struct item *app_receive(struct item *key)
/*@ requires [?f0]world(ss_pub) &*&
item(key, symmetric_key_item(?creator, ?id), ss_pub);
@*/
/*@ ensures [f0]world(ss_pub) &*&
item(key, symmetric_key_item(creator, id), ss_pub) &*&
item(result, ?msg, ss_pub) &*&
(
bad(creator) ||
collision_in_run() ||
app_send_event(creator, msg)
);
@*/
{
struct network_status *net_stat = network_bind_and_accept(APP_RECEIVE_PORT);
struct item *m = network_receive(net_stat);
struct item *hash = pair_get_first(m);
struct item *message = pair_get_second(m);
//@ assert item(m, pair_item(?hmac_i, ?message_i), ss_pub);
//@ open [_]ss_pub(pair_item(hmac_i, message_i));
//@ if (!collision_in_run()) open [_]ss_pub(hmac_i);
//@ if (!collision_in_run()) open [_]ss_pub(message_i);
item_free(m);
hmac_verify(hash, key, message);
item_free(hash);
network_disconnect(net_stat);
return message;
}
struct item *receive()
//@ requires [?f0]world(dummy_pub, dummy_key_clsfy) &*& principal(?p, ?c);
/*@ ensures [f0]world(dummy_pub, dummy_key_clsfy) &*& principal(p, c) &*&
item(result, ?msg, dummy_pub) &*& msg == data_item(_); @*/
{
struct network_status *net_stat = network_bind_and_accept(APP_RECEIVE_PORT);
struct item *m = network_receive(net_stat);
check_is_data(m);
network_disconnect(net_stat);
return m;
}
void server(char server, struct item *key)
/*@ requires [?f0]world(rpc_pub, rpc_key_clsfy) &*&
principal(server, ?count) &*&
item(key, symmetric_key_item(?creator, ?id), rpc_pub) &*&
shared_with(creator, id) == server;
@*/
/*@ ensures [f0]world(rpc_pub, rpc_key_clsfy) &*&
principal(server, count + 1) &*&
item(key, symmetric_key_item(creator, id), rpc_pub);
@*/
{
struct network_status *net_stat = network_bind_and_accept(SERVER_PORT);
struct item *request = 0;
{
struct item *r = network_receive(net_stat);
check_is_pair(r);
//@ assert item(r, pair_item(?h0, ?p0), rpc_pub);
struct item *hmac1 = pair_get_first(r);
//@ assert item(hmac1, ?h, rpc_pub);
struct item *payload = pair_get_second(r);
//@ assert item(payload, ?p, rpc_pub);
/*@ if (!col)
{
assert h0 == h;
assert p0 == p;
open [_]rpc_pub(pair_item(h, p));
open [_]rpc_pub(h);
open [_]rpc_pub(p);
}
@*/
struct item *hmac2 = create_hmac(key, payload);
item_check_equal(hmac1, hmac2);
item_free(hmac1);
item_free(hmac2);
item_free(r);
//@ assert col || h == hmac_item(creator, id, some(p));
struct item *tag = pair_get_first(payload);
check_is_data(tag);
int tagValue = item_get_data_as_int(tag);
if (tagValue != 0) abort();
//@ item d = data_item(chars_of_int(0));
request = pair_get_second(payload);
/*@ if (!col)
{
assert item(tag, d, rpc_pub);
assert item(request, ?req, rpc_pub);
assert p == pair_item(d, req);
}
@*/
item_free(tag);
item_free(payload);
}
//@ assert item(request, ?req, rpc_pub);
struct item *response = compute_response(server, request);
//@ assert item(response, ?resp, rpc_pub);
{
struct item *reqresp = create_pair(request, response);
//@ item p = pair_item(req, resp);
//@ assert item(reqresp, p, rpc_pub);
//@ close rpc_pub(p);
//@ leak rpc_pub(p);
item_free(response);
item_free(request);
struct item *tag = create_data_item_from_int(1);
struct item *payload = create_pair(tag, reqresp);
//@ item d = data_item(chars_of_int(1));
//@ close rpc_pub(d);
//@ leak rpc_pub(d);
//@ assert item(payload, pair_item(d, p), rpc_pub);
//@ close rpc_pub(pair_item(d, p));
//@ leak rpc_pub(pair_item(d, p));
item_free(tag);
item_free(reqresp);
struct item *hash = create_hmac(key, payload);
//@ item h = hmac_item(creator, id, some(pair_item(d, p)));
//@ if (!col) assert item(hash, h, rpc_pub);
//@ close rpc_pub(h);
//@ leak rpc_pub(h);
struct item *m = create_pair(hash, payload);
//@ assert item(m, ?msg, rpc_pub);
//@ if (!col) msg == pair_item(h, pair_item(d, p));
//@ if (!col) assert item(m, msg, rpc_pub);
//@ close rpc_pub(msg);
//@ leak rpc_pub(msg);
item_free(hash);
item_free(payload);
network_send(net_stat, m);
item_free(m);
}
network_disconnect(net_stat);
}
void symbolic_attacker(int attacker_id, struct keypair* keypair)
/*@ requires [?f]world(?pub, ?key_clsfy) &*&
true == bad(attacker_id) &*&
principal(attacker_id, ?count) &*&
keypair(keypair, attacker_id, ?id, ?info, pub); @*/
//@ ensures false;
{
//@ retreive_proof_obligations();
for (;;)
/*@ invariant [f]world(pub, key_clsfy) &*&
proof_obligations(pub) &*&
principal(attacker_id, _) &*&
keypair(keypair, attacker_id, id, info, pub); @*/
{
struct network_status *net_stat = 0;
int net_choise = random_int_();
int port = random_int_();
if (net_choise % 2 == 0)
net_stat = network_bind_and_accept(port % 65536);
else
net_stat = network_connect("localhost", port % 65536);
{
int action = random_int_();
int *counter;
switch (action % 13)
{
case 0:
//@ open [f]world(pub, key_clsfy);
//@ assert [_]is_key_classifier(_, pub, key_clsfy);
//@ retreive_public_invariant_constraints(key_clsfy);
//@ duplicate_lemma_function_pointer_chunk(key_classifier);
/*@ {
lemma void public_key_classifier(cryptogram key, int p, int c,
bool symmetric)
requires polarssl_proof_pred(pub, key_clsfy)() &*&
[_]polarssl_pub(pub)(key) &*&
symmetric ?
key == cg_symmetric_key(p, c)
:
key == cg_private_key(p, c);
ensures polarssl_proof_pred(pub, key_clsfy)() &*&
col || true == key_clsfy(p, c, symmetric);
{
open [_]polarssl_pub(pub)(key);
item k;
if (symmetric)
k = symmetric_key_item(p, c);
else
k = private_key_item(p, c);
open polarssl_proof_pred(pub, key_clsfy)();
assert is_key_classifier(?proof, pub, key_clsfy);
proof(k, p, c, symmetric);
close polarssl_proof_pred(pub, key_clsfy)();
}
produce_lemma_function_pointer_chunk(public_key_classifier) :
public_key_classifier(polarssl_pub(pub), key_clsfy,
polarssl_proof_pred(pub, key_clsfy))
(key__, p__, c__, sym__)
{ call(); }
{duplicate_lemma_function_pointer_chunk(public_key_classifier);};
}
@*/
//@ close polarssl_proof_pred(pub, key_clsfy)();
attacker();
//@ open polarssl_proof_pred(pub, key_clsfy)();
//@ close [f]world(pub, key_clsfy);
//@ leak public_invariant_constraints(_, _);
//@ leak is_public_key_classifier(_, _, _, _);
//@ leak is_key_classifier(_, _, _);
break;
case 1:
// Anyone can publish arbitrary data items...
send_data(net_stat);
break;
case 2:
// Anyone can create pairs of public items...
send_pair_composed(net_stat);
break;
case 3:
// Anyone can deconstruct a public pair...
send_pair_decomposed(net_stat);
break;
case 4:
// Bad principals can publish generated nonce items...
send_nonce(net_stat);
break;
case 5:
// Bad principals can increment public nonces...
increment_and_send_nonce(net_stat);
break;
case 6:
// Bad principals can leak their keys...
send_keys(net_stat, keypair);
break;
case 7:
// Anyone can hmac public payload with public key
send_hmac(net_stat, keypair);
break;
case 8:
// Anyone can symmteric encrypt public payload with public key
send_symmetric_encrypted(net_stat, keypair);
break;
case 9:
// Anyone can symmteric decrypt message with public key
send_symmetric_decrypted(net_stat, keypair);
break;
case 10:
// Anyone can asymmteric encrypt public payload with public key
send_asymmetric_encrypted(net_stat, keypair);
break;
case 11:
// Anyone can asymmteric decrypt message with public key
send_asymmetric_decrypted(net_stat, keypair);
break;
case 12:
// Anyone can asymmteric sign public payload with public key
send_asymmetric_signature(net_stat, keypair);
}
}
network_disconnect(net_stat);
}
//@ leak proof_obligations(pub);
}
