void attacker_send_random(havege_state *havege_state, void* socket) //@ requires attacker_invariant(?pub, ?pred, ?kc, havege_state, socket, ?attacker); //@ ensures attacker_invariant(pub, pred, kc, havege_state, socket, attacker); { int temp; int size; char buffer[MAX_MESSAGE_SIZE]; //@ open attacker_invariant(pub, pred, kc, havege_state, socket, attacker); //@ close_havege_util(pub, pred, attacker); r_int_with_bounds(havege_state, &temp, MIN_RANDOM_SIZE, MAX_MESSAGE_SIZE); size = temp; r_int_with_bounds(havege_state, &temp, 0, INT_MAX); //@ open_havege_util(pub, pred, attacker); //@ close random_request(attacker, temp, false); if (havege_random(havege_state, buffer, (unsigned int) size) == 0) { //@ assert cryptogram(buffer, size, ?ccs, ?cg); //@ assert is_bad_nonce_is_public(?proof, pub, pred); //@ proof(cg); //@ public_cryptogram(buffer, cg); net_send(socket, buffer, (unsigned int) size); } //@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker); }
void attacker_send_split(havege_state *havege_state, void* socket) //@ requires attacker_invariant(?pub, ?pred, ?kc, havege_state, socket, ?attacker); //@ ensures attacker_invariant(pub, pred, kc, havege_state, socket, attacker); { int temp; int size1; int size2; char buffer[MAX_MESSAGE_SIZE]; //@ open attacker_invariant(pub, pred, kc, havege_state, socket, attacker); size1 = net_recv(socket, buffer, MAX_MESSAGE_SIZE); if (size1 <= 0) { //@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker); return; } //@ assert chars(buffer, size1, ?cs); //@ close_havege_util(pub, pred, attacker); r_int_with_bounds(havege_state, &temp, 0, size1); //@ open_havege_util(pub, pred, attacker); size2 = temp; net_send(socket, buffer, (unsigned int) (size2)); net_send(socket, (void*) buffer + size2, (unsigned int) (size1 - size2)); //@ chars_join(buffer); //@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker); }
void attacker_send_data(havege_state *havege_state, void* socket) //@ requires attacker_invariant(?pub, ?pred, ?kc, havege_state, socket, ?attacker); //@ ensures attacker_invariant(pub, pred, kc, havege_state, socket, attacker); { int temp; int size; char buffer[MAX_MESSAGE_SIZE]; //@ open attacker_invariant(pub, pred, kc, havege_state, socket, attacker); //@ close_havege_util(pub, pred, attacker); r_int_with_bounds(havege_state, &temp, 1, MAX_MESSAGE_SIZE); //@ open_havege_util(pub, pred, attacker); size = temp; //@ chars_split(buffer, size); net_send(socket, buffer, (unsigned int) size); //@ close attacker_invariant(pub, pred, kc, havege_state, socket, attacker); }
int main() //@ : main //@ requires true; //@ ensures true; { pthread_t a_thread; havege_state havege_state; int* principals = malloc(sizeof(int)); if (principals == 0) abort(); *principals = 0; printf("\n\tExecuting \""); printf("secure_storage"); printf(" protocol"); printf("\" ... \n\n"); //@ PACK_PROOF_OBLIGATIONS(ss) //@ close exists(ss_polarssl_pub); //@ polarssl_init(); //@ int sender = polarssl_create_principal(); (*principals)++; //@ int receiver = polarssl_create_principal(); (*principals)++; //@ close havege_state(&havege_state); havege_init(&havege_state); //@ close pthread_run_pre(attacker_t)(principals, _); pthread_create(&a_thread, NULL, &attacker_t, principals); int i = 0; #ifdef EXECUTE while (i++ < 10) #else while (true) #endif /*@ invariant [2/3]polarssl_world(ss_polarssl_pub) &*& havege_state_initialized(&havege_state) &*& polarssl_generated_values(sender, ?count_s); @*/ { char* key; char* message; int temp; int message_len; //@ close random_request(sender, 0, true); key = malloc(KEY_BYTE_SIZE); if (key == 0) abort(); if (havege_random(&havege_state, key, KEY_BYTE_SIZE) != 0) abort(); r_int_with_bounds(&havege_state, &temp, POLARSSL_MIN_HMAC_INPUT_BYTE_SIZE, POLARSSL_MAX_MESSAGE_BYTE_SIZE - 65); message_len = temp; message = malloc(message_len); if (message == 0) abort(); //@ assert chars(message, message_len, ?msg_cs); //@ polarssl_public_generated_chars_assume(ss_polarssl_pub, msg_cs); { pthread_t s_thread, r_thread; struct ss_args s_args; struct ss_args r_args; /*@ open polarssl_cryptogram(key, KEY_BYTE_SIZE, ?key_cs, polarssl_symmetric_key(sender, count_s + 1)); @*/ //@ assert chars(key, KEY_BYTE_SIZE, ?cs_key); s_args.key_len = KEY_BYTE_SIZE; s_args.key = key; s_args.message_len = message_len; s_args.message = malloc(message_len); if (s_args.message == 0) abort(); memcpy(s_args.message, message, (unsigned int) message_len); /*@ close polarssl_public_message(ss_polarssl_pub) (s_args.message, message_len, msg_cs); @*/ r_args.key_len = KEY_BYTE_SIZE; r_args.key = key; /*@ close polarssl_cryptogram(key, KEY_BYTE_SIZE, key_cs, polarssl_symmetric_key(sender, count_s + 1)); @*/ //@ assume (app_send_event(sender, msg_cs)); //@ close pthread_run_pre(sender_t)(&s_args, _); pthread_create(&s_thread, NULL, &sender_t, &s_args); //@ close pthread_run_pre(receiver_t)(&r_args, _); pthread_create(&r_thread, NULL, &receiver_t, &r_args); pthread_join(s_thread, NULL); //@ open pthread_run_post(sender_t)(&s_args, _); pthread_join(r_thread, NULL); //@ open pthread_run_post(receiver_t)(&r_args, _); /*@ open polarssl_public_message(ss_polarssl_pub) (s_args.message, _, ?s_cs); @*/ //@ assert true == app_send_event(sender, s_cs); free(s_args.message); /*@ open polarssl_public_message(ss_polarssl_pub) (r_args.message, _, ?r_cs); @*/ /*@ if (!bad(sender)) { assert true == app_send_event(sender, r_cs); } @*/ free(r_args.message); //@ open [1/2]polarssl_cryptogram(key, _, _, _); //@ open [1/2]polarssl_cryptogram(key, _, _, _); } free(key); free(message); } //@ havege_exit(&havege_state); //@ open havege_state(&havege_state); //@ destroy_polarssl_principal(sender); //@ destroy_polarssl_principal(receiver); printf("Done\n"); //@ leak malloc_block_ints(principals, 1); //@ leak [_]polarssl_world(_); return 0; }