module Hacl.Endianness
module ST = FStar.HyperStack.ST
open FStar.HyperStack.All
open FStar.Old.Endianness
open Hacl.Spec.Endianness
open FStar.Buffer
module U8 = FStar.UInt8
module U16 = FStar.UInt16
module U32 = FStar.UInt32
module U64 = FStar.UInt64
module U128 = FStar.UInt128
module H8 = Hacl.UInt8
module H16 = Hacl.UInt16
module H32 = Hacl.UInt32
module H64 = Hacl.UInt64
module H128 = Hacl.UInt128
#set-options "--initial_fuel 0 --max_fuel 0 --z3rlimit 5"
open C.Compat.Endianness
// Byte-level functions
unfold inline_for_extraction let htole16 x = htole16 x
unfold inline_for_extraction let le16toh x = le16toh x
unfold inline_for_extraction let htole32 x = htole32 x
unfold inline_for_extraction let le32toh x = le32toh x
unfold inline_for_extraction let htole64 x = htole64 x
unfold inline_for_extraction let le64toh x = le64toh x
unfold inline_for_extraction let htobe16 x = htobe16 x
unfold inline_for_extraction let be16toh x = be16toh x
unfold inline_for_extraction let htobe32 x = htobe32 x
unfold inline_for_extraction let be32toh x = be32toh x
unfold inline_for_extraction let htobe64 x = htobe64 x
unfold inline_for_extraction let be64toh x = be64toh x
[@"substitute" ]
val store32_le:
b:buffer U8.t{length b = 4} ->
z:U32.t ->
Stack unit
(requires (fun h -> Buffer.live h b))
(ensures (fun h0 _ h1 -> modifies_1 b h0 h1 /\ Buffer.live h1 b
/\ little_endian (as_seq h1 b) = U32.v z))
[@"substitute" ]
val load32_le:
b:buffer U8.t{length b = 4} ->
Stack U32.t
(requires (fun h -> Buffer.live h b))
(ensures (fun h0 z h1 -> h0 == h1 /\ live h1 b
/\ little_endian (as_seq h0 b) = U32.v z))
[@"substitute" ]
val store32_be:
b:buffer U8.t{length b = 4} ->
z:U32.t ->
Stack unit
(requires (fun h -> Buffer.live h b))
(ensures (fun h0 _ h1 -> modifies_1 b h0 h1 /\ Buffer.live h1 b
/\ big_endian (as_seq h1 b) = U32.v z))
[@"substitute" ]
val load32_be:
b:buffer U8.t{length b = 4} ->
Stack U32.t
(requires (fun h -> Buffer.live h b))
(ensures (fun h0 z h1 -> h0 == h1 /\ live h1 b
/\ big_endian (as_seq h0 b) = U32.v z))
[@"substitute" ]
val store64_le:
b:buffer U8.t{length b = 8} ->
z:U64.t ->
Stack unit
(requires (fun h -> live h b))
(ensures (fun h0 _ h1 -> modifies_1 b h0 h1 /\ live h1 b /\ little_endian (as_seq h1 b) = U64.v z))
[@"substitute" ]
val load64_le:
b:buffer U8.t{length b = 8} ->
Stack U64.t
(requires (fun h -> Buffer.live h b))
(ensures (fun h0 z h1 -> h0 == h1 /\ live h1 b /\ little_endian (as_seq h0 b) = U64.v z))
[@"substitute" ]
val store64_be:
b:buffer U8.t{length b = 8} ->
z:U64.t ->
Stack unit
(requires (fun h -> live h b))
(ensures (fun h0 _ h1 -> modifies_1 b h0 h1 /\ live h1 b /\ big_endian (as_seq h1 b) = U64.v z))
[@"substitute" ]
val load64_be:
b:buffer U8.t{length b = 8} ->
Stack U64.t
(requires (fun h -> Buffer.live h b))
(ensures (fun h0 z h1 -> h0 == h1 /\ live h0 b /\ big_endian (as_seq h0 b) = U64.v z))
[@"substitute" ]
val load128_le:
b:buffer U8.t{length b = 16} ->
Stack U128.t
(requires (fun h -> live h b))
(ensures (fun h0 z h1 -> h0 == h1 /\ live h0 b /\ little_endian (as_seq h0 b) = U128.v z))
[@"substitute" ]
val store128_le:
b:buffer U8.t{length b = 16} ->
z:U128.t ->
Stack unit
(requires (fun h -> live h b))
(ensures (fun h0 _ h1 -> modifies_1 b h0 h1 /\ live h1 b /\ little_endian (as_seq h1 b) = U128.v z))
[@"substitute" ]
val load128_be:
b:buffer U8.t{length b = 16} ->
Stack U128.t
(requires (fun h -> live h b))
(ensures (fun h0 z h1 -> h0 == h1 /\ live h0 b /\ big_endian (as_seq h0 b) = U128.v z))
[@"substitute" ]
val store128_be:
b:buffer U8.t{length b = 16} ->
z:U128.t ->
Stack unit
(requires (fun h -> live h b))
(ensures (fun h0 _ h1 -> modifies_1 b h0 h1 /\ live h1 b /\ big_endian (as_seq h1 b) = U128.v z))
[@"substitute" ]
val hstore32_le:
b:buffer H8.t{length b = 4} ->
z:H32.t ->
Stack unit
(requires (fun h -> Buffer.live h b))
(ensures (fun h0 _ h1 -> modifies_1 b h0 h1 /\ Buffer.live h1 b
/\ hlittle_endian (as_seq h1 b) = H32.v z))
[@"substitute" ]
val hload32_le:
b:buffer H8.t{length b = 4} ->
Stack H32.t
(requires (fun h -> Buffer.live h b))
(ensures (fun h0 z h1 -> h0 == h1 /\ live h1 b
/\ hlittle_endian (as_seq h0 b) = H32.v z))
[@"substitute" ]
val hstore32_be:
b:buffer H8.t{length b = 4} ->
z:H32.t ->
Stack unit
(requires (fun h -> Buffer.live h b))
(ensures (fun h0 _ h1 -> modifies_1 b h0 h1 /\ Buffer.live h1 b
/\ hbig_endian (as_seq h1 b) = H32.v z))
[@"substitute" ]
val hload32_be:
b:buffer H8.t{length b = 4} ->
Stack H32.t
(requires (fun h -> Buffer.live h b))
(ensures (fun h0 z h1 -> h0 == h1 /\ live h1 b
/\ hbig_endian (as_seq h0 b) = H32.v z))
[@"substitute" ]
val hstore64_le:
b:buffer H8.t{length b = 8} ->
z:H64.t ->
Stack unit
(requires (fun h -> live h b))
(ensures (fun h0 _ h1 -> modifies_1 b h0 h1 /\ live h1 b /\ hlittle_endian (as_seq h1 b) = H64.v z))
[@"substitute" ]
val hload64_le:
b:buffer H8.t{length b = 8} ->
Stack H64.t
(requires (fun h -> Buffer.live h b))
(ensures (fun h0 z h1 -> h0 == h1 /\ live h1 b /\ hlittle_endian (as_seq h0 b) = H64.v z))
[@"substitute" ]
val hstore64_be:
b:buffer H8.t{length b = 8} ->
z:H64.t ->
Stack unit
(requires (fun h -> live h b))
(ensures (fun h0 _ h1 -> modifies_1 b h0 h1 /\ live h1 b /\ hbig_endian (as_seq h1 b) = H64.v z))
[@"substitute" ]
val hload64_be:
b:buffer H8.t{length b = 8} ->
Stack H64.t
(requires (fun h -> Buffer.live h b))
(ensures (fun h0 z h1 -> h0 == h1 /\ live h0 b /\ hbig_endian (as_seq h0 b) = H64.v z))
[@"substitute" ]
val hstore128_le:
b:buffer H8.t{length b = 16} ->
z:H128.t ->
Stack unit
(requires (fun h -> live h b))
(ensures (fun h0 _ h1 -> modifies_1 b h0 h1 /\ live h1 b /\ hlittle_endian (as_seq h1 b) = H128.v z))
[@"substitute" ]
val hload128_le:
b:buffer H8.t{length b = 16} ->
Stack H128.t
(requires (fun h -> live h b))
(ensures (fun h0 z h1 -> h0 == h1 /\ live h0 b /\ hlittle_endian (as_seq h0 b) = H128.v z))
[@"substitute" ]
val hstore128_be:
b:buffer H8.t{length b = 16} ->
z:H128.t ->
Stack unit
(requires (fun h -> live h b))
(ensures (fun h0 _ h1 -> modifies_1 b h0 h1 /\ live h1 b /\ hbig_endian (as_seq h1 b) = H128.v z))
[@"substitute" ]
val hload128_be:
b:buffer H8.t{length b = 16} ->
Stack H128.t
(requires (fun h -> live h b))
(ensures (fun h0 z h1 -> h0 == h1 /\ live h0 b /\ hbig_endian (as_seq h0 b) = H128.v z))
#set-options "--lax"
(**
* REMARK
* These functions are implemented in C in Kremlin's library and trusted.
* Their assumed specifications in Kremlin's C.fst only specify their memory
* footprint and not their functional behaviour, so we can't prove the richer
* specifications given here.
**)
[@"substitute" ]
let store32_le b z = store32_le b z
[@"substitute" ]
let store32_be b z = store32_be b z
[@"substitute" ]
let store64_le b z = store64_le b z
[@"substitute" ]
let store64_be b z = store64_be b z
[@"substitute" ]
let store128_le b z = store128_le b z
[@"substitute" ]
let store128_be b z = store128_be b z
[@"substitute" ]
let load32_le b = load32_le b
[@"substitute" ]
let load32_be b = load32_be b
[@"substitute" ]
let load64_le b = load64_le b
[@"substitute" ]
let load64_be b = load64_be b
[@"substitute" ]
let load128_le b = load128_le b
[@"substitute" ]
let load128_be b = load128_be b
#reset-options
[@"substitute" ]
let hstore32_le b z = store32_le b z
[@"substitute" ]
let hstore32_be b z = store32_be b z
[@"substitute" ]
let hstore64_le b z = store64_le b z
[@"substitute" ]
let hstore64_be b z = store64_be b z
[@"substitute" ]
let hstore128_le b z = store128_le b z
[@"substitute" ]
let hstore128_be b z = store128_be b z
[@"substitute" ]
let hload32_le b = load32_le b
[@"substitute" ]
let hload32_be b = load32_be b
[@"substitute" ]
let hload64_le b = load64_le b
[@"substitute" ]
let hload64_be b = load64_be b
[@"substitute" ]
let hload128_le b = load128_le b
[@"substitute" ]
let hload128_be b = load128_be b