Ejemplo n.º 1
0
int attacker_key_item_havege_random_stub(void *havege_state,
                                         char *output, size_t len)
  //@ requires PRG_PRECONDITION(havege_state_initialized, havege_state);
  //@ ensures PRG_POSTCONDITION(havege_state_initialized, havege_state);
{
  return havege_random(havege_state, output, len);
}
Ejemplo n.º 2
0
int get_iv(havege_state *state, char* iv)
  /*@ requires [_]public_invar(?pub) &*&
               havege_state_initialized(state) &*&
               random_permission(?p, ?c) &*& true == bad(p) &*&
               is_bad_nonce_is_public(?proof, pub, ?pred) &*&
               pred() &*& chars(iv, 16, _);@*/
  /*@ ensures  havege_state_initialized(state) &*&
               random_permission(p, c + 1) &*&
               is_bad_nonce_is_public(proof, pub, pred) &*&
               pred() &*& crypto_chars(normal, iv, 16, ?ccs) &*&
               result != 0 || ccs == ccs_for_cg(cg_nonce(p, c + 1));@*/
{
  int result = -1;
  //@ close random_request(p, 0, false);
  if (havege_random(state, iv, 16) == 0)
  {
    //@ open cryptogram(iv, 16, ?ccs_iv, ?cg_iv);
    //@ close cryptogram(iv, 16, ccs_iv, cg_iv);
    //@ proof(cg_iv);
    //@ public_cryptogram(iv, cg_iv);
    
    result = 0;
  }
  //@ chars_to_crypto_chars(iv, 16);
  return result;
}
Ejemplo n.º 3
0
void attacker_send_random(havege_state *havege_state, void* socket)
  //@ requires attacker_invariant(?pub, ?pred, ?kc, havege_state, socket, ?attacker);
  //@ ensures  attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
{
  int temp;
  int size;
  char buffer[MAX_MESSAGE_SIZE];

  //@ open attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
  //@ close_havege_util(pub, pred, attacker);
  r_int_with_bounds(havege_state, &temp, MIN_RANDOM_SIZE, MAX_MESSAGE_SIZE);
  size = temp;
  r_int_with_bounds(havege_state, &temp, 0, INT_MAX);
  //@ open_havege_util(pub, pred, attacker);
  //@ close random_request(attacker, temp, false);
  if (havege_random(havege_state, buffer, (unsigned int) size) == 0)
  {
    //@ assert cryptogram(buffer, size, ?ccs, ?cg);
    //@ assert is_bad_nonce_is_public(?proof, pub, pred);
    //@ proof(cg);
    //@ public_cryptogram(buffer, cg);
    net_send(socket, buffer, (unsigned int) size);
  }
  //@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
}
Ejemplo n.º 4
0
result_t crypto_base::randomBytes(int32_t size, obj_ptr<Buffer_base> &retVal,
                                  exlib::AsyncEvent *ac)
{
    if (!ac)
        return CHECK_ERROR(CALL_E_NOSYNC);

    time_t t;
    int i, ret;
    havege_state hs;
    unsigned char buf[1024];
    std::string strBuf;

    strBuf.resize(size);

    havege_init(&hs);

    t = time(NULL);

    for (i = 0; i < size; i += sizeof(buf))
    {
        ret = havege_random(&hs, buf, sizeof(buf));
        if (ret != 0)
            return CHECK_ERROR(_ssl::setError(ret));

        memcpy(&strBuf[i], buf, size - i > (int)sizeof(buf) ? (int)sizeof(buf) : size - i);
    }

    if (t == time(NULL))
        t--;

    retVal = new Buffer(strBuf);

    return 0;
}
Ejemplo n.º 5
0
std::string Config::getChallenge()
{
    unsigned char challenge[32];
    unsigned char challenge64[64];
    size_t challenge64Size = 64;
    havege_random((void*)&(this->havegeState), challenge, 32);
    base64_encode(challenge64, &challenge64Size,challenge, 32);
    challenge64[challenge64Size] = 0;

    std::string ret = (char *) challenge64;

    return ret;
}
Ejemplo n.º 6
0
int havege_poll( void *data,
                 unsigned char *output, size_t len, size_t *olen )
{
    havege_state *hs = (havege_state *) data;
    *olen = 0;

    if( havege_random( hs, output, len ) != 0 )
        return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );

    *olen = len;

    return( 0 );
}
int asym_enc_havege_random_stub(void *havege_state, char *output, size_t len)
  /*@ requires [?f]havege_state_initialized(havege_state) &*&
               random_request(?principal, ?info, ?key_request) &*&
               random_permission(principal, ?count) &*&
               chars(output, len, _) &*& len >= MIN_RANDOM_SIZE;
  @*/
  /*@ ensures  [f]havege_state_initialized(havege_state) &*&
               random_permission(principal, count + 1) &*&
               result == 0 ?
                 cryptogram(output, len, ?cs, ?cg) &*&
                 info == cg_info(cg) &*&
                 key_request ?
                   cg == cg_symmetric_key(principal, count + 1)
                 :
                   cg == cg_nonce(principal, count + 1)
               :
                 chars(output, len, _);
  @*/
{
  return havege_random(havege_state, output, len);
}
Ejemplo n.º 8
0
void Config::setAuth(bool _useAuth, const char *pass)
{
    size_t passLength = strlen(pass);

    this->useAuth = _useAuth;
    
    if(useAuth)
    {
        unsigned char salt[32];
        unsigned char salt64[64];
        size_t salt64Size = 64;
        havege_random((void*)&(this->havegeState), salt, 32);
        base64_encode(salt64, &salt64Size, salt, 32);
        salt64[salt64Size] = 0;

        int saltPlusPassSize = salt64Size + passLength;

        char* saltPlusPass = (char*)malloc(saltPlusPassSize);

        memcpy(saltPlusPass, pass, passLength);
        memcpy(saltPlusPass + passLength, salt64, salt64Size);

        unsigned char passHash[32];
        unsigned char passHash64[64];
        size_t passHash64Size = 64;

        sha2((unsigned char *)saltPlusPass, saltPlusPassSize, passHash, 0);

        zero(saltPlusPass, saltPlusPassSize);
        free(saltPlusPass);
        
        base64_encode(passHash64, &passHash64Size, passHash, 32);

        passHash64[passHash64Size] = 0;

        this->authHash = (char *)passHash64;
        this->authSalt = (char *)salt64;
    }
}
Ejemplo n.º 9
0
int gen_key( unsigned char *key, int key_lenght){

	int i = 0;
	int ret = 1;

	havege_state *hs = malloc(sizeof( havege_state))  ;

	if( hs == NULL )
		return -1;


	havege_init(hs);		

	ret = havege_random( hs, key, key_lenght); 

	for( i= 0; i < key_lenght; i++)
		printf("%c",key[i]);

	free(hs);
	
	return ret;
}
Ejemplo n.º 10
0
int main( int argc, char *argv[] )
{
    int keysize;
    unsigned long i, j, tsc;
    unsigned char tmp[64];
#if defined(POLARSSL_ARC4_C)
    arc4_context arc4;
#endif
#if defined(POLARSSL_DES_C)
    des3_context des3;
    des_context des;
#endif
#if defined(POLARSSL_AES_C)
    aes_context aes;
#endif
#if defined(POLARSSL_CAMELLIA_C)
    camellia_context camellia;
#endif
#if defined(POLARSSL_RSA_C) && defined(POLARSSL_BIGNUM_C) &&    \
    defined(POLARSSL_GENPRIME)
    rsa_context rsa;
#endif
#if defined(POLARSSL_HAVEGE_C)
    havege_state hs;
#endif
#if defined(POLARSSL_CTR_DRBG_C)
    ctr_drbg_context    ctr_drbg;
#endif
    ((void) argc);
    ((void) argv);

    memset( buf, 0xAA, sizeof( buf ) );

    printf( "\n" );

#if defined(POLARSSL_MD4_C)
    printf( HEADER_FORMAT, "MD4" );
    fflush( stdout );

    set_alarm( 1 );
    for( i = 1; ! alarmed; i++ )
        md4( buf, BUFSIZE, tmp );

    tsc = hardclock();
    for( j = 0; j < 1024; j++ )
        md4( buf, BUFSIZE, tmp );

    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif

#if defined(POLARSSL_MD5_C)
    printf( HEADER_FORMAT, "MD5" );
    fflush( stdout );

    set_alarm( 1 );
    for( i = 1; ! alarmed; i++ )
        md5( buf, BUFSIZE, tmp );

    tsc = hardclock();
    for( j = 0; j < 1024; j++ )
        md5( buf, BUFSIZE, tmp );

    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif

#if defined(POLARSSL_SHA1_C)
    printf( HEADER_FORMAT, "SHA-1" );
    fflush( stdout );

    set_alarm( 1 );
    for( i = 1; ! alarmed; i++ )
        sha1( buf, BUFSIZE, tmp );

    tsc = hardclock();
    for( j = 0; j < 1024; j++ )
        sha1( buf, BUFSIZE, tmp );

    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif

#if defined(POLARSSL_SHA2_C)
    printf( HEADER_FORMAT, "SHA-256" );
    fflush( stdout );

    set_alarm( 1 );
    for( i = 1; ! alarmed; i++ )
        sha2( buf, BUFSIZE, tmp, 0 );

    tsc = hardclock();
    for( j = 0; j < 1024; j++ )
        sha2( buf, BUFSIZE, tmp, 0 );

    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif

#if defined(POLARSSL_SHA4_C)
    printf( HEADER_FORMAT, "SHA-512" );
    fflush( stdout );

    set_alarm( 1 );
    for( i = 1; ! alarmed; i++ )
        sha4( buf, BUFSIZE, tmp, 0 );

    tsc = hardclock();
    for( j = 0; j < 1024; j++ )
        sha4( buf, BUFSIZE, tmp, 0 );

    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif

#if defined(POLARSSL_ARC4_C)
    printf( HEADER_FORMAT, "ARC4" );
    fflush( stdout );

    arc4_setup( &arc4, tmp, 32 );

    set_alarm( 1 );
    for( i = 1; ! alarmed; i++ )
        arc4_crypt( &arc4, BUFSIZE, buf, buf );

    tsc = hardclock();
    for( j = 0; j < 1024; j++ )
        arc4_crypt( &arc4, BUFSIZE, buf, buf );

    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif

#if defined(POLARSSL_DES_C)
    printf( HEADER_FORMAT, "3DES" );
    fflush( stdout );

    des3_set3key_enc( &des3, tmp );

    set_alarm( 1 );
    for( i = 1; ! alarmed; i++ )
        des3_crypt_cbc( &des3, DES_ENCRYPT, BUFSIZE, tmp, buf, buf );

    tsc = hardclock();
    for( j = 0; j < 1024; j++ )
        des3_crypt_cbc( &des3, DES_ENCRYPT, BUFSIZE, tmp, buf, buf );

    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );

    printf( HEADER_FORMAT, "DES" );
    fflush( stdout );

    des_setkey_enc( &des, tmp );

    set_alarm( 1 );
    for( i = 1; ! alarmed; i++ )
        des_crypt_cbc( &des, DES_ENCRYPT, BUFSIZE, tmp, buf, buf );

    tsc = hardclock();
    for( j = 0; j < 1024; j++ )
        des_crypt_cbc( &des, DES_ENCRYPT, BUFSIZE, tmp, buf, buf );

    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif

#if defined(POLARSSL_AES_C)
    for( keysize = 128; keysize <= 256; keysize += 64 )
    {
        printf( "  AES-%d         :  ", keysize );
        fflush( stdout );

        memset( buf, 0, sizeof( buf ) );
        memset( tmp, 0, sizeof( tmp ) );
        aes_setkey_enc( &aes, tmp, keysize );

        set_alarm( 1 );

        for( i = 1; ! alarmed; i++ )
            aes_crypt_cbc( &aes, AES_ENCRYPT, BUFSIZE, tmp, buf, buf );

        tsc = hardclock();
        for( j = 0; j < 4096; j++ )
            aes_crypt_cbc( &aes, AES_ENCRYPT, BUFSIZE, tmp, buf, buf );

        printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
                        ( hardclock() - tsc ) / ( j * BUFSIZE ) );
    }
#endif

#if defined(POLARSSL_CAMELLIA_C)
    for( keysize = 128; keysize <= 256; keysize += 64 )
    {
        printf( "  CAMELLIA-%d    :  ", keysize );
        fflush( stdout );

        memset( buf, 0, sizeof( buf ) );
        memset( tmp, 0, sizeof( tmp ) );
        camellia_setkey_enc( &camellia, tmp, keysize );

        set_alarm( 1 );

        for( i = 1; ! alarmed; i++ )
            camellia_crypt_cbc( &camellia, CAMELLIA_ENCRYPT, BUFSIZE, tmp, buf, buf );

        tsc = hardclock();
        for( j = 0; j < 4096; j++ )
            camellia_crypt_cbc( &camellia, CAMELLIA_ENCRYPT, BUFSIZE, tmp, buf, buf );

        printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
                        ( hardclock() - tsc ) / ( j * BUFSIZE ) );
    }
#endif

#if defined(POLARSSL_HAVEGE_C)
    printf( HEADER_FORMAT, "HAVEGE" );
    fflush( stdout );

    havege_init( &hs );

    set_alarm( 1 );
    for( i = 1; ! alarmed; i++ )
        havege_random( &hs, buf, BUFSIZE );

    tsc = hardclock();
    for( j = 1; j < 1024; j++ )
        havege_random( &hs, buf, BUFSIZE );

    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif

#if defined(POLARSSL_CTR_DRBG_C)
    printf( HEADER_FORMAT, "CTR_DRBG (NOPR)" );
    fflush( stdout );

    if( ctr_drbg_init( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
        exit(1);

    set_alarm( 1 );
    for( i = 1; ! alarmed; i++ )
        if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
            exit(1);

    tsc = hardclock();
    for( j = 1; j < 1024; j++ )
        if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
            exit(1);

    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );

    printf( HEADER_FORMAT, "CTR_DRBG (PR)" );
    fflush( stdout );

    if( ctr_drbg_init( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
        exit(1);

    ctr_drbg_set_prediction_resistance( &ctr_drbg, CTR_DRBG_PR_ON );

    set_alarm( 1 );
    for( i = 1; ! alarmed; i++ )
        if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
            exit(1);

    tsc = hardclock();
    for( j = 1; j < 1024; j++ )
        if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
            exit(1);

    printf( "%9lu Kb/s,  %9lu cycles/byte\n", i * BUFSIZE / 1024,
                    ( hardclock() - tsc ) / ( j * BUFSIZE ) );
#endif

#if defined(POLARSSL_RSA_C) && defined(POLARSSL_BIGNUM_C) &&    \
    defined(POLARSSL_GENPRIME)
    rsa_init( &rsa, RSA_PKCS_V15, 0 );
    rsa_gen_key( &rsa, myrand, NULL, 1024, 65537 );

    printf( HEADER_FORMAT, "RSA-1024" );
    fflush( stdout );
    set_alarm( 3 );

    for( i = 1; ! alarmed; i++ )
    {
        buf[0] = 0;
        rsa_public( &rsa, buf, buf );
    }

    printf( "%9lu  public/s\n", i / 3 );

    printf( HEADER_FORMAT, "RSA-1024" );
    fflush( stdout );
    set_alarm( 3 );

    for( i = 1; ! alarmed; i++ )
    {
        buf[0] = 0;
        rsa_private( &rsa, buf, buf );
    }

    printf( "%9lu private/s\n", i / 3 );

    rsa_free( &rsa );

    rsa_init( &rsa, RSA_PKCS_V15, 0 );
    rsa_gen_key( &rsa, myrand, NULL, 2048, 65537 );

    printf( HEADER_FORMAT, "RSA-2048" );
    fflush( stdout );
    set_alarm( 3 );

    for( i = 1; ! alarmed; i++ )
    {
        buf[0] = 0;
        rsa_public( &rsa, buf, buf );
    }

    printf( "%9lu  public/s\n", i / 3 );

    printf( HEADER_FORMAT, "RSA-2048" );
    fflush( stdout );
    set_alarm( 3 );

    for( i = 1; ! alarmed; i++ )
    {
        buf[0] = 0;
        rsa_private( &rsa, buf, buf );
    }

    printf( "%9lu private/s\n", i / 3 );

    rsa_free( &rsa );

    rsa_init( &rsa, RSA_PKCS_V15, 0 );
    rsa_gen_key( &rsa, myrand, NULL, 4096, 65537 );

    printf( HEADER_FORMAT, "RSA-4096" );
    fflush( stdout );
    set_alarm( 3 );

    for( i = 1; ! alarmed; i++ )
    {
        buf[0] = 0;
        rsa_public( &rsa, buf, buf );
    }

    printf( "%9lu  public/s\n", i / 3 );

    printf( HEADER_FORMAT, "RSA-4096" );
    fflush( stdout );
    set_alarm( 3 );

    for( i = 1; ! alarmed; i++ )
    {
        buf[0] = 0;
        rsa_private( &rsa, buf, buf );
    }

    printf( "%9lu private/s\n", i / 3 );

    rsa_free( &rsa );
#endif

    printf( "\n" );

#if defined(_WIN32)
    printf( "  Press Enter to exit this program.\n" );
    fflush( stdout ); getchar();
#endif

    return( 0 );
}
void app_send(char *key, char *message, int message_len)
  /*@ requires polarssl_generated_values(?creator, ?count1) &*&
               [?f0]polarssl_world(sc_auth_polarssl_pub) &*&
               [?f1]polarssl_cryptogram(key, KEY_BYTE_SIZE, ?key_cs, ?key_cg) &*&
                 key_cg == polarssl_symmetric_key(creator, ?key_id) &*&
               [?f2]chars(message, message_len, ?m_cs) &*&
                 message_len >= POLARSSL_MIN_ENCRYPTED_BYTE_SIZE &*&
                 message_len < POLARSSL_MAX_MESSAGE_BYTE_SIZE - 84 &*&
                 bad(creator) ?
                   [_]polarssl_public_generated_chars(sc_auth_polarssl_pub)(m_cs)
                 :
                   true == app_send_event(creator, m_cs);
  @*/
  /*@ ensures  polarssl_generated_values(creator, ?count2) &*& count2 > count1 &*&
               [f0]polarssl_world(sc_auth_polarssl_pub) &*&
               [f1]polarssl_cryptogram(key, KEY_BYTE_SIZE, key_cs, key_cg) &*&
               [f2]chars(message, message_len, m_cs);
  @*/
{
  int socket;
  havege_state havege_state;
  char iv[16];

  // init
  {
    net_usleep(20000);
    if(net_connect(&socket, NULL, APP_RECEIVE_PORT) != 0)
      abort();
    if(net_set_block(socket) != 0)
      abort();

    //@ close havege_state(&havege_state);
    havege_init(&havege_state);
  }

  // iv stuff
  {
    //@ close random_request(creator, 0, false);
    if (havege_random(&havege_state, iv, 16) != 0) abort();  
  }
  //@ open polarssl_cryptogram(iv, 16, ?iv_cs, _);

  char* m = malloc(16 + message_len + 16);
  if (m == 0) abort();
  memcpy(m, iv, 16);
  //@ assert chars(m, 16, iv_cs);
  //@ assert chars(m + 16, message_len + 16, ?cs1);
  //@ polarssl_public_generated_chars_assume(sc_auth_polarssl_pub, iv_cs);
   
  // encrypt message
  {
    unsigned int temp;
    gcm_context gcm_context;
    //@ close gcm_context(&gcm_context);
    //@ open [f1]polarssl_cryptogram(key, KEY_BYTE_SIZE, key_cs, key_cg);
    //@ close polarssl_key_id(creator, key_id);
    if (gcm_init(&gcm_context, POLARSSL_AES_CIPHER_ID, key, 
                (unsigned int) KEY_BYTE_SIZE * 8) != 0) abort();
    //@ close [f1]polarssl_cryptogram(key, KEY_BYTE_SIZE, key_cs, key_cg);
    //@ chars_split(m + 16, message_len);
    if (gcm_crypt_and_tag(&gcm_context, POLARSSL_GCM_ENCRYPT, 
                          (unsigned int) message_len,
                          iv, 16, NULL, 0, message, m + 16, 16,
                          (char*) ((m + 16) + message_len)) != 0)
      abort();
    gcm_free(&gcm_context);
    //@ open gcm_context(&gcm_context);
  }
  //@ assert polarssl_cryptogram(m + 16, message_len, ?e_cs, ?e_cg);
  /*@ assert e_cg == polarssl_auth_encrypted(
                                       creator, key_id, ?t_cs, m_cs, iv_cs); @*/
  //@ close sc_auth_polarssl_pub(e_cg);
  //@ leak sc_auth_polarssl_pub(e_cg);
  /*@ polarssl_public_message_from_cryptogram(
                     sc_auth_polarssl_pub, m + 16, message_len, e_cs, e_cg); @*/
  /*@ open polarssl_public_message(sc_auth_polarssl_pub)
                                  (m + 16, message_len, e_cs); @*/
  //@ assert chars(m + 16 + message_len, 16, t_cs);
  //@ chars_join(m);
  //@ chars_join(m);
  //@ assert chars(m, 16 + message_len + 16, ?cs);
  //@ append_assoc(iv_cs, e_cs, t_cs);
  //@ assert cs == append(iv_cs, append(e_cs, t_cs));
  
  //@ polarssl_public_generated_chars_assume(sc_auth_polarssl_pub, t_cs);
  /*@ polarssl_public_generated_chars_join(
                                         sc_auth_polarssl_pub, iv_cs, e_cs); @*/
  /*@ polarssl_public_generated_chars_join(
                           sc_auth_polarssl_pub, append(iv_cs, e_cs), t_cs); @*/
  /*@ close polarssl_public_message(sc_auth_polarssl_pub)
                                   (m, 16 + message_len + 16,
                                    append(iv_cs, append(e_cs, t_cs))); @*/
  net_send(&socket, m, (unsigned int) 16 + (unsigned int) message_len + 16);
  //@ open polarssl_public_message(sc_auth_polarssl_pub)(m, _, _);

  {
    free(m);
    havege_free(&havege_state);
    //@ open havege_state(&havege_state);
    net_close(socket);
  }
}
Ejemplo n.º 12
0
int main( int argc, char *argv[] )
{
    int keysize, i;
    unsigned char tmp[200];
    char title[TITLE_LEN];
    todo_list todo;

    if( argc == 1 )
        memset( &todo, 1, sizeof( todo ) );
    else
    {
        memset( &todo, 0, sizeof( todo ) );

        for( i = 1; i < argc; i++ )
        {
            if( strcmp( argv[i], "md4" ) == 0 )
                todo.md4 = 1;
            else if( strcmp( argv[i], "md5" ) == 0 )
                todo.md5 = 1;
            else if( strcmp( argv[i], "ripemd160" ) == 0 )
                todo.ripemd160 = 1;
            else if( strcmp( argv[i], "sha1" ) == 0 )
                todo.sha1 = 1;
            else if( strcmp( argv[i], "sha256" ) == 0 )
                todo.sha256 = 1;
            else if( strcmp( argv[i], "sha512" ) == 0 )
                todo.sha512 = 1;
            else if( strcmp( argv[i], "arc4" ) == 0 )
                todo.arc4 = 1;
            else if( strcmp( argv[i], "des3" ) == 0 )
                todo.des3 = 1;
            else if( strcmp( argv[i], "des" ) == 0 )
                todo.des = 1;
            else if( strcmp( argv[i], "aes_cbc" ) == 0 )
                todo.aes_cbc = 1;
            else if( strcmp( argv[i], "aes_gcm" ) == 0 )
                todo.aes_gcm = 1;
            else if( strcmp( argv[i], "camellia" ) == 0 )
                todo.camellia = 1;
            else if( strcmp( argv[i], "blowfish" ) == 0 )
                todo.blowfish = 1;
            else if( strcmp( argv[i], "havege" ) == 0 )
                todo.havege = 1;
            else if( strcmp( argv[i], "ctr_drbg" ) == 0 )
                todo.ctr_drbg = 1;
            else if( strcmp( argv[i], "hmac_drbg" ) == 0 )
                todo.hmac_drbg = 1;
            else if( strcmp( argv[i], "rsa" ) == 0 )
                todo.rsa = 1;
            else if( strcmp( argv[i], "dhm" ) == 0 )
                todo.dhm = 1;
            else if( strcmp( argv[i], "ecdsa" ) == 0 )
                todo.ecdsa = 1;
            else if( strcmp( argv[i], "ecdh" ) == 0 )
                todo.ecdh = 1;
            else
            {
                printf( "Unrecognized option: %s\n", argv[i] );
                printf( "Available options:" OPTIONS );
            }
        }
    }

    printf( "\n" );

    memset( buf, 0xAA, sizeof( buf ) );

#if defined(POLARSSL_MD4_C)
    if( todo.md4 )
        TIME_AND_TSC( "MD4", md4( buf, BUFSIZE, tmp ) );
#endif

#if defined(POLARSSL_MD5_C)
    if( todo.md5 )
        TIME_AND_TSC( "MD5", md5( buf, BUFSIZE, tmp ) );
#endif

#if defined(POLARSSL_RIPEMD160_C)
    if( todo.ripemd160 )
        TIME_AND_TSC( "RIPEMD160", ripemd160( buf, BUFSIZE, tmp ) );
#endif

#if defined(POLARSSL_SHA1_C)
    if( todo.sha1 )
        TIME_AND_TSC( "SHA-1", sha1( buf, BUFSIZE, tmp ) );
#endif

#if defined(POLARSSL_SHA256_C)
    if( todo.sha256 )
        TIME_AND_TSC( "SHA-256", sha256( buf, BUFSIZE, tmp, 0 ) );
#endif

#if defined(POLARSSL_SHA512_C)
    if( todo.sha512 )
        TIME_AND_TSC( "SHA-512", sha512( buf, BUFSIZE, tmp, 0 ) );
#endif

#if defined(POLARSSL_ARC4_C)
    if( todo.arc4 )
    {
        arc4_context arc4;
        arc4_setup( &arc4, tmp, 32 );
        TIME_AND_TSC( "ARC4", arc4_crypt( &arc4, BUFSIZE, buf, buf ) );
    }
#endif

#if defined(POLARSSL_DES_C) && defined(POLARSSL_CIPHER_MODE_CBC)
    if( todo.des3 )
    {
        des3_context des3;
        des3_set3key_enc( &des3, tmp );
        TIME_AND_TSC( "3DES",
                des3_crypt_cbc( &des3, DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
    }

    if( todo.des )
    {
        des_context des;
        des_setkey_enc( &des, tmp );
        TIME_AND_TSC( "DES",
                des_crypt_cbc( &des, DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
    }
#endif

#if defined(POLARSSL_AES_C)
#if defined(POLARSSL_CIPHER_MODE_CBC)
    if( todo.aes_cbc )
    {
        aes_context aes;
        for( keysize = 128; keysize <= 256; keysize += 64 )
        {
            snprintf( title, sizeof( title ), "AES-CBC-%d", keysize );

            memset( buf, 0, sizeof( buf ) );
            memset( tmp, 0, sizeof( tmp ) );
            aes_setkey_enc( &aes, tmp, keysize );

            TIME_AND_TSC( title,
                aes_crypt_cbc( &aes, AES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
        }
    }
#endif
#if defined(POLARSSL_GCM_C)
    if( todo.aes_gcm )
    {
        gcm_context gcm;
        for( keysize = 128; keysize <= 256; keysize += 64 )
        {
            snprintf( title, sizeof( title ), "AES-GCM-%d", keysize );

            memset( buf, 0, sizeof( buf ) );
            memset( tmp, 0, sizeof( tmp ) );
            gcm_init( &gcm, POLARSSL_CIPHER_ID_AES, tmp, keysize );

            TIME_AND_TSC( title,
                    gcm_crypt_and_tag( &gcm, GCM_ENCRYPT, BUFSIZE, tmp,
                        12, NULL, 0, buf, buf, 16, tmp ) );

            gcm_free( &gcm );
        }
    }
#endif
#endif

#if defined(POLARSSL_CAMELLIA_C) && defined(POLARSSL_CIPHER_MODE_CBC)
    if( todo.camellia )
    {
        camellia_context camellia;
        for( keysize = 128; keysize <= 256; keysize += 64 )
        {
            snprintf( title, sizeof( title ), "CAMELLIA-CBC-%d", keysize );

            memset( buf, 0, sizeof( buf ) );
            memset( tmp, 0, sizeof( tmp ) );
            camellia_setkey_enc( &camellia, tmp, keysize );

            TIME_AND_TSC( title,
                    camellia_crypt_cbc( &camellia, CAMELLIA_ENCRYPT,
                        BUFSIZE, tmp, buf, buf ) );
        }
    }
#endif

#if defined(POLARSSL_BLOWFISH_C) && defined(POLARSSL_CIPHER_MODE_CBC)
    if( todo.blowfish )
    {
        blowfish_context blowfish;
        for( keysize = 128; keysize <= 256; keysize += 64 )
        {
            snprintf( title, sizeof( title ), "BLOWFISH-CBC-%d", keysize );

            memset( buf, 0, sizeof( buf ) );
            memset( tmp, 0, sizeof( tmp ) );
            blowfish_setkey( &blowfish, tmp, keysize );

            TIME_AND_TSC( title,
                    blowfish_crypt_cbc( &blowfish, BLOWFISH_ENCRYPT, BUFSIZE,
                        tmp, buf, buf ) );
        }
    }
#endif

#if defined(POLARSSL_HAVEGE_C)
    if( todo.havege )
    {
        havege_state hs;
        havege_init( &hs );
        TIME_AND_TSC( "HAVEGE", havege_random( &hs, buf, BUFSIZE ) );
    }
#endif

#if defined(POLARSSL_CTR_DRBG_C)
    if( todo.ctr_drbg )
    {
        ctr_drbg_context ctr_drbg;

        if( ctr_drbg_init( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
            exit(1);
        TIME_AND_TSC( "CTR_DRBG (NOPR)",
                if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
                exit(1) );

        if( ctr_drbg_init( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
            exit(1);
        ctr_drbg_set_prediction_resistance( &ctr_drbg, CTR_DRBG_PR_ON );
        TIME_AND_TSC( "CTR_DRBG (PR)",
                if( ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
                exit(1) );
    }
Ejemplo n.º 13
0
int main(int argc, char **argv) //@ : main_full(main_app)
    //@ requires module(main_app, true);
    //@ ensures true;
{
  pthread_t a_thread;
  havege_state havege_state;

  printf("\n\tExecuting \"");
  printf("yahalom protocol");
  printf("\" ... \n\n");

  //@ PROTOCOL_INIT(yahalom)
  //@ int server = principal_create();
  //@ assert server == 1;
  //@ int sender = principal_create();
  //@ assert sender == 2;
  //@ int receiver = principal_create();
  //@ assert receiver == 3;

  //@ int attacker = principal_create();
  //@ assume (bad(attacker));
  //@ close havege_state(&havege_state);
  havege_init(&havege_state);
  //@ assume (bad(attacker));
  //@ close pthread_run_pre(attacker_t)(NULL, some(attacker));
  pthread_create(&a_thread, NULL, &attacker_t, NULL);

  int i = 0;
#ifdef EXECUTE
  while (i++ < 10)
#else
  while (true)
#endif
    /*@ invariant [_]public_invar(yahalom_pub) &*&
                  [_]decryption_key_classifier(yahalom_public_key) &*&
                  havege_state_initialized(&havege_state) &*&
                  principal(server, ?serv_count) &*&
                  principal(sender, ?send_count) &*&
                  principal(receiver, ?rcvr_count);
    @*/
  {
    char s_key[KEY_SIZE];
    char r_key[KEY_SIZE];
    char key1[KEY_SIZE];
    char key2[KEY_SIZE];

    //@ open principal(sender, _);
    //@ close random_request(sender, int_pair(3, server), true);
    if (havege_random(&havege_state, s_key, KEY_SIZE) != 0) abort();
    //@ close principal(sender, _);
    //@ assert cryptogram(s_key, KEY_SIZE, ?cs_s_key, ?cg_s_key);
    //@ assert cg_s_key == cg_symmetric_key(sender, send_count + 1);

    //@ open principal(receiver, _);
    //@ close random_request(receiver, int_pair(3, server), true);
    if (havege_random(&havege_state, r_key, KEY_SIZE) != 0) abort();
    //@ close principal(receiver, _);
    //@ assert cryptogram(r_key, KEY_SIZE, ?cs_r_key, ?cg_r_key);
    //@ assert cg_r_key == cg_symmetric_key(receiver, rcvr_count + 1);

    {
      pthread_t serv_thread, s_thread, r_thread;
      struct yahalom_args serv_args, s_args, r_args;

      serv_args.server = 1;
      serv_args.sender = 2;
      serv_args.receiver = 3;
      serv_args.s_key = s_key;
      serv_args.r_key = r_key;

      s_args.server = 1;
      s_args.sender = 2;
      s_args.receiver = 3;
      s_args.s_key = s_key;
      s_args.key = key1;

      r_args.server = 1;
      r_args.sender = 2;
      r_args.receiver = 3;
      r_args.r_key = r_key;
      r_args.key = key2;

      //@ close pthread_run_pre(server_t)(&serv_args, ?serv_data);
      pthread_create(&serv_thread, NULL, &server_t, &serv_args);
      //@ close pthread_run_pre(sender_t)(&s_args, ?s_data);
      pthread_create(&s_thread, NULL, &sender_t, &s_args);
      //@ close pthread_run_pre(receiver_t)(&r_args, ?r_data);
      pthread_create(&r_thread, NULL, &receiver_t, &r_args);

      pthread_join(serv_thread, NULL);
      //@ open pthread_run_post(server_t)(&serv_args, serv_data);
      pthread_join(s_thread, NULL);
      //@ open pthread_run_post(sender_t)(&s_args, s_data);
      pthread_join(r_thread, NULL);
      //@ open pthread_run_post(receiver_t)(&r_args, r_data);
    }

    //@ open cryptogram(key1, KEY_SIZE, ?cs_key1, _);
    zeroize(key1, KEY_SIZE);
    //@ open cryptogram(key2, KEY_SIZE, ?cs_key2, _);
    zeroize(key2, KEY_SIZE);
    //@ open [1/2]cryptogram(s_key, KEY_SIZE, _, _);
    //@ open [1/2]cryptogram(s_key, KEY_SIZE, _, _);
    zeroize(s_key, KEY_SIZE);
    //@ open [1/2]cryptogram(r_key, KEY_SIZE, _, _);
    //@ open [1/2]cryptogram(r_key, KEY_SIZE, _, _);
    zeroize(r_key, KEY_SIZE);
    printf(" |%i| ", i);
  }

  printf("\n\n\t\tDone\n");
  return 0;
}
Ejemplo n.º 14
0
void sender(char *enc_key, char *hmac_key, char *msg, unsigned int msg_len)
/*@ requires [_]public_invar(enc_then_hmac_pub) &*&
             principal(?sender, _) &*&
             [?f1]cryptogram(enc_key, KEY_SIZE, ?enc_key_ccs, ?enc_key_cg) &*&
             [?f2]cryptogram(hmac_key, KEY_SIZE, ?hmac_key_ccs, ?hmac_key_cg) &*&
               enc_key_cg == cg_symmetric_key(sender, ?enc_id) &*&
               hmac_key_cg == cg_symmetric_key(sender, ?hmac_id) &*&
                 cg_info(hmac_key_cg) == enc_id &*&
               shared_with(sender, enc_id) == shared_with(sender, hmac_id) &*&
             [?f3]crypto_chars(secret, msg, msg_len, ?msg_ccs) &*&
               MAX_SIZE >= msg_len &*& msg_len >= MINIMAL_STRING_SIZE &*&
               bad(sender) || bad(shared_with(sender, enc_id)) ?
                 [_]public_ccs(msg_ccs)
               :
                 true == send(sender, shared_with(sender, enc_id), msg_ccs); @*/
/*@ ensures  principal(sender, _) &*&
             [f1]cryptogram(enc_key, KEY_SIZE, enc_key_ccs, enc_key_cg) &*&
             [f2]cryptogram(hmac_key, KEY_SIZE, hmac_key_ccs, hmac_key_cg) &*&
             [f3]crypto_chars(secret, msg, msg_len, msg_ccs); @*/
{
  //@ open principal(sender, _);
  int socket;
  havege_state havege_state;

  char iv[16];
  unsigned int iv_off = 0;
  char hmac[64];
  aes_context aes_context;
  
  net_usleep(20000);
  if(net_connect(&socket, NULL, SERVER_PORT) != 0)
    abort();
  if(net_set_block(socket) != 0)
    abort();
  {
    int message_len = 16 + (int) msg_len + 64;
    char* message = malloc(message_len);
    if (message == 0) abort();

    // IV stuff
    //@ close havege_state(&havege_state);
    havege_init(&havege_state);
    //@ close random_request(sender, 0, false);
    if (havege_random(&havege_state, iv, 16) != 0) abort();
    //@ open cryptogram(iv, 16, ?iv_ccs, ?iv_cg);
    //@ close enc_then_hmac_pub(iv_cg);
    //@ leak enc_then_hmac_pub(iv_cg);
    memcpy(message, iv, 16);
    //@ close cryptogram(message, 16, iv_ccs, iv_cg);
    //@ public_cryptogram(message, iv_cg);
    //@ assert chars(message, 16, ?iv_cs);
    //@ public_chars(message, 16);
    havege_free(&havege_state);
    //@ open havege_state(&havege_state);

    // encrypt
    //@ close aes_context(&aes_context);
    if (aes_setkey_enc(&aes_context, enc_key,
                        (unsigned int) (KEY_SIZE * 8)) != 0)
      abort();
    if (aes_crypt_cfb128(&aes_context, AES_ENCRYPT, msg_len,
                         &iv_off, iv, msg, message + 16) != 0)
      abort();
    //@ open cryptogram(message + 16, msg_len, ?enc_ccs, ?enc_cg);
    //@ close cryptogram(message + 16, msg_len, enc_ccs, enc_cg);
    //@ close enc_then_hmac_pub(enc_cg);
    //@ leak enc_then_hmac_pub(enc_cg);
    //@ public_cryptogram(message + 16, enc_cg);
    //@ assert chars(message + 16, msg_len, ?enc_cs);
    //@ public_chars(message + 16, msg_len);
    //@ assert chars(message, 16 + msg_len, append(iv_cs, enc_cs));
    //@ assert enc_cg == cg_encrypted(sender, enc_id, msg_ccs, iv_ccs);
    zeroize(iv, 16);
    aes_free(&aes_context);
    //@ open aes_context(&aes_context);
    
    // hmac
    //@ chars_to_crypto_chars(message, 16 + msg_len);
    //@ HASH_PUB_PAYLOAD(append(iv_cs, enc_cs))
    sha512_hmac(hmac_key, KEY_SIZE, message,
                (unsigned int) (16 + (int) msg_len),
                message + 16 + (int) msg_len, 0);
    //@ assert cryptogram(message + 16 + msg_len, 64, ?hmac_ccs, ?hmac_cg);
    //@ cs_to_ccs_append(iv_cs, enc_cs);
    //@ assert hmac_cg == cg_hmac(sender, hmac_id, append(iv_ccs, enc_ccs));
    /*@ if (!col && !enc_then_hmac_public_key(sender, enc_id, true))
          close enc_then_hmac_pub_1(enc_id, msg_ccs, iv_ccs); @*/
    /*@ if (col || enc_then_hmac_public_key(sender, enc_id, true))
        { 
          assert [_]public_ccs(iv_ccs);
          assert [_]public_ccs(enc_ccs);
          public_ccs_join(iv_ccs, enc_ccs);
        }
    @*/
    //@ close enc_then_hmac_pub(hmac_cg);
    //@ leak enc_then_hmac_pub(hmac_cg);
    //@ public_cryptogram(message + 16 + msg_len, hmac_cg);
    //@ assert chars(message + 16 + msg_len, 64, ?hmac_cs);
    //@ append_assoc(iv_ccs, enc_ccs, hmac_ccs);
    //@ append_assoc(iv_cs, enc_cs, hmac_cs);
    //@ cs_to_ccs_crypto_chars(message, append(iv_cs, enc_cs));
    /*@ assert chars(message, message_len,
                     append(iv_cs, append(enc_cs, hmac_cs))); @*/
    net_send(&socket, message, (unsigned int) message_len);
    
    free(message);
  }
  net_close(socket);
  //@ close principal(sender, _);
}
Ejemplo n.º 15
0
void attacker_send_keys(havege_state *havege_state, void* socket)
  //@ requires attacker_invariant(?pub, ?pred, ?kc, havege_state, socket, ?attacker);
  //@ ensures  attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
{
  pk_context context;
  pk_context context_pub;
  pk_context context_priv;
  unsigned int key_size;

  //@ open attacker_invariant(pub, pred, kc, havege_state, socket, attacker);

  unsigned int temp;
  //@ close_havege_util(pub, pred, attacker);
  r_u_int_with_bounds(havege_state, &temp, 1024, 8192);
  //@ open_havege_util(pub, pred, attacker);
  key_size = temp;
  char* key = malloc((int) key_size);
  if ((key) == 0) abort();
  char* pub_key = malloc((int) key_size);
  if ((pub_key) == 0) abort();
  char* priv_key = malloc((int) key_size);
  if ((priv_key) == 0) abort();

  //@ close random_request(attacker, temp, true);
  if (havege_random(havege_state, key, key_size) != 0) abort();

  //@ close pk_context(&context);
  pk_init(&context);
  //@ close pk_context(&context_pub);
  pk_init(&context_pub);
  //@ close pk_context(&context_priv);
  pk_init(&context_priv);

  if (pk_init_ctx(&context, pk_info_from_type(POLARSSL_PK_RSA)) != 0)
    abort();
  //@ close rsa_key_request(attacker, 0);
  //@ close random_state_predicate(havege_state_initialized);
  /*@ produce_function_pointer_chunk random_function(
                      attacker_key_item_havege_random_stub)
                     (havege_state_initialized)(state, out, len) { call(); } @*/
  if (rsa_gen_key(context.pk_ctx, attacker_key_item_havege_random_stub,
                  havege_state, key_size, 65537) != 0) abort();

  if (pk_write_pubkey_pem(&context, pub_key, key_size) != 0) abort();
  if (pk_write_key_pem(&context, priv_key, key_size) != 0) abort();
  if (pk_parse_public_key(&context_pub, pub_key, key_size) != 0) abort();
  if (pk_parse_key(&context_priv, priv_key, key_size, NULL, 0) != 0) abort();

  //@ assert is_bad_key_is_public(?proof1, pub, pred);
  //@ assert cryptogram(key, key_size, ?key_ccs, ?key_cg);
  //@ proof1(key_cg);
  //@ public_cryptogram(key, key_cg);
  net_send(socket, key, key_size);

  //@ assert is_public_key_is_public(?proof2, pub, pred);
  //@ assert cryptogram(pub_key, key_size, ?pub_key_ccs, ?pub_key_cg);
  //@ proof2(pub_key_cg);
  //@ public_cryptogram(pub_key, pub_key_cg);
  net_send(socket, pub_key, key_size);

  //@ assert is_bad_private_key_is_public(?proof3, pub, pred);
  //@ assert cryptogram(priv_key, key_size, ?priv_key_ccs, ?priv_key_cg);
  //@ proof3(priv_key_cg);
  //@ public_cryptogram(priv_key, priv_key_cg);
  net_send(socket, priv_key, key_size);

  //@ open random_state_predicate(havege_state_initialized);
  //@ pk_release_context_with_keys(&context);
  pk_free(&context);
  //@ open pk_context(&context);
  //@ pk_release_context_with_key(&context_pub);
  pk_free(&context_pub);
  //@ open pk_context(&context_pub);
  //@ pk_release_context_with_key(&context_priv);
  pk_free(&context_priv);
  //@ open pk_context(&context_priv);
  free(key);
  free(pub_key);
  free(priv_key);

  //@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
}
Ejemplo n.º 16
0
void sender(int sender, int receiver,
            char *s_priv_key, char *r_pub_key,
            char *s_nonce, char *r_nonce)
/*@ requires [_]public_invar(nsl_pub) &*&
             [_]decryption_key_classifier(nsl_public_key) &*&
             principal(sender, _) &*&
             [?f1]cryptogram(s_priv_key, 8 * KEY_SIZE,
                             ?s_priv_key_ccs, ?s_priv_key_cg) &*&
               s_priv_key_cg == cg_private_key(sender, ?s_id) &*&
             [?f2]cryptogram(r_pub_key, 8 * KEY_SIZE,
                             ?r_pub_key_ccs, ?r_pub_key_cg) &*&
               r_pub_key_cg == cg_public_key(receiver, ?r_id) &*&
             chars(s_nonce, NONCE_SIZE, _) &*&
             chars(r_nonce, NONCE_SIZE, _); @*/
/*@ ensures  principal(sender, _) &*&
             [f1]cryptogram(s_priv_key, 8 * KEY_SIZE,
                            s_priv_key_ccs, s_priv_key_cg) &*&
             [f2]cryptogram(r_pub_key, 8 * KEY_SIZE,
                            r_pub_key_ccs, r_pub_key_cg) &*&
             cryptogram(s_nonce, NONCE_SIZE, ?s_nonce_ccs, ?s_nonce_cg) &*&
               s_nonce_cg == cg_nonce(sender, _) &*&
               cg_info(s_nonce_cg) == int_pair(1, int_pair(receiver, r_id)) &*&
             col || bad(sender) || bad(receiver) ?
               chars(r_nonce, NONCE_SIZE, _)
             :
               cryptogram(r_nonce, NONCE_SIZE, _, ?r_nonce_cg) &*&
               r_nonce_cg == cg_nonce(receiver, _) &*&
               cg_info(r_nonce_cg) == int_pair(2, int_pair(sender, int_pair(sender,
                                                  int_pair(receiver, r_id)))); @*/
{
  int socket;
  pk_context s_context;
  pk_context r_context;
  havege_state havege_state;

  net_usleep(20000);
  if(net_connect(&socket, NULL, SERVER_PORT) != 0)
    abort();
  if(net_set_block(socket) != 0)
    abort();

  //@ close pk_context(&s_context);
  pk_init(&s_context);
  if (pk_parse_key(&s_context, s_priv_key,
                   (unsigned int) 8 * KEY_SIZE, NULL, 0) != 0)
    abort();
  //@ close pk_context(&r_context);
  pk_init(&r_context);
  if (pk_parse_public_key(&r_context, r_pub_key,
                          (unsigned int) 8 * KEY_SIZE) != 0)
    abort();

  // Generate NA
  //@ open principal(sender, _);
  //@ close havege_state(&havege_state);
  havege_init(&havege_state);
  //@ close random_request(sender, int_pair(1, int_pair(receiver, r_id)), false);
  if (havege_random(&havege_state, s_nonce, NONCE_SIZE) != 0) abort();
  //@ assert cryptogram(s_nonce, NONCE_SIZE, ?cs_s_nonce, ?cg_s_nonce);
  //@ close principal(sender, _);

  sender_msg1(&socket, &havege_state, &r_context, sender, s_nonce);
  sender_msg2(&socket, &havege_state, &s_context, sender, receiver,
              s_nonce, r_nonce);
  sender_msg3(&socket, &havege_state, &r_context, sender, r_nonce);
  havege_free(&havege_state);
  //@ open havege_state(&havege_state);

  //@ pk_release_context_with_key(&s_context);
  pk_free(&s_context);
  //@ open pk_context(&s_context);
  //@ pk_release_context_with_key(&r_context);
  pk_free(&r_context);
  //@ open pk_context(&r_context);

  net_close(socket);
}
Ejemplo n.º 17
0
void receiver(int sender, int receiver,
              char *s_pub_key, char *r_priv_key,
              char *s_nonce, char *r_nonce)
/*@ requires [_]public_invar(nsl_pub) &*&
             [_]decryption_key_classifier(nsl_public_key) &*&
             principal(receiver, _) &*&
             [?f1]cryptogram(s_pub_key, 8 * KEY_SIZE,
                             ?s_pub_key_ccs, ?s_pub_key_cg) &*&
               s_pub_key_cg == cg_public_key(sender, ?s_id) &*&
             [?f2]cryptogram(r_priv_key, 8 * KEY_SIZE,
                             ?r_priv_key_ccs, ?r_priv_key_cg) &*&
               r_priv_key_cg == cg_private_key(receiver, ?r_id) &*&
             chars(s_nonce, NONCE_SIZE, _) &*&
             chars(r_nonce, NONCE_SIZE, _); @*/
/*@ ensures  principal(receiver, _) &*&
             [f1]cryptogram(s_pub_key, 8 * KEY_SIZE,
                            s_pub_key_ccs, s_pub_key_cg) &*&
             [f2]cryptogram(r_priv_key, 8 * KEY_SIZE,
                            r_priv_key_ccs, r_priv_key_cg) &*&
             cryptogram(r_nonce, NONCE_SIZE, ?r_nonce_ccs, ?r_nonce_cg) &*&
               r_nonce_cg == cg_nonce(receiver, _) &*&
             (
               col || bad(sender) || bad(receiver) ?
                 chars(s_nonce, NONCE_SIZE, _)
               :
                 cryptogram(s_nonce, NONCE_SIZE, ?s_nonce_ccs, ?s_nonce_cg) &*&
                 s_nonce_cg == cg_nonce(sender, _) &*&
                 cg_info(s_nonce_cg) == int_pair(1, int_pair(receiver, r_id)) &*&
                 cg_info(r_nonce_cg) == int_pair(2, int_pair(sender, int_pair(sender,
                                                    int_pair(receiver, r_id))))
             ); @*/
{
  //@ open principal(receiver, _);
  int socket1;
  int socket2;
  pk_context s_context;
  pk_context r_context;
  havege_state havege_state;

  if(net_bind(&socket1, NULL, SERVER_PORT) != 0)
    abort();
  if(net_accept(socket1, &socket2, NULL) != 0)
    abort();
  if(net_set_block(socket2) != 0)
    abort();

  //@ close pk_context(&s_context);
  pk_init(&s_context);
  if (pk_parse_public_key(&s_context, s_pub_key,
                          (unsigned int) 8 * KEY_SIZE) != 0)
    abort();
  //@ close pk_context(&r_context);
  pk_init(&r_context);
  if (pk_parse_key(&r_context, r_priv_key,
                   (unsigned int) 8 * KEY_SIZE, NULL, 0) != 0)
    abort();

  // Generate NB
  //@ close havege_state(&havege_state);
  havege_init(&havege_state);

  //@ close principal(receiver, _);
  receiver_msg1(&socket2, &havege_state, &r_context, sender, receiver, s_nonce);
  //@ open principal(receiver, _);

  //@ assert receiver_inter(?p_orig, ?c_orig, ?p_inst, ?s_nonce_ccs, ?s_nonce_cg);
  //@ int info = int_pair(sender, int_pair(p_inst, int_pair(p_orig, c_orig)));
  //@ close random_request(receiver, int_pair(2, info), false);
  if (havege_random(&havege_state, r_nonce, NONCE_SIZE) != 0) abort();
  //@ close principal(receiver, _);
  receiver_msg2(&socket2, &havege_state, &s_context, receiver,
                s_nonce, r_nonce);
  //@ if (col || bad(p_inst) || bad(receiver)) chars_to_crypto_chars(s_nonce, NONCE_SIZE);
  //@ close receiver_inter(p_orig, c_orig, p_inst, s_nonce_ccs, s_nonce_cg);
  receiver_msg3(&socket2, &havege_state, &r_context, sender, receiver,
                s_nonce, r_nonce);
  /*@ if (col || bad(sender) || bad(receiver))
        crypto_chars_to_chars(s_nonce, NONCE_SIZE); @*/
  havege_free(&havege_state);
  //@ open havege_state(&havege_state);

  //@ pk_release_context_with_key(&s_context);
  pk_free(&s_context);
  //@ open pk_context(&s_context);
  //@ pk_release_context_with_key(&r_context);
  pk_free(&r_context);
  //@ open pk_context(&r_context);

  net_close(socket2);
  net_close(socket1);
}
Ejemplo n.º 18
0
int main(int argc, char **argv) //@ : main_full(main_app)
    //@ requires module(main_app, true);
    //@ ensures true;
{
  pthread_t a_thread;
  havege_state havege_state;
  
  printf("\n\tExecuting \"");
  printf("enc_then_hmac protocol");
  printf("\" ... \n\n");
  
  //@ PROTOCOL_INIT(enc_then_hmac)
  //@ int attacker = principal_create();
  //@ int sender = principal_create();
  //@ int receiver = principal_create();
  //@ assume (!bad(sender) && !bad(receiver));
  
  //@ close havege_state(&havege_state);
  havege_init(&havege_state);
  //@ assume (bad(attacker));
  //@ close pthread_run_pre(attacker_t)(NULL, some(attacker));
  pthread_create(&a_thread, NULL, &attacker_t, NULL);
  
  int i = 0;
#ifdef EXECUTE
  while (i++ < 10)
#else
  while (true)
#endif
    /*@ invariant [_]public_invar(enc_then_hmac_pub) &*&
                  [_]decryption_key_classifier(enc_then_hmac_public_key) &*&
                  !bad(sender) && !bad(receiver) &*&
                  havege_state_initialized(&havege_state) &*&
                  principal(sender, ?count) &*& principal(receiver, _);
    @*/
  {
    char* enc_key;
    char* hmac_key;
    int temp;
    
    enc_key = malloc(KEY_SIZE);
    if (enc_key == 0) abort();
    hmac_key = malloc(KEY_SIZE);
    if (hmac_key == 0) abort();
    //@ open principal(sender, _);
    //@ close random_request(sender, 0, true);
    if (havege_random(&havege_state, enc_key, KEY_SIZE) != 0) abort();
    //@ assume (shared_with(sender, count + 1) == receiver);
    //@ assert cryptogram(enc_key, KEY_SIZE, ?enc_cs_key, ?enc_cg_key);
    //@ assert enc_cg_key == cg_symmetric_key(sender, count + 1);
    
    //@ close random_request(sender, count + 1, true);
    if (havege_random(&havege_state, hmac_key, KEY_SIZE) != 0) abort();
    //@ assume (shared_with(sender, count + 2) == receiver);
    //@ assert cryptogram(hmac_key, KEY_SIZE, ?hmac_cs_key, ?hmac_cg_key);
    //@ assert hmac_cg_key == cg_symmetric_key(sender, count + 2);
    {
      pthread_t s_thread, r_thread;

      struct enc_then_hmac_args s_args;
      struct enc_then_hmac_args r_args;
      char s_message[MSG_LEN];
      char r_message[MAX_SIZE];
    
      //@ assert chars(s_message, MSG_LEN, ?msg_cs);
      //@ public_chars(s_message, MSG_LEN);
      //@ chars_to_secret_crypto_chars(s_message, MSG_LEN);
      //@ s_args.sender = sender;
      //@ s_args.receiver = receiver;
      s_args.enc_key = enc_key;
      s_args.hmac_key = hmac_key;
      s_args.msg = s_message;
      
      //@ assume (send(sender, receiver, msg_cs) == true);      
      //@ r_args.sender = sender;
      //@ r_args.receiver = receiver;
      r_args.enc_key = enc_key;
      r_args.hmac_key = hmac_key;
      r_args.msg = r_message;
      
      //@ close principal(sender, _);
      //@ close pthread_run_pre(sender_t)(&s_args, ?s_data);
      //@ close pthread_run_pre(receiver_t)(&r_args, ?r_data);
      pthread_create(&r_thread, NULL, &receiver_t, &r_args);
      pthread_create(&s_thread, NULL, &sender_t, &s_args);
      
      pthread_join(s_thread, NULL);
      //@ open pthread_run_post(sender_t)(&s_args, s_data);
      pthread_join(r_thread, NULL);
      //@ open pthread_run_post(receiver_t)(&r_args, r_data);  
      //@ open [1/2]cryptogram(enc_key, KEY_SIZE, enc_cs_key, _);
      //@ open [1/2]cryptogram(enc_key, KEY_SIZE, enc_cs_key, _);
      //@ open [1/2]cryptogram(hmac_key, KEY_SIZE, hmac_cs_key, _);
      //@ open [1/2]cryptogram(hmac_key, KEY_SIZE, hmac_cs_key, _);

      if (r_args.length != MSG_LEN)
        abort();
      //@ public_crypto_chars(s_message, MSG_LEN);
#ifdef EXECUTE
      if (memcmp(s_message, r_message, MSG_LEN) != 0)
        abort();
#endif
      //@ open principal(sender, _);
      //@ close principal(sender, _);
      zeroize(r_message, r_args.length);
    }
    zeroize(enc_key, KEY_SIZE);
    free((void*) enc_key);
    zeroize(hmac_key, KEY_SIZE);
    free((void*) hmac_key);
    
    printf(" |%i| ", i);
  }
  
  printf("\n\n\t\tDone\n");
  return 0;
}
Ejemplo n.º 19
0
int main() //@ : main
  //@ requires true;
  //@ ensures  true;
{
  pthread_t a_thread;
  havege_state havege_state;
  int* principals = malloc(sizeof(int));
  if (principals == 0) abort();
  *principals = 0;
  
  printf("\n\tExecuting \""); 
  printf("secure_storage");
  printf(" protocol");
  printf("\" ... \n\n");
  
  //@ PACK_PROOF_OBLIGATIONS(ss)
  //@ close exists(ss_polarssl_pub);
  //@ polarssl_init();
  
  //@ int sender = polarssl_create_principal();
  (*principals)++;
    //@ int receiver = polarssl_create_principal();
  (*principals)++;
  
  //@ close havege_state(&havege_state);
  havege_init(&havege_state);
  
  //@ close pthread_run_pre(attacker_t)(principals, _);
  pthread_create(&a_thread, NULL, &attacker_t, principals);
  
  int i = 0;
#ifdef EXECUTE
  while (i++ < 10)
#else
  while (true)
#endif
    /*@ invariant [2/3]polarssl_world(ss_polarssl_pub) &*& 
                  havege_state_initialized(&havege_state) &*&
                  polarssl_generated_values(sender, ?count_s);
    @*/
  {
    char* key;
    char* message;
    int temp;
    int message_len;
  
    //@ close random_request(sender, 0, true);
    key = malloc(KEY_BYTE_SIZE);
    if (key == 0) abort();
    if (havege_random(&havege_state, key, KEY_BYTE_SIZE) != 0) abort();
    
    r_int_with_bounds(&havege_state, &temp, 
                      POLARSSL_MIN_HMAC_INPUT_BYTE_SIZE, 
                      POLARSSL_MAX_MESSAGE_BYTE_SIZE - 65);
    message_len = temp;
    message = malloc(message_len);
    if (message == 0) abort();
    //@ assert chars(message, message_len, ?msg_cs);
    //@ polarssl_public_generated_chars_assume(ss_polarssl_pub, msg_cs);
    {
      pthread_t s_thread, r_thread;
      
      struct ss_args s_args;
      struct ss_args r_args;
      
      /*@ open polarssl_cryptogram(key, KEY_BYTE_SIZE, ?key_cs,
                 polarssl_symmetric_key(sender, count_s + 1)); @*/
      //@ assert chars(key, KEY_BYTE_SIZE, ?cs_key);
      s_args.key_len = KEY_BYTE_SIZE;
      s_args.key = key;
      s_args.message_len = message_len;
      s_args.message = malloc(message_len);
      if (s_args.message == 0) abort();
      memcpy(s_args.message, message, (unsigned int) message_len);
      /*@ close polarssl_public_message(ss_polarssl_pub)
                   (s_args.message, message_len, msg_cs); @*/
      
      r_args.key_len = KEY_BYTE_SIZE;
      r_args.key = key;
      /*@ close polarssl_cryptogram(key, KEY_BYTE_SIZE, key_cs,
                  polarssl_symmetric_key(sender, count_s + 1)); @*/
      
      //@ assume (app_send_event(sender, msg_cs));
      
      //@ close pthread_run_pre(sender_t)(&s_args, _);
      pthread_create(&s_thread, NULL, &sender_t, &s_args);
      //@ close pthread_run_pre(receiver_t)(&r_args, _);
      pthread_create(&r_thread, NULL, &receiver_t, &r_args);
      
      pthread_join(s_thread, NULL);
      //@ open pthread_run_post(sender_t)(&s_args, _);
      pthread_join(r_thread, NULL);
      //@ open pthread_run_post(receiver_t)(&r_args, _);
      
      /*@ open polarssl_public_message(ss_polarssl_pub)
                                      (s_args.message, _, ?s_cs); @*/
      //@ assert true == app_send_event(sender, s_cs);
      free(s_args.message);
      /*@ open polarssl_public_message(ss_polarssl_pub)
                                      (r_args.message, _, ?r_cs); @*/
      /*@ if (!bad(sender))
          {
            assert true == app_send_event(sender, r_cs);
          } 
      @*/
      free(r_args.message);
      //@ open [1/2]polarssl_cryptogram(key, _, _, _);
      //@ open [1/2]polarssl_cryptogram(key, _, _, _);
    }
    
    free(key);
    free(message);
  }
  
  //@ havege_exit(&havege_state);
  //@ open havege_state(&havege_state);
  
  //@ destroy_polarssl_principal(sender);
  //@ destroy_polarssl_principal(receiver);
  
  printf("Done\n");
  
  //@ leak malloc_block_ints(principals, 1);
  //@ leak [_]polarssl_world(_);
  return 0;
}
Ejemplo n.º 20
0
int main(int argc, char **argv) //@ : main_full(main_app)
    //@ requires module(main_app, true);
    //@ ensures true;
{
  pthread_t a_thread;
  havege_state havege_state;
  
  printf("\n\tExecuting \"");
  printf("hmac protocol");
  printf("\" ... \n\n");
  
  //@ PROTOCOL_INIT(hmac)
  //@ int attacker = principal_create();
  //@ int sender = principal_create();
  //@ int receiver = principal_create();
  
  //@ close havege_state(&havege_state);
  havege_init(&havege_state);
  //@ assume (bad(attacker));
  //@ close pthread_run_pre(attacker_t)(NULL, some(attacker));
  pthread_create(&a_thread, NULL, &attacker_t, NULL);
  
  int i = 0;
#ifdef EXECUTE
  while (i++ < 10)
#else
  while (true)
#endif
    /*@ invariant [_]public_invar(hmac_pub) &*&
                  havege_state_initialized(&havege_state) &*&
                  principal(sender, ?count) &*& principal(receiver, _);
    @*/
  {
    //@ open principal(sender, _);
    char* key;
    int temp;
    
    //@ close random_request(sender, 0, true);
    key = malloc(KEY_SIZE);
    if (key == 0) abort();
    if (havege_random(&havege_state, key, KEY_SIZE) != 0) abort();
    //@ assume (shared_with(sender, count + 1) == receiver);
    //@ assert cryptogram(key, KEY_SIZE, ?cs_key, ?cg_key);
    //@ assert cg_key == cg_symmetric_key(sender, count + 1);
    {
      pthread_t s_thread, r_thread;

      struct hmac_args s_args;
      struct hmac_args r_args;
      char s_message[MESSAGE_SIZE];
      char r_message[MESSAGE_SIZE];
      
      //@ close random_request(sender, 0, false);
      if (havege_random(&havege_state, s_message, MESSAGE_SIZE) != 0) abort();
      //@ assert cryptogram(s_message, MESSAGE_SIZE, ?cs, ?cg);
      //@ close hmac_pub(cg);
      //@ leak hmac_pub(cg);
      //@ public_cryptogram(s_message, cg);
    
      //@ s_args.sender = sender;
      //@ s_args.receiver = receiver;
      s_args.key = key;
      s_args.message = s_message;
      
      //@ assume (send(sender, receiver, cs) == true);      
      //@ r_args.sender = sender;
      //@ r_args.receiver = receiver;
      r_args.key = key;
      r_args.message = r_message;
      
      //@ close principal(sender, _);
      //@ close pthread_run_pre(sender_t)(&s_args, ?s_data);
      //@ close pthread_run_pre(receiver_t)(&r_args, ?r_data);
      pthread_create(&r_thread, NULL, &receiver_t, &r_args);
      pthread_create(&s_thread, NULL, &sender_t, &s_args);
      
      pthread_join(s_thread, NULL);
      //@ open pthread_run_post(sender_t)(&s_args, s_data);
      pthread_join(r_thread, NULL);
      //@ open pthread_run_post(receiver_t)(&r_args, r_data);  
      //@ open [1/2]cryptogram(key, KEY_SIZE, cs_key, _);
      //@ open [1/2]cryptogram(key, KEY_SIZE, cs_key, _);
      
      //@ chars_to_crypto_chars(r_message, MESSAGE_SIZE);
      //@ chars_to_crypto_chars(s_message, MESSAGE_SIZE);
      //@ open principal(sender, _);
      if (memcmp(s_message, r_message, MESSAGE_SIZE) != 0)
        abort();
      //@ close principal(sender, _);
      printf(" |%i| ", i);
    }
    //@ assert malloc_block(key, KEY_SIZE);
    zeroize(key, KEY_SIZE);
    free((void*) key);
  }
  
  printf("\n\n\t\tDone\n");
  return 0;
}