HOL-Light: Add HOL Light proof for aarch64 polyz_unpack_{17,19}

Add functional correctness proofs for polyz_unpack_17 and polyz_unpack_19.
Closely following the decompress proofs from mlkem-native:
pq-code-package/mlkem-native#1543

Signed-off-by: Matthias J. Kannwischer <matthias@kannwischer.eu>

Author: mkannwischer

.github/workflows/hol_light.yml

@@ -12,6 +12,7 @@ on:
      - 'proofs/hol_light/aarch64/Makefile'
      - 'proofs/hol_light/aarch64/**/*.S'
      - 'proofs/hol_light/aarch64/**/*.ml'
+     - 'proofs/hol_light/common/**/*.ml'
      - 'proofs/hol_light/x86_64/Makefile'
      - 'proofs/hol_light/x86_64/**/*.S'
      - 'proofs/hol_light/x86_64/**/*.ml'
@@ -26,6 +27,7 @@ on:
       - 'proofs/hol_light/aarch64/Makefile'
       - 'proofs/hol_light/aarch64/**/*.S'
       - 'proofs/hol_light/aarch64/**/*.ml'
+      - 'proofs/hol_light/common/**/*.ml'
       - 'proofs/hol_light/x86_64/Makefile'
       - 'proofs/hol_light/x86_64/**/*.S'
       - 'proofs/hol_light/x86_64/**/*.ml'
@@ -83,6 +85,10 @@ jobs:
             needs: ["aarch64_utils.ml"]
           - name: mldsa_poly_chknorm
             needs: ["aarch64_utils.ml"]
+          - name: mldsa_polyz_unpack_17
+            needs: ["aarch64_utils.ml", "mldsa_polyz_unpack_consts.ml", "mldsa_specs.ml"]
+          - name: mldsa_polyz_unpack_19
+            needs: ["aarch64_utils.ml", "mldsa_polyz_unpack_consts.ml", "mldsa_specs.ml"]
     name: AArch64 HOL Light proof for ${{ matrix.proof.name }}.S
     runs-on: pqcp-arm64
     if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork

nix/s2n_bignum/default.nix

@@ -4,12 +4,12 @@
 { stdenv, fetchFromGitHub, writeText, ... }:
 stdenv.mkDerivation rec {
   pname = "s2n_bignum";
-  version = "3bfe68deb9fbdaf23be0a927c362a87a799adc28";
+  version = "1d6cb3dc9ac7648e99b9718b8c532be44f25970a";
   src = fetchFromGitHub {
-    owner = "awslabs";
+    owner = "mkannwischer";
     repo = "s2n-bignum";
     rev = "${version}";
-    hash = "sha256-C3SdYZ/PhfTmHefz3klO3l/lbEgtA8Hq9wjDmjd+Fek=";
+    hash = "sha256-haOO4xW5ZHfJQo/HMrnmg6Qmf4FgzYOnEQgDjPhC27M=";
   };
   setupHook = writeText "setup-hook.sh" ''
     export S2N_BIGNUM_DIR="$1"

proofs/hol_light/aarch64/Makefile

@@ -54,7 +54,9 @@ endif
 SPLIT=tr ';' '\n'
 
 OBJ = mldsa/mldsa_poly_caddq.o \
-      mldsa/mldsa_poly_chknorm.o
+      mldsa/mldsa_poly_chknorm.o \
+      mldsa/mldsa_polyz_unpack_17.o \
+      mldsa/mldsa_polyz_unpack_19.o
 
 # According to
 # https://developer.apple.com/documentation/xcode/writing-arm64-code-for-apple-platforms,

proofs/hol_light/aarch64/mldsa/mldsa_polyz_unpack_17.S

@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) The mldsa-native project authors
+ * Copyright (c) The mlkem-native project authors
+ * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+ */
+
+
+/*
+ * WARNING: This file is auto-derived from the mldsa-native source file
+ *   dev/aarch64_opt/src/polyz_unpack_17_asm.S using scripts/simpasm. Do not modify it directly.
+ */
+
+#if defined(__ELF__)
+.section .note.GNU-stack,"",@progbits
+#endif
+
+.text
+.balign 4
+#ifdef __APPLE__
+.global _PQCP_MLDSA_NATIVE_MLDSA44_polyz_unpack_17_asm
+_PQCP_MLDSA_NATIVE_MLDSA44_polyz_unpack_17_asm:
+#else
+.global PQCP_MLDSA_NATIVE_MLDSA44_polyz_unpack_17_asm
+PQCP_MLDSA_NATIVE_MLDSA44_polyz_unpack_17_asm:
+#endif
+
+        .cfi_startproc
+        ldr	q24, [x2]
+        ldr	q25, [x2, #0x10]
+        ldr	q26, [x2, #0x20]
+        ldr	q27, [x2, #0x30]
+        mov	x3, #0xfe00000000       // =1090921693184
+        mov	v28.d[0], x3
+        mov	x3, #0xfc               // =252
+        movk	x3, #0xfa, lsl #32
+        mov	v28.d[1], x3
+        movi	v29.4s, #0x3, msl #16
+        movi	v30.4s, #0x2, lsl #16
+        mov	x9, #0x10               // =16
+
+Lpolyz_unpack_17_loop:
+        ld1	{ v0.16b, v1.16b }, [x1]
+        add	x1, x1, #0x14
+        ld1	{ v2.16b }, [x1], #16
+        tbl	v4.16b, { v0.16b }, v24.16b
+        tbl	v5.16b, { v0.16b, v1.16b }, v25.16b
+        tbl	v6.16b, { v1.16b }, v26.16b
+        tbl	v7.16b, { v1.16b, v2.16b }, v27.16b
+        ushl	v4.4s, v4.4s, v28.4s
+        and	v4.16b, v4.16b, v29.16b
+        sub	v4.4s, v30.4s, v4.4s
+        ushl	v5.4s, v5.4s, v28.4s
+        and	v5.16b, v5.16b, v29.16b
+        sub	v5.4s, v30.4s, v5.4s
+        ushl	v6.4s, v6.4s, v28.4s
+        and	v6.16b, v6.16b, v29.16b
+        sub	v6.4s, v30.4s, v6.4s
+        ushl	v7.4s, v7.4s, v28.4s
+        and	v7.16b, v7.16b, v29.16b
+        sub	v7.4s, v30.4s, v7.4s
+        str	q5, [x0, #0x10]
+        str	q6, [x0, #0x20]
+        str	q7, [x0, #0x30]
+        str	q4, [x0], #0x40
+        subs	x9, x9, #0x1
+        b.ne	Lpolyz_unpack_17_loop
+        ret
+        .cfi_endproc

proofs/hol_light/aarch64/mldsa/mldsa_polyz_unpack_19.S

@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) The mldsa-native project authors
+ * Copyright (c) The mlkem-native project authors
+ * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+ */
+
+
+/*
+ * WARNING: This file is auto-derived from the mldsa-native source file
+ *   dev/aarch64_opt/src/polyz_unpack_19_asm.S using scripts/simpasm. Do not modify it directly.
+ */
+
+#if defined(__ELF__)
+.section .note.GNU-stack,"",@progbits
+#endif
+
+.text
+.balign 4
+#ifdef __APPLE__
+.global _PQCP_MLDSA_NATIVE_MLDSA44_polyz_unpack_19_asm
+_PQCP_MLDSA_NATIVE_MLDSA44_polyz_unpack_19_asm:
+#else
+.global PQCP_MLDSA_NATIVE_MLDSA44_polyz_unpack_19_asm
+PQCP_MLDSA_NATIVE_MLDSA44_polyz_unpack_19_asm:
+#endif
+
+        .cfi_startproc
+        ldr	q24, [x2]
+        ldr	q25, [x2, #0x10]
+        ldr	q26, [x2, #0x20]
+        ldr	q27, [x2, #0x30]
+        mov	x3, #0xfc00000000       // =1082331758592
+        dup	v28.2d, x3
+        movi	v29.4s, #0xf, msl #16
+        movi	v30.4s, #0x8, lsl #16
+        mov	x9, #0x10               // =16
+
+Lpolyz_unpack_19_loop:
+        ld1	{ v0.16b, v1.16b }, [x1]
+        add	x1, x1, #0x18
+        ld1	{ v2.16b }, [x1], #16
+        tbl	v4.16b, { v0.16b }, v24.16b
+        tbl	v5.16b, { v0.16b, v1.16b }, v25.16b
+        tbl	v6.16b, { v1.16b }, v26.16b
+        tbl	v7.16b, { v1.16b, v2.16b }, v27.16b
+        ushl	v4.4s, v4.4s, v28.4s
+        and	v4.16b, v4.16b, v29.16b
+        sub	v4.4s, v30.4s, v4.4s
+        ushl	v5.4s, v5.4s, v28.4s
+        and	v5.16b, v5.16b, v29.16b
+        sub	v5.4s, v30.4s, v5.4s
+        ushl	v6.4s, v6.4s, v28.4s
+        and	v6.16b, v6.16b, v29.16b
+        sub	v6.4s, v30.4s, v6.4s
+        ushl	v7.4s, v7.4s, v28.4s
+        and	v7.16b, v7.16b, v29.16b
+        sub	v7.4s, v30.4s, v7.4s
+        str	q5, [x0, #0x10]
+        str	q6, [x0, #0x20]
+        str	q7, [x0, #0x30]
+        str	q4, [x0], #0x40
+        subs	x9, x9, #0x1
+        b.ne	Lpolyz_unpack_19_loop
+        ret
+        .cfi_endproc