void send_keys(struct network_status *net_stat, struct keypair *keypair) /*@ requires [?f0]world(?pub, ?key_clsfy) &*& keypair(keypair, ?attacker_id, ?id, ?info, pub) &*& proof_obligations(pub) &*& network_status(net_stat) &*& principal(attacker_id, ?count1) &*& true == bad(attacker_id); @*/ /*@ ensures [f0]world(pub, key_clsfy) &*& keypair(keypair, attacker_id, id, info, pub) &*& proof_obligations(pub) &*& network_status(net_stat) &*& principal(attacker_id, ?count2); @*/ { //@ close key_request(attacker_id, 0); struct item *key_sym = create_symmetric_key(); struct item *key_priv = keypair_get_private_key(keypair); struct item *key_pub = keypair_get_public_key(keypair); //@ assert item(key_sym, ?k_sym, pub); //@ assert item(key_pub, ?k_pub, pub); //@ assert item(key_priv, ?k_priv, pub); //@ open proof_obligations(pub); //@ assert is_public_symmetric_key(?proof_sym, pub); //@ assert is_public_public_key(?proof_pub, pub); //@ assert is_public_private_key(?proof_priv, pub); //@ proof_sym(k_sym); //@ proof_pub(k_pub); //@ proof_priv(k_priv); //@ close proof_obligations(pub); network_send(net_stat, key_sym); network_send(net_stat, key_pub); network_send(net_stat, key_priv); item_free(key_sym); item_free(key_pub); item_free(key_priv); }
int main() //@ : main_full(main_app) //@ requires module(main_app, true); //@ ensures true; { struct keypair *apair; struct keypair *pair; struct item *key; struct item *pub_key; struct item *priv_key; printf("\n\tExecuting \""); printf("auth secure_storage"); printf("protocol"); printf("\" ... \n\n"); //@ open_module(); //@ PACK_PROOF_OBLIGATIONS(ss_auth) init_crypto_lib(); int attacker = create_principal(&apair); //@ assume (bad(attacker)); int sender = create_principal(&pair); pub_key = keypair_get_public_key(pair); priv_key = keypair_get_private_key(pair); keypair_free(pair); void *null = (void *) 0; //@ leak world(ss_auth_pub); { pthread_t a_thread; struct ss_auth_args *args = malloc(sizeof(struct ss_auth_args)); if (args == 0) abort(); args->attacker = attacker; args->keypair = apair; //@ close pthread_run_pre(attacker_t)(args, _); pthread_create(&a_thread, NULL, &attacker_t, args); } int i = 0; #ifdef EXECUTE while (i++ < 10) #else while (true) #endif /*@ invariant [_]world(ss_auth_pub) &*& generated_values(_, _) &*& item(pub_key, public_key_item(sender, _), ss_auth_pub) &*& item(priv_key, private_key_item(sender, _), ss_auth_pub); @*/ { pthread_t s_thread, r_thread; struct ss_auth_args *args_s = malloc(sizeof(struct ss_auth_args)); if (args_s == 0) abort(); struct ss_auth_args *args_r = malloc(sizeof(struct ss_auth_args)); if (args_r == 0) abort(); args_s->key = priv_key; args_r->key = pub_key; { /*@ close pthread_run_pre(sender_t)(args_s, cons(pointer_value(priv_key), cons(int_value(sender), nil))); @*/ pthread_create(&s_thread, null, &sender_t, args_s); /*@ close pthread_run_pre(receiver_t)(args_r, cons(pointer_value(pub_key), cons(int_value(sender), nil))); @*/ pthread_create(&r_thread, null, &receiver_t, args_r); } { pthread_join(r_thread, null); //@ open pthread_run_post(receiver_t)(args_r, _); pthread_join(s_thread, null); //@ open pthread_run_post(sender_t)(args_s, _); } free(args_s); free(args_r); } //@ close_module(); //@ leak module(main_app, _); printf("Done\n"); }