get_Byte'Result = Byte ( 20 | Shift_Right (Input, Integer (Index_8'Last - Index) * 8) mod 256); 21 | 22 | -------------------------------------------------------- 23 | -- Used for both SHA-512 and SHA-384 24 | -------------------------------------------------------- 25 | 26 | procedure Hash_512_Core (Output : out Bytes_64; 27 | IV : in Bytes_64; 28 | M : in Byte_Seq); 29 | end SPARKNaCl.Hashing.SHA2_Common; 30 | -------------------------------------------------------------------------------- /tests/src/ada/stream.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Core; use SPARKNaCl.Core; 3 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 4 | with SPARKNaCl.Stream; use SPARKNaCl.Stream; 5 | with SPARKNaCl.Hashing.SHA512; use SPARKNaCl.Hashing.SHA512; 6 | procedure Stream 7 | is 8 | Firstkey : constant Salsa20_Key := 9 | Construct ((16#1b#, 16#27#, 16#55#, 16#64#, 10 | 16#73#, 16#e9#, 16#85#, 16#d4#, 11 | 16#62#, 16#cd#, 16#51#, 16#19#, 12 | 16#7a#, 16#9a#, 16#46#, 16#c7#, 13 | 16#60#, 16#09#, 16#54#, 16#9e#, 14 | 16#ac#, 16#64#, 16#74#, 16#f2#, 15 | 16#06#, 16#c4#, 16#ee#, 16#08#, 16 | 16#44#, 16#f6#, 16#83#, 16#89#)); 17 | 18 | Nonce : constant HSalsa20_Nonce := 19 | (16#69#, 16#69#, 16#6e#, 16#e9#, 16#55#, 16#b6#, 16#2b#, 16#73#, 20 | 16#cd#, 16#62#, 16#bd#, 16#a8#, 16#75#, 16#fc#, 16#73#, 16#d6#, 21 | 16#82#, 16#19#, 16#e0#, 16#03#, 16#6b#, 16#7a#, 16#0b#, 16#37#); 22 | 23 | Output : Byte_Seq (0 .. 4_194_303); 24 | H : Bytes_64; 25 | begin 26 | HSalsa20 (Output, Nonce, Firstkey); 27 | Hash (H, Output); 28 | DH ("H is", H); 29 | end Stream; 30 | -------------------------------------------------------------------------------- /tests/src/c/supercop-20230530_rfsb509_hash.c: -------------------------------------------------------------------------------- 1 | #include "supercop-20230530_rfsb509_hash.h" 2 | 3 | #include "supercop-20230530_rfsb509_compress.h" 4 | #include "supercop-20230530_sha256_blocks.h" 5 | 6 | static const char sha256_iv[32] = { 7 | 0x6a,0x09,0xe6,0x67, 8 | 0xbb,0x67,0xae,0x85, 9 | 0x3c,0x6e,0xf3,0x72, 10 | 0xa5,0x4f,0xf5,0x3a, 11 | 0x51,0x0e,0x52,0x7f, 12 | 0x9b,0x05,0x68,0x8c, 13 | 0x1f,0x83,0xd9,0xab, 14 | 0x5b,0xe0,0xcd,0x19, 15 | } ; 16 | 17 | int rfsb509_crypto_hash( 18 | unsigned char *out, 19 | const unsigned char *in, 20 | unsigned long long inlen 21 | ) 22 | { 23 | int i; 24 | unsigned char t[128] = {0}; 25 | unsigned char pad[96]; 26 | int padlen; 27 | int remaining = rfsb509_crypto_hashblocks(t,in,inlen); 28 | 29 | if(remaining <= 40) 30 | padlen = 48; 31 | else 32 | padlen = 96; 33 | 34 | for(i=0;i> 8*(i-padlen+8)) & 0xff; 40 | 41 | rfsb509_crypto_hashblocks(t,pad,padlen); 42 | 43 | for (i = 0;i < 32;++i) out[i] = sha256_iv[i]; 44 | t[64] = 0x80; 45 | t[64+62] = 2; 46 | sha256_crypto_hashblocks(out,t,128); 47 | return 0; 48 | } 49 | -------------------------------------------------------------------------------- /src/sparknacl-pdebug.adb: -------------------------------------------------------------------------------- 1 | with Ada.Text_IO; use Ada.Text_IO; 2 | package body SPARKNaCl.PDebug 3 | is 4 | On : constant Boolean := True; 5 | 6 | package I64IO is new Ada.Text_IO.Integer_IO (Integer_64); 7 | 8 | procedure DH16 (S : in String; D : in Normal_GF) 9 | is 10 | begin 11 | if On then 12 | Put_Line (S); 13 | for I in D'Range loop 14 | I64IO.Put (I64 (D (I)), Width => 0); 15 | Put (' '); 16 | I64IO.Put (I64 (D (I)), Width => 0, Base => 16); 17 | New_Line; 18 | end loop; 19 | end if; 20 | end DH16; 21 | 22 | procedure DH32 (S : in String; D : in GF32) 23 | is 24 | begin 25 | if On then 26 | Put_Line (S); 27 | for I in D'Range loop 28 | I64IO.Put (I64 (D (I)), Width => 0); 29 | Put (' '); 30 | I64IO.Put (I64 (D (I)), Width => 0, Base => 16); 31 | New_Line; 32 | end loop; 33 | end if; 34 | end DH32; 35 | 36 | procedure DH64 (S : in String; D : in GF64) 37 | is 38 | begin 39 | if On then 40 | Put_Line (S); 41 | for I in D'Range loop 42 | I64IO.Put (D (I), Width => 0); 43 | Put (' '); 44 | I64IO.Put (D (I), Width => 0, Base => 16); 45 | New_Line; 46 | end loop; 47 | end if; 48 | end DH64; 49 | 50 | 51 | end SPARKNaCl.PDebug; 52 | -------------------------------------------------------------------------------- /tests/src/ada/ecdh.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 3 | with SPARKNaCl.Scalar; use SPARKNaCl.Scalar; 4 | 5 | with Ada.Text_IO; use Ada.Text_IO; 6 | 7 | with Interfaces; 8 | use type Interfaces.Unsigned_8; 9 | 10 | procedure ECDH 11 | is 12 | AliceSK : Bytes_32 := 13 | (16#77#, 16#07#, 16#6d#, 16#0a#, 16#73#, 16#18#, 16#a5#, 16#7d#, 14 | 16#3c#, 16#16#, 16#c1#, 16#72#, 16#51#, 16#b2#, 16#66#, 16#45#, 15 | 16#df#, 16#4c#, 16#2f#, 16#87#, 16#eb#, 16#c0#, 16#99#, 16#2a#, 16 | 16#b1#, 16#77#, 16#fb#, 16#a5#, 16#1d#, 16#b9#, 16#2c#, 16#2a#); 17 | AlicePK : Bytes_32; 18 | 19 | BobSK : Bytes_32 := 20 | (16#b1#, 16#77#, 16#fb#, 16#a5#, 16#1d#, 16#b9#, 16#2c#, 16#2a#, 21 | 16#df#, 16#4c#, 16#2f#, 16#87#, 16#eb#, 16#c0#, 16#99#, 16#2a#, 22 | 16#3c#, 16#16#, 16#c1#, 16#72#, 16#51#, 16#b2#, 16#66#, 16#45#, 23 | 16#77#, 16#07#, 16#6d#, 16#0a#, 16#73#, 16#18#, 16#a5#, 16#7d#); 24 | BobPK : Bytes_32; 25 | 26 | S1, S2 : Bytes_32; 27 | 28 | begin 29 | AlicePK := Mult_Base (AliceSK); 30 | BobPK := Mult_Base (BobSK); 31 | 32 | DH ("AlicePK is", AlicePK); 33 | DH ("BobPK is", BobPK); 34 | 35 | S1 := Mult (AliceSK, BobPK); 36 | DH ("S1 is", S1); 37 | 38 | S2 := Mult (BobSK, AlicePK); 39 | DH ("S2 is", S2); 40 | 41 | if S1 = S2 then 42 | Put_Line ("Pass"); 43 | else 44 | Put_Line ("Fail"); 45 | end if; 46 | end ECDH; 47 | -------------------------------------------------------------------------------- /tests/src/ada/sign.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 3 | with SPARKNaCl.Sign; use SPARKNaCl.Sign; 4 | with Ada.Text_IO; use Ada.Text_IO; 5 | with Interfaces; use Interfaces; 6 | with Random; 7 | procedure Sign 8 | is 9 | Raw_SK : Bytes_32; 10 | PK : Signing_PK; 11 | SK : Signing_SK; 12 | 13 | M : constant Byte_Seq (0 .. 255) := (0 => 16#55#, others => 16#aa#); 14 | 15 | SM : Byte_Seq (0 .. 319) := (others => 0); 16 | M2 : Byte_Seq (0 .. 319) := (others => 0); 17 | M3 : Byte_Seq (0 .. 255); 18 | 19 | ML : I32; 20 | S : Boolean; 21 | -- I : I64 := 1; 22 | begin 23 | -- loop 24 | -- Put_Line ("Iteration " & I'Img); 25 | Random.Random_Bytes (Raw_SK); 26 | Keypair (Raw_SK, PK, SK); 27 | 28 | begin 29 | Sign (SM, M, SK); 30 | exception 31 | when Constraint_Error => 32 | Debug.DH ("In Sign, SK was ", Serialize (SK)); 33 | raise; 34 | end; 35 | 36 | begin 37 | Open (M2, S, ML, SM, PK); 38 | exception 39 | when Constraint_Error => 40 | Debug.DH ("In Open, PK was ", Serialize (PK)); 41 | Debug.DH ("In Open, SM was ", SM); 42 | raise; 43 | end; 44 | 45 | M3 := M2 (0 .. 255); 46 | 47 | -- I := I + 1; 48 | DH ("M3 is ", M3); 49 | Put_Line ("Status is " & Img (S)); 50 | Put_Line ("ML is " & ML'Img); 51 | -- end loop; 52 | end Sign; 53 | -------------------------------------------------------------------------------- /tests/src/ada/secretbox7.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Core; 3 | with SPARKNaCl.Secretbox; use SPARKNaCl.Secretbox; 4 | with SPARKNaCl.Stream; 5 | with Random; 6 | with Ada.Text_IO; use Ada.Text_IO; 7 | with Interfaces; use Interfaces; 8 | procedure Secretbox7 9 | is 10 | RK : Bytes_32; 11 | K : Core.Salsa20_Key; 12 | N : Stream.HSalsa20_Nonce; 13 | S, S2 : Boolean; 14 | begin 15 | for MLen in N32 range 0 .. 999 loop 16 | Random.Random_Bytes (RK); 17 | Core.Construct (K, RK); 18 | Random.Random_Bytes (Bytes_24 (N)); 19 | Put ("Secretbox7 - iteration" & MLen'Img); 20 | 21 | declare 22 | subtype Text is 23 | Byte_Seq (0 .. Secretbox_Zero_Bytes + MLen - 1); 24 | M, C, M2 : Text := (others => 0); 25 | begin 26 | Random.Random_Bytes (M (Secretbox_Zero_Bytes .. M'Last)); 27 | Create (C, S, M, N, K); 28 | if S then 29 | Open (M2, S2, C, N, K); 30 | if S2 then 31 | if not Equal (M, M2) then 32 | Put_Line ("bad decryption"); 33 | exit; 34 | else 35 | Put_Line (" OK"); 36 | end if; 37 | else 38 | Put_Line ("ciphertext fails verification"); 39 | exit; 40 | end if; 41 | else 42 | Put_Line ("bad encryption"); 43 | exit; 44 | end if; 45 | end; 46 | end loop; 47 | end Secretbox7; 48 | -------------------------------------------------------------------------------- /tests/src/ada/stream6.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Core; use SPARKNaCl.Core; 3 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 4 | with SPARKNaCl.Stream; use SPARKNaCl.Stream; 5 | procedure Stream6 6 | is 7 | -- Example and Test Vector from RFC 8439 A.1 Test Vector #1 8 | 9 | Firstkey : constant ChaCha20_Key := 10 | Construct (Bytes_32'(others => 0)); 11 | 12 | Secondkey : constant ChaCha20_Key := 13 | Construct (Bytes_32'(31 => 1, others => 0)); 14 | 15 | Thirdkey : constant ChaCha20_Key := 16 | Construct (Bytes_32'(1 => 16#FF#, others => 0)); 17 | 18 | Nonce : constant ChaCha20_IETF_Nonce := 19 | (others => 0); 20 | 21 | Nonce2 : constant ChaCha20_IETF_Nonce := 22 | (11 => 2, others => 0); 23 | 24 | C : Byte_Seq (0 .. 63); 25 | begin 26 | -- Test Vector #1 27 | ChaCha20_IETF (C, Nonce, Firstkey, 0); 28 | DH ("Test Vector #1 Keystream. See RFC 8539 section A.1", C); 29 | 30 | -- Test Vector #2 31 | ChaCha20_IETF (C, Nonce, Firstkey, 1); 32 | DH ("Test Vector #2 Keystream. See RFC 8539 section A.1", C); 33 | 34 | -- Test Vector #3 35 | ChaCha20_IETF (C, Nonce, Secondkey, 1); 36 | DH ("Test Vector #3 Keystream. See RFC 8539 section A.1", C); 37 | 38 | -- Test Vector #4 39 | ChaCha20_IETF (C, Nonce, Thirdkey, 2); 40 | DH ("Test Vector #4 Keystream. See RFC 8539 section A.1", C); 41 | 42 | -- Test Vector #5 43 | ChaCha20_IETF (C, Nonce2, Firstkey, 0); 44 | DH ("Test Vector #5 Keystream. See RFC 8539 section A.1", C); 45 | 46 | end Stream6; 47 | -------------------------------------------------------------------------------- /perf/tsize.mk: -------------------------------------------------------------------------------- 1 | all: sizes.txt 2 | 3 | SIZE_OBJS := ../obj/sparknacl.o ../obj/sparknacl-car.o ../obj/sparknacl-core.o ../obj/sparknacl-cryptobox.o ../obj/sparknacl-hashing.o ../obj/sparknacl-mac.o ../obj/sparknacl-scalar.o ../obj/sparknacl-secretbox.o ../obj/sparknacl-sign.o ../obj/sparknacl-sign-utils.o ../obj/sparknacl-stream.o ../obj/sparknacl-utils.o 4 | 5 | sizes.txt: tsize.adb io.adb io.ads tweetnacl_api.ads tweetnacl.c 6 | gprbuild -Ptsize -v -XSPARKNACL_RUNTIME_MODE=zfp -XSPARKNACL_RUNTIME_CHECKS=disabled -XSPARKNACL_CONTRACTS=disabled -XSPARKNACL_TARGET_ARCH=rv32im -XSPARKNACL_BUILD_MODE=O2 7 | @mv main.map tsize.map 8 | riscv32-elf-objdump -S tsize >tsize.asm 9 | riscv32-elf-strip $(SIZE_OBJS) 10 | riscv32-elf-strip tweetnacl.o 11 | @echo "Results for SPARKNaCl" 12 | @echo "Results for SPARKNaCl" >sizes.txt 13 | riscv32-elf-size -t $(SIZE_OBJS) 14 | @riscv32-elf-size -t $(SIZE_OBJS) >>sizes.txt 15 | @echo "Results for TweetNaCl" 16 | @echo "Results for TweetNaCl" >>sizes.txt 17 | riscv32-elf-size -t tweetnacl.o 18 | @riscv32-elf-size -t tweetnacl.o >>sizes.txt 19 | riscv32-elf-objdump -h $(SIZE_OBJS) | fgrep ".text." >st.txt 20 | riscv32-elf-objdump -h $(SIZE_OBJS) | fgrep ".rodata." >sd.txt 21 | riscv32-elf-objdump -h tweetnacl.o | fgrep ".text." >tt.txt 22 | riscv32-elf-objdump -h tweetnacl.o | fgrep ".rodata." >td.txt 23 | 24 | clean: 25 | rm -f sizes.txt 26 | rm -f st.txt 27 | rm -f sd.txt 28 | rm -f tt.txt 29 | rm -f td.txt 30 | rm -f tsize.map 31 | rm -f d.ci 32 | rm -f devurandom.ci 33 | rm -f graph.vcg 34 | rm -f tweetnacl.ci 35 | rm -f undefined.ciu 36 | gprclean -Ptsize -r 37 | -------------------------------------------------------------------------------- /perf/tsign.mk: -------------------------------------------------------------------------------- 1 | all: tsign.hex tsign.asm 2 | 3 | SIZE_OBJS := ../obj/sparknacl.o ../obj/sparknacl-car.o ../obj/sparknacl-core.o ../obj/sparknacl-cryptobox.o ../obj/sparknacl-hashing.o ../obj/sparknacl-mac.o ../obj/sparknacl-scalar.o ../obj/sparknacl-secretbox.o ../obj/sparknacl-sign.o ../obj/sparknacl-sign-utils.o ../obj/sparknacl-stream.o ../obj/sparknacl-utils.o 4 | 5 | tsign: tsign.adb io.adb io.ads tweetnacl_api.ads tweetnacl.c 6 | gprbuild -Ptsign -v -XSPARKNACL_RUNTIME_MODE=zfp -XSPARKNACL_RUNTIME_CHECKS=disabled -XSPARKNACL_CONTRACTS=disabled -XSPARKNACL_TARGET_ARCH=rv32imc_a4 -XSPARKNACL_BUILD_MODE=debug 7 | @mv main.map tsign.map 8 | @grep "^.data" tsign.map 9 | @grep "^.bss" tsign.map 10 | @grep "__stack_start =" tsign.map 11 | @grep "__stack_end =" tsign.map 12 | @grep "__bss_start =" tsign.map 13 | @grep "__bss_end =" tsign.map 14 | 15 | tsign.hex: tsign 16 | riscv64-elf-objcopy -O ihex tsign tsign.hex 17 | 18 | tsign.asm: tsign 19 | riscv64-elf-objdump -S tsign >tsign.asm 20 | 21 | stack: tsign 22 | gnatstack -Ptsign -p -v -XSPARKNACL_RUNTIME_MODE=zfp -XSPARKNACL_RUNTIME_CHECKS=disabled -XSPARKNACL_CONTRACTS=disabled -XSPARKNACL_TARGET_ARCH=rv32im -XSPARKNACL_BUILD_MODE=debug -esparknacl.sign.sign 23 | 24 | size: tsign 25 | riscv64-elf-strip $(SIZE_OBJS) 26 | riscv64-elf-size -t $(SIZE_OBJS) 27 | 28 | run: tsign.hex 29 | -cp tsign.hex /media/psf/HiFive 30 | -cp tsign.hex /media/rchapman/HiFive 31 | 32 | clean: 33 | rm -f tsign.hex 34 | rm -f tsign.map 35 | rm -f d.ci 36 | rm -f devurandom.ci 37 | rm -f graph.vcg 38 | rm -f tweetnacl.ci 39 | rm -f undefined.ciu 40 | gprclean -Ptsign -r 41 | -------------------------------------------------------------------------------- /tests/src/ada/box7.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Cryptobox; use SPARKNaCl.Cryptobox; 3 | with SPARKNaCl.Stream; 4 | with Ada.Text_IO; use Ada.Text_IO; 5 | with Interfaces; use Interfaces; 6 | with Random; 7 | procedure Box7 8 | is 9 | Raw_SK : Bytes_32; 10 | AliceSK, BobSK : Secret_Key; 11 | AlicePK, BobPK : Public_Key; 12 | N : Stream.HSalsa20_Nonce; 13 | S, S2 : Boolean; 14 | begin 15 | -- for MLen in N32 range 0 .. 999 loop 16 | for MLen in N32 range 0 .. 99 loop 17 | Random.Random_Bytes (Raw_SK); 18 | Keypair (Raw_SK, AlicePK, AliceSK); 19 | Random.Random_Bytes (Raw_SK); 20 | Keypair (Raw_SK, BobPK, BobSK); 21 | Random.Random_Bytes (Bytes_24 (N)); 22 | Put ("Box7 - iteration" & MLen'Img); 23 | declare 24 | subtype Text is 25 | Byte_Seq (0 .. Plaintext_Zero_Bytes + MLen - 1); 26 | M, C, M2 : Text := (others => 0); 27 | begin 28 | Random.Random_Bytes (M (Plaintext_Zero_Bytes .. M'Last)); 29 | Create (C, S, M, N, BobPK, AliceSK); 30 | if S then 31 | Open (M2, S2, C, N, AlicePK, BobSK); 32 | if S2 then 33 | if not Equal (M, M2) then 34 | Put_Line ("bad decryption"); 35 | exit; 36 | else 37 | Put_Line (" OK"); 38 | end if; 39 | else 40 | Put_Line ("ciphertext fails verification"); 41 | end if; 42 | else 43 | Put_Line ("bad encryption"); 44 | end if; 45 | end; 46 | end loop; 47 | 48 | 49 | end Box7; 50 | -------------------------------------------------------------------------------- /tests/src/ada/hash.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 3 | with SPARKNaCl.Hashing.SHA512; use SPARKNaCl.Hashing.SHA512; 4 | with Interfaces; use Interfaces; 5 | procedure Hash 6 | is 7 | R1 : Digest; 8 | 9 | -- Case 1: same as NaCl standard test suite 10 | M3 : constant String (1 .. 8) := "testing" & ASCII.LF; 11 | 12 | -- Case 2: two blocks, with final block >= 112 bytes to cover 13 | -- final block padding 14 | M5 : constant Byte_Seq (0 .. 240) := (16#AA#, others => 0); 15 | 16 | 17 | -- FIPS 180-2 Appendix C. SHA-512 test cases 18 | 19 | -- C.1 One-block message 20 | C1 : constant String := "abc"; 21 | 22 | -- C.2 Multi-block message 23 | C2 : constant String := "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; 24 | 25 | -- C.3 Long message 26 | C3 : constant String (1 .. 1_000_000) := (others => 'a'); 27 | begin 28 | Hash (R1, To_Byte_Seq (M3)); 29 | DH ("Case 1 - Hash is", R1); 30 | 31 | -- Functional style interface 32 | R1 := Hash (M5); 33 | DH ("Case 2 - Hash is", R1); 34 | 35 | -- 180-2 C.1 36 | Hash (R1, To_Byte_Seq (C1)); 37 | DH ("FIPS 180-2 C.1 procedural API - Hash is", R1); 38 | 39 | R1 := Hash (To_Byte_Seq (C1)); 40 | DH ("FIPS 180-2 C.1 functional API - Hash is", R1); 41 | 42 | -- 180-2 C.2 43 | R1 := Hash (To_Byte_Seq (C2)); 44 | DH ("FIPS 180-2 C.2 functional API - Hash is", R1); 45 | 46 | -- 180-2 C.3 47 | R1 := Hash (To_Byte_Seq (C3)); 48 | DH ("FIPS 180-2 C.3 functional API - Hash is", R1); 49 | end Hash; 50 | -------------------------------------------------------------------------------- /tests/src/ada/core1.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Core; use SPARKNaCl.Core; 3 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 4 | with Random; 5 | 6 | with Ada.Text_IO; use Ada.Text_IO; 7 | procedure Core1 8 | is 9 | Shared : constant Salsa20_Key := 10 | Construct ((16#4a#, 16#5d#, 16#9d#, 16#5b#, 11 | 16#a4#, 16#ce#, 16#2d#, 16#e1#, 12 | 16#72#, 16#8e#, 16#3b#, 16#f4#, 13 | 16#80#, 16#35#, 16#0f#, 16#25#, 14 | 16#e0#, 16#7e#, 16#21#, 16#c9#, 15 | 16#47#, 16#d1#, 16#9e#, 16#33#, 16 | 16#76#, 16#f0#, 16#9b#, 16#3c#, 17 | 16#1e#, 16#16#, 16#17#, 16#42#)); 18 | 19 | Zero : constant Bytes_16 := (others => 0); 20 | 21 | C : constant Bytes_16 := 22 | (16#65#, 16#78#, 16#70#, 16#61#, 16#6e#, 16#64#, 16#20#, 16#33#, 23 | 16#32#, 16#2d#, 16#62#, 16#79#, 16#74#, 16#65#, 16#20#, 16#6b#); 24 | 25 | FirstKey : Bytes_32; 26 | 27 | RawKey1 : Bytes_32; 28 | RawKey2 : Bytes_32; 29 | begin 30 | HSalsa20 (FirstKey, Zero, Shared, C); 31 | DH ("FirstKey is", FirstKey); 32 | 33 | Random.Random_Bytes (RawKey1); 34 | Random.Random_Bytes (RawKey2); 35 | declare 36 | K1 : Salsa20_Key := Construct (RawKey1); 37 | K2 : Salsa20_Key := Construct (RawKey2); 38 | begin 39 | if Equal (Serialize (K1), Serialize (K2)) then 40 | Put_Line ("K1 equals K2 - Test Failed."); 41 | else 42 | Put_Line ("K1 /= K2 - OK."); 43 | end if; 44 | Sanitize (K1); 45 | Sanitize (K2); 46 | pragma Unreferenced (K1); 47 | pragma Unreferenced (K2); 48 | end; 49 | end Core1; 50 | -------------------------------------------------------------------------------- /LICENCE.md: -------------------------------------------------------------------------------- 1 | BSD 3-Clause "New" or "Revised" BSD license 2 | ------------------------------------------- 3 | 4 | Copyright (c) 2021 Protean Code Limited. All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | 1. Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 2. Redistributions in binary form must reproduce the above copyright notice, 12 | this list of conditions and the following disclaimer in the documentation 13 | and/or other materials provided with the distribution. 14 | 3. Neither the name of the copyright holder nor the names of its contributors 15 | may be used to endorse or promote products derived from this software 16 | without specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 25 | ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | -------------------------------------------------------------------------------- /tests/testall.gpr: -------------------------------------------------------------------------------- 1 | with "../sparknacl.gpr"; 2 | project Testall is 3 | 4 | for Languages use ("Ada", "C"); 5 | for Create_Missing_Dirs use "True"; 6 | for Object_Dir use "obj"; 7 | for Source_Dirs use ("src/ada", "src/c"); 8 | for Main use ("testall.adb"); 9 | 10 | type Host_OS_Kind is ("Darwin", "Linux", "Windows", "generic"); 11 | Host_OS : Host_OS_Kind := external("SPARKNACL_HOSTOS", "generic"); 12 | 13 | type Build_Kind is ("debug", "O3"); 14 | Build_Mode : Build_Kind := External ("SPARKNACL_BUILD_MODE", "debug"); 15 | 16 | Opt_Switch := (); 17 | case Build_Mode is 18 | when "debug" => 19 | Opt_Switch := ("-g", 20 | "-O0"); 21 | when "O3" => 22 | Opt_Switch := ("-O3"); 23 | end case; 24 | 25 | package Compiler is 26 | for Default_Switches ("C") use 27 | Compiler'Default_Switches ("C") & 28 | Opt_Switch & 29 | ("-ffunction-sections", -- Create a linker section for each function 30 | "-fdata-sections"); -- Create a linker section for each data 31 | 32 | for Default_Switches ("Ada") use 33 | Compiler'Default_Switches ("Ada") & 34 | Opt_Switch & 35 | ("-ffunction-sections", -- Create a linker section for each function 36 | "-fdata-sections"); -- Create a linker section for each data 37 | end Compiler; 38 | 39 | package Linker is 40 | case Host_OS is 41 | when "Darwin" => 42 | -- Deal with unusual linker on macOS/Darwin 43 | for Default_Switches ("Ada") use ("-Wl,-ld_classic"); 44 | when others => 45 | null; 46 | end case; 47 | end Linker; 48 | 49 | 50 | end Testall; 51 | -------------------------------------------------------------------------------- /tests/src/ada/core3.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Core; use SPARKNaCl.Core; 3 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 4 | with SPARKNaCl.Hashing.SHA512; use SPARKNaCl.Hashing.SHA512; 5 | with Interfaces; use Interfaces; 6 | procedure Core3 7 | is 8 | Second_Key : constant Salsa20_Key := 9 | Construct ((16#dc#, 16#90#, 16#8d#, 16#da#, 10 | 16#0b#, 16#93#, 16#44#, 16#a9#, 11 | 16#53#, 16#62#, 16#9b#, 16#73#, 12 | 16#38#, 16#20#, 16#77#, 16#88#, 13 | 16#80#, 16#f3#, 16#ce#, 16#b4#, 14 | 16#21#, 16#bb#, 16#61#, 16#b9#, 15 | 16#1c#, 16#bd#, 16#4c#, 16#3e#, 16 | 16#66#, 16#25#, 16#6c#, 16#e4#)); 17 | 18 | Nonce_Suffix : constant Bytes_8 := 19 | (16#82#, 16#19#, 16#e0#, 16#03#, 16#6b#, 16#7a#, 16#0b#, 16#37#); 20 | 21 | C : constant Bytes_16 := 22 | (16#65#, 16#78#, 16#70#, 16#61#, 16#6e#, 16#64#, 16#20#, 16#33#, 23 | 16#32#, 16#2d#, 16#62#, 16#79#, 16#74#, 16#65#, 16#20#, 16#6b#); 24 | 25 | Input : Bytes_16 := (others => 0); 26 | 27 | Output : Byte_Seq (0 .. (2 ** 22 - 1)); 28 | H : Bytes_64; 29 | Pos : I32; 30 | begin 31 | Input (0 .. 7) := Nonce_Suffix; 32 | 33 | Pos := 0; 34 | loop 35 | loop 36 | Salsa20 (Output (Pos .. Pos + 63), 37 | Input, 38 | Second_Key, 39 | C); 40 | Pos := Pos + 64; 41 | Input (8) := Input (8) + 1; 42 | exit when Input (8) = 0; 43 | end loop; 44 | Input (9) := Input (9) + 1; 45 | exit when Input (9) = 0; 46 | end loop; 47 | Hash (H, Output); 48 | DH ("Hash is", H); 49 | end Core3; 50 | -------------------------------------------------------------------------------- /tests/Makefile: -------------------------------------------------------------------------------- 1 | GPR_WORKERS:=-j0 2 | SOURCES:= src/ada/*.adb src/c/*.c src/c/*.h ../src/*.adb ../src/*.ads testall.gpr 3 | HOSTOS := $(shell uname -s) 4 | 5 | all: fntr sntr ftestdiff stestdiff 6 | 7 | ftestdiff: expected_test_results fntr 8 | diff $^ 9 | 10 | stestdiff: expected_test_results sntr 11 | diff $^ 12 | 13 | fntr: ftestall 14 | ./ftestall > $@ 15 | 16 | sntr: stestall 17 | ./stestall > $@ 18 | 19 | ftestall: $(SOURCES) 20 | $(MAKE) clean_build 21 | $(MAKE) clean_ftest 22 | gprbuild -Ptestall \ 23 | $(GPR_WORKERS) \ 24 | -XSPARKNACL_RUNTIME_CHECKS=disabled \ 25 | -XSPARKNACL_CONTRACTS=disabled \ 26 | -XSPARKNACL_HOSTOS=$(HOSTOS) \ 27 | -XSPARKNACL_BUILD_MODE=O3 28 | mv obj/testall $@ 29 | 30 | stestall: $(SOURCES) 31 | $(MAKE) clean_build 32 | $(MAKE) clean_stest 33 | gprbuild -Ptestall \ 34 | $(GPR_WORKERS) \ 35 | -XSPARKNACL_RUNTIME_CHECKS=enabled \ 36 | -XSPARKNACL_CONTRACTS=enabled \ 37 | -XSPARKNACL_HOSTOS=$(HOSTOS) \ 38 | -XSPARKNACL_BUILD_MODE=debug 39 | mv obj/testall $@ 40 | 41 | scalarspeed: src/ada/scalarspeed.adb ../src/*.adb ../src/*.ads 42 | $(MAKE) clean_build 43 | $(MAKE) clean_scalar_build 44 | gprbuild -Pscalarspeed \ 45 | $(GPR_WORKERS) \ 46 | -XSPARKNACL_RUNTIME_CHECKS=disabled \ 47 | -XSPARKNACL_CONTRACTS=disabled \ 48 | -XSPARKNACL_HOSTOS=$(HOSTOS) \ 49 | -XSPARKNACL_BUILD_MODE=O3 50 | mv obj/$@ $@ 51 | 52 | .PHONY: all clean_build clean_stest clean_ftest clean_scalarspeed clean 53 | clean_build: 54 | gprclean -r -Ptestall 55 | gprclean -r -Pscalarspeed 56 | clean_stest: 57 | rm -f sntr stestall 58 | clean_ftest: 59 | rm -f fntr ftestall 60 | clean_scalarspeed: 61 | rm -f scalarspeed 62 | clean: 63 | $(MAKE) clean_build 64 | $(MAKE) clean_stest 65 | $(MAKE) clean_ftest 66 | $(MAKE) clean_scalarspeed 67 | -------------------------------------------------------------------------------- /tests/src/ada/aes128_cipher_composition.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.AES; use SPARKNaCl.AES; 3 | 4 | with Ada.Text_IO; use Ada.Text_IO; 5 | with Interfaces; use Interfaces; 6 | 7 | with Random; 8 | 9 | procedure AES128_Cipher_Composition 10 | is 11 | Iteration_Count : constant I32 := 1_000; 12 | 13 | Plaintext : Bytes_16; 14 | Raw_Key : Bytes_16; 15 | 16 | Encryption_Result, Decryption_Result : Bytes_16; 17 | begin 18 | Put ("Testing" & Iteration_Count'Img & " AES128 Cipher compositions: "); 19 | 20 | for I in 1 .. Iteration_Count loop 21 | Random.Random_Bytes (Plaintext); 22 | Random.Random_Bytes (Raw_Key); 23 | 24 | declare 25 | Key : constant AES128_Key := Construct (Raw_Key); 26 | Round_Keys : constant AES128_Round_Keys := Key_Expansion (Key); 27 | begin 28 | Cipher (Encryption_Result, Plaintext, Round_Keys); 29 | Inv_Cipher (Decryption_Result, Encryption_Result, Round_Keys); 30 | end; 31 | 32 | if not Equal (Decryption_Result, Plaintext) then 33 | Put_Line ("Compoistion Test " & I'Img & " failed"); 34 | Put_Line ("Raw Key:"); 35 | 36 | for I in Raw_Key'Range loop 37 | Put (Raw_Key (I)'Img); 38 | exit when I = Raw_Key'Last; 39 | Put (" "); 40 | end loop; 41 | 42 | Put_Line(""); 43 | Put_Line ("Plaintext:"); 44 | 45 | for I in Plaintext'Range loop 46 | Put (Plaintext (I)'Img); 47 | exit when I = Plaintext'Last; 48 | Put (" "); 49 | end loop; 50 | 51 | Put_Line (""); 52 | exit; 53 | end if; 54 | end loop; 55 | 56 | Put_Line ("Done"); 57 | end AES128_Cipher_Composition; 58 | -------------------------------------------------------------------------------- /tests/src/ada/aes256_cipher_composition.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.AES; use SPARKNaCl.AES; 3 | 4 | with Ada.Text_IO; use Ada.Text_IO; 5 | with Interfaces; use Interfaces; 6 | 7 | with Random; 8 | 9 | procedure AES256_Cipher_Composition 10 | is 11 | Iteration_Count : constant I32 := 1_000; 12 | 13 | Plaintext : Bytes_16; 14 | Raw_Key : Bytes_32; 15 | 16 | Encryption_Result, Decryption_Result : Bytes_16; 17 | begin 18 | Put ("Testing" & Iteration_Count'Img & " AES256 Cipher compositions: "); 19 | 20 | for I in 1 .. Iteration_Count loop 21 | Random.Random_Bytes (Plaintext); 22 | Random.Random_Bytes (Raw_Key); 23 | 24 | declare 25 | Key : constant AES256_Key := Construct (Raw_Key); 26 | Round_Keys : constant AES256_Round_Keys := Key_Expansion (Key); 27 | begin 28 | Cipher (Encryption_Result, Plaintext, Round_Keys); 29 | Inv_Cipher (Decryption_Result, Encryption_Result, Round_Keys); 30 | end; 31 | 32 | if not Equal (Decryption_Result, Plaintext) then 33 | Put_Line ("Compoistion Test " & I'Img & " failed"); 34 | Put_Line ("Raw Key:"); 35 | 36 | for I in Raw_Key'Range loop 37 | Put (Raw_Key (I)'Img); 38 | exit when I = Raw_Key'Last; 39 | Put (" "); 40 | end loop; 41 | 42 | Put_Line(""); 43 | Put_Line ("Plaintext:"); 44 | 45 | for I in Plaintext'Range loop 46 | Put (Plaintext (I)'Img); 47 | exit when I = Plaintext'Last; 48 | Put (" "); 49 | end loop; 50 | 51 | Put_Line (""); 52 | exit; 53 | end if; 54 | end loop; 55 | 56 | Put_Line ("Done"); 57 | end AES256_Cipher_Composition; 58 | -------------------------------------------------------------------------------- /tests/src/ada/secretbox9.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Core; use SPARKNaCl.Core; 3 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 4 | with SPARKNaCl.Secretbox; use SPARKNaCl.Secretbox; 5 | with SPARKNaCl.Stream; 6 | with Ada.Text_IO; use Ada.Text_IO; 7 | 8 | with System.Assertions; use System.Assertions; 9 | procedure Secretbox9 10 | is 11 | Firstkey : constant Core.Salsa20_Key := 12 | Construct ((16#1b#, 16#27#, 16#55#, 16#64#, 13 | 16#73#, 16#e9#, 16#85#, 16#d4#, 14 | 16#62#, 16#cd#, 16#51#, 16#19#, 15 | 16#7a#, 16#9a#, 16#46#, 16#c7#, 16 | 16#60#, 16#09#, 16#54#, 16#9e#, 17 | 16#ac#, 16#64#, 16#74#, 16#f2#, 18 | 16#06#, 16#c4#, 16#ee#, 16#08#, 19 | 16#44#, 16#f6#, 16#83#, 16#89#)); 20 | 21 | Nonce : constant Stream.HSalsa20_Nonce := 22 | (16#69#, 16#69#, 16#6e#, 16#e9#, 16#55#, 16#b6#, 16#2b#, 16#73#, 23 | 16#cd#, 16#62#, 16#bd#, 16#a8#, 16#75#, 16#fc#, 16#73#, 16#d6#, 24 | 16#82#, 16#19#, 16#e0#, 16#03#, 16#6b#, 16#7a#, 16#0b#, 16#37#); 25 | 26 | -- M is too short 27 | M : constant Byte_Seq (0 .. 15) := 28 | (0, 0, 0, 0, 0, 0, 0, 0, 29 | 0, 0, 0, 0, 0, 0, 0, 0); 30 | 31 | C : Byte_Seq (0 .. 162) := (others => 0); 32 | S : Boolean; 33 | begin 34 | S := False; 35 | Create (C, S, M, Nonce, Firstkey); 36 | 37 | if S then 38 | Put_Line ("Status is" & Img (S)); 39 | DH ("C is", C); 40 | else 41 | Put_Line ("Precondition failure expected OK"); 42 | end if; 43 | exception 44 | when Assert_Failure | Constraint_Error => 45 | Put_Line ("Precondition failure expected OK"); 46 | end Secretbox9; 47 | -------------------------------------------------------------------------------- /tests/src/ada/secretbox3.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Core; use SPARKNaCl.Core; 3 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 4 | with SPARKNaCl.Secretbox; use SPARKNaCl.Secretbox; 5 | with SPARKNaCl.Stream; 6 | with Ada.Text_IO; use Ada.Text_IO; 7 | 8 | with System.Assertions; use System.Assertions; 9 | procedure Secretbox3 10 | is 11 | Firstkey : constant Core.Salsa20_Key := 12 | Construct ((16#1b#, 16#27#, 16#55#, 16#64#, 13 | 16#73#, 16#e9#, 16#85#, 16#d4#, 14 | 16#62#, 16#cd#, 16#51#, 16#19#, 15 | 16#7a#, 16#9a#, 16#46#, 16#c7#, 16 | 16#60#, 16#09#, 16#54#, 16#9e#, 17 | 16#ac#, 16#64#, 16#74#, 16#f2#, 18 | 16#06#, 16#c4#, 16#ee#, 16#08#, 19 | 16#44#, 16#f6#, 16#83#, 16#89#)); 20 | 21 | Nonce : constant Stream.HSalsa20_Nonce := 22 | (16#69#, 16#69#, 16#6e#, 16#e9#, 16#55#, 16#b6#, 16#2b#, 16#73#, 23 | 16#cd#, 16#62#, 16#bd#, 16#a8#, 16#75#, 16#fc#, 16#73#, 16#d6#, 24 | 16#82#, 16#19#, 16#e0#, 16#03#, 16#6b#, 16#7a#, 16#0b#, 16#37#); 25 | 26 | -- C too short 27 | C : constant Byte_Seq (0 .. 15) := 28 | (16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 29 | 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#); 30 | 31 | M : Byte_Seq (0 .. 15); 32 | S : Boolean; 33 | begin 34 | S := False; 35 | Open (M, S, C, Nonce, Firstkey); 36 | 37 | if S then 38 | Put_Line ("Status is " & Img (S)); 39 | DH ("M is", M); 40 | else 41 | Put_Line ("Precondition failure expected OK"); 42 | end if; 43 | 44 | exception 45 | when Assert_Failure => 46 | Put_Line ("Precondition failure expected OK"); 47 | end Secretbox3; 48 | -------------------------------------------------------------------------------- /tests/src/ada/scalarspeed.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 3 | with SPARKNaCl.Scalar; use SPARKNaCl.Scalar; 4 | with Interfaces; use Interfaces; 5 | with Ada.Real_Time; use Ada.Real_Time; 6 | with Ada.Text_IO; use Ada.Text_IO; 7 | procedure Scalarspeed 8 | is 9 | AliceSK : constant Bytes_32 := 10 | (16#77#, 16#07#, 16#6d#, 16#0a#, 16#73#, 16#18#, 16#a5#, 16#7d#, 11 | 16#3c#, 16#16#, 16#c1#, 16#72#, 16#51#, 16#b2#, 16#66#, 16#45#, 12 | 16#df#, 16#4c#, 16#2f#, 16#87#, 16#eb#, 16#c0#, 16#99#, 16#2a#, 13 | 16#b1#, 16#77#, 16#fb#, 16#a5#, 16#1d#, 16#b9#, 16#2c#, 16#2a#); 14 | 15 | 16 | BobPK : Bytes_32 := 17 | (16#de#, 16#9e#, 16#db#, 16#7d#, 16#7b#, 16#7d#, 16#c1#, 16#b4#, 18 | 16#d3#, 16#5b#, 16#61#, 16#c2#, 16#ec#, 16#e4#, 16#35#, 16#37#, 19 | 16#3f#, 16#83#, 16#43#, 16#c8#, 16#5b#, 16#78#, 16#67#, 16#4d#, 20 | 16#ad#, 16#fc#, 16#7e#, 16#14#, 16#6f#, 16#88#, 16#2b#, 16#4f#); 21 | 22 | K : Bytes_32; 23 | 24 | T1, T2 : Time; 25 | TE : Time_Span; 26 | D : Duration; 27 | 28 | C : constant := 10_000; 29 | Ops_Per_Sec : Duration; 30 | begin 31 | Put_Line ("Bytes_32'Alignment is" & Bytes_32'Alignment'Img); 32 | Put_Line ("Normal_GF'Alignment is" & Normal_GF'Alignment'Img); 33 | Put_Line ("GF32'Alignment is" & GF32'Alignment'Img); 34 | 35 | 36 | T1 := Clock; 37 | for I in 1 .. C loop 38 | K := Mult (AliceSK, BobPK); 39 | BobPK (0) := BobPK (0) + 1; 40 | end loop; 41 | T2 := Clock; 42 | TE := T2 - T1; 43 | D := To_Duration (TE); 44 | 45 | Put_Line ("Elapsed: " & D'Img & " seconds"); 46 | 47 | Ops_Per_Sec := Duration (C) / D; 48 | 49 | Put_Line ("or " & Ops_Per_Sec'Img & " ops per sec"); 50 | end Scalarspeed; 51 | -------------------------------------------------------------------------------- /tests/src/ada/rfsb509_supercop_regression.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Hashing.RFSB509; use SPARKNaCl.Hashing.RFSB509; 3 | with SPARKNaCl.AES; use SPARKNaCl.AES; 4 | 5 | with SUPERCOP_RFSB509_API; use SUPERCOP_RFSB509_API; 6 | 7 | with Ada.Text_IO; use Ada.Text_IO; 8 | with Random; 9 | 10 | with Interfaces; use Interfaces; 11 | with Interfaces.C; use Interfaces.C; 12 | 13 | procedure RFSB509_SUPERCOP_Regression 14 | is 15 | Iteration_Count : constant I32 := 513; 16 | Start_Size : constant I32 := 0; 17 | End_Size : constant I32 := Start_Size + Iteration_Count - 1; 18 | 19 | Raw_Key : constant Bytes_16 := (others => 0); 20 | Key : constant AES128_Key := Construct (Raw_Key); 21 | 22 | SPARKNaCl_Output : Digest; 23 | SUPERCOP_Output : Digest; 24 | 25 | SUPERCOP_Return_Value : Interfaces.C.Int; 26 | begin 27 | Put_Line ("Regression testing RFSB509 with random inputs of size"); 28 | Put (Start_Size'Img & " to " & End_Size'Img & " in bytes: "); 29 | 30 | for I in 1 .. Iteration_Count loop 31 | declare 32 | Input_Length : constant I32 := Start_Size + I - 1; 33 | 34 | subtype Input_Index is N32 range 1 .. Input_Length; 35 | Input : Byte_Seq (Input_Index); 36 | begin 37 | Random.Random_Bytes (Input); 38 | 39 | Hash (SPARKNaCl_Output, Input, Key); 40 | SUPERCOP_Return_Value := SUPERCOP_RFSB509_Hash ( 41 | SUPERCOP_Output, Input, Unsigned_64 (Input_Length)); 42 | 43 | pragma Assert (SUPERCOP_Return_Value = 0); 44 | 45 | if not Equal (SPARKNaCl_Output, SUPERCOP_Output) then 46 | Put_Line ("Regression test " & I'Img & " failed."); 47 | exit; 48 | end if; 49 | end; 50 | end loop; 51 | 52 | Put_Line ("Done"); 53 | end RFSB509_SUPERCOP_Regression; 54 | -------------------------------------------------------------------------------- /tests/src/ada/onetimeauth7.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 3 | with SPARKNaCl.MAC; use SPARKNaCl.MAC; 4 | 5 | with Random; 6 | with Interfaces; use Interfaces; 7 | with Ada.Numerics.Discrete_Random; 8 | procedure Onetimeauth7 9 | is 10 | package RB is new Ada.Numerics.Discrete_Random (Byte); 11 | package RBI16 is new Ada.Numerics.Discrete_Random (Index_16); 12 | RBG : RB.Generator; 13 | RBI16G : RBI16.Generator; 14 | Raw_K : Bytes_32; 15 | K : Poly_1305_Key; 16 | A : Bytes_16; 17 | begin 18 | RB.Reset (RBG); 19 | RBI16.Reset (RBI16G); 20 | -- for I in N32 range 0 .. 9999 loop 21 | for I in N32 range 0 .. 99 loop 22 | declare 23 | subtype C_Index is N32 range 0 .. I; 24 | subtype CT is Byte_Seq (C_Index); 25 | package RCI is new Ada.Numerics.Discrete_Random (C_Index); 26 | RCIG : RCI.Generator; 27 | C : CT; 28 | R1 : C_Index; 29 | R2 : Byte; 30 | R3 : Index_16; 31 | begin 32 | RCI.Reset (RCIG); 33 | Random.Random_Bytes (C); 34 | Random.Random_Bytes (Raw_K); 35 | Construct (K, Raw_K); 36 | Onetimeauth (A, C, K); 37 | if not Onetimeauth_Verify (A, C, K) then 38 | DH ("Fail ", I64 (I)); 39 | return; 40 | end if; 41 | R1 := RCI.Random (RCIG); 42 | R2 := RB.Random (RBG) mod 255; 43 | C (R1) := C (R1) + 1 + R2; 44 | if Onetimeauth_Verify (A, C, K) then 45 | DH ("Forgery", I64 (I)); 46 | return; 47 | end if; 48 | 49 | R2 := RB.Random (RBG) mod 255; 50 | R3 := RBI16.Random (RBI16G); 51 | A (R3) := A (R3) + 1 + R2; 52 | if Onetimeauth_Verify (A, C, K) then 53 | DH ("Forgery", I64 (I)); 54 | return; 55 | end if; 56 | end; 57 | end loop; 58 | end Onetimeauth7; 59 | -------------------------------------------------------------------------------- /tests/src/ada/secretbox8.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Core; 3 | with SPARKNaCl.Secretbox; use SPARKNaCl.Secretbox; 4 | with SPARKNaCl.Cryptobox; 5 | with SPARKNaCl.Stream; 6 | with Random; use Random; 7 | with Ada.Text_IO; use Ada.Text_IO; 8 | with Interfaces; use Interfaces; 9 | with Ada.Numerics.Discrete_Random; 10 | 11 | procedure Secretbox8 12 | is 13 | RK : Bytes_32; 14 | K : Core.Salsa20_Key; 15 | N : Stream.HSalsa20_Nonce; 16 | S, S2 : Boolean; 17 | begin 18 | for MLen in N32 range 0 .. 999 loop 19 | Random_Bytes (RK); 20 | Core.Construct (K, RK); 21 | Random_Bytes (Bytes_24 (N)); 22 | Put ("Secretbox8 - iteration" & MLen'Img); 23 | declare 24 | subtype Index is 25 | N32 range 0 .. Cryptobox.Plaintext_Zero_Bytes + MLen - 1; 26 | subtype CIndex is 27 | N32 range Cryptobox.Ciphertext_Zero_Bytes .. Index'Last; 28 | subtype Text is 29 | Byte_Seq (Index); 30 | package RI is new Ada.Numerics.Discrete_Random (CIndex); 31 | G : RI.Generator; 32 | M, C, M2 : Text := (others => 0); 33 | Caught : Integer := 0; 34 | begin 35 | RI.Reset (G); 36 | Random_Bytes (M (Cryptobox.Plaintext_Zero_Bytes .. M'Last)); 37 | Create (C, S, M, N, K); 38 | 39 | if S then 40 | while (Caught < 10) loop 41 | C (RI.Random (G)) := Random_Byte; 42 | Open (M2, S2, C, N, K); 43 | if S2 then 44 | if not Equal (M, M2) then 45 | Put (" forgery!"); 46 | exit; 47 | end if; 48 | else 49 | Caught := Caught + 1; 50 | end if; 51 | end loop; 52 | New_Line; 53 | else 54 | Put_Line ("bad encryption"); 55 | end if; 56 | end; 57 | end loop; 58 | 59 | end Secretbox8; 60 | -------------------------------------------------------------------------------- /tests/src/ada/onetimeauth.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.MAC; use SPARKNaCl.MAC; 3 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 4 | procedure Onetimeauth 5 | is 6 | RS : constant Poly_1305_Key := 7 | Construct ((16#ee#, 16#a6#, 16#a7#, 16#25#, 8 | 16#1c#, 16#1e#, 16#72#, 16#91#, 9 | 16#6d#, 16#11#, 16#c2#, 16#cb#, 10 | 16#21#, 16#4d#, 16#3c#, 16#25#, 11 | 16#25#, 16#39#, 16#12#, 16#1d#, 12 | 16#8e#, 16#23#, 16#4e#, 16#65#, 13 | 16#2d#, 16#65#, 16#1f#, 16#a4#, 14 | 16#c8#, 16#cf#, 16#f8#, 16#80#)); 15 | 16 | 17 | C : constant Byte_Seq (0 .. 130) := 18 | (16#8e#, 16#99#, 16#3b#, 16#9f#, 16#48#, 16#68#, 16#12#, 16#73#, 19 | 16#c2#, 16#96#, 16#50#, 16#ba#, 16#32#, 16#fc#, 16#76#, 16#ce#, 20 | 16#48#, 16#33#, 16#2e#, 16#a7#, 16#16#, 16#4d#, 16#96#, 16#a4#, 21 | 16#47#, 16#6f#, 16#b8#, 16#c5#, 16#31#, 16#a1#, 16#18#, 16#6a#, 22 | 16#c0#, 16#df#, 16#c1#, 16#7c#, 16#98#, 16#dc#, 16#e8#, 16#7b#, 23 | 16#4d#, 16#a7#, 16#f0#, 16#11#, 16#ec#, 16#48#, 16#c9#, 16#72#, 24 | 16#71#, 16#d2#, 16#c2#, 16#0f#, 16#9b#, 16#92#, 16#8f#, 16#e2#, 25 | 16#27#, 16#0d#, 16#6f#, 16#b8#, 16#63#, 16#d5#, 16#17#, 16#38#, 26 | 16#b4#, 16#8e#, 16#ee#, 16#e3#, 16#14#, 16#a7#, 16#cc#, 16#8a#, 27 | 16#b9#, 16#32#, 16#16#, 16#45#, 16#48#, 16#e5#, 16#26#, 16#ae#, 28 | 16#90#, 16#22#, 16#43#, 16#68#, 16#51#, 16#7a#, 16#cf#, 16#ea#, 29 | 16#bd#, 16#6b#, 16#b3#, 16#73#, 16#2b#, 16#c0#, 16#e9#, 16#da#, 30 | 16#99#, 16#83#, 16#2b#, 16#61#, 16#ca#, 16#01#, 16#b6#, 16#de#, 31 | 16#56#, 16#24#, 16#4a#, 16#9e#, 16#88#, 16#d5#, 16#f9#, 16#b3#, 32 | 16#79#, 16#73#, 16#f6#, 16#22#, 16#a4#, 16#3d#, 16#14#, 16#a6#, 33 | 16#59#, 16#9b#, 16#1f#, 16#65#, 16#4c#, 16#b4#, 16#5a#, 16#74#, 34 | 16#e3#, 16#55#, 16#a5#); 35 | 36 | A : Bytes_16; 37 | begin 38 | Onetimeauth (A, C, RS); 39 | DH ("A is", A); 40 | end Onetimeauth; 41 | -------------------------------------------------------------------------------- /src/sparknacl-hashing-sha512.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl.Hashing.SHA2_Common; use SPARKNaCl.Hashing.SHA2_Common; 2 | 3 | package body SPARKNaCl.Hashing.SHA512 4 | with SPARK_Mode => On 5 | is 6 | pragma Warnings (GNATProve, Off, "pragma * ignored (not yet supported)"); 7 | 8 | IV_512 : constant Bytes_64 := 9 | (16#6a#, 16#09#, 16#e6#, 16#67#, 16#f3#, 16#bc#, 16#c9#, 16#08#, 10 | 16#bb#, 16#67#, 16#ae#, 16#85#, 16#84#, 16#ca#, 16#a7#, 16#3b#, 11 | 16#3c#, 16#6e#, 16#f3#, 16#72#, 16#fe#, 16#94#, 16#f8#, 16#2b#, 12 | 16#a5#, 16#4f#, 16#f5#, 16#3a#, 16#5f#, 16#1d#, 16#36#, 16#f1#, 13 | 16#51#, 16#0e#, 16#52#, 16#7f#, 16#ad#, 16#e6#, 16#82#, 16#d1#, 14 | 16#9b#, 16#05#, 16#68#, 16#8c#, 16#2b#, 16#3e#, 16#6c#, 16#1f#, 15 | 16#1f#, 16#83#, 16#d9#, 16#ab#, 16#fb#, 16#41#, 16#bd#, 16#6b#, 16 | 16#5b#, 16#e0#, 16#cd#, 16#19#, 16#13#, 16#7e#, 16#21#, 16#79#); 17 | 18 | -------------------------------------------------------- 19 | -- Local subprogram declarations 20 | -------------------------------------------------------- 21 | 22 | procedure Hash_512 (Output : out Digest; 23 | M : in Byte_Seq) 24 | with Global => null, 25 | Always_Terminates; 26 | 27 | -------------------------------------------------------- 28 | -- Local subprogram bodies 29 | -------------------------------------------------------- 30 | 31 | procedure Hash_512 (Output : out Digest; 32 | M : in Byte_Seq) 33 | is 34 | H : Bytes_64; 35 | begin 36 | Hash_512_Core (H, IV_512, M); 37 | Output := H; 38 | end Hash_512; 39 | 40 | procedure Hash (Output : out Digest; 41 | M : in Byte_Seq) 42 | is 43 | begin 44 | Hash_512 (Output, M); 45 | end Hash; 46 | 47 | function Hash (M : in Byte_Seq) return Digest 48 | is 49 | R : Digest; 50 | begin 51 | Hash_512 (R, M); 52 | return R; 53 | end Hash; 54 | 55 | end SPARKNaCl.Hashing.SHA512; 56 | -------------------------------------------------------------------------------- /tests/src/ada/box8.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Cryptobox; use SPARKNaCl.Cryptobox; 3 | with SPARKNaCl.Stream; 4 | with Random; use Random; 5 | 6 | with Ada.Numerics.Discrete_Random; 7 | with Ada.Text_IO; use Ada.Text_IO; 8 | with Interfaces; use Interfaces; 9 | 10 | procedure Box8 11 | is 12 | Raw_SK : Bytes_32; 13 | AliceSK, BobSK : Secret_Key; 14 | AlicePK, BobPK : Public_Key; 15 | N : Stream.HSalsa20_Nonce; 16 | S, S2 : Boolean; 17 | begin 18 | -- for MLen in N32 range 0 .. 999 loop 19 | for MLen in N32 range 0 .. 99 loop 20 | Random.Random_Bytes (Raw_SK); 21 | Keypair (Raw_SK, AlicePK, AliceSK); 22 | Random.Random_Bytes (Raw_SK); 23 | Keypair (Raw_SK, BobPK, BobSK); 24 | Random.Random_Bytes (Bytes_24 (N)); 25 | Put ("Box8 - iteration" & MLen'Img); 26 | declare 27 | subtype Index is 28 | N32 range 0 .. Plaintext_Zero_Bytes + MLen - 1; 29 | subtype CIndex is 30 | N32 range Ciphertext_Zero_Bytes .. Index'Last; 31 | subtype Text is 32 | Byte_Seq (Index); 33 | package RI is new Ada.Numerics.Discrete_Random (CIndex); 34 | G : RI.Generator; 35 | M, C, M2 : Text := (others => 0); 36 | begin 37 | RI.Reset (G); 38 | Random.Random_Bytes (M (Plaintext_Zero_Bytes .. M'Last)); 39 | Create (C, S, M, N, BobPK, AliceSK); 40 | if S then 41 | C (RI.Random (G)) := Random_Byte; 42 | Open (M2, S2, C, N, AlicePK, BobSK); 43 | if S2 then 44 | if not Equal (M, M2) then 45 | Put_Line (" forgery!"); 46 | exit; 47 | else 48 | Put_Line (" OK"); 49 | end if; 50 | else 51 | Put_Line (" OK"); -- data corruption spotted OK 52 | end if; 53 | else 54 | Put_Line ("bad encryption"); 55 | end if; 56 | end; 57 | end loop; 58 | end Box8; 59 | -------------------------------------------------------------------------------- /src/sparknacl-hashing-sha384.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl.Hashing.SHA2_Common; use SPARKNaCl.Hashing.SHA2_Common; 2 | 3 | package body SPARKNaCl.Hashing.SHA384 4 | with SPARK_Mode => On 5 | is 6 | 7 | -- SHA384 is SHA512 internally with a different IV and 8 | -- truncated output. 9 | 10 | pragma Warnings (GNATProve, Off, "pragma * ignored (not yet supported)"); 11 | 12 | IV_384 : constant Bytes_64 := 13 | (16#cb#, 16#bb#, 16#9d#, 16#5d#, 16#c1#, 16#05#, 16#9e#, 16#d8#, 14 | 16#62#, 16#9a#, 16#29#, 16#2a#, 16#36#, 16#7c#, 16#d5#, 16#07#, 15 | 16#91#, 16#59#, 16#01#, 16#5a#, 16#30#, 16#70#, 16#dd#, 16#17#, 16 | 16#15#, 16#2f#, 16#ec#, 16#d8#, 16#f7#, 16#0e#, 16#59#, 16#39#, 17 | 16#67#, 16#33#, 16#26#, 16#67#, 16#ff#, 16#c0#, 16#0b#, 16#31#, 18 | 16#8e#, 16#b4#, 16#4a#, 16#87#, 16#68#, 16#58#, 16#15#, 16#11#, 19 | 16#db#, 16#0c#, 16#2e#, 16#0d#, 16#64#, 16#f9#, 16#8f#, 16#a7#, 20 | 16#47#, 16#b5#, 16#48#, 16#1d#, 16#be#, 16#fa#, 16#4f#, 16#a4#); 21 | 22 | -------------------------------------------------------- 23 | -- Local subprogram declarations 24 | -------------------------------------------------------- 25 | 26 | procedure Hash_384 (Output : out Digest; 27 | M : in Byte_Seq) 28 | with Global => null; 29 | 30 | -------------------------------------------------------- 31 | -- Local subprogram bodies 32 | -------------------------------------------------------- 33 | 34 | procedure Hash_384 (Output : out Digest; 35 | M : in Byte_Seq) 36 | is 37 | H : Bytes_64; 38 | begin 39 | Hash_512_Core (H, IV_384, M); 40 | Output := H (0 .. 47); 41 | end Hash_384; 42 | 43 | procedure Hash (Output : out Digest; 44 | M : in Byte_Seq) 45 | is 46 | begin 47 | Hash_384 (Output, M); 48 | end Hash; 49 | 50 | function Hash (M : in Byte_Seq) return Digest 51 | is 52 | R : Digest; 53 | begin 54 | Hash_384 (R, M); 55 | return R; 56 | end Hash; 57 | 58 | end SPARKNaCl.Hashing.SHA384; 59 | -------------------------------------------------------------------------------- /tests/src/ada/onetimeauth2.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.MAC; use SPARKNaCl.MAC; 3 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 4 | procedure Onetimeauth2 5 | is 6 | RS : constant Poly_1305_Key := 7 | Construct ((16#ee#, 16#a6#, 16#a7#, 16#25#, 8 | 16#1c#, 16#1e#, 16#72#, 16#91#, 9 | 16#6d#, 16#11#, 16#c2#, 16#cb#, 10 | 16#21#, 16#4d#, 16#3c#, 16#25#, 11 | 16#25#, 16#39#, 16#12#, 16#1d#, 12 | 16#8e#, 16#23#, 16#4e#, 16#65#, 13 | 16#2d#, 16#65#, 16#1f#, 16#a4#, 14 | 16#c8#, 16#cf#, 16#f8#, 16#80#)); 15 | 16 | 17 | C : constant Byte_Seq (0 .. 130) := 18 | (16#8e#, 16#99#, 16#3b#, 16#9f#, 16#48#, 16#68#, 16#12#, 16#73#, 19 | 16#c2#, 16#96#, 16#50#, 16#ba#, 16#32#, 16#fc#, 16#76#, 16#ce#, 20 | 16#48#, 16#33#, 16#2e#, 16#a7#, 16#16#, 16#4d#, 16#96#, 16#a4#, 21 | 16#47#, 16#6f#, 16#b8#, 16#c5#, 16#31#, 16#a1#, 16#18#, 16#6a#, 22 | 16#c0#, 16#df#, 16#c1#, 16#7c#, 16#98#, 16#dc#, 16#e8#, 16#7b#, 23 | 16#4d#, 16#a7#, 16#f0#, 16#11#, 16#ec#, 16#48#, 16#c9#, 16#72#, 24 | 16#71#, 16#d2#, 16#c2#, 16#0f#, 16#9b#, 16#92#, 16#8f#, 16#e2#, 25 | 16#27#, 16#0d#, 16#6f#, 16#b8#, 16#63#, 16#d5#, 16#17#, 16#38#, 26 | 16#b4#, 16#8e#, 16#ee#, 16#e3#, 16#14#, 16#a7#, 16#cc#, 16#8a#, 27 | 16#b9#, 16#32#, 16#16#, 16#45#, 16#48#, 16#e5#, 16#26#, 16#ae#, 28 | 16#90#, 16#22#, 16#43#, 16#68#, 16#51#, 16#7a#, 16#cf#, 16#ea#, 29 | 16#bd#, 16#6b#, 16#b3#, 16#73#, 16#2b#, 16#c0#, 16#e9#, 16#da#, 30 | 16#99#, 16#83#, 16#2b#, 16#61#, 16#ca#, 16#01#, 16#b6#, 16#de#, 31 | 16#56#, 16#24#, 16#4a#, 16#9e#, 16#88#, 16#d5#, 16#f9#, 16#b3#, 32 | 16#79#, 16#73#, 16#f6#, 16#22#, 16#a4#, 16#3d#, 16#14#, 16#a6#, 33 | 16#59#, 16#9b#, 16#1f#, 16#65#, 16#4c#, 16#b4#, 16#5a#, 16#74#, 34 | 16#e3#, 16#55#, 16#a5#); 35 | 36 | A : constant Bytes_16 := 37 | (16#f3#, 16#ff#, 16#c7#, 16#70#, 16#3f#, 16#94#, 16#00#, 16#e5#, 38 | 16#2a#, 16#7d#, 16#fb#, 16#4b#, 16#3d#, 16#33#, 16#05#, 16#d9#); 39 | 40 | R : Boolean; 41 | begin 42 | R := Onetimeauth_Verify (A, C, RS); 43 | DH ("R is", R); 44 | end Onetimeauth2; 45 | -------------------------------------------------------------------------------- /src/sparknacl-mac.ads: -------------------------------------------------------------------------------- 1 | with SPARKNaCl.Hashing.SHA256; 2 | package SPARKNaCl.MAC 3 | with Pure, 4 | SPARK_Mode => On 5 | is 6 | -- Limited, so no assignment or comparison, and always 7 | -- pass-by-reference. 8 | type Poly_1305_Key is limited private; 9 | 10 | function Construct (K : in Bytes_32) return Poly_1305_Key 11 | with Global => null; 12 | 13 | procedure Construct (K : out Poly_1305_Key; 14 | X : in Bytes_32) 15 | with Global => null; 16 | 17 | function Serialize (K : in Poly_1305_Key) return Bytes_32 18 | with Global => null; 19 | 20 | procedure Sanitize (K : out Poly_1305_Key) 21 | with Global => null; 22 | 23 | -------------------------------------------------------- 24 | -- One-time authentication 25 | -------------------------------------------------------- 26 | 27 | procedure Onetimeauth (Output : out Bytes_16; 28 | M : in Byte_Seq; 29 | K : in Poly_1305_Key) 30 | with Global => null, 31 | Pre => M'First = 0; 32 | 33 | function Onetimeauth_Verify (H : in Bytes_16; 34 | M : in Byte_Seq; 35 | K : in Poly_1305_Key) return Boolean 36 | with Global => null, 37 | Pre => M'First = 0; 38 | 39 | -------------------------------------------------------- 40 | -- Hash-based MAC 41 | -------------------------------------------------------- 42 | 43 | procedure HMAC_SHA_256 (Output : out Hashing.SHA256.Digest; 44 | M : in Byte_Seq; 45 | K : in Byte_Seq) 46 | with Global => null, 47 | Relaxed_Initialization => Output, 48 | Pre => M'First = 0 and 49 | M'Last <= N32'Last - 64 and 50 | (if K'Length > 0 then K'First = 0), 51 | Post => Output'Initialized; 52 | 53 | private 54 | -- Note - also limited here in the full view to ensure 55 | -- no assignment and pass-by-reference in the body. 56 | type Poly_1305_Key is limited record 57 | F : Bytes_32; 58 | end record; 59 | end SPARKNaCl.MAC; 60 | -------------------------------------------------------------------------------- /src/sparknacl-hkdf.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl.MAC; 2 | package body SPARKNaCl.HKDF 3 | with SPARK_Mode => On 4 | is 5 | 6 | -------------------------------------------------------- 7 | -- SHA-256 HKDF-Extract per RFC 5869 8 | -------------------------------------------------------- 9 | 10 | procedure Extract (PRK : out Hashing.SHA256.Digest; -- output key 11 | IKM : in Byte_Seq; -- input keying material 12 | Salt : in Byte_Seq) -- input salt (can be 0 bytes) 13 | is 14 | begin 15 | -- In RFC 5869, the input keying material is used 16 | -- as the _message_ parameter to HMAC. 17 | MAC.HMAC_SHA_256 (PRK, IKM, Salt); 18 | end Extract; 19 | 20 | -------------------------------------------------------- 21 | -- SHA-256 HKDF-Expand per RFC 5869 22 | -------------------------------------------------------- 23 | 24 | procedure Expand 25 | (OKM : out OKM_Seq; 26 | PRK : in Hashing.SHA256.Digest; 27 | Info : in Byte_Seq) 28 | is 29 | Ti : Bytes_32; 30 | B : Byte := 1; -- Output block counter 31 | begin 32 | MAC.HMAC_SHA_256 (Ti, Info & B, PRK); 33 | 34 | if OKM'Last <= Ti'Last then 35 | -- Only need first block Ti to complete OKM 36 | OKM := OKM_Seq (Ti (OKM'Range)); -- Slice and Slide 37 | else 38 | -- OKM larger than hash len, fill the first hash len bytes of OKM 39 | OKM (Ti'Range) := OKM_Seq (Ti); 40 | pragma Assert (OKM (Ti'Range)'Initialized); 41 | 42 | for I in Hash_Len .. OKM'Last loop 43 | if I mod Hash_Len = 0 then 44 | -- generate new output block 45 | B := B + 1; 46 | MAC.HMAC_SHA_256 (Ti, Ti & Info & B, PRK); 47 | end if; 48 | 49 | OKM (I) := Ti (I mod Hash_Len); 50 | pragma Loop_Invariant (OKM (0 .. I)'Initialized); 51 | end loop; 52 | end if; 53 | end Expand; 54 | 55 | procedure KDF (OKM : out OKM_Seq; 56 | IKM : in Byte_Seq; 57 | Salt : in Byte_Seq; 58 | Info : in Byte_Seq) 59 | is 60 | PRK : Bytes_32; 61 | begin 62 | Extract (PRK, IKM, Salt); 63 | Expand (OKM, PRK, Info); 64 | end KDF; 65 | 66 | end SPARKNaCl.HKDF; 67 | -------------------------------------------------------------------------------- /src/sparknacl-hkdf.ads: -------------------------------------------------------------------------------- 1 | with SPARKNaCl.Hashing.SHA256; 2 | package SPARKNaCl.HKDF 3 | with Pure, 4 | SPARK_Mode => On 5 | is 6 | -------------------------------------------------------- 7 | -- Hash-based Key Derivation using SHA-256 8 | -------------------------------------------------------- 9 | Hash_Len : constant := 32; 10 | 11 | -- OKM = "Output Key Material" 12 | subtype OKM_Index is N32 range 0 .. Hash_Len * 255 - 1; 13 | type OKM_Seq is array (OKM_Index range <>) of Byte; 14 | 15 | procedure Extract (PRK : out Hashing.SHA256.Digest; 16 | IKM : in Byte_Seq; 17 | Salt : in Byte_Seq) 18 | with Global => null, 19 | Pre => PRK'First = 0 and 20 | IKM'First = 0 and 21 | IKM'Length > 0 and 22 | IKM'Length < U32 (N32'Last - 64) and 23 | (if Salt'Length > 0 then Salt'First = 0); 24 | 25 | procedure Expand 26 | (OKM : out OKM_Seq; -- Unconstrained 27 | PRK : in Hashing.SHA256.Digest; -- Pseudo-random key 28 | Info : in Byte_Seq) -- Optional context 29 | with Global => null, 30 | Relaxed_Initialization => OKM, 31 | Pre => OKM'First = 0 and 32 | OKM'Length > 0 and 33 | OKM'Length <= 255 * Hash_Len and -- per RFC 5869 34 | PRK'First = 0 and 35 | (if Info'Length > 0 then Info'First = 0) and 36 | Info'Length < U32 (N32'Last) - 97, 37 | Post => OKM'Initialized; 38 | 39 | procedure KDF (OKM : out OKM_Seq; -- Unconstrained 40 | IKM : in Byte_Seq; 41 | Salt : in Byte_Seq; 42 | Info : in Byte_Seq) 43 | with Global => null, 44 | Pre => OKM'First = 0 and 45 | OKM'Length >= 1 and 46 | OKM'Length <= 255 * Hash_Len and -- per RFC 5869 47 | IKM'First = 0 and 48 | IKM'Length > 0 and 49 | IKM'Length < U32 (N32'Last - 64) and 50 | Salt'First = 0 and 51 | Salt'Length > 0 and 52 | Info'First = 0 and 53 | Info'Length < U32 (N32'Last - 97); 54 | 55 | end SPARKNaCl.HKDF; 56 | -------------------------------------------------------------------------------- /tests/src/ada/stream5.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Core; use SPARKNaCl.Core; 3 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 4 | with SPARKNaCl.Stream; use SPARKNaCl.Stream; 5 | procedure Stream5 6 | is 7 | -- Example and Test Vector from RFC 8439 8 | 9 | Firstkey : constant ChaCha20_Key := 10 | Construct ((16#00#, 16#01#, 16#02#, 16#03#, 11 | 16#04#, 16#05#, 16#06#, 16#07#, 12 | 16#08#, 16#09#, 16#0a#, 16#0b#, 13 | 16#0c#, 16#0d#, 16#0e#, 16#0f#, 14 | 16#10#, 16#11#, 16#12#, 16#13#, 15 | 16#14#, 16#15#, 16#16#, 16#17#, 16 | 16#18#, 16#19#, 16#1a#, 16#1b#, 17 | 16#1c#, 16#1d#, 16#1e#, 16#1f#)); 18 | 19 | Nonce_IETF : constant ChaCha20_IETF_Nonce := 20 | (16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 21 | 16#00#, 16#4a#, 16#00#, 16#00#, 16#00#, 16#00#); 22 | 23 | Initial_Counter_IETF : U32 := 1; 24 | 25 | M : constant Byte_Seq (0 .. 113) := ( 26 | 16#4c#, 16#61#, 16#64#, 16#69#, 16#65#, 16#73#, 16#20#, 16#61#, 27 | 16#6e#, 16#64#, 16#20#, 16#47#, 16#65#, 16#6e#, 16#74#, 16#6c#, 28 | 16#65#, 16#6d#, 16#65#, 16#6e#, 16#20#, 16#6f#, 16#66#, 16#20#, 29 | 16#74#, 16#68#, 16#65#, 16#20#, 16#63#, 16#6c#, 16#61#, 16#73#, 30 | 16#73#, 16#20#, 16#6f#, 16#66#, 16#20#, 16#27#, 16#39#, 16#39#, 31 | 16#3a#, 16#20#, 16#49#, 16#66#, 16#20#, 16#49#, 16#20#, 16#63#, 32 | 16#6f#, 16#75#, 16#6c#, 16#64#, 16#20#, 16#6f#, 16#66#, 16#66#, 33 | 16#65#, 16#72#, 16#20#, 16#79#, 16#6f#, 16#75#, 16#20#, 16#6f#, 34 | 16#6e#, 16#6c#, 16#79#, 16#20#, 16#6f#, 16#6e#, 16#65#, 16#20#, 35 | 16#74#, 16#69#, 16#70#, 16#20#, 16#66#, 16#6f#, 16#72#, 16#20#, 36 | 16#74#, 16#68#, 16#65#, 16#20#, 16#66#, 16#75#, 16#74#, 16#75#, 37 | 16#72#, 16#65#, 16#2c#, 16#20#, 16#73#, 16#75#, 16#6e#, 16#73#, 38 | 16#63#, 16#72#, 16#65#, 16#65#, 16#6e#, 16#20#, 16#77#, 16#6f#, 39 | 16#75#, 16#6c#, 16#64#, 16#20#, 16#62#, 16#65#, 16#20#, 16#69#, 40 | 16#74#, 16#2e#); 41 | 42 | C : Byte_Seq (0 .. 113); 43 | begin 44 | -- Keystream only 45 | ChaCha20_IETF (C, Nonce_IETF, Firstkey, Initial_Counter_IETF); 46 | DH ("Keystream only. See RFC 8539 section 2.4.2", C); 47 | 48 | -- Message ciphertext 49 | ChaCha20_IETF_Xor (C, M, Nonce_IETF, Firstkey, Initial_Counter_IETF); 50 | DH ("Ciphertext. See RFC 8539 section 2.4.2", C); 51 | end Stream5; 52 | -------------------------------------------------------------------------------- /perf/csrs.s: -------------------------------------------------------------------------------- 1 | /********************/ 2 | /* _rv32_read_cycle */ 3 | /********************/ 4 | 5 | .section .text 6 | 7 | .globl _rv32_read_cycle 8 | _rv32_read_cycle: 9 | /* Note that we loop here to check the msb doesn't change */ 10 | /* while reading the lsb. See RISC-V ISA Specification 10.1 */ 11 | rdcycleh t0 12 | rdcycle t1 13 | rdcycleh t2 14 | bne t0, t2, _rv32_read_cycle 15 | mv a0, t1 16 | mv a1, t2 17 | ret 18 | 19 | /*******************/ 20 | /* _rv32_read_time */ 21 | /*******************/ 22 | 23 | .globl _rv32_read_time 24 | _rv32_read_time: 25 | /* Note that we loop here to check the msb doesn't change */ 26 | /* while reading the lsb. See RISC-V ISA Specification 10.1 */ 27 | rdtimeh t0 28 | rdtime t1 29 | rdtimeh t2 30 | bne t0, t2, _rv32_read_time 31 | mv a0, t1 32 | mv a1, t2 33 | ret 34 | 35 | /**********************/ 36 | /* _rv32_read_instret */ 37 | /**********************/ 38 | 39 | .globl _rv32_read_instret 40 | _rv32_read_instret: 41 | /* Note that we loop here to check the msb doesn't change */ 42 | /* while reading the lsb. See RISC-V ISA Specification 10.1 */ 43 | rdinstreth t0 44 | rdinstret t1 45 | rdinstreth t2 46 | bne t0, t2, _rv32_read_instret 47 | mv a0, t1 48 | mv a1, t2 49 | ret 50 | 51 | .globl _rv32_read_mhpmcounter3 52 | _rv32_read_mhpmcounter3: 53 | /* Note that we loop here to check the msb doesn't change */ 54 | /* while reading the lsb. See RISC-V ISA Specification 10.1 */ 55 | csrrs t0, mhpmcounter3h, x0 56 | csrrs t1, mhpmcounter3, x0 57 | csrrs t2, mhpmcounter3h, x0 58 | /* bne t0, t2, _rv32_read_mhpmcounter3 */ 59 | /* mv a0, t1 */ 60 | /* mv a1, t2 */ 61 | mv a0, t1 62 | mv a1, x0 63 | ret 64 | 65 | .globl _rv32_read_mhpmcounter4 66 | _rv32_read_mhpmcounter4: 67 | /* Note that we loop here to check the msb doesn't change */ 68 | /* while reading the lsb. See RISC-V ISA Specification 10.1 */ 69 | csrrs t0, mhpmcounter4h, x0 70 | csrrs t1, mhpmcounter4, x0 71 | csrrs t2, mhpmcounter4h, x0 72 | bne t0, t2, _rv32_read_mhpmcounter4 73 | mv a0, t1 74 | mv a1, t2 75 | ret 76 | 77 | .globl _write_mhpmevent3 78 | _write_mhpmevent3: 79 | csrw mhpmevent3, a0 80 | ret 81 | 82 | .globl _write_mhpmevent4 83 | _write_mhpmevent4: 84 | csrw mhpmevent4, a0 85 | ret 86 | -------------------------------------------------------------------------------- /perf/aes128/aes128.gpr: -------------------------------------------------------------------------------- 1 | with "../../../AdaCore/Ada_Drivers_Library/boards/HiFive1_rev_B/hifive1_rev_b_zfp.gpr"; 2 | with "../../sparknacl.gpr"; 3 | 4 | project AES128 is 5 | 6 | for Runtime ("ada") use HiFive1_rev_B_ZFP'Runtime ("Ada"); 7 | for Target use "riscv64-elf"; 8 | for Languages use ("Ada"); 9 | for Source_Dirs use ("src"); 10 | for Object_Dir use "obj"; 11 | for Create_Missing_Dirs use "True"; 12 | 13 | for Main use ("aes128.adb"); 14 | 15 | Callgraph_Switch := ("-fcallgraph-info=su,da"); 16 | 17 | type Build_Kind is ("debug", "O1", "O2", "O3", "Os", "Og"); 18 | Build_Mode : Build_Kind := External ("SPARKNACL_BUILD_MODE", "O2"); 19 | 20 | Opt_Switch := (""); 21 | case Build_Mode is 22 | when "debug" => 23 | Opt_Switch := ("-g", -- Debug info 24 | "-O0"); -- No optimization 25 | when "O1" => 26 | Opt_Switch := ("-O1"); 27 | when "O2" => 28 | Opt_Switch := ("-O2"); 29 | when "O3" => 30 | Opt_Switch := ("-O3"); 31 | when "Os" => 32 | Opt_Switch := ("-Os"); 33 | when "Og" => 34 | Opt_Switch := ("-g", 35 | "-Og"); 36 | end case; 37 | 38 | 39 | package Compiler is 40 | 41 | for Default_Switches ("Ada") use 42 | Compiler'Default_Switches ("Ada") & 43 | Callgraph_Switch & 44 | Opt_Switch & 45 | ("-g", -- Debug info 46 | "-gnatp", -- Suppress all runtime checks 47 | "-gnaty", -- Style checking on 48 | "-gnatwae", -- All warnings and treat them as errors 49 | "-gnatw_A", -- Turn off warnings for anonymous allocators 50 | "-gnatRms", -- Output representation info for subprograms 51 | "-gnatQ", -- Don't quit. Generate ALI and tree files even if illegalities 52 | "-gnatw.X", -- Disable warnings for No_Exception_Propagation 53 | "-march=rv32im", -- No compressed instructions please 54 | "-misa-spec=2.2", -- Use the 2.2 RISC-V ISA spec 55 | "-ffunction-sections", -- Create a linker section for each function 56 | "-fdata-sections"); -- Create a linker section for each data 57 | end Compiler; 58 | 59 | package Linker is 60 | Local_Linker_Switches := ("-T", "aes128.ld"); 61 | for Default_Switches ("Ada") use 62 | Local_Linker_Switches & 63 | HiFive1_rev_B_ZFP.Linker_Switches & 64 | ("-Wl,--print-memory-usage", 65 | "-Wl,-Map=aes128.map", 66 | "-Wl,--gc-sections"); 67 | end Linker; 68 | 69 | end AES128; 70 | -------------------------------------------------------------------------------- /perf/aes256/aes256.gpr: -------------------------------------------------------------------------------- 1 | with "../../../AdaCore/Ada_Drivers_Library/boards/HiFive1_rev_B/hifive1_rev_b_zfp.gpr"; 2 | with "../../sparknacl.gpr"; 3 | 4 | project AES256 is 5 | 6 | for Runtime ("ada") use HiFive1_rev_B_ZFP'Runtime ("Ada"); 7 | for Target use "riscv64-elf"; 8 | for Languages use ("Ada"); 9 | for Source_Dirs use ("src"); 10 | for Object_Dir use "obj"; 11 | for Create_Missing_Dirs use "True"; 12 | 13 | for Main use ("aes256.adb"); 14 | 15 | Callgraph_Switch := ("-fcallgraph-info=su,da"); 16 | 17 | type Build_Kind is ("debug", "O1", "O2", "O3", "Os", "Og"); 18 | Build_Mode : Build_Kind := External ("SPARKNACL_BUILD_MODE", "O2"); 19 | 20 | Opt_Switch := (""); 21 | case Build_Mode is 22 | when "debug" => 23 | Opt_Switch := ("-g", -- Debug info 24 | "-O0"); -- No optimization 25 | when "O1" => 26 | Opt_Switch := ("-O1"); 27 | when "O2" => 28 | Opt_Switch := ("-O2"); 29 | when "O3" => 30 | Opt_Switch := ("-O3"); 31 | when "Os" => 32 | Opt_Switch := ("-Os"); 33 | when "Og" => 34 | Opt_Switch := ("-g", 35 | "-Og"); 36 | end case; 37 | 38 | 39 | package Compiler is 40 | 41 | for Default_Switches ("Ada") use 42 | Compiler'Default_Switches ("Ada") & 43 | Callgraph_Switch & 44 | Opt_Switch & 45 | ("-g", -- Debug info 46 | "-gnatp", -- Suppress all runtime checks 47 | "-gnaty", -- Style checking on 48 | "-gnatwae", -- All warnings and treat them as errors 49 | "-gnatw_A", -- Turn off warnings for anonymous allocators 50 | "-gnatRms", -- Output representation info for subprograms 51 | "-gnatQ", -- Don't quit. Generate ALI and tree files even if illegalities 52 | "-gnatw.X", -- Disable warnings for No_Exception_Propagation 53 | "-march=rv32im", -- No compressed instructions please 54 | "-misa-spec=2.2", -- Use the 2.2 RISC-V ISA spec 55 | "-ffunction-sections", -- Create a linker section for each function 56 | "-fdata-sections"); -- Create a linker section for each data 57 | end Compiler; 58 | 59 | package Linker is 60 | Local_Linker_Switches := ("-T", "aes256.ld"); 61 | for Default_Switches ("Ada") use 62 | Local_Linker_Switches & 63 | HiFive1_rev_B_ZFP.Linker_Switches & 64 | ("-Wl,--print-memory-usage", 65 | "-Wl,-Map=aes256.map", 66 | "-Wl,--gc-sections"); 67 | end Linker; 68 | 69 | end AES256; 70 | -------------------------------------------------------------------------------- /perf/rfsb509/rfsb509.gpr: -------------------------------------------------------------------------------- 1 | with "../../../AdaCore/Ada_Drivers_Library/boards/HiFive1_rev_B/hifive1_rev_b_zfp.gpr"; 2 | with "../../sparknacl.gpr"; 3 | 4 | project RFSB509 is 5 | 6 | for Runtime ("ada") use HiFive1_rev_B_ZFP'Runtime ("Ada"); 7 | for Target use "riscv64-elf"; 8 | for Languages use ("Ada"); 9 | for Source_Dirs use ("src"); 10 | for Object_Dir use "obj"; 11 | for Create_Missing_Dirs use "True"; 12 | 13 | for Main use ("rfsb509.adb"); 14 | 15 | Callgraph_Switch := ("-fcallgraph-info=su,da"); 16 | 17 | type Build_Kind is ("debug", "O1", "O2", "O3", "Os", "Og"); 18 | Build_Mode : Build_Kind := External ("SPARKNACL_BUILD_MODE", "O2"); 19 | 20 | Opt_Switch := (""); 21 | case Build_Mode is 22 | when "debug" => 23 | Opt_Switch := ("-g", -- Debug info 24 | "-O0"); -- No optimization 25 | when "O1" => 26 | Opt_Switch := ("-O1"); 27 | when "O2" => 28 | Opt_Switch := ("-O2"); 29 | when "O3" => 30 | Opt_Switch := ("-O3"); 31 | when "Os" => 32 | Opt_Switch := ("-Os"); 33 | when "Og" => 34 | Opt_Switch := ("-g", 35 | "-Og"); 36 | end case; 37 | 38 | 39 | package Compiler is 40 | 41 | for Default_Switches ("Ada") use 42 | Compiler'Default_Switches ("Ada") & 43 | Callgraph_Switch & 44 | Opt_Switch & 45 | ("-g", -- Debug info 46 | "-gnatp", -- Suppress all runtime checks 47 | "-gnaty", -- Style checking on 48 | "-gnatwae", -- All warnings and treat them as errors 49 | "-gnatw_A", -- Turn off warnings for anonymous allocators 50 | "-gnatRms", -- Output representation info for subprograms 51 | "-gnatQ", -- Don't quit. Generate ALI and tree files even if illegalities 52 | "-gnatw.X", -- Disable warnings for No_Exception_Propagation 53 | "-march=rv32im", -- No compressed instructions please 54 | "-misa-spec=2.2", -- Use the 2.2 RISC-V ISA spec 55 | "-ffunction-sections", -- Create a linker section for each function 56 | "-fdata-sections"); -- Create a linker section for each data 57 | end Compiler; 58 | 59 | package Linker is 60 | Local_Linker_Switches := ("-T", "rfsb509.ld"); 61 | for Default_Switches ("Ada") use 62 | Local_Linker_Switches & 63 | HiFive1_rev_B_ZFP.Linker_Switches & 64 | ("-Wl,--print-memory-usage", 65 | "-Wl,-Map=rfsb509.map", 66 | "-Wl,--gc-sections"); 67 | end Linker; 68 | 69 | end RFSB509; 70 | -------------------------------------------------------------------------------- /src/sparknacl-utils.ads: -------------------------------------------------------------------------------- 1 | private package SPARKNaCl.Utils 2 | with Pure, 3 | SPARK_Mode => On 4 | is 5 | --=================================================== 6 | -- Exported subprogram declarations 7 | -- 8 | -- Note that these subprograms appear in a distinct 9 | -- private child package so they are NOT 10 | -- primitive operations of either types Byte_Seq or 11 | -- GF, but they ARE potentially usable by other 12 | -- public children of SPARKNaCl. 13 | --=================================================== 14 | 15 | procedure Little_Endian_Unpack (Output : out Bytes_8; 16 | Input : in U64) 17 | with Inline, 18 | Global => null; 19 | 20 | procedure Big_Endian_Unpack (Output : out Bytes_4; 21 | Input : in U32) 22 | with Relaxed_Initialization => Output, 23 | Inline, 24 | Global => null, 25 | Post => Output'Initialized; 26 | 27 | function Big_Endian_Pack (Input : in Bytes_4) return U32 28 | with Inline, 29 | Global => null; 30 | 31 | -- Do the following for every Byte in Input. Set all bits of the byte to 32 | -- the value of the bit at position "Index" in the given byte. 33 | function Broadcast_Bit_To_Byte (Input : in U32; 34 | Index : in Index_8) return U32 35 | with Pure_Function, 36 | Inline, 37 | Global => null; 38 | 39 | -- Constant time conditional swap of P and Q. Note that 40 | -- if a Normal_GF is passed in, this property is retained 41 | -- on swapping (or not...) This is required Pack_25519. 42 | -- In the original TweetNaCl sources, this was called 43 | -- "sel25519" 44 | procedure CSwap16 (P : in out Normal_GF; 45 | Q : in out Normal_GF; 46 | Swap : in Boolean) 47 | with Global => null, 48 | Contract_Cases => 49 | (Swap => (P = Q'Old and Q = P'Old), 50 | not Swap => (P = P'Old and Q = Q'Old)); 51 | 52 | -- Reduces N modulo (2**255 - 19) then packs the 53 | -- value into 32 bytes little-endian. 54 | function Pack_25519 (N : in Normal_GF) return Bytes_32 55 | with Global => null, 56 | Pure_Function; 57 | 58 | function Inv_25519 (I : in Normal_GF) return Normal_GF 59 | with Global => null, 60 | Pure_Function; 61 | 62 | function Unpack_25519 (N : in Bytes_32) return Normal_GF 63 | with Global => null, 64 | Pure_Function; 65 | 66 | end SPARKNaCl.Utils; 67 | -------------------------------------------------------------------------------- /tests/src/ada/secretbox.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Core; use SPARKNaCl.Core; 3 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 4 | with SPARKNaCl.Secretbox; use SPARKNaCl.Secretbox; 5 | with SPARKNaCl.Stream; 6 | with Ada.Text_IO; use Ada.Text_IO; 7 | procedure Secretbox 8 | is 9 | Firstkey : constant Core.Salsa20_Key := 10 | Construct ((16#1b#, 16#27#, 16#55#, 16#64#, 11 | 16#73#, 16#e9#, 16#85#, 16#d4#, 12 | 16#62#, 16#cd#, 16#51#, 16#19#, 13 | 16#7a#, 16#9a#, 16#46#, 16#c7#, 14 | 16#60#, 16#09#, 16#54#, 16#9e#, 15 | 16#ac#, 16#64#, 16#74#, 16#f2#, 16 | 16#06#, 16#c4#, 16#ee#, 16#08#, 17 | 16#44#, 16#f6#, 16#83#, 16#89#)); 18 | 19 | Nonce : constant Stream.HSalsa20_Nonce := 20 | (16#69#, 16#69#, 16#6e#, 16#e9#, 16#55#, 16#b6#, 16#2b#, 16#73#, 21 | 16#cd#, 16#62#, 16#bd#, 16#a8#, 16#75#, 16#fc#, 16#73#, 16#d6#, 22 | 16#82#, 16#19#, 16#e0#, 16#03#, 16#6b#, 16#7a#, 16#0b#, 16#37#); 23 | 24 | M : constant Byte_Seq (0 .. 162) := 25 | (0, 0, 0, 0, 0, 0, 0, 0, 26 | 0, 0, 0, 0, 0, 0, 0, 0, 27 | 0, 0, 0, 0, 0, 0, 0, 0, 28 | 0, 0, 0, 0, 0, 0, 0, 0, 29 | 16#be#, 16#07#, 16#5f#, 16#c5#, 16#3c#, 16#81#, 16#f2#, 16#d5#, 30 | 16#cf#, 16#14#, 16#13#, 16#16#, 16#eb#, 16#eb#, 16#0c#, 16#7b#, 31 | 16#52#, 16#28#, 16#c5#, 16#2a#, 16#4c#, 16#62#, 16#cb#, 16#d4#, 32 | 16#4b#, 16#66#, 16#84#, 16#9b#, 16#64#, 16#24#, 16#4f#, 16#fc#, 33 | 16#e5#, 16#ec#, 16#ba#, 16#af#, 16#33#, 16#bd#, 16#75#, 16#1a#, 34 | 16#1a#, 16#c7#, 16#28#, 16#d4#, 16#5e#, 16#6c#, 16#61#, 16#29#, 35 | 16#6c#, 16#dc#, 16#3c#, 16#01#, 16#23#, 16#35#, 16#61#, 16#f4#, 36 | 16#1d#, 16#b6#, 16#6c#, 16#ce#, 16#31#, 16#4a#, 16#db#, 16#31#, 37 | 16#0e#, 16#3b#, 16#e8#, 16#25#, 16#0c#, 16#46#, 16#f0#, 16#6d#, 38 | 16#ce#, 16#ea#, 16#3a#, 16#7f#, 16#a1#, 16#34#, 16#80#, 16#57#, 39 | 16#e2#, 16#f6#, 16#55#, 16#6a#, 16#d6#, 16#b1#, 16#31#, 16#8a#, 40 | 16#02#, 16#4a#, 16#83#, 16#8f#, 16#21#, 16#af#, 16#1f#, 16#de#, 41 | 16#04#, 16#89#, 16#77#, 16#eb#, 16#48#, 16#f5#, 16#9f#, 16#fd#, 42 | 16#49#, 16#24#, 16#ca#, 16#1c#, 16#60#, 16#90#, 16#2e#, 16#52#, 43 | 16#f0#, 16#a0#, 16#89#, 16#bc#, 16#76#, 16#89#, 16#70#, 16#40#, 44 | 16#e0#, 16#82#, 16#f9#, 16#37#, 16#76#, 16#38#, 16#48#, 16#64#, 45 | 16#5e#, 16#07#, 16#05#); 46 | 47 | C : Byte_Seq (0 .. 162); 48 | S : Boolean; 49 | begin 50 | Create (C, S, M, Nonce, Firstkey); 51 | 52 | Put_Line ("Status is " & Img (S)); 53 | DH ("C is", C); 54 | end Secretbox; 55 | -------------------------------------------------------------------------------- /src/sparknacl-sign.ads: -------------------------------------------------------------------------------- 1 | package SPARKNaCl.Sign 2 | with Pure, 3 | SPARK_Mode => On 4 | is 5 | -- Limited, so no assignment or comparison, and always 6 | -- pass-by-reference. 7 | type Signing_PK is limited private; 8 | type Signing_SK is limited private; 9 | 10 | -------------------------------------------------------- 11 | -- Public key signatures 12 | -------------------------------------------------------- 13 | 14 | procedure Keypair (SK_Raw : in Bytes_32; -- random please! 15 | PK : out Signing_PK; 16 | SK : out Signing_SK) 17 | with Global => null; 18 | 19 | procedure PK_From_Bytes (PK_Raw : in Bytes_32; 20 | PK : out Signing_PK) 21 | with Global => null; 22 | 23 | -- Returns K as 64 bytes. Bytes 0 .. 31 are the secret 24 | -- key. Bytes 32 .. 63 are the public key 25 | function Serialize (K : in Signing_SK) return Bytes_64 26 | with Global => null; 27 | 28 | function Serialize (K : in Signing_PK) return Bytes_32 29 | with Global => null; 30 | 31 | procedure Sanitize (K : out Signing_PK) 32 | with Global => null; 33 | 34 | procedure Sanitize (K : out Signing_SK) 35 | with Global => null; 36 | 37 | 38 | -- The length of a signature block that is prepended to a message 39 | -- when signed. 40 | Sign_Bytes : constant := 64; 41 | 42 | procedure Sign (SM : out Byte_Seq; 43 | M : in Byte_Seq; 44 | SK : in Signing_SK) 45 | with Global => null, 46 | Relaxed_Initialization => SM, 47 | Pre => (M'First = 0 and 48 | SM'First = 0 and 49 | M'Last <= N32'Last - Sign_Bytes) and then 50 | (SM'Length = M'Length + Sign_Bytes and 51 | SM'Last = M'Last + Sign_Bytes), 52 | Post => SM'Initialized; 53 | 54 | procedure Open (M : out Byte_Seq; 55 | Status : out Boolean; 56 | MLen : out I32; 57 | SM : in Byte_Seq; 58 | PK : in Signing_PK) 59 | with Global => null, 60 | Pre => M'First = 0 and 61 | SM'First = 0 and 62 | SM'Length = M'Length and 63 | SM'Last = M'Last and 64 | SM'Length >= Sign_Bytes; 65 | 66 | private 67 | -- Note - also limited types here in the full view to ensure 68 | -- no assignment and pass-by-reference in the body. 69 | type Signing_PK is limited record 70 | F : Bytes_32; 71 | end record; 72 | 73 | type Signing_SK is limited record 74 | F : Bytes_64; 75 | end record; 76 | 77 | end SPARKNaCl.Sign; 78 | -------------------------------------------------------------------------------- /tests/src/ada/stream4.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Core; use SPARKNaCl.Core; 3 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 4 | with SPARKNaCl.Stream; use SPARKNaCl.Stream; 5 | procedure Stream4 6 | is 7 | Firstkey : constant Salsa20_Key := 8 | Construct ((16#1b#, 16#27#, 16#55#, 16#64#, 9 | 16#73#, 16#e9#, 16#85#, 16#d4#, 10 | 16#62#, 16#cd#, 16#51#, 16#19#, 11 | 16#7a#, 16#9a#, 16#46#, 16#c7#, 12 | 16#60#, 16#09#, 16#54#, 16#9e#, 13 | 16#ac#, 16#64#, 16#74#, 16#f2#, 14 | 16#06#, 16#c4#, 16#ee#, 16#08#, 15 | 16#44#, 16#f6#, 16#83#, 16#89#)); 16 | 17 | Nonce : constant HSalsa20_Nonce := 18 | (16#69#, 16#69#, 16#6e#, 16#e9#, 16#55#, 16#b6#, 16#2b#, 16#73#, 19 | 16#cd#, 16#62#, 16#bd#, 16#a8#, 16#75#, 16#fc#, 16#73#, 16#d6#, 20 | 16#82#, 16#19#, 16#e0#, 16#03#, 16#6b#, 16#7a#, 16#0b#, 16#37#); 21 | 22 | Nonce8 : constant Salsa20_Nonce := 23 | (16#69#, 16#69#, 16#6e#, 16#e9#, 16#55#, 16#b6#, 16#2b#, 16#73#); 24 | 25 | M : constant Byte_Seq (0 .. 162) := 26 | (0, 0, 0, 0, 0, 0, 0, 0, 27 | 0, 0, 0, 0, 0, 0, 0, 0, 28 | 0, 0, 0, 0, 0, 0, 0, 0, 29 | 0, 0, 0, 0, 0, 0, 0, 0, 30 | 16#be#, 16#07#, 16#5f#, 16#c5#, 16#3c#, 16#81#, 16#f2#, 16#d5#, 31 | 16#cf#, 16#14#, 16#13#, 16#16#, 16#eb#, 16#eb#, 16#0c#, 16#7b#, 32 | 16#52#, 16#28#, 16#c5#, 16#2a#, 16#4c#, 16#62#, 16#cb#, 16#d4#, 33 | 16#4b#, 16#66#, 16#84#, 16#9b#, 16#64#, 16#24#, 16#4f#, 16#fc#, 34 | 16#e5#, 16#ec#, 16#ba#, 16#af#, 16#33#, 16#bd#, 16#75#, 16#1a#, 35 | 16#1a#, 16#c7#, 16#28#, 16#d4#, 16#5e#, 16#6c#, 16#61#, 16#29#, 36 | 16#6c#, 16#dc#, 16#3c#, 16#01#, 16#23#, 16#35#, 16#61#, 16#f4#, 37 | 16#1d#, 16#b6#, 16#6c#, 16#ce#, 16#31#, 16#4a#, 16#db#, 16#31#, 38 | 16#0e#, 16#3b#, 16#e8#, 16#25#, 16#0c#, 16#46#, 16#f0#, 16#6d#, 39 | 16#ce#, 16#ea#, 16#3a#, 16#7f#, 16#a1#, 16#34#, 16#80#, 16#57#, 40 | 16#e2#, 16#f6#, 16#55#, 16#6a#, 16#d6#, 16#b1#, 16#31#, 16#8a#, 41 | 16#02#, 16#4a#, 16#83#, 16#8f#, 16#21#, 16#af#, 16#1f#, 16#de#, 42 | 16#04#, 16#89#, 16#77#, 16#eb#, 16#48#, 16#f5#, 16#9f#, 16#fd#, 43 | 16#49#, 16#24#, 16#ca#, 16#1c#, 16#60#, 16#90#, 16#2e#, 16#52#, 44 | 16#f0#, 16#a0#, 16#89#, 16#bc#, 16#76#, 16#89#, 16#70#, 16#40#, 45 | 16#e0#, 16#82#, 16#f9#, 16#37#, 16#76#, 16#38#, 16#48#, 16#64#, 46 | 16#5e#, 16#07#, 16#05#); 47 | 48 | C : Byte_Seq (0 .. 162); 49 | begin 50 | HSalsa20_Xor (C, M, Nonce, Firstkey); 51 | DH ("C is", C); 52 | 53 | -- RCC adds this case to gain coverage of... 54 | Salsa20_Xor (C, M, Nonce8, Firstkey); 55 | DH ("C2 is", C); 56 | end Stream4; 57 | -------------------------------------------------------------------------------- /perf/rfsb509/src/rfsb509.adb: -------------------------------------------------------------------------------- 1 | with HAL; use HAL; 2 | 3 | with FE310; 4 | with FE310.CLINT; 5 | with FE310.Time; use FE310.Time; 6 | with FE310.Performance_Monitor; use FE310.Performance_Monitor; 7 | 8 | with RISCV.CSR; use RISCV.CSR; 9 | 10 | with SPARKNaCl; use SPARKNaCl; 11 | with SPARKNaCl.Hashing.RFSB509; use SPARKNaCl.Hashing.RFSB509; 12 | with SPARKNaCl.AES; use SPARKNaCl.AES; 13 | 14 | with IO; 15 | 16 | procedure RFSB509 is 17 | T1, T2 : UInt64; 18 | Total_Time : UInt64; 19 | 20 | CPU_Hz1, CPU_Hz2 : UInt32; 21 | 22 | Output : Digest; 23 | Input : constant Byte_Seq (0 .. 1023) := (others => 77); 24 | 25 | Key_Raw : constant Bytes_16 := (others => 0); 26 | Key : constant AES128_Key := AES.Construct (Key_Raw); 27 | 28 | procedure Report; 29 | 30 | procedure Report 31 | is 32 | begin 33 | IO.Put ("Total: "); 34 | IO.Put (Total_Time); 35 | IO.Put_Line (" cycles"); 36 | end Report; 37 | begin 38 | CPU_Hz1 := FE310.CPU_Frequency; 39 | 40 | -- The SPI flash clock divider should be as small as possible to increase 41 | -- the execution speed of instructions that are not yet in the instruction 42 | -- cache. 43 | FE310.Set_SPI_Flash_Clock_Divider (2); 44 | 45 | -- Load the internal oscillator factory calibration to be sure it 46 | -- oscillates at a known frequency. 47 | FE310.Load_Internal_Oscilator_Calibration; 48 | 49 | -- Use the HiFive1 16 MHz crystal oscillator which is more acurate than the 50 | -- internal oscillator. 51 | FE310.Use_Crystal_Oscillator; 52 | 53 | CPU_Hz2 := FE310.CPU_Frequency; 54 | 55 | IO.Put_Line ("CPU Frequency reset was: ", U64 (CPU_Hz1)); 56 | IO.Put_Line ("CPU Frequency now is: ", U64 (CPU_Hz2)); 57 | 58 | FE310.Performance_Monitor.Set_Commit_Events (3, No_Commit_Events); 59 | FE310.Performance_Monitor.Set_Commit_Events (4, No_Commit_Events); 60 | 61 | T1 := FE310.CLINT.Machine_Time; 62 | T2 := FE310.CLINT.Machine_Time; 63 | IO.Put_Line ("Null timing test:", U64 (T2 - T1)); 64 | 65 | T1 := Mcycle.Read; 66 | Delay_S (1); 67 | T2 := Mcycle.Read; 68 | IO.Put_Line ("One second test (CYCLE): ", U64 (T2 - T1)); 69 | 70 | T1 := Minstret.Read; 71 | Delay_S (1); 72 | T2 := Minstret.Read; 73 | IO.Put_Line ("One second test (INSTRET):", U64 (T2 - T1)); 74 | 75 | T1 := FE310.CLINT.Machine_Time; 76 | Delay_S (1); 77 | T2 := FE310.CLINT.Machine_Time; 78 | IO.Put_Line ("One second test (CLINT): ", U64 (T2 - T1)); 79 | 80 | IO.New_Line; 81 | IO.Put_Line ("SPARKNaCl.Hashing.RFSB509 test"); 82 | 83 | T1 := Mcycle.Read; 84 | Hashing.RFSB509.Hash (Output, Input, Key); 85 | T2 := Mcycle.Read; 86 | Total_Time := T2 - T1; 87 | Report; 88 | 89 | end RFSB509; 90 | -------------------------------------------------------------------------------- /tests/src/ada/secretbox2.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Core; use SPARKNaCl.Core; 3 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 4 | with SPARKNaCl.Secretbox; use SPARKNaCl.Secretbox; 5 | with SPARKNaCl.Stream; 6 | with Ada.Text_IO; use Ada.Text_IO; 7 | procedure Secretbox2 8 | is 9 | Firstkey : constant Core.Salsa20_Key := 10 | Construct ((16#1b#, 16#27#, 16#55#, 16#64#, 11 | 16#73#, 16#e9#, 16#85#, 16#d4#, 12 | 16#62#, 16#cd#, 16#51#, 16#19#, 13 | 16#7a#, 16#9a#, 16#46#, 16#c7#, 14 | 16#60#, 16#09#, 16#54#, 16#9e#, 15 | 16#ac#, 16#64#, 16#74#, 16#f2#, 16 | 16#06#, 16#c4#, 16#ee#, 16#08#, 17 | 16#44#, 16#f6#, 16#83#, 16#89#)); 18 | 19 | Nonce : constant Stream.HSalsa20_Nonce := 20 | (16#69#, 16#69#, 16#6e#, 16#e9#, 16#55#, 16#b6#, 16#2b#, 16#73#, 21 | 16#cd#, 16#62#, 16#bd#, 16#a8#, 16#75#, 16#fc#, 16#73#, 16#d6#, 22 | 16#82#, 16#19#, 16#e0#, 16#03#, 16#6b#, 16#7a#, 16#0b#, 16#37#); 23 | 24 | C : constant Byte_Seq (0 .. 162) := 25 | (16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 26 | 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 27 | 16#F3#, 16#FF#, 16#C7#, 16#70#, 16#3F#, 16#94#, 16#00#, 16#E5#, 28 | 16#2A#, 16#7D#, 16#FB#, 16#4B#, 16#3D#, 16#33#, 16#05#, 16#D9#, 29 | 16#8E#, 16#99#, 16#3B#, 16#9F#, 16#48#, 16#68#, 16#12#, 16#73#, 30 | 16#C2#, 16#96#, 16#50#, 16#BA#, 16#32#, 16#FC#, 16#76#, 16#CE#, 31 | 16#48#, 16#33#, 16#2E#, 16#A7#, 16#16#, 16#4D#, 16#96#, 16#A4#, 32 | 16#47#, 16#6F#, 16#B8#, 16#C5#, 16#31#, 16#A1#, 16#18#, 16#6A#, 33 | 16#C0#, 16#DF#, 16#C1#, 16#7C#, 16#98#, 16#DC#, 16#E8#, 16#7B#, 34 | 16#4D#, 16#A7#, 16#F0#, 16#11#, 16#EC#, 16#48#, 16#C9#, 16#72#, 35 | 16#71#, 16#D2#, 16#C2#, 16#0F#, 16#9B#, 16#92#, 16#8F#, 16#E2#, 36 | 16#27#, 16#0D#, 16#6F#, 16#B8#, 16#63#, 16#D5#, 16#17#, 16#38#, 37 | 16#B4#, 16#8E#, 16#EE#, 16#E3#, 16#14#, 16#A7#, 16#CC#, 16#8A#, 38 | 16#B9#, 16#32#, 16#16#, 16#45#, 16#48#, 16#E5#, 16#26#, 16#AE#, 39 | 16#90#, 16#22#, 16#43#, 16#68#, 16#51#, 16#7A#, 16#CF#, 16#EA#, 40 | 16#BD#, 16#6B#, 16#B3#, 16#73#, 16#2B#, 16#C0#, 16#E9#, 16#DA#, 41 | 16#99#, 16#83#, 16#2B#, 16#61#, 16#CA#, 16#01#, 16#B6#, 16#DE#, 42 | 16#56#, 16#24#, 16#4A#, 16#9E#, 16#88#, 16#D5#, 16#F9#, 16#B3#, 43 | 16#79#, 16#73#, 16#F6#, 16#22#, 16#A4#, 16#3D#, 16#14#, 16#A6#, 44 | 16#59#, 16#9B#, 16#1F#, 16#65#, 16#4C#, 16#B4#, 16#5A#, 16#74#, 45 | 16#E3#, 16#55#, 16#A5#); 46 | 47 | 48 | M : Byte_Seq (0 .. 162); 49 | S : Boolean; 50 | begin 51 | Open (M, S, C, Nonce, Firstkey); 52 | 53 | Put_Line ("Status is " & Img (S)); 54 | DH ("M is", M); 55 | end Secretbox2; 56 | -------------------------------------------------------------------------------- /perf/aes128/src/aes128.adb: -------------------------------------------------------------------------------- 1 | with HAL; use HAL; 2 | 3 | with FE310; 4 | with FE310.CLINT; 5 | with FE310.Time; use FE310.Time; 6 | with FE310.Performance_Monitor; use FE310.Performance_Monitor; 7 | 8 | with RISCV.CSR; use RISCV.CSR; 9 | 10 | with SPARKNaCl; use SPARKNaCl; 11 | with SPARKNaCl.AES; use SPARKNaCl.AES; 12 | 13 | with IO; 14 | 15 | procedure AES128 is 16 | T1, T2 : UInt64; 17 | Total_Time : UInt64; 18 | 19 | CPU_Hz1, CPU_Hz2 : UInt32; 20 | 21 | -- ECB GFSbox 128 Count 0 22 | Plaintext : constant Bytes_16 := ( 23 | 16#f3#, 16#44#, 16#81#, 16#ec#, 16#3c#, 16#c6#, 16#27#, 16#ba#, 24 | 16#cd#, 16#5d#, 16#c3#, 16#fb#, 16#08#, 16#f2#, 16#73#, 16#e6#); 25 | 26 | Result : Bytes_16; 27 | 28 | Key_Raw : constant Bytes_16 := (others => 0); 29 | Key : constant AES128_Key := Construct (Key_Raw); 30 | Round_Keys : constant AES128_Round_Keys := Key_Expansion (Key); 31 | 32 | procedure Report; 33 | 34 | procedure Report 35 | is 36 | begin 37 | IO.Put ("Total: "); 38 | IO.Put (Total_Time); 39 | IO.Put_Line (" cycles"); 40 | end Report; 41 | begin 42 | CPU_Hz1 := FE310.CPU_Frequency; 43 | 44 | -- The SPI flash clock divider should be as small as possible to increase 45 | -- the execution speed of instructions that are not yet in the instruction 46 | -- cache. 47 | FE310.Set_SPI_Flash_Clock_Divider (2); 48 | 49 | -- Load the internal oscillator factory calibration to be sure it 50 | -- oscillates at a known frequency. 51 | FE310.Load_Internal_Oscilator_Calibration; 52 | 53 | -- Use the HiFive1 16 MHz crystal oscillator which is more acurate than the 54 | -- internal oscillator. 55 | FE310.Use_Crystal_Oscillator; 56 | 57 | CPU_Hz2 := FE310.CPU_Frequency; 58 | 59 | IO.Put_Line ("CPU Frequency reset was: ", U64 (CPU_Hz1)); 60 | IO.Put_Line ("CPU Frequency now is: ", U64 (CPU_Hz2)); 61 | 62 | FE310.Performance_Monitor.Set_Commit_Events (3, No_Commit_Events); 63 | FE310.Performance_Monitor.Set_Commit_Events (4, No_Commit_Events); 64 | 65 | T1 := FE310.CLINT.Machine_Time; 66 | T2 := FE310.CLINT.Machine_Time; 67 | IO.Put_Line ("Null timing test:", U64 (T2 - T1)); 68 | 69 | T1 := Mcycle.Read; 70 | Delay_S (1); 71 | T2 := Mcycle.Read; 72 | IO.Put_Line ("One second test (CYCLE): ", U64 (T2 - T1)); 73 | 74 | T1 := Minstret.Read; 75 | Delay_S (1); 76 | T2 := Minstret.Read; 77 | IO.Put_Line ("One second test (INSTRET):", U64 (T2 - T1)); 78 | 79 | T1 := FE310.CLINT.Machine_Time; 80 | Delay_S (1); 81 | T2 := FE310.CLINT.Machine_Time; 82 | IO.Put_Line ("One second test (CLINT): ", U64 (T2 - T1)); 83 | 84 | IO.New_Line; 85 | IO.Put_Line ("SPARKNaCl.AES128 Cipher test"); 86 | 87 | T1 := Mcycle.Read; 88 | SPARKNaCl.AES.Cipher (Result, Plaintext, Round_Keys); 89 | T2 := Mcycle.Read; 90 | Total_Time := T2 - T1; 91 | Report; 92 | 93 | end AES128; 94 | -------------------------------------------------------------------------------- /perf/aes256/src/aes256.adb: -------------------------------------------------------------------------------- 1 | with HAL; use HAL; 2 | 3 | with FE310; 4 | with FE310.CLINT; 5 | with FE310.Time; use FE310.Time; 6 | with FE310.Performance_Monitor; use FE310.Performance_Monitor; 7 | 8 | with RISCV.CSR; use RISCV.CSR; 9 | 10 | with SPARKNaCl; use SPARKNaCl; 11 | with SPARKNaCl.AES; use SPARKNaCl.AES; 12 | 13 | with IO; 14 | 15 | procedure AES256 is 16 | T1, T2 : UInt64; 17 | Total_Time : UInt64; 18 | 19 | CPU_Hz1, CPU_Hz2 : UInt32; 20 | 21 | -- ECB GFSbox 256 Count 0 22 | Plaintext : constant Bytes_16 := ( 23 | 16#0b#, 16#24#, 16#af#, 16#36#, 16#19#, 16#3c#, 16#e4#, 16#66#, 24 | 16#5f#, 16#28#, 16#25#, 16#d7#, 16#b4#, 16#74#, 16#9c#, 16#98#); 25 | 26 | Result : Bytes_16; 27 | 28 | Key_Raw : constant Bytes_32 := (others => 0); 29 | Key : constant AES256_Key := Construct (Key_Raw); 30 | Round_Keys : constant AES256_Round_Keys := Key_Expansion (Key); 31 | 32 | procedure Report; 33 | 34 | procedure Report 35 | is 36 | begin 37 | IO.Put ("Total: "); 38 | IO.Put (Total_Time); 39 | IO.Put_Line (" cycles"); 40 | end Report; 41 | begin 42 | CPU_Hz1 := FE310.CPU_Frequency; 43 | 44 | -- The SPI flash clock divider should be as small as possible to increase 45 | -- the execution speed of instructions that are not yet in the instruction 46 | -- cache. 47 | FE310.Set_SPI_Flash_Clock_Divider (2); 48 | 49 | -- Load the internal oscillator factory calibration to be sure it 50 | -- oscillates at a known frequency. 51 | FE310.Load_Internal_Oscilator_Calibration; 52 | 53 | -- Use the HiFive1 16 MHz crystal oscillator which is more acurate than the 54 | -- internal oscillator. 55 | FE310.Use_Crystal_Oscillator; 56 | 57 | CPU_Hz2 := FE310.CPU_Frequency; 58 | 59 | IO.Put_Line ("CPU Frequency reset was: ", U64 (CPU_Hz1)); 60 | IO.Put_Line ("CPU Frequency now is: ", U64 (CPU_Hz2)); 61 | 62 | FE310.Performance_Monitor.Set_Commit_Events (3, No_Commit_Events); 63 | FE310.Performance_Monitor.Set_Commit_Events (4, No_Commit_Events); 64 | 65 | T1 := FE310.CLINT.Machine_Time; 66 | T2 := FE310.CLINT.Machine_Time; 67 | IO.Put_Line ("Null timing test:", U64 (T2 - T1)); 68 | 69 | T1 := Mcycle.Read; 70 | Delay_S (1); 71 | T2 := Mcycle.Read; 72 | IO.Put_Line ("One second test (CYCLE): ", U64 (T2 - T1)); 73 | 74 | T1 := Minstret.Read; 75 | Delay_S (1); 76 | T2 := Minstret.Read; 77 | IO.Put_Line ("One second test (INSTRET):", U64 (T2 - T1)); 78 | 79 | T1 := FE310.CLINT.Machine_Time; 80 | Delay_S (1); 81 | T2 := FE310.CLINT.Machine_Time; 82 | IO.Put_Line ("One second test (CLINT): ", U64 (T2 - T1)); 83 | 84 | IO.New_Line; 85 | IO.Put_Line ("SPARKNaCl.AES256 Cipher test"); 86 | 87 | T1 := Mcycle.Read; 88 | SPARKNaCl.AES.Cipher (Result, Plaintext, Round_Keys); 89 | T2 := Mcycle.Read; 90 | Total_Time := T2 - T1; 91 | Report; 92 | 93 | end AES256; 94 | -------------------------------------------------------------------------------- /src/sparknacl-debug.adb: -------------------------------------------------------------------------------- 1 | with Ada.Text_IO; use Ada.Text_IO; 2 | package body SPARKNaCl.Debug 3 | with SPARK_Mode => Off 4 | is 5 | On : constant Boolean := True; 6 | 7 | package I64IO is new Ada.Text_IO.Integer_IO (Integer_64); 8 | 9 | type BToCT is array (Byte range 0 .. 15) of Character; 10 | BToC : constant BToCT := 11 | ('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 12 | 'A', 'B', 'C', 'D', 'E', 'F'); 13 | 14 | procedure PB (X : in Byte); 15 | 16 | procedure PB (X : in Byte) 17 | is 18 | begin 19 | if On then 20 | Put ("16#"); 21 | Put (BToC (X / 16)); 22 | Put (BToC (X mod 16)); 23 | Put ("# "); 24 | end if; 25 | end PB; 26 | 27 | procedure PU32 (X : in U32); 28 | 29 | procedure PU32 (X : in U32) 30 | is 31 | B1 : constant Byte := Byte (16#FF# and Shift_Right (X, 24)); 32 | B2 : constant Byte := Byte (16#FF# and Shift_Right (X, 16)); 33 | B3 : constant Byte := Byte (16#FF# and Shift_Right (X, 8)); 34 | B4 : constant Byte := Byte (16#FF# and X); 35 | begin 36 | if On then 37 | Put ("16#"); 38 | Put (BToC (B1 / 16)); 39 | Put (BToC (B1 mod 16)); 40 | Put (BToC (B2 / 16)); 41 | Put (BToC (B2 mod 16)); 42 | Put (BToC (B3 / 16)); 43 | Put (BToC (B3 mod 16)); 44 | Put (BToC (B4 / 16)); 45 | Put (BToC (B4 mod 16)); 46 | Put ("# "); 47 | end if; 48 | end PU32; 49 | 50 | procedure DH (S : in String; D : in Byte_Seq) 51 | is 52 | begin 53 | if On then 54 | Put_Line (S); 55 | for I in D'Range loop 56 | PB (D (I)); 57 | if I mod 8 = 7 then 58 | New_Line; 59 | end if; 60 | end loop; 61 | New_Line; 62 | end if; 63 | end DH; 64 | 65 | procedure DH (S : in String; D : in I64) 66 | is 67 | begin 68 | if On then 69 | Put (S & ' '); 70 | I64IO.Put (D, Width => 0); 71 | New_Line; 72 | end if; 73 | end DH; 74 | 75 | procedure DH (S : in String; D : in U32_Seq) 76 | is 77 | begin 78 | if On then 79 | Put_Line (S); 80 | for I in D'Range loop 81 | PU32 (D (I)); 82 | if I mod 8 = 7 then 83 | New_Line; 84 | end if; 85 | end loop; 86 | New_Line; 87 | end if; 88 | end DH; 89 | 90 | procedure DH (S : in String; D : in Boolean) 91 | is 92 | begin 93 | if On then 94 | Put_Line (S); 95 | Put (Img (D)); 96 | New_Line; 97 | end if; 98 | end DH; 99 | 100 | procedure DHH (S : in String; D : in I64) 101 | is 102 | begin 103 | if On then 104 | Put_Line (S); 105 | I64IO.Put (D, Width => 0, Base => 16); 106 | New_Line; 107 | end if; 108 | end DHH; 109 | 110 | end SPARKNaCl.Debug; 111 | -------------------------------------------------------------------------------- /perf/perf.gpr: -------------------------------------------------------------------------------- 1 | with "../../AdaCore/Ada_Drivers_Library/boards/HiFive1_rev_B/hifive1_rev_b_zfp.gpr"; 2 | with "../sparknacl.gpr"; 3 | 4 | abstract project Perf is 5 | 6 | for Runtime ("ada") use HiFive1_rev_B_ZFP'Runtime ("Ada"); 7 | for Target use "riscv64-elf"; 8 | for Languages use ("Ada", "C", "Asm"); 9 | for Source_Dirs use (); 10 | for Object_Dir use "."; 11 | for Create_Missing_Dirs use "True"; 12 | 13 | Callgraph_Switch := ("-fcallgraph-info=su,da"); 14 | 15 | type Build_Kind is ("debug", "O1", "O2", "O3", "Os", "Og"); 16 | Build_Mode : Build_Kind := External ("SPARKNACL_BUILD_MODE", "O2"); 17 | 18 | Opt_Switch := (); 19 | case Build_Mode is 20 | when "debug" => 21 | Opt_Switch := ("-g", -- Debug info 22 | "-O0"); -- No optimization 23 | when "O1" => 24 | Opt_Switch := ("-O1"); 25 | when "O2" => 26 | Opt_Switch := ("-O2"); 27 | when "O3" => 28 | Opt_Switch := ("-O3"); 29 | when "Os" => 30 | Opt_Switch := ("-Os"); 31 | when "Og" => 32 | Opt_Switch := ("-g", 33 | "-Og"); 34 | end case; 35 | 36 | 37 | package Compiler is 38 | 39 | for Default_Switches ("C") use Compiler'Default_Switches ("C") & 40 | Callgraph_Switch & 41 | Opt_Switch & 42 | ("-march=rv32im", -- No compressed instructions for C 43 | "-ffunction-sections", -- Create a linker section for each function 44 | "-fdata-sections"); -- Create a linker section for each data 45 | 46 | for Default_Switches ("Asm") use 47 | Compiler'Default_Switches ("Asm") & 48 | ("-misa-spec=2.2"); 49 | 50 | for Default_Switches ("Ada") use 51 | Compiler'Default_Switches ("Ada") & 52 | Callgraph_Switch & 53 | Opt_Switch & 54 | ("-g", -- Debug info 55 | "-gnatp", -- Suppress all runtime checks 56 | "-gnaty", -- Style checking on 57 | "-gnatwae", -- All warnings and treat them as errors 58 | "-gnatw_A", -- Turn off warnings for anonymous allocators 59 | "-gnatRms", -- Output representation info for subprograms 60 | "-gnatQ", -- Don't quit. Generate ALI and tree files even if illegalities 61 | "-gnatw.X", -- Disable warnings for No_Exception_Propagation 62 | "-misa-spec=2.2", 63 | "-march=rv32im", -- No compressed instructions please 64 | "-ffunction-sections", -- Create a linker section for each function 65 | "-fdata-sections"); -- Create a linker section for each data 66 | end Compiler; 67 | 68 | package Linker is 69 | Local_Linker_Switches := ("-T", "perf.ld"); 70 | for Default_Switches ("Ada") use 71 | Local_Linker_Switches & 72 | HiFive1_rev_B_ZFP.Linker_Switches & 73 | ("-Wl,--print-memory-usage", 74 | "-Wl,-Map=main.map", 75 | "-Wl,--gc-sections"); 76 | end Linker; 77 | 78 | package Ide is 79 | for Program_Host use ":3333"; 80 | for Communication_Protocol use "remote"; 81 | end Ide; 82 | 83 | end Perf; 84 | -------------------------------------------------------------------------------- /tests/src/c/supercop-20230530_rfsb509_compress.c: -------------------------------------------------------------------------------- 1 | #include "supercop-20230530_rfsb509_compress.h" 2 | #include "supercop-20230530_rfsb509_matrix.h" 3 | 4 | #include 5 | 6 | typedef uint64_t uint64; 7 | 8 | static uint64 load_littleendian(const unsigned char *x) 9 | { 10 | return 11 | (uint64) (x[0]) \ 12 | | (((uint64) (x[1])) << 8) \ 13 | | (((uint64) (x[2])) << 16) \ 14 | | (((uint64) (x[3])) << 24) \ 15 | | (((uint64) (x[4])) << 32) \ 16 | | (((uint64) (x[5])) << 40) \ 17 | | (((uint64) (x[6])) << 48) \ 18 | | (((uint64) (x[7])) << 56) 19 | ; 20 | } 21 | 22 | static void store_littleendian(unsigned char *x,uint64 u) 23 | { 24 | x[0] = u; u >>= 8; 25 | x[1] = u; u >>= 8; 26 | x[2] = u; u >>= 8; 27 | x[3] = u; u >>= 8; 28 | x[4] = u; u >>= 8; 29 | x[5] = u; u >>= 8; 30 | x[6] = u; u >>= 8; 31 | x[7] = u; 32 | } 33 | 34 | typedef struct{ 35 | uint64 x[10]; 36 | } column; 37 | 38 | static void column_load(column *c, unsigned char pos) 39 | { 40 | unsigned int p = (unsigned int)pos << 6; 41 | c->x[0] = load_littleendian(rfsb509_matrix + p + 0); 42 | c->x[1] = load_littleendian(rfsb509_matrix + p + 8); 43 | c->x[2] = load_littleendian(rfsb509_matrix + p + 16); 44 | c->x[3] = load_littleendian(rfsb509_matrix + p + 24); 45 | c->x[4] = load_littleendian(rfsb509_matrix + p + 32); 46 | c->x[5] = load_littleendian(rfsb509_matrix + p + 40); 47 | c->x[6] = load_littleendian(rfsb509_matrix + p + 48); 48 | c->x[7] = load_littleendian(rfsb509_matrix + p + 56); 49 | c->x[8] = 0; 50 | c->x[9] = 0; 51 | } 52 | 53 | static void column_mulx128(column *c) 54 | { 55 | int i; 56 | for(i=9;i>1;i--) 57 | c->x[i] = c->x[i-2]; 58 | c->x[0] = 0; 59 | c->x[1] = 0; 60 | } 61 | 62 | static void column_modx509(column *c) 63 | { 64 | uint64 t; 65 | t = c->x[7] >> 61; 66 | c->x[0] ^= t; 67 | 68 | t = c->x[8] << 3; 69 | c->x[0] ^= t; 70 | 71 | t = c->x[8] >> 61; 72 | c->x[1] ^= t; 73 | 74 | t = c->x[9] << 3; 75 | c->x[1] ^= t; 76 | 77 | t = c->x[9] >> 61; 78 | c->x[2] ^= t; 79 | 80 | c->x[7] &= 0x1fffffffffffffffUL; 81 | c->x[8] = 0; 82 | c->x[9] = 0; 83 | } 84 | 85 | static void column_add(column *r, column *x) 86 | { 87 | int i; 88 | for(i=0;i<10;i++) 89 | r->x[i] ^= x->x[i]; 90 | } 91 | 92 | int rfsb509_crypto_hashblocks( 93 | unsigned char *r, 94 | const unsigned char *b, 95 | unsigned long long blen 96 | ) 97 | { 98 | unsigned char state[64]; 99 | unsigned char positions[128]; 100 | int i; 101 | column v,t; 102 | 103 | for (i = 0;i < 64;++i) state[i] = r[i]; 104 | 105 | while (blen >= 48) { 106 | for(i=0;i<64;i++) positions[i] = state[i]; 107 | for(i=64;i<112;i++) positions[i] = b[i-64]; 108 | 109 | column_load(&v, positions[0]); 110 | for(i=1;i<112;i++) 111 | { 112 | column_mulx128(&v); 113 | column_load(&t, positions[i]); 114 | column_add(&v, &t); 115 | column_modx509(&v); 116 | } 117 | for(i=0;i<8;i++) 118 | store_littleendian(state + 8*i,v.x[i]); 119 | b += 48; 120 | blen -= 48; 121 | } 122 | 123 | for (i = 0;i < 64;++i) r[i] = state[i]; 124 | return blen; 125 | } 126 | -------------------------------------------------------------------------------- /tests/src/ada/testall.adb: -------------------------------------------------------------------------------- 1 | with AES128_Cipher_Composition; 2 | with AES128_Cipher_KAT; 3 | with AES256_Cipher_Composition; 4 | with AES256_Cipher_KAT; 5 | with RFSB509_SUPERCOP_Regression; 6 | with Hash; 7 | with Hash1; 8 | with Hash2; 9 | with Box; 10 | with Box7; 11 | with Box8; 12 | with Core1; 13 | with Core3; 14 | with ECDH; 15 | with Onetimeauth; 16 | with Onetimeauth2; 17 | with Onetimeauth7; 18 | with HMAC; 19 | with HKDF1; 20 | with Scalarmult; 21 | with Scalarmult2; 22 | with Scalarmult5; 23 | with Scalarmult6; 24 | with Secretbox; 25 | with Secretbox2; 26 | with Secretbox3; 27 | with Secretbox7; 28 | with Secretbox8; 29 | with Secretbox9; 30 | with Secretbox10; 31 | with Sign; 32 | with Stream; 33 | with Stream2; 34 | with Stream3; 35 | with Stream4; 36 | with Stream5; 37 | with Stream6; 38 | with Stream7; 39 | 40 | with Ada.Text_IO; use Ada.Text_IO; 41 | with Ada.Exceptions; use Ada.Exceptions; 42 | with GNAT.Traceback.Symbolic; use GNAT.Traceback.Symbolic; 43 | 44 | procedure Testall 45 | is 46 | begin 47 | Put_Line ("AES128 Cipher Composition"); 48 | AES128_Cipher_Composition; 49 | Put_Line ("AES128 Cipher KAT"); 50 | AES128_Cipher_KAT; 51 | Put_Line ("AES256 Cipher Composition"); 52 | AES256_Cipher_Composition; 53 | Put_Line ("AES256 Cipher KAT"); 54 | AES256_Cipher_KAT; 55 | Put_Line ("RFSB509 SUPERCOP Regression"); 56 | RFSB509_SUPERCOP_Regression; 57 | Put_Line ("Hash"); 58 | Hash; 59 | Put_Line ("Hash1"); 60 | Hash1; 61 | Put_Line ("Hash2"); 62 | Hash2; 63 | Put_Line ("Box"); 64 | Box; 65 | Put_Line ("Box7"); 66 | Box7; 67 | Put_Line ("Box8"); 68 | Box8; 69 | Put_Line ("Core1"); 70 | Core1; 71 | Put_Line ("Core3"); 72 | Core3; 73 | Put_Line ("Onetimeauth"); 74 | Onetimeauth; 75 | Put_Line ("Onetimeauth2"); 76 | Onetimeauth2; 77 | Put_Line ("Onetimeauth7"); 78 | Onetimeauth7; 79 | Put_Line ("HMAC"); 80 | HMAC; 81 | Put_Line ("Scalarmult"); 82 | Scalarmult; 83 | Put_Line ("Scalarmult2"); 84 | Scalarmult2; 85 | Put_Line ("Scalarmult5"); 86 | Scalarmult5; 87 | Put_Line ("Scalarmult6"); 88 | Scalarmult6; 89 | Put_Line ("Secretbox"); 90 | Secretbox; 91 | Put_Line ("Secretbox2"); 92 | Secretbox2; 93 | Put_Line ("Secretbox3"); 94 | Secretbox3; 95 | Put_Line ("Secretbox7"); 96 | Secretbox7; 97 | Put_Line ("Secretbox8"); 98 | Secretbox8; 99 | Put_Line ("Secretbox9"); 100 | Secretbox9; 101 | Put_Line ("Secretbox10"); 102 | Secretbox10; 103 | Put_Line ("Sign"); 104 | Sign; 105 | Put_Line ("Stream"); 106 | Stream; 107 | Put_Line ("Stream2"); 108 | Stream2; 109 | Put_Line ("Stream3"); 110 | Stream3; 111 | Put_Line ("Stream4"); 112 | Stream4; 113 | Put_Line ("Stream5"); 114 | Stream5; 115 | Put_Line ("Stream6"); 116 | Stream6; 117 | Put_Line ("Stream7"); 118 | Stream7; 119 | Put_Line ("ECDH"); 120 | ECDH; 121 | Put_Line ("HKDF"); 122 | HKDF1; 123 | exception 124 | when E : others => 125 | Put_Line (Exception_Message (E)); 126 | Put_Line (Exception_Information (E)); 127 | Put_Line (Symbolic_Traceback (E)); 128 | end Testall; 129 | -------------------------------------------------------------------------------- /perf/io.adb: -------------------------------------------------------------------------------- 1 | with HAL.UART; 2 | with FE310.UART; 3 | with FE310.Device; 4 | 5 | package body IO is 6 | 7 | type BToCT is array (Byte range 0 .. 15) of Character; 8 | BToC : constant BToCT := 9 | ('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 10 | 'A', 'B', 'C', 'D', 'E', 'F'); 11 | 12 | --------- 13 | -- Put -- 14 | --------- 15 | 16 | procedure Put (C : Character) is 17 | B : HAL.UART.UART_Data_8b (0 .. 0); 18 | S : HAL.UART.UART_Status; 19 | begin 20 | B (0) := Character'Pos (C); 21 | FE310.UART.Transmit (FE310.Device.UART0, B, S); 22 | pragma Unreferenced (S); 23 | end Put; 24 | 25 | -------------- 26 | -- New_Line -- 27 | -------------- 28 | 29 | procedure New_Line (Spacing : Positive := 1) is 30 | begin 31 | for J in 1 .. Spacing loop 32 | Put (ASCII.CR); 33 | Put (ASCII.LF); 34 | end loop; 35 | end New_Line; 36 | 37 | --------- 38 | -- Put -- 39 | --------- 40 | 41 | procedure Put (X : Integer) is 42 | Int : Integer; 43 | S : String (1 .. Integer'Width); 44 | First : Natural := S'Last + 1; 45 | Val : Integer; 46 | 47 | begin 48 | -- Work on negative values to avoid overflows 49 | Int := (if X < 0 then X else -X); 50 | 51 | loop 52 | -- Cf RM 4.5.5 Multiplying Operators. The rem operator will return 53 | -- negative values for negative values of Int. 54 | Val := Int rem 10; 55 | Int := (Int - Val) / 10; 56 | First := First - 1; 57 | S (First) := Character'Val (Character'Pos ('0') - Val); 58 | exit when Int = 0; 59 | end loop; 60 | 61 | if X < 0 then 62 | First := First - 1; 63 | S (First) := '-'; 64 | end if; 65 | 66 | Put (S (First .. S'Last)); 67 | end Put; 68 | 69 | procedure Put (X : UInt64) 70 | is 71 | Int : UInt64 := X; 72 | S : String (1 .. UInt64'Width) := (others => ' '); 73 | First : Natural := S'Last + 1; 74 | Val : UInt64; 75 | begin 76 | loop 77 | Val := Int rem 10; 78 | Int := (Int - Val) / 10; 79 | First := First - 1; 80 | S (First) := Character'Val (Character'Pos ('0') + Val); 81 | exit when Int = 0; 82 | end loop; 83 | 84 | -- Fixed width output 85 | Put (S); 86 | end Put; 87 | 88 | --------- 89 | -- Put -- 90 | --------- 91 | 92 | procedure Put (S : String) is 93 | begin 94 | for J in S'Range loop 95 | Put (S (J)); 96 | end loop; 97 | end Put; 98 | 99 | -------------- 100 | -- Put_Line -- 101 | -------------- 102 | 103 | procedure Put_Line (S : String) is 104 | begin 105 | Put (S); 106 | New_Line; 107 | end Put_Line; 108 | 109 | procedure Put_Line (S : String; X : Unsigned_64) 110 | is 111 | begin 112 | Put (S); 113 | Put (UInt64 (X)); 114 | New_Line; 115 | end Put_Line; 116 | 117 | procedure Put (B : in Byte) 118 | is 119 | begin 120 | Put ("16#"); 121 | Put (BToC (B / 16)); 122 | Put (BToC (B mod 16)); 123 | Put ("# "); 124 | end Put; 125 | 126 | procedure Put (S : in String; D : in Byte_Seq) 127 | is 128 | begin 129 | Put_Line (S); 130 | for I in D'Range loop 131 | Put (D (I)); 132 | if I mod 8 = 7 then 133 | New_Line; 134 | end if; 135 | end loop; 136 | New_Line; 137 | end Put; 138 | 139 | end IO; 140 | -------------------------------------------------------------------------------- /perf/aes128/src/io.adb: -------------------------------------------------------------------------------- 1 | with HAL.UART; 2 | with FE310.UART; 3 | with FE310.Device; 4 | 5 | package body IO is 6 | 7 | type BToCT is array (Byte range 0 .. 15) of Character; 8 | BToC : constant BToCT := 9 | ('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 10 | 'A', 'B', 'C', 'D', 'E', 'F'); 11 | 12 | --------- 13 | -- Put -- 14 | --------- 15 | 16 | procedure Put (C : Character) is 17 | B : HAL.UART.UART_Data_8b (0 .. 0); 18 | S : HAL.UART.UART_Status; 19 | begin 20 | B (0) := Character'Pos (C); 21 | FE310.UART.Transmit (FE310.Device.UART0, B, S); 22 | pragma Unreferenced (S); 23 | end Put; 24 | 25 | -------------- 26 | -- New_Line -- 27 | -------------- 28 | 29 | procedure New_Line (Spacing : Positive := 1) is 30 | begin 31 | for J in 1 .. Spacing loop 32 | Put (ASCII.CR); 33 | Put (ASCII.LF); 34 | end loop; 35 | end New_Line; 36 | 37 | --------- 38 | -- Put -- 39 | --------- 40 | 41 | procedure Put (X : Integer) is 42 | Int : Integer; 43 | S : String (1 .. Integer'Width); 44 | First : Natural := S'Last + 1; 45 | Val : Integer; 46 | 47 | begin 48 | -- Work on negative values to avoid overflows 49 | Int := (if X < 0 then X else -X); 50 | 51 | loop 52 | -- Cf RM 4.5.5 Multiplying Operators. The rem operator will return 53 | -- negative values for negative values of Int. 54 | Val := Int rem 10; 55 | Int := (Int - Val) / 10; 56 | First := First - 1; 57 | S (First) := Character'Val (Character'Pos ('0') - Val); 58 | exit when Int = 0; 59 | end loop; 60 | 61 | if X < 0 then 62 | First := First - 1; 63 | S (First) := '-'; 64 | end if; 65 | 66 | Put (S (First .. S'Last)); 67 | end Put; 68 | 69 | procedure Put (X : UInt64) 70 | is 71 | Int : UInt64 := X; 72 | S : String (1 .. UInt64'Width) := (others => ' '); 73 | First : Natural := S'Last + 1; 74 | Val : UInt64; 75 | begin 76 | loop 77 | Val := Int rem 10; 78 | Int := (Int - Val) / 10; 79 | First := First - 1; 80 | S (First) := Character'Val (Character'Pos ('0') + Val); 81 | exit when Int = 0; 82 | end loop; 83 | 84 | -- Fixed width output 85 | Put (S); 86 | end Put; 87 | 88 | --------- 89 | -- Put -- 90 | --------- 91 | 92 | procedure Put (S : String) is 93 | begin 94 | for J in S'Range loop 95 | Put (S (J)); 96 | end loop; 97 | end Put; 98 | 99 | -------------- 100 | -- Put_Line -- 101 | -------------- 102 | 103 | procedure Put_Line (S : String) is 104 | begin 105 | Put (S); 106 | New_Line; 107 | end Put_Line; 108 | 109 | procedure Put_Line (S : String; X : Unsigned_64) 110 | is 111 | begin 112 | Put (S); 113 | Put (UInt64 (X)); 114 | New_Line; 115 | end Put_Line; 116 | 117 | procedure Put (B : in Byte) 118 | is 119 | begin 120 | Put ("16#"); 121 | Put (BToC (B / 16)); 122 | Put (BToC (B mod 16)); 123 | Put ("# "); 124 | end Put; 125 | 126 | procedure Put (S : in String; D : in Byte_Seq) 127 | is 128 | begin 129 | Put_Line (S); 130 | for I in D'Range loop 131 | Put (D (I)); 132 | if I mod 8 = 7 then 133 | New_Line; 134 | end if; 135 | end loop; 136 | New_Line; 137 | end Put; 138 | 139 | end IO; 140 | -------------------------------------------------------------------------------- /perf/aes256/src/io.adb: -------------------------------------------------------------------------------- 1 | with HAL.UART; 2 | with FE310.UART; 3 | with FE310.Device; 4 | 5 | package body IO is 6 | 7 | type BToCT is array (Byte range 0 .. 15) of Character; 8 | BToC : constant BToCT := 9 | ('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 10 | 'A', 'B', 'C', 'D', 'E', 'F'); 11 | 12 | --------- 13 | -- Put -- 14 | --------- 15 | 16 | procedure Put (C : Character) is 17 | B : HAL.UART.UART_Data_8b (0 .. 0); 18 | S : HAL.UART.UART_Status; 19 | begin 20 | B (0) := Character'Pos (C); 21 | FE310.UART.Transmit (FE310.Device.UART0, B, S); 22 | pragma Unreferenced (S); 23 | end Put; 24 | 25 | -------------- 26 | -- New_Line -- 27 | -------------- 28 | 29 | procedure New_Line (Spacing : Positive := 1) is 30 | begin 31 | for J in 1 .. Spacing loop 32 | Put (ASCII.CR); 33 | Put (ASCII.LF); 34 | end loop; 35 | end New_Line; 36 | 37 | --------- 38 | -- Put -- 39 | --------- 40 | 41 | procedure Put (X : Integer) is 42 | Int : Integer; 43 | S : String (1 .. Integer'Width); 44 | First : Natural := S'Last + 1; 45 | Val : Integer; 46 | 47 | begin 48 | -- Work on negative values to avoid overflows 49 | Int := (if X < 0 then X else -X); 50 | 51 | loop 52 | -- Cf RM 4.5.5 Multiplying Operators. The rem operator will return 53 | -- negative values for negative values of Int. 54 | Val := Int rem 10; 55 | Int := (Int - Val) / 10; 56 | First := First - 1; 57 | S (First) := Character'Val (Character'Pos ('0') - Val); 58 | exit when Int = 0; 59 | end loop; 60 | 61 | if X < 0 then 62 | First := First - 1; 63 | S (First) := '-'; 64 | end if; 65 | 66 | Put (S (First .. S'Last)); 67 | end Put; 68 | 69 | procedure Put (X : UInt64) 70 | is 71 | Int : UInt64 := X; 72 | S : String (1 .. UInt64'Width) := (others => ' '); 73 | First : Natural := S'Last + 1; 74 | Val : UInt64; 75 | begin 76 | loop 77 | Val := Int rem 10; 78 | Int := (Int - Val) / 10; 79 | First := First - 1; 80 | S (First) := Character'Val (Character'Pos ('0') + Val); 81 | exit when Int = 0; 82 | end loop; 83 | 84 | -- Fixed width output 85 | Put (S); 86 | end Put; 87 | 88 | --------- 89 | -- Put -- 90 | --------- 91 | 92 | procedure Put (S : String) is 93 | begin 94 | for J in S'Range loop 95 | Put (S (J)); 96 | end loop; 97 | end Put; 98 | 99 | -------------- 100 | -- Put_Line -- 101 | -------------- 102 | 103 | procedure Put_Line (S : String) is 104 | begin 105 | Put (S); 106 | New_Line; 107 | end Put_Line; 108 | 109 | procedure Put_Line (S : String; X : Unsigned_64) 110 | is 111 | begin 112 | Put (S); 113 | Put (UInt64 (X)); 114 | New_Line; 115 | end Put_Line; 116 | 117 | procedure Put (B : in Byte) 118 | is 119 | begin 120 | Put ("16#"); 121 | Put (BToC (B / 16)); 122 | Put (BToC (B mod 16)); 123 | Put ("# "); 124 | end Put; 125 | 126 | procedure Put (S : in String; D : in Byte_Seq) 127 | is 128 | begin 129 | Put_Line (S); 130 | for I in D'Range loop 131 | Put (D (I)); 132 | if I mod 8 = 7 then 133 | New_Line; 134 | end if; 135 | end loop; 136 | New_Line; 137 | end Put; 138 | 139 | end IO; 140 | -------------------------------------------------------------------------------- /perf/rfsb509/src/io.adb: -------------------------------------------------------------------------------- 1 | with HAL.UART; 2 | with FE310.UART; 3 | with FE310.Device; 4 | 5 | package body IO is 6 | 7 | type BToCT is array (Byte range 0 .. 15) of Character; 8 | BToC : constant BToCT := 9 | ('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 10 | 'A', 'B', 'C', 'D', 'E', 'F'); 11 | 12 | --------- 13 | -- Put -- 14 | --------- 15 | 16 | procedure Put (C : Character) is 17 | B : HAL.UART.UART_Data_8b (0 .. 0); 18 | S : HAL.UART.UART_Status; 19 | begin 20 | B (0) := Character'Pos (C); 21 | FE310.UART.Transmit (FE310.Device.UART0, B, S); 22 | pragma Unreferenced (S); 23 | end Put; 24 | 25 | -------------- 26 | -- New_Line -- 27 | -------------- 28 | 29 | procedure New_Line (Spacing : Positive := 1) is 30 | begin 31 | for J in 1 .. Spacing loop 32 | Put (ASCII.CR); 33 | Put (ASCII.LF); 34 | end loop; 35 | end New_Line; 36 | 37 | --------- 38 | -- Put -- 39 | --------- 40 | 41 | procedure Put (X : Integer) is 42 | Int : Integer; 43 | S : String (1 .. Integer'Width); 44 | First : Natural := S'Last + 1; 45 | Val : Integer; 46 | 47 | begin 48 | -- Work on negative values to avoid overflows 49 | Int := (if X < 0 then X else -X); 50 | 51 | loop 52 | -- Cf RM 4.5.5 Multiplying Operators. The rem operator will return 53 | -- negative values for negative values of Int. 54 | Val := Int rem 10; 55 | Int := (Int - Val) / 10; 56 | First := First - 1; 57 | S (First) := Character'Val (Character'Pos ('0') - Val); 58 | exit when Int = 0; 59 | end loop; 60 | 61 | if X < 0 then 62 | First := First - 1; 63 | S (First) := '-'; 64 | end if; 65 | 66 | Put (S (First .. S'Last)); 67 | end Put; 68 | 69 | procedure Put (X : UInt64) 70 | is 71 | Int : UInt64 := X; 72 | S : String (1 .. UInt64'Width) := (others => ' '); 73 | First : Natural := S'Last + 1; 74 | Val : UInt64; 75 | begin 76 | loop 77 | Val := Int rem 10; 78 | Int := (Int - Val) / 10; 79 | First := First - 1; 80 | S (First) := Character'Val (Character'Pos ('0') + Val); 81 | exit when Int = 0; 82 | end loop; 83 | 84 | -- Fixed width output 85 | Put (S); 86 | end Put; 87 | 88 | --------- 89 | -- Put -- 90 | --------- 91 | 92 | procedure Put (S : String) is 93 | begin 94 | for J in S'Range loop 95 | Put (S (J)); 96 | end loop; 97 | end Put; 98 | 99 | -------------- 100 | -- Put_Line -- 101 | -------------- 102 | 103 | procedure Put_Line (S : String) is 104 | begin 105 | Put (S); 106 | New_Line; 107 | end Put_Line; 108 | 109 | procedure Put_Line (S : String; X : Unsigned_64) 110 | is 111 | begin 112 | Put (S); 113 | Put (UInt64 (X)); 114 | New_Line; 115 | end Put_Line; 116 | 117 | procedure Put (B : in Byte) 118 | is 119 | begin 120 | Put ("16#"); 121 | Put (BToC (B / 16)); 122 | Put (BToC (B mod 16)); 123 | Put ("# "); 124 | end Put; 125 | 126 | procedure Put (S : in String; D : in Byte_Seq) 127 | is 128 | begin 129 | Put_Line (S); 130 | for I in D'Range loop 131 | Put (D (I)); 132 | if I mod 8 = 7 then 133 | New_Line; 134 | end if; 135 | end loop; 136 | New_Line; 137 | end Put; 138 | 139 | end IO; 140 | -------------------------------------------------------------------------------- /perf/tweetnacl_api.ads: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Sign; use SPARKNaCl.Sign; 3 | with SPARKNaCl.Cryptobox; use SPARKNaCl.Cryptobox; 4 | with SPARKNaCl.Hashing.SHA512; use SPARKNaCl.Hashing.SHA512; 5 | with SPARKNaCl.Stream; use SPARKNaCl.Stream; 6 | with SPARKNaCl.Core; use SPARKNaCl.Core; 7 | with Interfaces; use Interfaces; 8 | with Interfaces.C; 9 | package TweetNaCl_API 10 | is 11 | GF_Add : Unsigned_64 12 | with Import, Convention => C, Link_Name => "tweet_gf_add"; 13 | GF_Sub : Unsigned_64 14 | with Import, Convention => C, Link_Name => "tweet_gf_sub"; 15 | GF_Mul : Unsigned_64 16 | with Import, Convention => C, Link_Name => "tweet_gf_mul"; 17 | GF_Car : Unsigned_64 18 | with Import, Convention => C, Link_Name => "tweet_gf_car"; 19 | 20 | procedure Crypto_Sign 21 | (SM : out Byte_Seq; 22 | SMLen : out Unsigned_64; 23 | M : in Byte_Seq; 24 | N : in Unsigned_64; 25 | SK : in Signing_SK) 26 | with Import, 27 | Convention => C, 28 | Link_Name => "crypto_sign_ed25519_tweet"; 29 | 30 | procedure Crypto_Sign2 31 | (SM : out Byte_Seq; 32 | SMLen : out Unsigned_64; 33 | M : in Byte_Seq; 34 | N : in Unsigned_64; 35 | SK : in Signing_SK; 36 | Hash_SK : out Unsigned_64; 37 | Hash_Reduce_SM1 : out Unsigned_64; 38 | Scalarbase_R : out Unsigned_64; 39 | Pack_P : out Unsigned_64; 40 | Hash_Reduce_SM2 : out Unsigned_64; 41 | Initialize_X : out Unsigned_64; 42 | Assign_X : out Unsigned_64; 43 | ModL_X : out Unsigned_64) 44 | with Import, 45 | Convention => C, 46 | Link_Name => "crypto_sign2_ed25519_tweet"; 47 | 48 | function Crypto_Sign_Open 49 | (M : out Byte_Seq; 50 | MLen : out Unsigned_64; 51 | SM : in Byte_Seq; 52 | N : in Unsigned_64; 53 | PK : in Signing_PK) return Interfaces.C.int 54 | with Import, 55 | Convention => C, 56 | Link_Name => "crypto_sign_ed25519_tweet_open"; 57 | 58 | procedure Crypto_Hash 59 | (SM : out Digest; 60 | M : in Byte_Seq; 61 | N : in Unsigned_64) 62 | with Import, 63 | Convention => C, 64 | Link_Name => "crypto_hash_sha512_tweet"; 65 | 66 | procedure Crypto_Box 67 | (C : out Byte_Seq; 68 | M : in Byte_Seq; 69 | MLen : in Unsigned_64; 70 | N : in Stream.HSalsa20_Nonce; 71 | Recipient_PK : in Public_Key; 72 | Sender_SK : in Secret_Key) 73 | with Import, 74 | Convention => C, 75 | Link_Name => "crypto_box_curve25519xsalsa20poly1305_tweet"; 76 | 77 | procedure Reset 78 | with Import, 79 | Convention => C, 80 | Link_Name => "tweet_reset"; 81 | 82 | procedure Crypto_Scalarmult (Q : out Bytes_32; 83 | N : in Bytes_32; 84 | P : in Bytes_32) 85 | with Import, 86 | Convention => C, 87 | Link_Name => "crypto_scalarmult_curve25519_tweet"; 88 | 89 | 90 | procedure HSalsa20 (C : out Byte_Seq; -- Output stream 91 | CLen : in Unsigned_64; 92 | N : in HSalsa20_Nonce; -- Nonce 93 | K : in Salsa20_Key) -- Key 94 | with Import, 95 | Convention => C, 96 | Link_Name => "crypto_stream_xsalsa20_tweet"; 97 | 98 | end TweetNaCl_API; 99 | -------------------------------------------------------------------------------- /tests/src/ada/aes128_cipher_kat.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.AES; use SPARKNaCl.AES; 3 | 4 | with Ada.Text_IO; use Ada.Text_IO; 5 | 6 | procedure AES128_Cipher_KAT 7 | is 8 | Test_Case_Count : constant I32 := 4; 9 | 10 | -- All tests vectors, that are used here, come from NISTs AES Algorithm 11 | -- Validation Suite (AESAVS). The actual files, where vectors can be found, 12 | -- are part of the ZIP archive pointed to by the following link: 13 | -- https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/aes/KAT_AES.zip 14 | Keys : constant array (1 .. Test_Case_Count) of Bytes_16 := ( 15 | -- ECB VarKey 128 count 0 16 | 1 => (16#80#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 17 | 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#), 18 | -- ECB GFSbox 128 Count 0 19 | 2 => (16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 20 | 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#), 21 | -- ECB VarKey 128 Count 1 22 | 3 => (16#c0#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 23 | 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#), 24 | -- ECB GFSbox 128 Count 1 25 | 4 => (16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 26 | 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#)); 27 | 28 | Plaintexts : constant array (1 .. Test_Case_Count) of Bytes_16 := ( 29 | 1 => (16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 30 | 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#), 31 | 2 => (16#f3#, 16#44#, 16#81#, 16#ec#, 16#3c#, 16#c6#, 16#27#, 16#ba#, 32 | 16#cd#, 16#5d#, 16#c3#, 16#fb#, 16#08#, 16#f2#, 16#73#, 16#e6#), 33 | 3 => (16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 34 | 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#, 16#00#), 35 | 4 => (16#97#, 16#98#, 16#c4#, 16#64#, 16#0b#, 16#ad#, 16#75#, 16#c7#, 36 | 16#c3#, 16#22#, 16#7d#, 16#b9#, 16#10#, 16#17#, 16#4e#, 16#72#)); 37 | 38 | Ciphertexts : constant array (1 .. Test_Case_Count) of Bytes_16 := ( 39 | 1 => (16#0e#, 16#dd#, 16#33#, 16#d3#, 16#c6#, 16#21#, 16#e5#, 16#46#, 40 | 16#45#, 16#5b#, 16#d8#, 16#ba#, 16#14#, 16#18#, 16#be#, 16#c8#), 41 | 2 => (16#03#, 16#36#, 16#76#, 16#3e#, 16#96#, 16#6d#, 16#92#, 16#59#, 42 | 16#5a#, 16#56#, 16#7c#, 16#c9#, 16#ce#, 16#53#, 16#7f#, 16#5e#), 43 | 3 => (16#4b#, 16#c3#, 16#f8#, 16#83#, 16#45#, 16#0c#, 16#11#, 16#3c#, 44 | 16#64#, 16#ca#, 16#42#, 16#e1#, 16#11#, 16#2a#, 16#9e#, 16#87#), 45 | 4 => (16#a9#, 16#a1#, 16#63#, 16#1b#, 16#f4#, 16#99#, 16#69#, 16#54#, 46 | 16#eb#, 16#c0#, 16#93#, 16#95#, 16#7b#, 16#23#, 16#45#, 16#89#)); 47 | 48 | begin 49 | for I in Keys'Range loop 50 | Put ("AES128 Cipher KAT - iteration" & I'Img & ": "); 51 | 52 | declare 53 | Key : constant AES128_Key := Construct (Keys (I)); 54 | Round_Keys : constant AES128_Round_Keys := Key_Expansion (Key); 55 | 56 | Plaintext : constant Bytes_16 := Plaintexts (I); 57 | Ciphertext : constant Bytes_16 := Ciphertexts (I); 58 | 59 | Result : Bytes_16; 60 | begin 61 | Cipher (Result, Plaintext, Round_Keys); 62 | 63 | if Equal (Result, Ciphertext) then 64 | Put ("OK"); 65 | else 66 | Put ("BAD"); 67 | end if; 68 | 69 | Put (" Encryption | "); 70 | 71 | Inv_Cipher (Result, Ciphertext, Round_Keys); 72 | 73 | if Equal (Result, Plaintext) then 74 | Put ("OK"); 75 | else 76 | Put ("BAD"); 77 | end if; 78 | 79 | Put_Line (" Decryption"); 80 | end; 81 | end loop; 82 | end AES128_Cipher_KAT; 83 | -------------------------------------------------------------------------------- /src/sparknacl-secretbox.ads: -------------------------------------------------------------------------------- 1 | with SPARKNaCl.Stream; 2 | with SPARKNaCl.Core; 3 | package SPARKNaCl.Secretbox 4 | with Pure, 5 | SPARK_Mode => On 6 | is 7 | -------------------------------------------------------- 8 | -- Secret Key Authenticated Encryption - "SecretBox" -- 9 | -------------------------------------------------------- 10 | 11 | Secretbox_Zero_Bytes : constant := 32; 12 | 13 | procedure Create (C : out Byte_Seq; 14 | Status : out Boolean; 15 | M : in Byte_Seq; 16 | N : in Stream.HSalsa20_Nonce; 17 | K : in Core.Salsa20_Key) 18 | with Global => null, 19 | Pre => (M'First = 0 and then 20 | C'First = 0 and then 21 | C'Last = M'Last and then 22 | M'Length >= 32) and then 23 | Equal (M (0 .. 31), Zero_Bytes_32), 24 | Post => Equal (C (0 .. 15), Zero_Bytes_16); 25 | 26 | 27 | procedure Open 28 | (M : out Byte_Seq; -- Output plaintext 29 | Status : out Boolean; 30 | C : in Byte_Seq; -- Input ciphertext 31 | N : in Stream.HSalsa20_Nonce; 32 | K : in Core.Salsa20_Key) 33 | with Global => null, 34 | Pre => (M'First = 0 and then 35 | C'First = 0 and then 36 | M'Last = C'Last and then 37 | C'Length >= 32) and then 38 | Equal (C (0 .. 15), Zero_Bytes_16), 39 | Post => Equal (M (0 .. 31), Zero_Bytes_32); 40 | 41 | ----------------------------------------------------------- 42 | -- AEAD = "Authenticated Encryption with Additional Data" 43 | -- TLS 1.3 AEAD using ChaCha20 and Poly1305 44 | -- 45 | -- See RFC 8439 section 2.8 46 | ----------------------------------------------------------- 47 | 48 | procedure Create 49 | (C : out Byte_Seq; -- Output ciphertext 50 | Tag : out Bytes_16; 51 | M : in Byte_Seq; -- Message 52 | N : in Core.ChaCha20_IETF_Nonce; -- Nonce 53 | K : in Core.ChaCha20_Key; -- Key 54 | AAD : in Byte_Seq) -- Additional Authenticated Data 55 | with Global => null, 56 | Pre => M'First = 0 and then 57 | C'First = 0 and then 58 | AAD'First = 0 and then 59 | M'Last = C'Last and then 60 | C'Last < N32'Last and then 61 | M'Last < N32'Last and then 62 | C'Length = M'Length and then 63 | AAD'Last < N32'Last and then 64 | I64 (C'Length) + I64 (AAD'Length) + 192 <= I64 (N32'Last); 65 | 66 | procedure Open 67 | (M : out Byte_Seq; -- Output message 68 | Status : out Boolean; -- True iff decryption and 69 | -- authentication tag check OK 70 | Tag : in Bytes_16; 71 | C : in Byte_Seq; -- Input ciphertext 72 | N : in Core.ChaCha20_IETF_Nonce; -- Nonce 73 | K : in Core.ChaCha20_Key; -- Key 74 | AAD : in Byte_Seq) -- Additional Authenticated Data 75 | with Global => null, 76 | Pre => M'First = 0 and then 77 | C'First = 0 and then 78 | AAD'First = 0 and then 79 | M'Last = C'Last and then 80 | C'Last < N32'Last and then 81 | M'Last < N32'Last and then 82 | C'Length = M'Length and then 83 | AAD'Last < N32'Last and then 84 | I64 (C'Length) + I64 (AAD'Length) + 192 <= I64 (N32'Last); 85 | end SPARKNaCl.Secretbox; 86 | -------------------------------------------------------------------------------- /src/sparknacl-scalar.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl.Utils; 2 | package body SPARKNaCl.Scalar 3 | with SPARK_Mode => On 4 | is 5 | pragma Warnings (GNATProve, Off, "pragma * ignored (not yet supported)"); 6 | 7 | Nine : constant Bytes_32 := (9, others => 0); 8 | GF_121665 : constant Normal_GF := (16#DB41#, 1, others => 0); 9 | 10 | -------------------------------------------------------- 11 | -- Scalar multiplication 12 | -------------------------------------------------------- 13 | 14 | function Mult (N : in Bytes_32; 15 | P : in Bytes_32) return Bytes_32 16 | is 17 | -- X and Z are variables not constants, so can be sanitized 18 | X : Normal_GF := Utils.Unpack_25519 (P); 19 | 20 | -- Convert random 32-byte value N into a useful scalar. 21 | Z : Bytes_32 := 22 | (N (0) and 248) & -- Clear 3 least-signif bits to make sure Z is a 23 | -- multiple of 8 - the co-factor of the curve 24 | N (1 .. 30) & -- Just copy these bytes 25 | ((N (31) and 127) or 64); -- Clear msb, and set next bit to make 26 | -- sure Z is really large 27 | 28 | Swap : Boolean; 29 | CB : Byte; 30 | Shift : Natural; 31 | 32 | A, B, C, D, E, F : Normal_GF; 33 | 34 | -- Additional temporaries needed to avoid aliasing of 35 | -- function results and their arguments. This enables RSO 36 | -- in all function/operator calls below. 37 | T1, T2 : Normal_GF; 38 | 39 | Result : Bytes_32; 40 | begin 41 | B := X; 42 | C := GF_0; 43 | A := GF_1; 44 | D := GF_1; 45 | 46 | for I in reverse U32 range 0 .. 254 loop 47 | pragma Loop_Optimize (No_Unroll); 48 | 49 | CB := Z (I32 (Shift_Right (I, 3))); 50 | Shift := Natural (I and 7); 51 | Swap := Boolean'Val (Shift_Right (CB, Shift) mod 2); 52 | 53 | pragma Loop_Invariant (A in Normal_GF and B in Normal_GF and 54 | C in Normal_GF and D in Normal_GF); 55 | 56 | Utils.CSwap16 (A, B, Swap); 57 | Utils.CSwap16 (C, D, Swap); 58 | 59 | -- Single binary operator or unary function call per statement to 60 | -- avoid introduction of a compiler-generated temporary that we 61 | -- won't be able to sanitize. 62 | E := A + C; 63 | T1 := A - C; 64 | 65 | C := B + D; 66 | T2 := B - D; 67 | 68 | D := Square (E); 69 | F := Square (T1); 70 | 71 | A := C * T1; 72 | C := T2 * E; 73 | E := A + C; 74 | 75 | T2 := A - C; 76 | B := Square (T2); 77 | T1 := D - F; 78 | 79 | A := T1 * GF_121665; 80 | T2 := A + D; 81 | 82 | C := T1 * T2; 83 | 84 | A := D * F; 85 | D := B * X; 86 | B := Square (E); 87 | 88 | Utils.CSwap16 (A, B, Swap); 89 | Utils.CSwap16 (C, D, Swap); 90 | end loop; 91 | 92 | -- Compute Result in 3 steps here to avoid introducing a 93 | -- compiler-generated temporary which we won't be able 94 | -- to sanitize. 95 | T1 := Utils.Inv_25519 (C); 96 | T2 := A * T1; 97 | Result := Utils.Pack_25519 (T2); 98 | 99 | -- Sanitize as per WireGuard sources 100 | pragma Warnings (GNATProve, Off, "statement has no effect"); 101 | Sanitize_Boolean (Swap); 102 | Sanitize (Z); 103 | Sanitize_GF16 (X); 104 | Sanitize_GF16 (A); 105 | Sanitize_GF16 (B); 106 | Sanitize_GF16 (C); 107 | Sanitize_GF16 (D); 108 | Sanitize_GF16 (E); 109 | Sanitize_GF16 (F); 110 | Sanitize_GF16 (T1); 111 | Sanitize_GF16 (T2); 112 | pragma Unreferenced (Swap, Z, X, A, B, C, D, E, F, T1, T2); 113 | 114 | return Result; 115 | end Mult; 116 | 117 | function Mult_Base (N : in Bytes_32) return Bytes_32 118 | is 119 | begin 120 | return Mult (N, Nine); 121 | end Mult_Base; 122 | 123 | end SPARKNaCl.Scalar; 124 | -------------------------------------------------------------------------------- /src/sparknacl-cryptobox.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl.Scalar; 2 | with SPARKNaCl.Secretbox; 3 | 4 | package body SPARKNaCl.Cryptobox 5 | with SPARK_Mode => On 6 | is 7 | procedure Keypair (Raw_SK : in Bytes_32; 8 | PK : out Public_Key; 9 | SK : out Secret_Key) 10 | is 11 | begin 12 | SK.F := Raw_SK; 13 | PK.F := Scalar.Mult_Base (Raw_SK); 14 | end Keypair; 15 | 16 | function Construct (K : in Bytes_32) return Secret_Key 17 | is 18 | begin 19 | return Secret_Key'(F => K); 20 | end Construct; 21 | 22 | function Construct (K : in Bytes_32) return Public_Key 23 | is 24 | begin 25 | return Public_Key'(F => K); 26 | end Construct; 27 | 28 | function Serialize (K : in Secret_Key) return Bytes_32 29 | is 30 | begin 31 | return K.F; 32 | end Serialize; 33 | 34 | function Serialize (K : in Public_Key) return Bytes_32 35 | is 36 | begin 37 | return K.F; 38 | end Serialize; 39 | 40 | procedure Sanitize (K : out Secret_Key) 41 | is 42 | begin 43 | Sanitize (K.F); 44 | end Sanitize; 45 | 46 | procedure Sanitize (K : out Public_Key) 47 | is 48 | begin 49 | Sanitize (K.F); 50 | end Sanitize; 51 | 52 | procedure BeforeNM (K : out Core.Salsa20_Key; 53 | PK : in Public_Key; 54 | SK : in Secret_Key) 55 | is 56 | S : Bytes_32; 57 | LK : Bytes_32; 58 | begin 59 | S := Scalar.Mult (SK.F, PK.F); 60 | Core.HSalsa20 (Output => LK, 61 | Input => Zero_Bytes_16, 62 | K => Core.Construct (S), 63 | C => Sigma); 64 | Core.Construct (K, LK); 65 | 66 | pragma Warnings (GNATProve, Off, "statement has no effect"); 67 | Sanitize (S); 68 | Sanitize (LK); 69 | pragma Unreferenced (S, LK); 70 | end BeforeNM; 71 | 72 | procedure AfterNM (C : out Byte_Seq; 73 | Status : out Boolean; 74 | M : in Byte_Seq; 75 | N : in Stream.HSalsa20_Nonce; 76 | K : in Core.Salsa20_Key) 77 | is 78 | begin 79 | Secretbox.Create (C, Status, M, N, K); 80 | end AfterNM; 81 | 82 | procedure Open_AfterNM 83 | (M : out Byte_Seq; -- Output plaintext 84 | Status : out Boolean; 85 | C : in Byte_Seq; -- Input ciphertext 86 | N : in Stream.HSalsa20_Nonce; 87 | K : in Core.Salsa20_Key) 88 | is 89 | begin 90 | Secretbox.Open (M, Status, C, N, K); 91 | end Open_AfterNM; 92 | 93 | procedure Create (C : out Byte_Seq; 94 | Status : out Boolean; 95 | M : in Byte_Seq; 96 | N : in Stream.HSalsa20_Nonce; 97 | Recipient_PK : in Public_Key; 98 | Sender_SK : in Secret_Key) 99 | is 100 | K : Core.Salsa20_Key; 101 | begin 102 | BeforeNM (K, Recipient_PK, Sender_SK); 103 | AfterNM (C, Status, M, N, K); 104 | pragma Warnings (GNATProve, Off, "statement has no effect"); 105 | Core.Sanitize (K); 106 | pragma Unreferenced (K); 107 | end Create; 108 | 109 | procedure Open (M : out Byte_Seq; 110 | Status : out Boolean; 111 | C : in Byte_Seq; 112 | N : in Stream.HSalsa20_Nonce; 113 | Sender_PK : in Public_Key; 114 | Recipient_SK : in Secret_Key) 115 | is 116 | K : Core.Salsa20_Key; 117 | begin 118 | BeforeNM (K, Sender_PK, Recipient_SK); 119 | Open_AfterNM (M, Status, C, N, K); 120 | pragma Warnings (GNATProve, Off, "statement has no effect"); 121 | Core.Sanitize (K); 122 | pragma Unreferenced (K); 123 | end Open; 124 | 125 | end SPARKNaCl.Cryptobox; 126 | -------------------------------------------------------------------------------- /src/sparknacl-stream.ads: -------------------------------------------------------------------------------- 1 | with SPARKNaCl.Core; use SPARKNaCl.Core; 2 | package SPARKNaCl.Stream 3 | with Pure, 4 | SPARK_Mode => On 5 | is 6 | -- Distinct from Bytes_32, but both inherit Equal, 7 | -- Random_Bytes, and Sanitize primitive operations. 8 | type HSalsa20_Nonce is new Bytes_24; 9 | type Salsa20_Nonce is new Bytes_8; 10 | 11 | -------------------------------------------------------- 12 | -- Secret key encryption (not authenticated) 13 | -------------------------------------------------------- 14 | 15 | procedure HSalsa20 (C : out Byte_Seq; -- Output stream 16 | N : in HSalsa20_Nonce; -- Nonce 17 | K : in Salsa20_Key) -- Key 18 | with Global => null, 19 | Pre => C'First = 0; 20 | 21 | 22 | procedure HSalsa20_Xor (C : out Byte_Seq; -- Output ciphertext 23 | M : in Byte_Seq; -- Input message 24 | N : in HSalsa20_Nonce; -- Nonce 25 | K : in Salsa20_Key) -- Key 26 | with Global => null, 27 | Pre => M'First = 0 and 28 | C'First = 0 and 29 | C'Last = M'Last; 30 | 31 | procedure Salsa20 (C : out Byte_Seq; -- Output stream 32 | N : in Salsa20_Nonce; -- Nonce 33 | K : in Salsa20_Key) -- Key 34 | with Global => null, 35 | Pre => C'First = 0; 36 | 37 | procedure Salsa20_Xor (C : out Byte_Seq; -- Output stream 38 | M : in Byte_Seq; -- Input message 39 | N : in Salsa20_Nonce; -- Nonce 40 | K : in Salsa20_Key) -- Key 41 | with Global => null, 42 | Pre => M'First = 0 and 43 | C'First = 0 and 44 | C'Last = M'Last; 45 | 46 | --------------------------------------------------------- 47 | -- ChaCha20 48 | --------------------------------------------------------- 49 | 50 | procedure ChaCha20 (C : out Byte_Seq; -- Output stream 51 | N : in ChaCha20_Nonce; -- Nonce 52 | K : in ChaCha20_Key; -- Key 53 | Counter : in U64) -- Initial Counter 54 | with Global => null, 55 | Pre => C'First = 0 and 56 | U32 (C'Length) <= U32 (N32'Last); 57 | 58 | procedure ChaCha20_Xor (C : out Byte_Seq; -- Output stream 59 | M : in Byte_Seq; -- Input message 60 | N : in ChaCha20_Nonce; -- Nonce 61 | K : in ChaCha20_Key; -- Key 62 | Counter : in U64) 63 | with Global => null, 64 | Pre => M'First = 0 and 65 | C'First = 0 and 66 | C'Last = M'Last and 67 | U32 (C'Length) <= U32 (N32'Last); 68 | 69 | --------------------------------------------------------- 70 | -- ChaCha20 IETF variant 71 | --------------------------------------------------------- 72 | 73 | procedure ChaCha20_IETF (C : out Byte_Seq; -- Output stream 74 | N : in ChaCha20_IETF_Nonce; -- Nonce 75 | K : in ChaCha20_Key; -- Key 76 | Counter : in U32) 77 | with Global => null, 78 | Pre => C'First = 0 and 79 | C'Last < N32'Last; 80 | 81 | procedure ChaCha20_IETF_Xor (C : out Byte_Seq; -- Output stream 82 | M : in Byte_Seq; -- Input message 83 | N : in ChaCha20_IETF_Nonce; -- Nonce 84 | K : in ChaCha20_Key; -- Key 85 | Counter : in U32) 86 | with Global => null, 87 | Pre => M'First = 0 and 88 | C'First = 0 and 89 | C'Last = M'Last and 90 | C'Last < N32'Last; 91 | 92 | end SPARKNaCl.Stream; 93 | -------------------------------------------------------------------------------- /tests/src/ada/box.adb: -------------------------------------------------------------------------------- 1 | with SPARKNaCl; use SPARKNaCl; 2 | with SPARKNaCl.Cryptobox; use SPARKNaCl.Cryptobox; 3 | with SPARKNaCl.Debug; use SPARKNaCl.Debug; 4 | with SPARKNaCl.Stream; 5 | with Ada.Text_IO; use Ada.Text_IO; 6 | 7 | procedure Box 8 | 9 | is 10 | AlicePK : constant Public_Key := 11 | Construct ((16#85#, 16#20#, 16#f0#, 16#09#, 12 | 16#89#, 16#30#, 16#a7#, 16#54#, 13 | 16#74#, 16#8b#, 16#7d#, 16#dc#, 14 | 16#b4#, 16#3e#, 16#f7#, 16#5a#, 15 | 16#0d#, 16#bf#, 16#3a#, 16#0d#, 16 | 16#26#, 16#38#, 16#1a#, 16#f4#, 17 | 16#eb#, 16#a4#, 16#a9#, 16#8e#, 18 | 16#aa#, 16#9b#, 16#4e#, 16#6a#)); 19 | 20 | AliceSK : constant Secret_Key := 21 | Construct ((16#77#, 16#07#, 16#6d#, 16#0a#, 22 | 16#73#, 16#18#, 16#a5#, 16#7d#, 23 | 16#3c#, 16#16#, 16#c1#, 16#72#, 24 | 16#51#, 16#b2#, 16#66#, 16#45#, 25 | 16#df#, 16#4c#, 16#2f#, 16#87#, 26 | 16#eb#, 16#c0#, 16#99#, 16#2a#, 27 | 16#b1#, 16#77#, 16#fb#, 16#a5#, 28 | 16#1d#, 16#b9#, 16#2c#, 16#2a#)); 29 | 30 | BobPK : constant Public_Key := 31 | Construct ((16#de#, 16#9e#, 16#db#, 16#7d#, 32 | 16#7b#, 16#7d#, 16#c1#, 16#b4#, 33 | 16#d3#, 16#5b#, 16#61#, 16#c2#, 34 | 16#ec#, 16#e4#, 16#35#, 16#37#, 35 | 16#3f#, 16#83#, 16#43#, 16#c8#, 36 | 16#5b#, 16#78#, 16#67#, 16#4d#, 37 | 16#ad#, 16#fc#, 16#7e#, 16#14#, 38 | 16#6f#, 16#88#, 16#2b#, 16#4f#)); 39 | 40 | BobSK : constant Secret_Key := 41 | Construct ((16#5d#, 16#ab#, 16#08#, 16#7e#, 42 | 16#62#, 16#4a#, 16#8a#, 16#4b#, 43 | 16#79#, 16#e1#, 16#7f#, 16#8b#, 44 | 16#83#, 16#80#, 16#0e#, 16#e6#, 45 | 16#6f#, 16#3b#, 16#b1#, 16#29#, 46 | 16#26#, 16#18#, 16#b6#, 16#fd#, 47 | 16#1c#, 16#2f#, 16#8b#, 16#27#, 48 | 16#ff#, 16#88#, 16#e0#, 16#eb#)); 49 | 50 | Nonce : constant Stream.HSalsa20_Nonce := 51 | (16#69#, 16#69#, 16#6e#, 16#e9#, 52 | 16#55#, 16#b6#, 16#2b#, 16#73#, 53 | 16#cd#, 16#62#, 16#bd#, 16#a8#, 54 | 16#75#, 16#fc#, 16#73#, 16#d6#, 55 | 16#82#, 16#19#, 16#e0#, 16#03#, 56 | 16#6b#, 16#7a#, 16#0b#, 16#37#); 57 | 58 | 59 | M : constant Byte_Seq (0 .. 162) := 60 | (0, 0, 0, 0, 0, 0, 0, 0, 61 | 0, 0, 0, 0, 0, 0, 0, 0, 62 | 0, 0, 0, 0, 0, 0, 0, 0, 63 | 0, 0, 0, 0, 0, 0, 0, 0, 64 | 16#be#, 16#07#, 16#5f#, 16#c5#, 16#3c#, 16#81#, 16#f2#, 16#d5#, 65 | 16#cf#, 16#14#, 16#13#, 16#16#, 16#eb#, 16#eb#, 16#0c#, 16#7b#, 66 | 16#52#, 16#28#, 16#c5#, 16#2a#, 16#4c#, 16#62#, 16#cb#, 16#d4#, 67 | 16#4b#, 16#66#, 16#84#, 16#9b#, 16#64#, 16#24#, 16#4f#, 16#fc#, 68 | 16#e5#, 16#ec#, 16#ba#, 16#af#, 16#33#, 16#bd#, 16#75#, 16#1a#, 69 | 16#1a#, 16#c7#, 16#28#, 16#d4#, 16#5e#, 16#6c#, 16#61#, 16#29#, 70 | 16#6c#, 16#dc#, 16#3c#, 16#01#, 16#23#, 16#35#, 16#61#, 16#f4#, 71 | 16#1d#, 16#b6#, 16#6c#, 16#ce#, 16#31#, 16#4a#, 16#db#, 16#31#, 72 | 16#0e#, 16#3b#, 16#e8#, 16#25#, 16#0c#, 16#46#, 16#f0#, 16#6d#, 73 | 16#ce#, 16#ea#, 16#3a#, 16#7f#, 16#a1#, 16#34#, 16#80#, 16#57#, 74 | 16#e2#, 16#f6#, 16#55#, 16#6a#, 16#d6#, 16#b1#, 16#31#, 16#8a#, 75 | 16#02#, 16#4a#, 16#83#, 16#8f#, 16#21#, 16#af#, 16#1f#, 16#de#, 76 | 16#04#, 16#89#, 16#77#, 16#eb#, 16#48#, 16#f5#, 16#9f#, 16#fd#, 77 | 16#49#, 16#24#, 16#ca#, 16#1c#, 16#60#, 16#90#, 16#2e#, 16#52#, 78 | 16#f0#, 16#a0#, 16#89#, 16#bc#, 16#76#, 16#89#, 16#70#, 16#40#, 79 | 16#e0#, 16#82#, 16#f9#, 16#37#, 16#76#, 16#38#, 16#48#, 16#64#, 80 | 16#5e#, 16#07#, 16#05#); 81 | 82 | 83 | C : Byte_Seq (0 .. 162); 84 | M2 : Byte_Seq (0 .. 162); 85 | Status : Boolean; 86 | begin 87 | DH ("M is", M); 88 | 89 | Create (C, Status, M, Nonce, BobPK, AliceSK); 90 | Put_Line ("Status is " & Img (Status)); 91 | DH ("C is", C); 92 | 93 | Open (M2, Status, C, Nonce, AlicePK, BobSK); 94 | Put_Line ("Status is " & Img (Status)); 95 | DH ("M recovered is", M2); 96 | end Box; 97 | -------------------------------------------------------------------------------- /perf/tsm.adb: -------------------------------------------------------------------------------- 1 | with HAL; use HAL; 2 | with HiFive1.LEDs; use HiFive1.LEDs; 3 | with FE310; 4 | with FE310.CLINT; 5 | with FE310.Time; use FE310.Time; 6 | 7 | with Interfaces; use Interfaces; 8 | 9 | with IO; 10 | 11 | with SPARKNaCl; use SPARKNaCl; 12 | with SPARKNaCl.Scalar; 13 | 14 | with TweetNaCl_API; 15 | 16 | with RISCV.CSR; use RISCV.CSR; 17 | with FE310.Performance_Monitor; use FE310.Performance_Monitor; 18 | 19 | procedure TSM is 20 | subtype U64 is Unsigned_64; 21 | 22 | N : constant Bytes_32 := (0, 1, 2, 3, 4, 5, 6, 7, 23 | 0, 1, 2, 3, 4, 5, 6, 7, 24 | 0, 1, 2, 3, 4, 5, 6, 7, 25 | 0, 1, 2, 3, 4, 5, 6, 7); 26 | 27 | P : constant Bytes_32 := (10, 11, 12, 13, 14, 15, 16, 17, 28 | 10, 11, 12, 13, 14, 15, 16, 17, 29 | 10, 11, 12, 13, 14, 15, 16, 17, 30 | 10, 11, 12, 13, 14, 15, 16, 17); 31 | 32 | Q : Bytes_32; 33 | Q2 : Bytes_32; 34 | 35 | T1, T2 : UInt64; 36 | Total_Time : Unsigned_64; 37 | 38 | CPU_Hz1, CPU_Hz2 : UInt32; 39 | 40 | procedure Report; 41 | 42 | procedure Tweet_Mult (Q : out Bytes_32; 43 | N : in Bytes_32; 44 | P : in Bytes_32); 45 | 46 | procedure Tweet_Mult (Q : out Bytes_32; 47 | N : in Bytes_32; 48 | P : in Bytes_32) 49 | is 50 | begin 51 | TweetNaCl_API.Crypto_Scalarmult (Q, N, P); 52 | end Tweet_Mult; 53 | 54 | procedure Report 55 | is 56 | begin 57 | IO.Put_Line ("Total time: ", Total_Time); 58 | end Report; 59 | 60 | begin 61 | CPU_Hz1 := FE310.CPU_Frequency; 62 | 63 | -- The SPI flash clock divider should be as small as possible to increase 64 | -- the execution speed of instructions that are not yet in the instruction 65 | -- cache. 66 | FE310.Set_SPI_Flash_Clock_Divider (2); 67 | 68 | -- Load the internal oscillator factory calibration to be sure it 69 | -- oscillates at a known frequency. 70 | FE310.Load_Internal_Oscilator_Calibration; 71 | 72 | -- Use the HiFive1 16 MHz crystal oscillator which is more acurate than the 73 | -- internal oscillator. 74 | FE310.Use_Crystal_Oscillator; 75 | 76 | HiFive1.LEDs.Initialize; 77 | 78 | CPU_Hz2 := FE310.CPU_Frequency; 79 | 80 | IO.Put_Line ("CPU Frequency reset was: ", U64 (CPU_Hz1)); 81 | IO.Put_Line ("CPU Frequency now is: ", U64 (CPU_Hz2)); 82 | 83 | FE310.Performance_Monitor.Set_Commit_Events (3, No_Commit_Events); 84 | FE310.Performance_Monitor.Set_Commit_Events (4, No_Commit_Events); 85 | 86 | Turn_On (Red_LED); 87 | 88 | T1 := FE310.CLINT.Machine_Time; 89 | T2 := FE310.CLINT.Machine_Time; 90 | IO.Put_Line ("Null timing test:", U64 (T2 - T1)); 91 | 92 | T1 := Mcycle.Read; 93 | Delay_S (1); 94 | T2 := Mcycle.Read; 95 | IO.Put_Line ("One second test (CYCLE): ", U64 (T2 - T1)); 96 | 97 | T1 := Minstret.Read; 98 | Delay_S (1); 99 | T2 := Minstret.Read; 100 | IO.Put_Line ("One second test (INSTRET):", U64 (T2 - T1)); 101 | 102 | T1 := FE310.CLINT.Machine_Time; 103 | Delay_S (1); 104 | T2 := FE310.CLINT.Machine_Time; 105 | IO.Put_Line ("One second test (CLINT): ", U64 (T2 - T1)); 106 | 107 | IO.Put_Line ("SPARKNaCl.Scalar.Mult test"); 108 | 109 | T1 := Mcycle.Read; 110 | Q := SPARKNaCl.Scalar.Mult (N, P); 111 | T2 := Mcycle.Read; 112 | 113 | Total_Time := Unsigned_64 (T2 - T1); 114 | Report; 115 | 116 | Turn_Off (Red_LED); 117 | Turn_On (Green_LED); 118 | 119 | IO.New_Line; 120 | IO.Put_Line ("TweetNaCl.Scalar.Mult test"); 121 | 122 | T1 := Mcycle.Read; 123 | Tweet_Mult (Q2, N, P); 124 | T2 := Mcycle.Read; 125 | Total_Time := Unsigned_64 (T2 - T1); 126 | 127 | Report; 128 | 129 | if Q = Q2 then 130 | IO.Put ("Pass"); 131 | else 132 | IO.Put ("Fail"); 133 | end if; 134 | IO.New_Line; 135 | 136 | Turn_Off (Green_LED); 137 | 138 | -- Blinky! 139 | loop 140 | Turn_On (Red_LED); 141 | Delay_S (1); 142 | Turn_Off (Red_LED); 143 | 144 | Turn_On (Green_LED); 145 | Delay_S (1); 146 | Turn_Off (Green_LED); 147 | 148 | Turn_On (Blue_LED); 149 | Delay_S (1); 150 | Turn_Off (Blue_LED); 151 | 152 | end loop; 153 | end TSM; 154 | -------------------------------------------------------------------------------- /src/sparknacl-core.ads: -------------------------------------------------------------------------------- 1 | package SPARKNaCl.Core 2 | with Pure, 3 | SPARK_Mode => On 4 | is 5 | -- Limited, so no assignment or comparison, and always 6 | -- pass-by-reference. 7 | type Salsa20_Key is limited private; 8 | type ChaCha20_Key is limited private; 9 | type ChaCha20_Context is limited private; 10 | 11 | subtype ChaCha20_Nonce is Bytes_8; 12 | subtype ChaCha20_IETF_Nonce is Bytes_12; 13 | 14 | -------------------------------------------------------- 15 | -- Salsa20 Key utility functions 16 | -------------------------------------------------------- 17 | 18 | function Construct (K : in Bytes_32) return Salsa20_Key 19 | with Global => null; 20 | 21 | procedure Construct (K : out Salsa20_Key; 22 | X : in Bytes_32) 23 | with Global => null; 24 | 25 | function Serialize (K : in Salsa20_Key) return Bytes_32 26 | with Global => null; 27 | 28 | procedure Sanitize (K : out Salsa20_Key) 29 | with Global => null; 30 | 31 | -------------------------------------------------------- 32 | -- ChaCha20 Key utility functions 33 | -------------------------------------------------------- 34 | 35 | function Construct (K : in Bytes_32) return ChaCha20_Key 36 | with Global => null; 37 | 38 | procedure Construct (K : out ChaCha20_Key; 39 | X : in Bytes_32) 40 | with Global => null; 41 | 42 | function Serialize (K : in ChaCha20_Key) return Bytes_32 43 | with Global => null; 44 | 45 | procedure Sanitize (K : out ChaCha20_Key) 46 | with Global => null; 47 | 48 | procedure Sanitize (S : out ChaCha20_Context) 49 | with Global => null; 50 | 51 | -------------------------------------------------------- 52 | -- Salsa20 Core functions 53 | -------------------------------------------------------- 54 | 55 | procedure Salsa20 (Output : out Bytes_64; 56 | Input : in Bytes_16; 57 | K : in Salsa20_Key; 58 | C : in Bytes_16) -- Counter 59 | with Global => null; 60 | 61 | procedure HSalsa20 (Output : out Bytes_32; 62 | Input : in Bytes_16; 63 | K : in Salsa20_Key; 64 | C : in Bytes_16) -- Counter 65 | with Global => null; 66 | 67 | -------------------------------------------------------- 68 | -- ChaCha20 Core functions 69 | -------------------------------------------------------- 70 | 71 | procedure ChaCha20_Key_IV_Setup (Context : out ChaCha20_Context; 72 | K : in ChaCha20_Key; 73 | N : in ChaCha20_Nonce; 74 | Counter : in U64) 75 | with Global => null; 76 | 77 | procedure ChaCha20_Key_IV_IETF_Setup (Context : out ChaCha20_Context; 78 | K : in ChaCha20_Key; 79 | N : in ChaCha20_IETF_Nonce; 80 | Counter : in U32) 81 | with Global => null; 82 | 83 | procedure ChaCha20_Encrypt_Bytes (Context : in ChaCha20_Context; 84 | C : out Byte_Seq; 85 | M : in Byte_Seq; 86 | Xor_M : in Boolean) 87 | with Global => null, 88 | Relaxed_Initialization => C, 89 | Pre => C'First = 0 and 90 | M'First = 0 and 91 | (if Xor_M then M'Length = C'Length) and 92 | (if not Xor_M then M'Length = 64) and 93 | C'Last < N32'Last and 94 | C'First >= N32'First and 95 | M'First >= N32'First, 96 | Post => C'Initialized; 97 | 98 | private 99 | -- Note - also limited here in the full view to ensure 100 | -- no assignment and pass-by-reference in the body. 101 | type Salsa20_Key is limited record 102 | F : Bytes_32; 103 | end record; 104 | 105 | type ChaCha20_Key is limited record 106 | F : Bytes_32; 107 | end record; 108 | 109 | type ChaCha20_Context is limited record 110 | F : U32_Seq (Index_16); 111 | end record; 112 | end SPARKNaCl.Core; 113 | -------------------------------------------------------------------------------- /perf/tcore.adb: -------------------------------------------------------------------------------- 1 | with HAL; use HAL; 2 | with HiFive1.LEDs; use HiFive1.LEDs; 3 | with FE310; 4 | with FE310.CLINT; 5 | with FE310.Time; use FE310.Time; 6 | 7 | with Interfaces; use Interfaces; 8 | 9 | with IO; 10 | 11 | with SPARKNaCl; use SPARKNaCl; 12 | with SPARKNaCl.Core; use SPARKNaCl.Core; 13 | with SPARKNaCl.Stream; use SPARKNaCl.Stream; 14 | 15 | with TweetNaCl_API; 16 | 17 | with RISCV.CSR; use RISCV.CSR; 18 | with FE310.Performance_Monitor; use FE310.Performance_Monitor; 19 | 20 | procedure TCore is 21 | subtype U64 is Unsigned_64; 22 | 23 | C1, C2 : Byte_Seq (0 .. 2047); 24 | N : HSalsa20_Nonce; 25 | K : Salsa20_Key; 26 | 27 | T1, T2 : UInt64; 28 | Total_Time : Unsigned_64; 29 | 30 | CPU_Hz1, CPU_Hz2 : UInt32; 31 | 32 | procedure Report; 33 | 34 | procedure Report 35 | is 36 | begin 37 | IO.Put_Line ("Total time: ", Total_Time); 38 | end Report; 39 | 40 | procedure Tweet_HSalsa20 (C : out Byte_Seq; -- Output stream 41 | N : in HSalsa20_Nonce; -- Nonce 42 | K : in Salsa20_Key); -- Key 43 | 44 | procedure Tweet_HSalsa20 (C : out Byte_Seq; 45 | N : in HSalsa20_Nonce; 46 | K : in Salsa20_Key) 47 | is 48 | begin 49 | TweetNaCl_API.HSalsa20 (C, U64 (C'Length), N, K); 50 | end Tweet_HSalsa20; 51 | 52 | begin 53 | CPU_Hz1 := FE310.CPU_Frequency; 54 | 55 | -- The SPI flash clock divider should be as small as possible to increase 56 | -- the execution speed of instructions that are not yet in the instruction 57 | -- cache. 58 | FE310.Set_SPI_Flash_Clock_Divider (2); 59 | 60 | -- Load the internal oscillator factory calibration to be sure it 61 | -- oscillates at a known frequency. 62 | FE310.Load_Internal_Oscilator_Calibration; 63 | 64 | -- Use the HiFive1 16 MHz crystal oscillator which is more acurate than the 65 | -- internal oscillator. 66 | FE310.Use_Crystal_Oscillator; 67 | 68 | HiFive1.LEDs.Initialize; 69 | 70 | CPU_Hz2 := FE310.CPU_Frequency; 71 | 72 | IO.Put_Line ("CPU Frequency reset was: ", U64 (CPU_Hz1)); 73 | IO.Put_Line ("CPU Frequency now is: ", U64 (CPU_Hz2)); 74 | 75 | FE310.Performance_Monitor.Set_Commit_Events (3, No_Commit_Events); 76 | FE310.Performance_Monitor.Set_Commit_Events (4, No_Commit_Events); 77 | 78 | Turn_On (Red_LED); 79 | 80 | T1 := FE310.CLINT.Machine_Time; 81 | T2 := FE310.CLINT.Machine_Time; 82 | IO.Put_Line ("Null timing test:", U64 (T2 - T1)); 83 | 84 | T1 := Mcycle.Read; 85 | Delay_S (1); 86 | T2 := Mcycle.Read; 87 | IO.Put_Line ("One second test (CYCLE): ", U64 (T2 - T1)); 88 | 89 | T1 := Minstret.Read; 90 | Delay_S (1); 91 | T2 := Minstret.Read; 92 | IO.Put_Line ("One second test (INSTRET):", U64 (T2 - T1)); 93 | 94 | T1 := FE310.CLINT.Machine_Time; 95 | Delay_S (1); 96 | T2 := FE310.CLINT.Machine_Time; 97 | IO.Put_Line ("One second test (CLINT): ", U64 (T2 - T1)); 98 | 99 | IO.Put_Line ("SPARKNaCl.Stream.HSalsa20 test"); 100 | 101 | -- Arbitrary nonce. 102 | N := (0, 1, 2, 3, 4, 5, 6, 7, 103 | 8, 9, 10, 11, 12, 13, 14, 15, 104 | 16, 17, 18, 19, 20, 21, 22, 23); 105 | 106 | -- Arbitrary key 107 | Construct (K, Bytes_32'(5, 1, 5, 1, 5, 1, 5, 1, 108 | 5, 1, 5, 1, 5, 1, 5, 1, 109 | 5, 1, 5, 1, 5, 1, 5, 1, 110 | 5, 1, 5, 1, 5, 1, 5, 1)); 111 | 112 | T1 := Mcycle.Read; 113 | SPARKNaCl.Stream.HSalsa20 (C1, N, K); 114 | T2 := Mcycle.Read; 115 | 116 | Total_Time := Unsigned_64 (T2 - T1); 117 | Report; 118 | 119 | Turn_Off (Red_LED); 120 | Turn_On (Green_LED); 121 | 122 | IO.New_Line; 123 | IO.Put_Line ("TweetNaCl.Core test"); 124 | 125 | T1 := Mcycle.Read; 126 | Tweet_HSalsa20 (C2, N, K); 127 | T2 := Mcycle.Read; 128 | Total_Time := Unsigned_64 (T2 - T1); 129 | 130 | Report; 131 | if C1 = C2 then 132 | IO.Put ("Pass"); 133 | else 134 | IO.Put ("Fail"); 135 | end if; 136 | IO.New_Line; 137 | IO.New_Line; 138 | 139 | Turn_Off (Green_LED); 140 | 141 | -- Blinky! 142 | loop 143 | Turn_On (Red_LED); 144 | Delay_S (1); 145 | Turn_Off (Red_LED); 146 | 147 | Turn_On (Green_LED); 148 | Delay_S (1); 149 | Turn_Off (Green_LED); 150 | 151 | Turn_On (Blue_LED); 152 | Delay_S (1); 153 | Turn_Off (Blue_LED); 154 | 155 | end loop; 156 | end TCore; 157 | -------------------------------------------------------------------------------- /src/sparknacl-cryptobox.ads: -------------------------------------------------------------------------------- 1 | with SPARKNaCl.Core; 2 | with SPARKNaCl.Stream; 3 | package SPARKNaCl.Cryptobox 4 | with Pure, 5 | SPARK_Mode => On 6 | is 7 | -------------------------------------------------------- 8 | -- Public Key Authenticated Encryption - "Crypto Box" -- 9 | -------------------------------------------------------- 10 | 11 | -- Limited, so no assignment or comparison, and always 12 | -- pass-by-reference. 13 | type Secret_Key is limited private; 14 | type Public_Key is limited private; 15 | 16 | Plaintext_Zero_Bytes : constant := 32; 17 | Ciphertext_Zero_Bytes : constant := 16; 18 | 19 | -- Key generation 20 | procedure Keypair (Raw_SK : in Bytes_32; 21 | PK : out Public_Key; 22 | SK : out Secret_Key) 23 | with Global => null; 24 | 25 | function Construct (K : in Bytes_32) return Secret_Key 26 | with Global => null; 27 | 28 | function Construct (K : in Bytes_32) return Public_Key 29 | with Global => null; 30 | 31 | function Serialize (K : in Secret_Key) return Bytes_32 32 | with Global => null; 33 | 34 | function Serialize (K : in Public_Key) return Bytes_32 35 | with Global => null; 36 | 37 | -- Sanitization 38 | procedure Sanitize (K : out Secret_Key) 39 | with Global => null; 40 | 41 | procedure Sanitize (K : out Public_Key) 42 | with Global => null; 43 | 44 | -- Precomputation 45 | procedure BeforeNM (K : out Core.Salsa20_Key; 46 | PK : in Public_Key; 47 | SK : in Secret_Key) 48 | with Global => null; 49 | 50 | 51 | -- Postcomputation for Create 52 | procedure AfterNM (C : out Byte_Seq; 53 | Status : out Boolean; 54 | M : in Byte_Seq; 55 | N : in Stream.HSalsa20_Nonce; 56 | K : in Core.Salsa20_Key) 57 | with Global => null, 58 | Pre => (M'First = 0 and 59 | C'First = 0 and 60 | C'Last = M'Last and 61 | M'Length >= 32) and then 62 | Equal (M (0 .. 31), Zero_Bytes_32), 63 | Post => Equal (C (0 .. 15), Zero_Bytes_16); 64 | 65 | -- Postcomputation for Open 66 | procedure Open_AfterNM 67 | (M : out Byte_Seq; -- Output plaintext 68 | Status : out Boolean; 69 | C : in Byte_Seq; -- Input ciphertext 70 | N : in Stream.HSalsa20_Nonce; 71 | K : in Core.Salsa20_Key) 72 | with Global => null, 73 | Pre => (M'First = 0 and 74 | C'First = 0 and 75 | M'Last = C'Last and 76 | C'Length >= 32) and then 77 | Equal (C (0 .. 15), Zero_Bytes_16), 78 | Post => Equal (M (0 .. 31), Zero_Bytes_32); 79 | 80 | -- Top-level all-in-one Create operation 81 | procedure Create (C : out Byte_Seq; 82 | Status : out Boolean; 83 | M : in Byte_Seq; 84 | N : in Stream.HSalsa20_Nonce; 85 | Recipient_PK : in Public_Key; 86 | Sender_SK : in Secret_Key) 87 | with Global => null, 88 | Pre => (M'First = 0 and 89 | C'First = 0 and 90 | C'Last = M'Last and 91 | M'Length >= 32) and then 92 | Equal (M (0 .. 31), Zero_Bytes_32), 93 | Post => Equal (C (0 .. 15), Zero_Bytes_16); 94 | 95 | 96 | -- Top-level all-in-one Open operation 97 | procedure Open (M : out Byte_Seq; 98 | Status : out Boolean; 99 | C : in Byte_Seq; 100 | N : in Stream.HSalsa20_Nonce; 101 | Sender_PK : in Public_Key; 102 | Recipient_SK : in Secret_Key) 103 | with Global => null, 104 | Pre => (M'First = 0 and 105 | C'First = 0 and 106 | M'Last = C'Last and 107 | C'Length >= 32) and then 108 | Equal (C (0 .. 15), Zero_Bytes_16), 109 | Post => Equal (M (0 .. 31), Zero_Bytes_32); 110 | 111 | private 112 | -- Note - also limited types here in the full view to ensure 113 | -- no assignment and pass-by-reference in the body. 114 | type Secret_Key is limited record 115 | F : Bytes_32; 116 | end record; 117 | 118 | type Public_Key is limited record 119 | F : Bytes_32; 120 | end record; 121 | end SPARKNaCl.Cryptobox; 122 | -------------------------------------------------------------------------------- /src/sparknacl-aes.ads: -------------------------------------------------------------------------------- 1 | package SPARKNaCl.AES 2 | with Pure, 3 | SPARK_Mode => On 4 | is 5 | -------------------------------------------------------- 6 | -- AES Type definition(s) 7 | -------------------------------------------------------- 8 | 9 | type AES256_Key is limited private; 10 | type AES128_Key is limited private; 11 | 12 | type AES256_Round_Keys is limited private; 13 | type AES128_Round_Keys is limited private; 14 | 15 | -------------------------------------------------------- 16 | -- AES Key utility function(s) 17 | -------------------------------------------------------- 18 | 19 | function Construct (Raw_Key : in Bytes_32) return AES256_Key 20 | with Global => null; 21 | 22 | function Construct (Raw_Key : in Bytes_16) return AES128_Key 23 | with Global => null; 24 | 25 | procedure Construct (Key : out AES256_Key; 26 | Raw_Key : in Bytes_32) 27 | with Global => null; 28 | 29 | procedure Construct (Key : out AES128_Key; 30 | Raw_Key : in Bytes_16) 31 | with Global => null; 32 | 33 | function Serialize (Key : in AES256_Key) return Bytes_32 34 | with Global => null; 35 | 36 | function Serialize (Key : in AES128_Key) return Bytes_16 37 | with Global => null; 38 | 39 | procedure Sanitize (Key : out AES256_Key) 40 | with Global => null; 41 | 42 | procedure Sanitize (Key : out AES128_Key) 43 | with Global => null; 44 | 45 | procedure Sanitize (Round_Keys : out AES256_Round_Keys) 46 | with Global => null; 47 | 48 | procedure Sanitize (Round_Keys : out AES128_Round_Keys) 49 | with Global => null; 50 | 51 | -------------------------------------------------------- 52 | -- AES256 Core function(s) 53 | -------------------------------------------------------- 54 | 55 | function Key_Expansion (Key : in AES256_Key) return AES256_Round_Keys 56 | with Global => null; 57 | 58 | function Key_Expansion (Key : in AES128_Key) return AES128_Round_Keys 59 | with Global => null; 60 | 61 | procedure Cipher (Output : out Bytes_16; 62 | Input : in Bytes_16; 63 | Round_Keys : in AES256_Round_Keys) 64 | with Global => null, 65 | Always_Terminates; 66 | 67 | procedure Cipher (Output : out Bytes_16; 68 | Input : in Bytes_16; 69 | Round_Keys : in AES128_Round_Keys) 70 | with Global => null, 71 | Always_Terminates; 72 | 73 | procedure Inv_Cipher (Output : out Bytes_16; 74 | Input : in Bytes_16; 75 | Round_Keys : in AES256_Round_Keys) 76 | with Global => null; 77 | 78 | procedure Inv_Cipher (Output : out Bytes_16; 79 | Input : in Bytes_16; 80 | Round_Keys : in AES128_Round_Keys) 81 | with Global => null; 82 | 83 | private 84 | -------------------------------------------------------- 85 | -- Constant definition(s) 86 | -------------------------------------------------------- 87 | 88 | AES256_Number_Of_Rounds : constant I32 := 14; 89 | AES128_Number_Of_Rounds : constant I32 := 10; 90 | 91 | AES256_Words_Per_Key : constant I32 := 8; 92 | AES128_Words_Per_Key : constant I32 := 4; 93 | 94 | -------------------------------------------------------- 95 | -- Type definition(s) 96 | -------------------------------------------------------- 97 | 98 | subtype AES256_Key_Array is U32_Seq (Index_8); 99 | subtype AES128_Key_Array is U32_Seq (Index_4); 100 | 101 | pragma Assert (AES256_Key_Array'Length = AES256_Words_Per_Key); 102 | pragma Assert (AES128_Key_Array'Length = AES128_Words_Per_Key); 103 | 104 | type AES256_Key is limited record 105 | F : AES256_Key_Array; 106 | end record; 107 | 108 | type AES128_Key is limited record 109 | F : AES128_Key_Array; 110 | end record; 111 | 112 | subtype Round_Key is U32_Seq (Index_4); 113 | 114 | subtype AES256_Round_Key_Index is I32 range 0 .. AES256_Number_Of_Rounds; 115 | subtype AES128_Round_Key_Index is I32 range 0 .. AES128_Number_Of_Rounds; 116 | 117 | type AES256_Round_Key_Array is array (AES256_Round_Key_Index) of Round_Key; 118 | type AES128_Round_Key_Array is array (AES128_Round_Key_Index) of Round_Key; 119 | 120 | pragma Assert (AES256_Round_Key_Array'Length = AES256_Number_Of_Rounds + 1); 121 | pragma Assert (AES128_Round_Key_Array'Length = AES128_Number_Of_Rounds + 1); 122 | 123 | type AES256_Round_Keys is limited record 124 | F : AES256_Round_Key_Array; 125 | end record; 126 | 127 | type AES128_Round_Keys is limited record 128 | F : AES128_Round_Key_Array; 129 | end record; 130 | 131 | end SPARKNaCl.AES; 132 | --------------------------------------------------------------------------------