Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix formal verification failure in AWS-LC PR 1101 #112

Merged
merged 1 commit into from
Jul 28, 2023
Merged

Fix formal verification failure in AWS-LC PR 1101 #112

merged 1 commit into from
Jul 28, 2023

Conversation

pennyannn
Copy link
Contributor

@pennyannn pennyannn commented Jul 21, 2023
edited
Loading

AWS-LC PR: aws/aws-lc#1101
Ticket: V964947909

Changes from AWS-LC PR:

  1. EC_RAW_POINT is renamed to EC_JACOBIAN.
  2. A new parameter Htable is added to the aesni_gcm_en[de]decrypt functions. The assembly now directly refers to Htable instead of locating Htable with respect to Xip with some offset.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@pennyannn pennyannn force-pushed the yppe/fix-1101 branch 2 times, most recently from a3b88d8 to c25766e Compare July 21, 2023 00:31
@pennyannn pennyannn changed the title Fix formal verification failure in aws-lc PR 1101 Fix formal verification failure in AWS-LC PR 1101 Jul 21, 2023
@pennyannn pennyannn force-pushed the yppe/fix-1101 branch 7 times, most recently from dbfbf23 to 3c88e35 Compare July 25, 2023 21:58
@pennyannn pennyannn marked this pull request as ready for review July 25, 2023 22:18
@pennyannn pennyannn requested a review from nebeid July 25, 2023 22:19
@nebeid
Copy link
Contributor

nebeid commented Jul 25, 2023

My understanding is that for point 1, EC_JACOBIAN change is accepted by the tests and they continue to pass.
But for point 2, there are changes in the proofs, but the AES-GCM tests were still failing so they were disabled. Is my understanding correct?

@pennyannn
Copy link
Contributor Author

pennyannn commented Jul 25, 2023
edited
Loading

My understanding is that for point 1, EC_JACOBIAN change is accepted by the tests and they continue to pass. But for point 2, there are changes in the proofs, but the AES-GCM tests were still failing so they were disabled. Is my understanding correct?

Yes. Exactly right. The EC proofs now work with the new name EC_JACOBIAN. The AES-GCM proofs are updated to fit with the changes but they are currently crashing because of the lack of feature in SAW (Though I won't know for sure if the changes are correct until I am able to run the proofs. Maybe I can revert the changes back to what they used to be if you prefer. In principal it shouldn't matter because the proofs are disabled anyways). So I disabled them in the shell scripts.

[Update]
Per @apetcher-amazon's request, I've reverted the changes in the AES-GCM proofs and added a comment on the AWS-LC commit that the old proof works on.

@pennyannn pennyannn force-pushed the yppe/fix-1101 branch 4 times, most recently from 5d9bcee to 7f97be9 Compare July 26, 2023 20:05
@pennyannn pennyannn merged commit c64dd9a into awslabs:master Jul 28, 2023
1 check passed
@pennyannn pennyannn deleted the yppe/fix-1101 branch July 28, 2023 20:37
@pennyannn pennyannn mentioned this pull request Jul 28, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@apetcher-amazon apetcher-amazon apetcher-amazon approved these changes

@andrewhop andrewhop Awaiting requested review from andrewhop andrewhop is a code owner

@nebeid nebeid Awaiting requested review from nebeid

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pennyannn @nebeid @apetcher-amazon