# Academia Sinica IIS Intern [Learning] - CryptoLine
> [name=D]
## Doc
- [Github](https://github.com/fmlab-iis/cryptoline)
- [相關論文](https://tdr.lib.ntu.edu.tw/jspui/bitstream/123456789/88563/1/ntu-111-2.pdf)
## Introduction
- CryptoLine is a model checker that is specialized on assembly-level cryptographic libraries
- It combines the power of both computer algebra systems and satisfiabilitymodulo theories solvers to verify whether assembly programs satisfy the specified mathematical properties
- 一種能夠驗證用組合語言所寫的密碼程式的工具
## Steps
### make `Executable`
> `gcc -o top top.c libcrypto.a`
- 先利用 `gcc` 將 C 語言的程式碼編譯成一個 Binary 檔案
- `libcrpto.a` 為 OPENSSL 套件
- 如果發生沒有此檔案或是找不到此檔案的錯誤訊息的話,可以使用以下指令
- `$ sudo apt install libssl-dev` : Install
- `$ locate libcrpto.a` : Find the position of the file
### `Executable` -> ( `itrace.py` ) -> `.gas` assembly
> `$CL_HOME/scripts/itrace.py top ecp_nistz256_add ecp_nistz256_add.gas`
- 再利用 `itrace.py` 這個 script 將 副程式 trace 每個 register 的 address,然後生成 `.gas` 的檔案
- `top` : first argument, the name of the executable binary
- `ecp_nistz256_add` : second argument, the name of the subroutine in the `top`
- `ecp_nistz256_add.gas` : thierd argument, the name of the output file
:::spoiler apart of `ecp_nistz256_add.gas`
```=
ecp_nistz256_add:
# %rdi = 0x7fffffffdbd0
# %rsi = 0x7fffffffdb90
# %rdx = 0x7fffffffdbb0
# %rcx = 0x7fffffffdb90
# %r8 = 0x0
# %r9 = 0x-2105ddfd00000000
#! -> SP = 0x7fffffffdb88
push %r12 #! EA = L0x7fffffffdb80; PC = 0x55555557c320
push %r13 #! EA = L0x7fffffffdb78; PC = 0x55555557c322
mov (%rsi),%r8 #! EA = L0x7fffffffdb90; Value = 0x0000000000000000; PC = 0x55555557c324
xor %r13,%r13 #! PC = 0x55555557c327
mov 0x8(%rsi),%r9 #! EA = L0x7fffffffdb98; Value = 0x0000000000000000; PC = 0x55555557c32a
mov 0x10(%rsi),%r10 #! EA = L0x7fffffffdba0; Value = 0x0000000000000000; PC = 0x55555557c32e
mov 0x18(%rsi),%r11 #! EA = L0x7fffffffdba8; Value = 0x0000000000000000; PC = 0x55555557c332
lea -0x33d(%rip),%rsi # 0x55555557c000#! PC = 0x55555557c336
```
:::
### `.gas` assembly -> ( `to_zdsl.py` ) -> `.cl` draft
> `$CL_HOME/scripts/to_zdsl.py -r CL_HOME/scripts/x86_64.rules ecp_nistz256_add.gas > ecp_nistz256_add.cl`
- 利用 `to_zdsl.py` 這個 script 將 組合語言的所有指令 轉成 CryptoLine的指令 `.cl`檔案
- `to_zdsl.py`
- translation rules 可以將組語轉換成 CryptoLine 的規則
- EA : effective address of its argument
- Value : value stored in the address
- PC : program counter
:::spoiler apart of `ecp_nistz256_add.cl`
```=
proc main (%r10, %r11, %r12, %r13, %r8, %r9, %rax, %rcx, %rdi, L0x55555557c000, L0x55555557c008, L0x55555557c010, L0x55555557c018, L0x7fffffffdbb0, L0x7fffffffdbb8, L0x7fffffffdbc0, L0x7fffffffdbc8) =
{
true
&&
true
}
(* ecp_nistz256_add: *)
ecp_nistz256_add:;
(* #! -> SP = 0x7fffffffdb88 *)
#! 0x7fffffffdb88 = 0x7fffffffdb88;
(* push %r12 #! EA = L0x7fffffffdb80; PC = 0x55555557c320 *)
push %r12 #! L0x7fffffffdb80 = L0x7fffffffdb80; 0x55555557c320 = 0x55555557c320;
(* push %r13 #! EA = L0x7fffffffdb78; PC = 0x55555557c322 *)
push %r13 #! L0x7fffffffdb78 = L0x7fffffffdb78; 0x55555557c322 = 0x55555557c322;
(* mov (%rsi),%r8 #! EA = L0x7fffffffdb90; Value = 0x0000000000000000; PC = 0x55555557c324 *)
mov (%rsi),%r8 #! L0x7fffffffdb90 = L0x7fffffffdb90; 0x0000000000000000 = 0x0000000000000000; 0x55555557c324 = 0x55555557c324;
(* xor %r13,%r13 #! PC = 0x55555557c327 *)
xor %r13,%r13 #! 0x55555557c327 = 0x55555557c327;
...
(* #repz ret #! PC = 0x55555557c39c *)
#repz ret #! 0x55555557c39c = 0x55555557c39c;
{
true
&&
true
}
```
:::
### 更改 `.cl` 裡面的東西
#### proc main(...)
- this notation denotes the main subroutine in CryptoLine
- the arguments to the main subroutine are the uninitialized variables reported by `to_zdsl.py`
### 驗證 `.cl`
> `../cv.exe -v -isafety examples/openssl/ecp_nistz256/ecp_nistz256_mul_mont.cl`
#### CAS-based engine v.s. SMT-based engine
#### algebraic v.s. range
> `{ <algebraic> && <range> }`
- algebraic 代數
- 前面的部分
- 可以做加減乘除運算、mod
- range 範圍
- 後面的部分
- 只能做比較大小的部分
#### 驗證結果
- verifying range assertions
- assert 後面的
- verifying range specification
- postcondition 後面的
- verifying algebraic assertions
- assert 前面的
- verifying algebraic specification
- postcondition 前面的
### Data Flow

## Install
```=
git clone https://github.com/fmlab-iis/cryptoline.git
sudo apt-get install opam boolector singular-ui
sudo apt install opam
opam init --disable-sandboxing
eval $(opam env)
opam install dune lwt_ppx zarith
opam install apron
opam install ppx_optcomp
```
```=
cd cryptoline
ocamlfind query zarith
```
在路徑後面加上/MATA 並進行複製
```
vim ast/get-config.sh
```
```bash=
#!/bin/bash
meta=/home/demi/.opam/default/lib/zarith/META
version=$(cat ${meta} | grep -m1 "version" | cut -d "=" -f 2 | tr -d '"')
major=$(echo $version | cut -d "." -f 1)
minor=$(echo $version | cut -d "." -f 2)
echo "[%%define Z_version (${major}, ${minor})]"
```
```=
dune build
ln -s _build/default/cv.exe
./cv.exe -v -isafety examples/openssl/ecp_nistz256/ecp_nistz256_mul_mont.cl
```
## Examples
- [CryptoLine - ecp_nistz256_add](/Iajx06FPQMe8k-alzqBUGQ)
- [CryptoLine - ecp_nistz256_sub](/RVcUYhm6TKikWj9r2XHV7g)
- [CryptoLine - ecp_nistz256_mul_mont](/qC3Qo3evSm6kOJbOrAgt6Q)
- [CryptoLine - ecp_nistz256_sqr_mont](/D_iJ_l_DRxSSWobeK17byw)
## Code
- [CryptoLine - x25519](/S59HZ79AQE-m3vl08OxGbQ)
## 一些特別且值得學習的事
- 在組語裡能發現程式碼 (**CPU 計算的部分** 和 **CPU 存放 memory 的部分**) 有交錯在一起的情形
- 原因:讓 CPU 的兩個功能能夠同步進行,使得運算時間更快
- 驗證結果的東東各代表什麼
- range assertion : assert 後面的
- range specification : postcondition 後面的
- algebraic assertions : assert 前面的
- algebraic specification : postcondition 前面的
## Reference
- [Linux 建立連結檔 ln 指令教學與範例](https://blog.gtwang.org/linux/linux-ln-command-tutorial-examples/#google_vignette)
- [函式呼叫(I) - 參數傳遞](https://sophiexin9636.github.io/posts/callfunction/)
## 感謝
- Sandy