-
Notifications
You must be signed in to change notification settings - Fork 16
118 lines (98 loc) · 3.65 KB
/
hax.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
name: hax
on:
push:
branches: ["dev", "main"]
paths:
- 'specs/kyber/src/**'
- 'src/kem/kyber/**'
pull_request:
branches: ["dev", "main"]
paths:
- 'specs/kyber/src/**'
- 'src/kem/kyber/**'
- 'proofs/fstar/**'
schedule:
- cron: '0 0 * * *'
workflow_dispatch:
env:
CARGO_TERM_COLOR: always
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
hax:
runs-on: "ubuntu-latest"
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: ⤵ Install FStar
run: nix profile install github:FStarLang/FStar/v2024.01.13
- name: ⤵ Clone HACL-star repository
uses: actions/checkout@v4
with:
repository: hacl-star/hacl-star
path: hacl-star
- name: ⤵ Clone hax repository
uses: actions/checkout@v4
with:
repository: hacspec/hacspec-v2
path: hax
- name: ⤵ Install & confiure Cachix
run: |
nix profile install nixpkgs#cachix
cachix use hax
- name: ⤵ Install hax
run: |
nix profile install ./hax
- name: 🏃 Extract the Kyber reference code
run: |
eval $(opam env)
(cd proofs/fstar/extraction/ && ./clean.sh)
rm -f sys/platform/proofs/fstar/extraction/*.fst*
./hax-driver.py --kyber-reference
- name: 🏃 Regenerate `extraction-*` folders
run: ./proofs/fstar/patches.sh apply
- name: 🏃 Make sure snapshots are up-to-date
run: git diff --exit-code
- name: 🏃 Verify the Kyber reference code
run: |
env FSTAR_HOME=${{ github.workspace }}/fstar \
HACL_HOME=${{ github.workspace }}/hacl-star \
HAX_HOME=${{ github.workspace }}/hax \
PATH="${PATH}:${{ github.workspace }}/fstar/bin" \
./hax-driver.py --verify-extraction
- name: 🏃 Verify Kyber `extraction-edited` F* code
run: |
env FSTAR_HOME=${{ github.workspace }}/fstar \
HACL_HOME=${{ github.workspace }}/hacl-star \
HAX_HOME=${{ github.workspace }}/hax \
PATH="${PATH}:${{ github.workspace }}/fstar/bin" \
make -C proofs/fstar/extraction-edited
- name: 🏃 Verify Kyber `extraction-secret-independent` F* code
run: |
env FSTAR_HOME=${{ github.workspace }}/fstar \
HACL_HOME=${{ github.workspace }}/hacl-star \
HAX_HOME=${{ github.workspace }}/hax \
PATH="${PATH}:${{ github.workspace }}/fstar/bin" \
make -C proofs/fstar/extraction-secret-independent
- name: 🏃 Extract the Kyber specification
run: |
eval $(opam env)
# Extract the functions in the compress module individually to test
# the function-extraction code.
# Extract functions from the remaining modules to test the
# module-extraction code.
./hax-driver.py --crate-path specs/kyber \
--functions hacspec_kyber::compress::compress \
hacspec_kyber::compress::decompress \
hacspec_kyber::compress::compress_d \
hacspec::kyber::compress::decompress_d \
--modules ind_cpa \
hacspec_kyber \
matrix \
ntt \
parameters \
sampling \
serialize \
--exclude-modules libcrux::hacl::sha3 libcrux::digest