Add debug assertions for reduce.c and polyvec.c #416
Conversation
willieyz
force-pushed
the
cbmc-bound-assertions
branch
8 times, most recently
from
407a414 to
a4cfae5
Compare
willieyz
changed the title
willieyz
changed the title
willieyz
force-pushed
the
cbmc-bound-assertions
branch
5 times, most recently
from
b99b71f to
1a95672
Compare
There was a problem hiding this comment.
Thanks @willieyz. This is a nice addition!
There are still quite a few things that could be improved.
mldsa/polyvec.c
Outdated
| @@ -384,11 +421,15 @@ void mld_polyveck_sub(mld_polyveck *u, const mld_polyveck *v) | |||
| { | |||
| mld_poly_sub(&u->vec[i], &v->vec[i]); | |||
| } | |||
|
|
|||
| mld_assert_bound_2d(u->vec, MLDSA_K, MLDSA_N, (int64_t)INT32_MIN, | |||
There was a problem hiding this comment.
This cast should not be needed.
mldsa/polyvec.c
Outdated
| } | ||
|
|
||
| void mld_polyvecl_reduce(mld_polyvecl *v) | ||
| { | ||
| unsigned int i; | ||
| mld_assert_bound_2d(v->vec, MLDSA_L, MLDSA_N, (int64_t)INT32_MIN, |
There was a problem hiding this comment.
This cast should not be needed.
mldsa/poly.c
Outdated
| @@ -379,6 +393,8 @@ void mld_poly_uniform(mld_poly *a, const uint8_t seed[MLDSA_SEEDBYTES + 2]) | |||
|
|
|||
| /* FIPS 204. Section 3.6.3 Destruction of intermediate values. */ | |||
| mld_zeroize(buf, sizeof(buf)); | |||
|
|
|||
| mld_assert_bound(a->coeffs, MLDSA_N, 0, MLDSA_Q); | |||
There was a problem hiding this comment.
Can we have all assertions before the zeroize call please? Just to be consistent with mlkem-native that zeroize is the last step in the function.
There was a problem hiding this comment.
Fixed, Thank you for your reviewing!
mldsa/poly.c
Outdated
| @@ -84,6 +86,8 @@ void mld_poly_sub(mld_poly *r, const mld_poly *b) | |||
| { | |||
| r->coeffs[i] = r->coeffs[i] - b->coeffs[i]; | |||
| } | |||
|
|
|||
| mld_assert_bound(r->coeffs, MLDSA_N, (int64_t)INT32_MIN, REDUCE32_DOMAIN_MAX); | |||
There was a problem hiding this comment.
This cast should not be needed
| } | ||
|
|
||
| void mld_polyvecl_pointwise_acc_montgomery(mld_poly *w, const mld_polyvecl *u, | ||
| const mld_polyvecl *v) | ||
| { | ||
| unsigned int i, j; | ||
| mld_assert_bound_2d(u->vec, MLDSA_L, MLDSA_N, 0, MLDSA_Q); |
There was a problem hiding this comment.
isn't this missing a pre-condition on v?
There was a problem hiding this comment.
Yes, sorry about the miss..
I had fixed it now, thank you for your reviewing!
| @@ -372,6 +407,8 @@ void mld_polyveck_add(mld_polyveck *u, const mld_polyveck *v) | |||
| void mld_polyveck_sub(mld_polyveck *u, const mld_polyveck *v) | |||
There was a problem hiding this comment.
mld_polyveck_add can have a post-condition in the contract - just like mld_polyvecl_add. That should be added and also be asserted.
There was a problem hiding this comment.
Added, thank you for your reviewing!
mldsa/polyvec.c
Outdated
| @@ -431,12 +477,15 @@ void mld_polyveck_invntt_tomont(mld_polyveck *v) | |||
| { | |||
| mld_poly_invntt_tomont(&v->vec[i]); | |||
| } | |||
|
|
|||
| mld_assert_abs_bound_2d(v->vec, MLDSA_K, MLDSA_N, MLD_NTT_BOUND); | |||
There was a problem hiding this comment.
This should be INTT_BOUND.
There was a problem hiding this comment.
Can the assertion for mld_poly_reduce now be added?
There was a problem hiding this comment.
Fixed,
I had added the assert for pre-condition and post-condition,
Thank you for your reviewing!
| @@ -141,6 +146,9 @@ void mld_poly_pointwise_montgomery(mld_poly *c, const mld_poly *a, | |||
| { | |||
There was a problem hiding this comment.
mld_poly_invntt_tomont should have an MLD_INTT_BOUND output bound.
There was a problem hiding this comment.
Added, thank you for the reviewing!
willieyz
force-pushed
the
cbmc-bound-assertions
branch
3 times, most recently
from
7e05da5 to
d36b82b
Compare
willieyz
force-pushed
the
cbmc-bound-assertions
branch
8 times, most recently
from
4fca5db to
b13c665
Compare
willieyz
force-pushed
the
cbmc-bound-assertions
branch
13 times, most recently
from
36bd946 to
1cbb91f
Compare
willieyz
changed the title
willieyz
force-pushed
the
cbmc-bound-assertions
branch
4 times, most recently
from
a46549a to
fae1af6
Compare
There was a problem hiding this comment.
Thanks @willieyz. I think we settled on changing the bounds back to q*3/4, right? Could you please change that?
- This commit is ported from mlkem PR #214 - All implementations of functions in poly.c have bounds assertions for inputs and outputs added that match the CBMC specifications. Signed-off-by: willieyz <willie.zhao@chelpis.com>
Signed-off-by: willieyz <willie.zhao@chelpis.com>
- This commit is ported from mlkem PR #214 - All implementations of functions in polyvec.c have bounds assertions for inputs and outputs added that match the CBMC specifications. Signed-off-by: willieyz <willie.zhao@chelpis.com>
willieyz
force-pushed
the
cbmc-bound-assertions
branch
from
fae1af6 to
fbbfb99
Compare
…test error Signed-off-by: willieyz <willie.zhao@chelpis.com>
willieyz
force-pushed
the
cbmc-bound-assertions
branch
from
fbbfb99 to
3eba7b2
Compare
Resolves Add debug assertions for reduce.c and polyvec.c #216
All implementations of functions in
poly.c,polyvec.chave bounds assertionsfor inputs and outputs added that match the CBMC specifications.
As for mlkem-native, if CBMC is enabled, the bounds assertions
are interpreted as CBMC proof obligations.