struct item *app_receive(struct item *key) /*@ requires [?f0]world(ss_pub) &*& item(key, symmetric_key_item(?creator, ?id), ss_pub); @*/ /*@ ensures [f0]world(ss_pub) &*& item(key, symmetric_key_item(creator, id), ss_pub) &*& item(result, ?msg, ss_pub) &*& ( bad(creator) || collision_in_run() || app_send_event(creator, msg) ); @*/ { struct network_status *net_stat = network_bind_and_accept(APP_RECEIVE_PORT); struct item *m = network_receive(net_stat); struct item *hash = pair_get_first(m); struct item *message = pair_get_second(m); //@ assert item(m, pair_item(?hmac_i, ?message_i), ss_pub); //@ open [_]ss_pub(pair_item(hmac_i, message_i)); //@ if (!collision_in_run()) open [_]ss_pub(hmac_i); //@ if (!collision_in_run()) open [_]ss_pub(message_i); item_free(m); hmac_verify(hash, key, message); item_free(hash); network_disconnect(net_stat); return message; }
struct item *receive() //@ requires [?f0]world(dummy_pub, dummy_key_clsfy) &*& principal(?p, ?c); /*@ ensures [f0]world(dummy_pub, dummy_key_clsfy) &*& principal(p, c) &*& item(result, ?msg, dummy_pub) &*& msg == data_item(_); @*/ { struct network_status *net_stat = network_bind_and_accept(APP_RECEIVE_PORT); struct item *m = network_receive(net_stat); check_is_data(m); network_disconnect(net_stat); return m; }
void server(char server, struct item *key) /*@ requires [?f0]world(rpc_pub, rpc_key_clsfy) &*& principal(server, ?count) &*& item(key, symmetric_key_item(?creator, ?id), rpc_pub) &*& shared_with(creator, id) == server; @*/ /*@ ensures [f0]world(rpc_pub, rpc_key_clsfy) &*& principal(server, count + 1) &*& item(key, symmetric_key_item(creator, id), rpc_pub); @*/ { struct network_status *net_stat = network_bind_and_accept(SERVER_PORT); struct item *request = 0; { struct item *r = network_receive(net_stat); check_is_pair(r); //@ assert item(r, pair_item(?h0, ?p0), rpc_pub); struct item *hmac1 = pair_get_first(r); //@ assert item(hmac1, ?h, rpc_pub); struct item *payload = pair_get_second(r); //@ assert item(payload, ?p, rpc_pub); /*@ if (!col) { assert h0 == h; assert p0 == p; open [_]rpc_pub(pair_item(h, p)); open [_]rpc_pub(h); open [_]rpc_pub(p); } @*/ struct item *hmac2 = create_hmac(key, payload); item_check_equal(hmac1, hmac2); item_free(hmac1); item_free(hmac2); item_free(r); //@ assert col || h == hmac_item(creator, id, some(p)); struct item *tag = pair_get_first(payload); check_is_data(tag); int tagValue = item_get_data_as_int(tag); if (tagValue != 0) abort(); //@ item d = data_item(chars_of_int(0)); request = pair_get_second(payload); /*@ if (!col) { assert item(tag, d, rpc_pub); assert item(request, ?req, rpc_pub); assert p == pair_item(d, req); } @*/ item_free(tag); item_free(payload); } //@ assert item(request, ?req, rpc_pub); struct item *response = compute_response(server, request); //@ assert item(response, ?resp, rpc_pub); { struct item *reqresp = create_pair(request, response); //@ item p = pair_item(req, resp); //@ assert item(reqresp, p, rpc_pub); //@ close rpc_pub(p); //@ leak rpc_pub(p); item_free(response); item_free(request); struct item *tag = create_data_item_from_int(1); struct item *payload = create_pair(tag, reqresp); //@ item d = data_item(chars_of_int(1)); //@ close rpc_pub(d); //@ leak rpc_pub(d); //@ assert item(payload, pair_item(d, p), rpc_pub); //@ close rpc_pub(pair_item(d, p)); //@ leak rpc_pub(pair_item(d, p)); item_free(tag); item_free(reqresp); struct item *hash = create_hmac(key, payload); //@ item h = hmac_item(creator, id, some(pair_item(d, p))); //@ if (!col) assert item(hash, h, rpc_pub); //@ close rpc_pub(h); //@ leak rpc_pub(h); struct item *m = create_pair(hash, payload); //@ assert item(m, ?msg, rpc_pub); //@ if (!col) msg == pair_item(h, pair_item(d, p)); //@ if (!col) assert item(m, msg, rpc_pub); //@ close rpc_pub(msg); //@ leak rpc_pub(msg); item_free(hash); item_free(payload); network_send(net_stat, m); item_free(m); } network_disconnect(net_stat); }
void symbolic_attacker(int attacker_id, struct keypair* keypair) /*@ requires [?f]world(?pub, ?key_clsfy) &*& true == bad(attacker_id) &*& principal(attacker_id, ?count) &*& keypair(keypair, attacker_id, ?id, ?info, pub); @*/ //@ ensures false; { //@ retreive_proof_obligations(); for (;;) /*@ invariant [f]world(pub, key_clsfy) &*& proof_obligations(pub) &*& principal(attacker_id, _) &*& keypair(keypair, attacker_id, id, info, pub); @*/ { struct network_status *net_stat = 0; int net_choise = random_int_(); int port = random_int_(); if (net_choise % 2 == 0) net_stat = network_bind_and_accept(port % 65536); else net_stat = network_connect("localhost", port % 65536); { int action = random_int_(); int *counter; switch (action % 13) { case 0: //@ open [f]world(pub, key_clsfy); //@ assert [_]is_key_classifier(_, pub, key_clsfy); //@ retreive_public_invariant_constraints(key_clsfy); //@ duplicate_lemma_function_pointer_chunk(key_classifier); /*@ { lemma void public_key_classifier(cryptogram key, int p, int c, bool symmetric) requires polarssl_proof_pred(pub, key_clsfy)() &*& [_]polarssl_pub(pub)(key) &*& symmetric ? key == cg_symmetric_key(p, c) : key == cg_private_key(p, c); ensures polarssl_proof_pred(pub, key_clsfy)() &*& col || true == key_clsfy(p, c, symmetric); { open [_]polarssl_pub(pub)(key); item k; if (symmetric) k = symmetric_key_item(p, c); else k = private_key_item(p, c); open polarssl_proof_pred(pub, key_clsfy)(); assert is_key_classifier(?proof, pub, key_clsfy); proof(k, p, c, symmetric); close polarssl_proof_pred(pub, key_clsfy)(); } produce_lemma_function_pointer_chunk(public_key_classifier) : public_key_classifier(polarssl_pub(pub), key_clsfy, polarssl_proof_pred(pub, key_clsfy)) (key__, p__, c__, sym__) { call(); } {duplicate_lemma_function_pointer_chunk(public_key_classifier);}; } @*/ //@ close polarssl_proof_pred(pub, key_clsfy)(); attacker(); //@ open polarssl_proof_pred(pub, key_clsfy)(); //@ close [f]world(pub, key_clsfy); //@ leak public_invariant_constraints(_, _); //@ leak is_public_key_classifier(_, _, _, _); //@ leak is_key_classifier(_, _, _); break; case 1: // Anyone can publish arbitrary data items... send_data(net_stat); break; case 2: // Anyone can create pairs of public items... send_pair_composed(net_stat); break; case 3: // Anyone can deconstruct a public pair... send_pair_decomposed(net_stat); break; case 4: // Bad principals can publish generated nonce items... send_nonce(net_stat); break; case 5: // Bad principals can increment public nonces... increment_and_send_nonce(net_stat); break; case 6: // Bad principals can leak their keys... send_keys(net_stat, keypair); break; case 7: // Anyone can hmac public payload with public key send_hmac(net_stat, keypair); break; case 8: // Anyone can symmteric encrypt public payload with public key send_symmetric_encrypted(net_stat, keypair); break; case 9: // Anyone can symmteric decrypt message with public key send_symmetric_decrypted(net_stat, keypair); break; case 10: // Anyone can asymmteric encrypt public payload with public key send_asymmetric_encrypted(net_stat, keypair); break; case 11: // Anyone can asymmteric decrypt message with public key send_asymmetric_decrypted(net_stat, keypair); break; case 12: // Anyone can asymmteric sign public payload with public key send_asymmetric_signature(net_stat, keypair); } } network_disconnect(net_stat); } //@ leak proof_obligations(pub); }