void attacker_send_random(havege_state *havege_state, void* socket)
//@ requires attacker_invariant(?pub, ?pred, ?kc, havege_state, socket, ?attacker);
//@ ensures attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
{
int temp;
int size;
char buffer[MAX_MESSAGE_SIZE];
//@ open attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
//@ close_havege_util(pub, pred, attacker);
r_int_with_bounds(havege_state, &temp, MIN_RANDOM_SIZE, MAX_MESSAGE_SIZE);
size = temp;
r_int_with_bounds(havege_state, &temp, 0, INT_MAX);
//@ open_havege_util(pub, pred, attacker);
//@ close random_request(attacker, temp, false);
if (havege_random(havege_state, buffer, (unsigned int) size) == 0)
{
//@ assert cryptogram(buffer, size, ?ccs, ?cg);
//@ assert is_bad_nonce_is_public(?proof, pub, pred);
//@ proof(cg);
//@ public_cryptogram(buffer, cg);
net_send(socket, buffer, (unsigned int) size);
}
//@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
}
void attacker_send_split(havege_state *havege_state, void* socket)
//@ requires attacker_invariant(?pub, ?pred, ?kc, havege_state, socket, ?attacker);
//@ ensures attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
{
int temp;
int size1;
int size2;
char buffer[MAX_MESSAGE_SIZE];
//@ open attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
size1 = net_recv(socket, buffer, MAX_MESSAGE_SIZE);
if (size1 <= 0)
{
//@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
return;
}
//@ assert chars(buffer, size1, ?cs);
//@ close_havege_util(pub, pred, attacker);
r_int_with_bounds(havege_state, &temp, 0, size1);
//@ open_havege_util(pub, pred, attacker);
size2 = temp;
net_send(socket, buffer, (unsigned int) (size2));
net_send(socket, (void*) buffer + size2,
(unsigned int) (size1 - size2));
//@ chars_join(buffer);
//@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
}
void attacker_send_data(havege_state *havege_state, void* socket)
//@ requires attacker_invariant(?pub, ?pred, ?kc, havege_state, socket, ?attacker);
//@ ensures attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
{
int temp;
int size;
char buffer[MAX_MESSAGE_SIZE];
//@ open attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
//@ close_havege_util(pub, pred, attacker);
r_int_with_bounds(havege_state, &temp, 1, MAX_MESSAGE_SIZE);
//@ open_havege_util(pub, pred, attacker);
size = temp;
//@ chars_split(buffer, size);
net_send(socket, buffer, (unsigned int) size);
//@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
}
int main() //@ : main
//@ requires true;
//@ ensures true;
{
pthread_t a_thread;
havege_state havege_state;
int* principals = malloc(sizeof(int));
if (principals == 0) abort();
*principals = 0;
printf("\n\tExecuting \"");
printf("secure_storage");
printf(" protocol");
printf("\" ... \n\n");
//@ PACK_PROOF_OBLIGATIONS(ss)
//@ close exists(ss_polarssl_pub);
//@ polarssl_init();
//@ int sender = polarssl_create_principal();
(*principals)++;
//@ int receiver = polarssl_create_principal();
(*principals)++;
//@ close havege_state(&havege_state);
havege_init(&havege_state);
//@ close pthread_run_pre(attacker_t)(principals, _);
pthread_create(&a_thread, NULL, &attacker_t, principals);
int i = 0;
#ifdef EXECUTE
while (i++ < 10)
#else
while (true)
#endif
/*@ invariant [2/3]polarssl_world(ss_polarssl_pub) &*&
havege_state_initialized(&havege_state) &*&
polarssl_generated_values(sender, ?count_s);
@*/
{
char* key;
char* message;
int temp;
int message_len;
//@ close random_request(sender, 0, true);
key = malloc(KEY_BYTE_SIZE);
if (key == 0) abort();
if (havege_random(&havege_state, key, KEY_BYTE_SIZE) != 0) abort();
r_int_with_bounds(&havege_state, &temp,
POLARSSL_MIN_HMAC_INPUT_BYTE_SIZE,
POLARSSL_MAX_MESSAGE_BYTE_SIZE - 65);
message_len = temp;
message = malloc(message_len);
if (message == 0) abort();
//@ assert chars(message, message_len, ?msg_cs);
//@ polarssl_public_generated_chars_assume(ss_polarssl_pub, msg_cs);
{
pthread_t s_thread, r_thread;
struct ss_args s_args;
struct ss_args r_args;
/*@ open polarssl_cryptogram(key, KEY_BYTE_SIZE, ?key_cs,
polarssl_symmetric_key(sender, count_s + 1)); @*/
//@ assert chars(key, KEY_BYTE_SIZE, ?cs_key);
s_args.key_len = KEY_BYTE_SIZE;
s_args.key = key;
s_args.message_len = message_len;
s_args.message = malloc(message_len);
if (s_args.message == 0) abort();
memcpy(s_args.message, message, (unsigned int) message_len);
/*@ close polarssl_public_message(ss_polarssl_pub)
(s_args.message, message_len, msg_cs); @*/
r_args.key_len = KEY_BYTE_SIZE;
r_args.key = key;
/*@ close polarssl_cryptogram(key, KEY_BYTE_SIZE, key_cs,
polarssl_symmetric_key(sender, count_s + 1)); @*/
//@ assume (app_send_event(sender, msg_cs));
//@ close pthread_run_pre(sender_t)(&s_args, _);
pthread_create(&s_thread, NULL, &sender_t, &s_args);
//@ close pthread_run_pre(receiver_t)(&r_args, _);
pthread_create(&r_thread, NULL, &receiver_t, &r_args);
pthread_join(s_thread, NULL);
//@ open pthread_run_post(sender_t)(&s_args, _);
pthread_join(r_thread, NULL);
//@ open pthread_run_post(receiver_t)(&r_args, _);
/*@ open polarssl_public_message(ss_polarssl_pub)
(s_args.message, _, ?s_cs); @*/
//@ assert true == app_send_event(sender, s_cs);
free(s_args.message);
/*@ open polarssl_public_message(ss_polarssl_pub)
(r_args.message, _, ?r_cs); @*/
/*@ if (!bad(sender))
{
assert true == app_send_event(sender, r_cs);
}
@*/
free(r_args.message);
//@ open [1/2]polarssl_cryptogram(key, _, _, _);
//@ open [1/2]polarssl_cryptogram(key, _, _, _);
}
free(key);
free(message);
}
//@ havege_exit(&havege_state);
//@ open havege_state(&havege_state);
//@ destroy_polarssl_principal(sender);
//@ destroy_polarssl_principal(receiver);
printf("Done\n");
//@ leak malloc_block_ints(principals, 1);
//@ leak [_]polarssl_world(_);
return 0;
}
