result_t PKey::importFile(const char* filename, const char* password)
{
result_t hr;
std::string data;
int ret;
hr = fs_base::ac_readFile(filename, data);
if (hr < 0)
return hr;
clear();
ret = pk_parse_key(&m_key, (const unsigned char *)data.c_str(),
data.length(), *password ? (unsigned char *)password : NULL,
qstrlen(password));
if (ret == POLARSSL_ERR_PK_KEY_INVALID_FORMAT)
ret = pk_parse_public_key(&m_key, (const unsigned char *)data.c_str(),
data.length());
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
return 0;
}
cPublicKey::cPublicKey(const AString & a_PublicKeyDER)
{
pk_init(&m_Pk);
if (pk_parse_public_key(&m_Pk, (const Byte *)a_PublicKeyDER.data(), a_PublicKeyDER.size()) != 0)
{
ASSERT(!"Cannot parse PubKey");
return;
}
InitRnd();
}
/*
* Load and parse a public key
*/
int pk_parse_public_keyfile( pk_context *ctx, const char *path )
{
int ret;
size_t n;
unsigned char *buf;
if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
return( ret );
ret = pk_parse_public_key( ctx, buf, n );
polarssl_zeroize( buf, n + 1 );
polarssl_free( buf );
return( ret );
}
result_t PKey::importKey(const char *pemKey, const char *password)
{
int ret;
clear();
ret = pk_parse_key(&m_key, (unsigned char *)pemKey, qstrlen(pemKey),
*password ? (unsigned char *)password : NULL,
qstrlen(password));
if (ret == POLARSSL_ERR_PK_KEY_INVALID_FORMAT)
ret = pk_parse_public_key(&m_key, (unsigned char *)pemKey, qstrlen(pemKey));
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
return 0;
}
/*
get context to public key by parsing it
*/
pk_context getpubkeycontext(const unsigned char *rsapublickey, int rsapublickeylen){
pk_context pkctx = {0};
int pkresult = 0;
pk_init(&pkctx);
pkresult = pk_parse_public_key(&pkctx,rsapublickey,rsapublickeylen);
if(pkresult != 0){
outputerror(DBG_ERROR,"%s\n","getpubkeycontext::failed to parse public key");
return pkctx;
}
pkresult = 0;
pkresult = pk_can_do(&pkctx,POLARSSL_PK_RSA);
if(pkresult != 1){
outputerror(DBG_ERROR,"%s\n","getpubkeycontext::key does not support RSA operations");
return pkctx;
}
return pkctx;
}
result_t PKey::importKey(Buffer_base *DerKey, const char *password)
{
int ret;
std::string key;
DerKey->toString(key);
clear();
ret = pk_parse_key(&m_key, (unsigned char *)key.c_str(), key.length(),
*password ? (unsigned char *)password : NULL,
qstrlen(password));
if (ret == POLARSSL_ERR_PK_KEY_INVALID_FORMAT)
ret = pk_parse_public_key(&m_key, (unsigned char *)key.c_str(), key.length());
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
return 0;
}
void receiver(int sender, int receiver,
char *s_pub_key, char *r_priv_key,
char *s_nonce, char *r_nonce)
/*@ requires [_]public_invar(nsl_pub) &*&
[_]decryption_key_classifier(nsl_public_key) &*&
principal(receiver, _) &*&
[?f1]cryptogram(s_pub_key, 8 * KEY_SIZE,
?s_pub_key_ccs, ?s_pub_key_cg) &*&
s_pub_key_cg == cg_public_key(sender, ?s_id) &*&
[?f2]cryptogram(r_priv_key, 8 * KEY_SIZE,
?r_priv_key_ccs, ?r_priv_key_cg) &*&
r_priv_key_cg == cg_private_key(receiver, ?r_id) &*&
chars(s_nonce, NONCE_SIZE, _) &*&
chars(r_nonce, NONCE_SIZE, _); @*/
/*@ ensures principal(receiver, _) &*&
[f1]cryptogram(s_pub_key, 8 * KEY_SIZE,
s_pub_key_ccs, s_pub_key_cg) &*&
[f2]cryptogram(r_priv_key, 8 * KEY_SIZE,
r_priv_key_ccs, r_priv_key_cg) &*&
cryptogram(r_nonce, NONCE_SIZE, ?r_nonce_ccs, ?r_nonce_cg) &*&
r_nonce_cg == cg_nonce(receiver, _) &*&
(
col || bad(sender) || bad(receiver) ?
chars(s_nonce, NONCE_SIZE, _)
:
cryptogram(s_nonce, NONCE_SIZE, ?s_nonce_ccs, ?s_nonce_cg) &*&
s_nonce_cg == cg_nonce(sender, _) &*&
cg_info(s_nonce_cg) == int_pair(1, int_pair(receiver, r_id)) &*&
cg_info(r_nonce_cg) == int_pair(2, int_pair(sender, int_pair(sender,
int_pair(receiver, r_id))))
); @*/
{
//@ open principal(receiver, _);
int socket1;
int socket2;
pk_context s_context;
pk_context r_context;
havege_state havege_state;
if(net_bind(&socket1, NULL, SERVER_PORT) != 0)
abort();
if(net_accept(socket1, &socket2, NULL) != 0)
abort();
if(net_set_block(socket2) != 0)
abort();
//@ close pk_context(&s_context);
pk_init(&s_context);
if (pk_parse_public_key(&s_context, s_pub_key,
(unsigned int) 8 * KEY_SIZE) != 0)
abort();
//@ close pk_context(&r_context);
pk_init(&r_context);
if (pk_parse_key(&r_context, r_priv_key,
(unsigned int) 8 * KEY_SIZE, NULL, 0) != 0)
abort();
// Generate NB
//@ close havege_state(&havege_state);
havege_init(&havege_state);
//@ close principal(receiver, _);
receiver_msg1(&socket2, &havege_state, &r_context, sender, receiver, s_nonce);
//@ open principal(receiver, _);
//@ assert receiver_inter(?p_orig, ?c_orig, ?p_inst, ?s_nonce_ccs, ?s_nonce_cg);
//@ int info = int_pair(sender, int_pair(p_inst, int_pair(p_orig, c_orig)));
//@ close random_request(receiver, int_pair(2, info), false);
if (havege_random(&havege_state, r_nonce, NONCE_SIZE) != 0) abort();
//@ close principal(receiver, _);
receiver_msg2(&socket2, &havege_state, &s_context, receiver,
s_nonce, r_nonce);
//@ if (col || bad(p_inst) || bad(receiver)) chars_to_crypto_chars(s_nonce, NONCE_SIZE);
//@ close receiver_inter(p_orig, c_orig, p_inst, s_nonce_ccs, s_nonce_cg);
receiver_msg3(&socket2, &havege_state, &r_context, sender, receiver,
s_nonce, r_nonce);
/*@ if (col || bad(sender) || bad(receiver))
crypto_chars_to_chars(s_nonce, NONCE_SIZE); @*/
havege_free(&havege_state);
//@ open havege_state(&havege_state);
//@ pk_release_context_with_key(&s_context);
pk_free(&s_context);
//@ open pk_context(&s_context);
//@ pk_release_context_with_key(&r_context);
pk_free(&r_context);
//@ open pk_context(&r_context);
net_close(socket2);
net_close(socket1);
}
void sender(int sender, int receiver,
char *s_priv_key, char *r_pub_key,
char *s_nonce, char *r_nonce)
/*@ requires [_]public_invar(nsl_pub) &*&
[_]decryption_key_classifier(nsl_public_key) &*&
principal(sender, _) &*&
[?f1]cryptogram(s_priv_key, 8 * KEY_SIZE,
?s_priv_key_ccs, ?s_priv_key_cg) &*&
s_priv_key_cg == cg_private_key(sender, ?s_id) &*&
[?f2]cryptogram(r_pub_key, 8 * KEY_SIZE,
?r_pub_key_ccs, ?r_pub_key_cg) &*&
r_pub_key_cg == cg_public_key(receiver, ?r_id) &*&
chars(s_nonce, NONCE_SIZE, _) &*&
chars(r_nonce, NONCE_SIZE, _); @*/
/*@ ensures principal(sender, _) &*&
[f1]cryptogram(s_priv_key, 8 * KEY_SIZE,
s_priv_key_ccs, s_priv_key_cg) &*&
[f2]cryptogram(r_pub_key, 8 * KEY_SIZE,
r_pub_key_ccs, r_pub_key_cg) &*&
cryptogram(s_nonce, NONCE_SIZE, ?s_nonce_ccs, ?s_nonce_cg) &*&
s_nonce_cg == cg_nonce(sender, _) &*&
cg_info(s_nonce_cg) == int_pair(1, int_pair(receiver, r_id)) &*&
col || bad(sender) || bad(receiver) ?
chars(r_nonce, NONCE_SIZE, _)
:
cryptogram(r_nonce, NONCE_SIZE, _, ?r_nonce_cg) &*&
r_nonce_cg == cg_nonce(receiver, _) &*&
cg_info(r_nonce_cg) == int_pair(2, int_pair(sender, int_pair(sender,
int_pair(receiver, r_id)))); @*/
{
int socket;
pk_context s_context;
pk_context r_context;
havege_state havege_state;
net_usleep(20000);
if(net_connect(&socket, NULL, SERVER_PORT) != 0)
abort();
if(net_set_block(socket) != 0)
abort();
//@ close pk_context(&s_context);
pk_init(&s_context);
if (pk_parse_key(&s_context, s_priv_key,
(unsigned int) 8 * KEY_SIZE, NULL, 0) != 0)
abort();
//@ close pk_context(&r_context);
pk_init(&r_context);
if (pk_parse_public_key(&r_context, r_pub_key,
(unsigned int) 8 * KEY_SIZE) != 0)
abort();
// Generate NA
//@ open principal(sender, _);
//@ close havege_state(&havege_state);
havege_init(&havege_state);
//@ close random_request(sender, int_pair(1, int_pair(receiver, r_id)), false);
if (havege_random(&havege_state, s_nonce, NONCE_SIZE) != 0) abort();
//@ assert cryptogram(s_nonce, NONCE_SIZE, ?cs_s_nonce, ?cg_s_nonce);
//@ close principal(sender, _);
sender_msg1(&socket, &havege_state, &r_context, sender, s_nonce);
sender_msg2(&socket, &havege_state, &s_context, sender, receiver,
s_nonce, r_nonce);
sender_msg3(&socket, &havege_state, &r_context, sender, r_nonce);
havege_free(&havege_state);
//@ open havege_state(&havege_state);
//@ pk_release_context_with_key(&s_context);
pk_free(&s_context);
//@ open pk_context(&s_context);
//@ pk_release_context_with_key(&r_context);
pk_free(&r_context);
//@ open pk_context(&r_context);
net_close(socket);
}
void attacker_send_asym_encrypted(havege_state *havege_state, void* socket)
//@ requires attacker_invariant(?pub, ?pred, ?kc, havege_state, socket, ?attacker);
//@ ensures attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
{
int temp;
int size1;
int size2;
unsigned int osize;
char buffer1[MAX_MESSAGE_SIZE];
char buffer2[MAX_MESSAGE_SIZE];
char buffer3[MAX_MESSAGE_SIZE];
pk_context context;
//@ open attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
size1 = net_recv(socket, buffer1, MAX_MESSAGE_SIZE);
size2 = net_recv(socket, buffer2, MAX_MESSAGE_SIZE);
if (size1 <= 0 || size2 < MINIMAL_STRING_SIZE)
{
//@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
return;
}
//@ close pk_context(&context);
pk_init(&context);
//@ interpret_public_key(buffer1, size1);
//@ assert cryptogram(buffer1, size1, ?ccs1, ?cg_key);
//@ assert cg_key == cg_public_key(?p, ?c);
if (pk_parse_public_key(&context, buffer1, (unsigned int) size1) == 0)
{
if (size2 * 8 <= size1)
{
//@ close random_state_predicate(havege_state_initialized);
/*@ produce_function_pointer_chunk random_function(
attacker_key_item_havege_random_stub)
(havege_state_initialized)(state, out, len) { call(); } @*/
//@ chars_to_crypto_chars(buffer2, size2);
if (pk_encrypt(&context, buffer2, (unsigned int) size2,
buffer3, &osize, MAX_MESSAGE_SIZE,
attacker_key_item_havege_random_stub, havege_state) == 0)
{
//@ assert u_integer(&osize, ?osize_val);
/*@
{
assert cryptogram(buffer3, osize_val, ?ccs_enc, ?cg_enc);
assert cg_enc == cg_asym_encrypted(p, c, ?cs2, _);
assert is_public_asym_encryption_is_public(?proof, pub, pred);
crypto_chars_to_chars(buffer2, size2);
public_chars(buffer2, size2);
proof(cg_enc);
assert [_]pub(cg_enc);
public_cryptogram(buffer3, cg_enc);
chars_to_crypto_chars(buffer2, size2);
}
@*/
net_send(socket, buffer3, osize);
}
//@ crypto_chars_to_chars(buffer2, size2);
}
//@ pk_release_context_with_key(&context);
}
pk_free(&context);
//@ open pk_context(&context);
//@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
//@ public_cryptogram(buffer1, cg_key);
}
void attacker_send_keys(havege_state *havege_state, void* socket)
//@ requires attacker_invariant(?pub, ?pred, ?kc, havege_state, socket, ?attacker);
//@ ensures attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
{
pk_context context;
pk_context context_pub;
pk_context context_priv;
unsigned int key_size;
//@ open attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
unsigned int temp;
//@ close_havege_util(pub, pred, attacker);
r_u_int_with_bounds(havege_state, &temp, 1024, 8192);
//@ open_havege_util(pub, pred, attacker);
key_size = temp;
char* key = malloc((int) key_size);
if ((key) == 0) abort();
char* pub_key = malloc((int) key_size);
if ((pub_key) == 0) abort();
char* priv_key = malloc((int) key_size);
if ((priv_key) == 0) abort();
//@ close random_request(attacker, temp, true);
if (havege_random(havege_state, key, key_size) != 0) abort();
//@ close pk_context(&context);
pk_init(&context);
//@ close pk_context(&context_pub);
pk_init(&context_pub);
//@ close pk_context(&context_priv);
pk_init(&context_priv);
if (pk_init_ctx(&context, pk_info_from_type(POLARSSL_PK_RSA)) != 0)
abort();
//@ close rsa_key_request(attacker, 0);
//@ close random_state_predicate(havege_state_initialized);
/*@ produce_function_pointer_chunk random_function(
attacker_key_item_havege_random_stub)
(havege_state_initialized)(state, out, len) { call(); } @*/
if (rsa_gen_key(context.pk_ctx, attacker_key_item_havege_random_stub,
havege_state, key_size, 65537) != 0) abort();
if (pk_write_pubkey_pem(&context, pub_key, key_size) != 0) abort();
if (pk_write_key_pem(&context, priv_key, key_size) != 0) abort();
if (pk_parse_public_key(&context_pub, pub_key, key_size) != 0) abort();
if (pk_parse_key(&context_priv, priv_key, key_size, NULL, 0) != 0) abort();
//@ assert is_bad_key_is_public(?proof1, pub, pred);
//@ assert cryptogram(key, key_size, ?key_ccs, ?key_cg);
//@ proof1(key_cg);
//@ public_cryptogram(key, key_cg);
net_send(socket, key, key_size);
//@ assert is_public_key_is_public(?proof2, pub, pred);
//@ assert cryptogram(pub_key, key_size, ?pub_key_ccs, ?pub_key_cg);
//@ proof2(pub_key_cg);
//@ public_cryptogram(pub_key, pub_key_cg);
net_send(socket, pub_key, key_size);
//@ assert is_bad_private_key_is_public(?proof3, pub, pred);
//@ assert cryptogram(priv_key, key_size, ?priv_key_ccs, ?priv_key_cg);
//@ proof3(priv_key_cg);
//@ public_cryptogram(priv_key, priv_key_cg);
net_send(socket, priv_key, key_size);
//@ open random_state_predicate(havege_state_initialized);
//@ pk_release_context_with_keys(&context);
pk_free(&context);
//@ open pk_context(&context);
//@ pk_release_context_with_key(&context_pub);
pk_free(&context_pub);
//@ open pk_context(&context_pub);
//@ pk_release_context_with_key(&context_priv);
pk_free(&context_priv);
//@ open pk_context(&context_priv);
free(key);
free(pub_key);
free(priv_key);
//@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker);
}
int cCryptoKey::ParsePublic(const void * a_Data, size_t a_NumBytes)
{
ASSERT(!IsValid()); // Cannot parse a second key
return pk_parse_public_key(&m_Pk, (const unsigned char *)a_Data, a_NumBytes);
}