static const bsreq* write_key(io::stream& e, const void* object, const bsreq* type) {
auto f = type->getkey();
auto v = "";
if(f)
v = (const char*)f->get(f->ptr(object));
if(v && v[0])
write_identifier(e, v);
else {
auto pd = bsdata::findbyptr(object);
if(!pd)
return 0;
write_number(e, pd->indexof(object));
}
return f;
}
void receiver_msg2(int* socket, havege_state* havege_state,
pk_context* s_context, int receiver,
char* s_nonce, char* r_nonce)
/*@ requires GENERAL_PRE(receiver) &*&
pk_context_with_key(?r_context, pk_private,
receiver, ?r_id, 8 * KEY_SIZE) &*&
pk_context_with_key(s_context, pk_public,
?sender, ?s_id, 8 * KEY_SIZE) &*&
RECEIVER_INTER &*&
cryptogram(r_nonce, NONCE_SIZE, ?r_nonce_ccs, ?r_nonce_cg) &*&
r_nonce_cg == cg_nonce(receiver, _) &*&
cg_info(r_nonce_cg) == int_pair(2, int_pair(sender,
int_pair(p_inst, int_pair(p_orig, c_orig)))); @*/
/*@ ensures GENERAL_POST(receiver) &*&
pk_context_with_key(r_context, pk_private,
receiver, r_id, 8 * KEY_SIZE) &*&
pk_context_with_key(s_context, pk_public,
sender, s_id, 8 * KEY_SIZE) &*&
(
col || bad(p_inst) || bad(receiver) ?
chars(s_nonce, NONCE_SIZE, ?s_nonce_cs) &*&
s_nonce_ccs == cs_to_ccs(s_nonce_cs)
:
cryptogram(s_nonce, NONCE_SIZE, s_nonce_ccs, s_nonce_cg)
) &*&
cryptogram(r_nonce, NONCE_SIZE, r_nonce_ccs, r_nonce_cg); @*/
{
//@ open principal(receiver, _);
unsigned int size;
char message[MSG2_SIZE];
char encrypted[KEY_SIZE];
//@ open receiver_inter(p_orig, c_orig, p_inst, s_nonce_ccs, s_nonce_cg);
// Construct the message
write_identifier(message, receiver);
//@ list<crypto_char> rid_ccs = cs_to_ccs(identifier(receiver));
//@ assert crypto_chars(normal, message, ID_SIZE, rid_ccs);
//@ cs_to_ccs_crypto_chars(message, identifier(receiver));
//@ public_chars(message, ID_SIZE);
//@ chars_to_secret_crypto_chars(message, ID_SIZE);
//@ bool condition = col || bad(p_inst) || bad(receiver);
/*@ if (!condition)
open cryptogram(s_nonce, NONCE_SIZE, s_nonce_ccs, s_nonce_cg);
else
{
crypto_chars_to_chars(s_nonce, NONCE_SIZE);
public_chars(s_nonce, NONCE_SIZE);
chars_to_secret_crypto_chars(s_nonce, NONCE_SIZE);
}
@*/
//@ open cryptogram(r_nonce, NONCE_SIZE, r_nonce_ccs, r_nonce_cg);
memcpy((void*) message + ID_SIZE, s_nonce, NONCE_SIZE);
memcpy((void*) message + ID_SIZE + NONCE_SIZE, r_nonce, NONCE_SIZE);
//@ crypto_chars_join(message);
//@ crypto_chars_join(message);
//@ list<crypto_char> msg2 = append(rid_ccs, append(s_nonce_ccs, r_nonce_ccs));
//@ append_assoc(rid_ccs, s_nonce_ccs, r_nonce_ccs);
//@ assert crypto_chars(secret, message, MSG2_SIZE, msg2);
// Encrypt the message
/*@ produce_function_pointer_chunk random_function(random_stub_nsl)
(havege_state_initialized)(state, out, len) { call(); } @*/
//@ close random_state_predicate(havege_state_initialized);
if (pk_encrypt(s_context, message, MSG2_SIZE, encrypted, &size,
KEY_SIZE, random_stub_nsl, havege_state) != 0)
abort();
//@ assert u_integer(&size, ?size_val);
//@ assert cryptogram(encrypted, size_val, ?cs_enc, ?cg_enc);
//@ take_append(ID_SIZE, rid_ccs, append(s_nonce_ccs, r_nonce_ccs));
//@ drop_append(ID_SIZE, rid_ccs, append(s_nonce_ccs, r_nonce_ccs));
//@ take_append(NONCE_SIZE, s_nonce_ccs, r_nonce_ccs);
//@ drop_append(NONCE_SIZE, s_nonce_ccs, r_nonce_ccs);
// Proof the message is public
/*@ if (col || bad(sender) || bad(receiver))
{
assert crypto_chars(secret, message, MSG2_SIZE, msg2);
crypto_chars_split(message, ID_SIZE);
crypto_chars_split((void*) message + ID_SIZE, NONCE_SIZE);
public_crypto_chars((void*) message, ID_SIZE);
public_crypto_chars((void*) message + ID_SIZE, NONCE_SIZE);
close nsl_pub(r_nonce_cg);
leak nsl_pub(r_nonce_cg);
close cryptogram((void*) message + ID_SIZE + NONCE_SIZE, NONCE_SIZE,
r_nonce_ccs, r_nonce_cg);
public_cryptogram((void*) message + ID_SIZE + NONCE_SIZE, r_nonce_cg);
assert chars((void*) message, ID_SIZE, ?rid_cs);
assert chars((void*) message + ID_SIZE, NONCE_SIZE, ?s_nonce_cs);
assert chars((void*) message + ID_SIZE + NONCE_SIZE, NONCE_SIZE, ?r_nonce_cs);
cs_to_ccs_append(rid_cs, s_nonce_cs);
cs_to_ccs_append(append(rid_cs, s_nonce_cs), r_nonce_cs);
chars_join(message);
chars_join(message);
public_chars(message, MSG2_SIZE);
chars_to_secret_crypto_chars(message, MSG2_SIZE);
}
else
{
close nsl_pub_msg2(sender, receiver, s_nonce_cg, s_nonce_ccs, r_nonce_cg,
p_inst, p_orig, c_orig, condition);
}
@*/
//@ close nsl_pub_msg_sender(receiver);
//@ leak nsl_pub_msg_sender(receiver);
//@ close nsl_pub(cg_enc);
//@ leak nsl_pub(cg_enc);
//@ public_cryptogram(encrypted, cg_enc);
// Send the message
net_send(socket, encrypted, size);
zeroize(message, MSG2_SIZE);
/*@ if (!condition)
close cryptogram(s_nonce, NONCE_SIZE, s_nonce_ccs, s_nonce_cg);
else
public_crypto_chars(s_nonce, NONCE_SIZE);
@*/
//@ close cryptogram(r_nonce, NONCE_SIZE, r_nonce_ccs, r_nonce_cg);
//@ close principal(receiver, _);
}
void sender_msg1(int* socket, havege_state* havege_state, pk_context* r_context,
int sender, char* s_nonce)
/*@ requires GENERAL_PRE(sender) &*&
pk_context_with_key(r_context, pk_public,
?receiver, ?r_id, 8 * KEY_SIZE) &*&
cryptogram(s_nonce, NONCE_SIZE, ?s_nonce_ccs, ?s_nonce_cg) &*&
s_nonce_cg == cg_nonce(sender, _) &*&
cg_info(s_nonce_cg) == int_pair(1, int_pair(receiver, r_id)); @*/
/*@ ensures GENERAL_POST(sender) &*&
pk_context_with_key(r_context, pk_public,
receiver, r_id, 8 * KEY_SIZE) &*&
cryptogram(s_nonce, NONCE_SIZE, s_nonce_ccs, s_nonce_cg); @*/
{
//@ open principal(sender, _);
unsigned int size;
char message[MSG1_SIZE];
char encrypted[KEY_SIZE];
// Construct the message
write_identifier(message, sender);
//@ list<crypto_char> sid_ccs = cs_to_ccs(identifier(sender));
//@ assert crypto_chars(normal, message, ID_SIZE, sid_ccs);
//@ cs_to_ccs_crypto_chars(message, identifier(sender));
//@ public_chars(message, ID_SIZE);
//@ chars_to_secret_crypto_chars(message, ID_SIZE);
//@ open cryptogram(s_nonce, NONCE_SIZE, s_nonce_ccs, s_nonce_cg);
memcpy((void*) message + ID_SIZE, s_nonce, NONCE_SIZE);
//@ crypto_chars_join(message);
//@ list<crypto_char> msg1 = append(sid_ccs, s_nonce_ccs);
//@ assert crypto_chars(secret, message, MSG1_SIZE, msg1);
// Encrypt the message
/*@ produce_function_pointer_chunk random_function(random_stub_nsl)
(havege_state_initialized)(state, out, len) { call(); } @*/
//@ close random_state_predicate(havege_state_initialized);
if (pk_encrypt(r_context, message, MSG1_SIZE, encrypted, &size,
KEY_SIZE, random_stub_nsl, havege_state) != 0)
abort();
//@ assert u_integer(&size, ?size_val);
//@ assert cryptogram(encrypted, size_val, ?cs_enc, ?cg_enc);
// Proof the message is public
//@ take_append(ID_SIZE, sid_ccs, s_nonce_ccs);
//@ drop_append(ID_SIZE, sid_ccs, s_nonce_ccs);
//@ close nsl_pub_msg_sender(sender);
//@ leak nsl_pub_msg_sender(sender);
/*@ if (col || bad(sender) || bad(receiver))
{
assert crypto_chars(secret, message, MSG1_SIZE, msg1);
crypto_chars_split(message, ID_SIZE);
public_crypto_chars(message, ID_SIZE);
assert chars(message, ID_SIZE, ?sid_cs);
cs_to_ccs_inj(sid_cs, identifier(sender));
assert chars(message, ID_SIZE, identifier(sender));
close nsl_pub(s_nonce_cg);
leak nsl_pub(s_nonce_cg);
close cryptogram((void*) message + ID_SIZE, NONCE_SIZE,
s_nonce_ccs, s_nonce_cg);
public_cryptogram((void*) message + ID_SIZE, s_nonce_cg);
assert chars((void*) message + ID_SIZE, NONCE_SIZE, ?s_nonce_cs');
cs_to_ccs_append(identifier(sender), s_nonce_cs');
chars_join(message);
public_chars(message, MSG1_SIZE);
chars_to_crypto_chars(message, MSG1_SIZE);
}
else
{
close nsl_pub_msg1(sender, receiver, s_nonce_cg);
}
@*/
//@ close nsl_pub(cg_enc);
//@ leak nsl_pub(cg_enc);
//@ public_cryptogram(encrypted, cg_enc);
// Send the message
net_send(socket, encrypted, size);
zeroize(message, MSG1_SIZE);
//@ close cryptogram(s_nonce, NONCE_SIZE, s_nonce_ccs, s_nonce_cg);
//@ close principal(sender, _);
}
