Adds CBMC proof for sign_header #659
Conversation
source/session_encrypt.c
Outdated
| AWS_PRECONDITION(session != NULL); | ||
| AWS_PRECONDITION(aws_allocator_is_valid(session->alloc)); | ||
| AWS_PRECONDITION(aws_cryptosdk_hdr_is_valid(&session->header)); | ||
| AWS_PRECONDITION(aws_cryptosdk_sig_ctx_is_valid(session->signctx)); | ||
| AWS_PRECONDITION(session->state == ST_GEN_KEY); | ||
| AWS_PRECONDITION(session->mode == AWS_CRYPTOSDK_ENCRYPT); |
There was a problem hiding this comment.
Replace it by
AWS_PRECONDITION(aws_cryptosdk_session_is_valid(session));
source/session_encrypt.c
Outdated
| AWS_PRECONDITION(session != NULL); | ||
| AWS_PRECONDITION(aws_allocator_is_valid(session->alloc)); | ||
| AWS_PRECONDITION(aws_cryptosdk_hdr_is_valid(&session->header)); | ||
| AWS_PRECONDITION(session->header.iv.len <= session->alg_props->iv_len); | ||
| AWS_PRECONDITION(session->header.auth_tag.len <= session->alg_props->tag_len); | ||
| AWS_PRECONDITION(aws_cryptosdk_sig_ctx_is_valid(session->signctx)); | ||
| AWS_PRECONDITION(session->state == ST_GEN_KEY); | ||
| AWS_PRECONDITION(session->mode == AWS_CRYPTOSDK_ENCRYPT); |
There was a problem hiding this comment.
We don't need an unique allocator for session to cope with proof complexity, but we should have a validity function for it. Could you group the general checks here into a validity function for aws_cryptosdk_session structures?
There was a problem hiding this comment.
Yes! This has been updated!
source/session_encrypt.c
Outdated
| if (session->header.iv.len) { | ||
| assert(session->header.iv.buffer); | ||
| memset(session->header.iv.buffer, 0x42, session->header.iv.len); | ||
| } | ||
| if (session->header.auth_tag.len) { | ||
| assert(session->header.auth_tag.buffer); | ||
| memset(session->header.auth_tag.buffer, 0xDE, session->header.auth_tag.len); | ||
| } |
There was a problem hiding this comment.
Should we assert or return error? @alex-chew
There was a problem hiding this comment.
Short answer: assert. The condition should always be true, and if not then it's a programming error rather than a user/data error.
Long answer: I think we can actually leave out the assert, since the aws_cryptosdk_hdr_is_valid(&session->header) precondition implies that the session->header.iv and session->header.auth_tag are aws_byte_buf_is_valid, which in turn implies that iv.len implies iv.buffer and likewise for auth_tag. But the assert is valuable as documentation of this intent.
There was a problem hiding this comment.
Digging deeper, it looks like the only callsite of sign_header appears after a successfull call to build_header, which initializes these buffers to have positive length (since all supported algorithm suites use 12- and 16-byte IVs and authentication tag lengths, respectively). So we can change the guards/asserts to preconditions (i.e. byte_buf_is_valid and buf.len > 0 for each of the IV and auth tag).
source/session_encrypt.c
Outdated
| AWS_PRECONDITION(session->header.iv.len <= session->alg_props->iv_len); | ||
| AWS_PRECONDITION(session->header.auth_tag.len <= session->alg_props->tag_len); | ||
| AWS_PRECONDITION(aws_cryptosdk_sig_ctx_is_valid(session->signctx)); |
There was a problem hiding this comment.
Not a blocker, but I'm curious why this is no longer needed?
There was a problem hiding this comment.
Thanks for bringing this up. I will check if the associated assumption in the harness can be removed.
There was a problem hiding this comment.
@alex-chew we have investigated this issue and we have decided to remove the assumption from the harness. Note that the session validator allows session->signctx to be either NULL or valid. To do so, we modified a precondition in EVP_DigestUpdate which we think is too restrictive.
Moreover, we have opened an issue (#685) to remove this type of validators from the code base, since they cannot be mirrored as preconditions.
adpaco-aws
force-pushed
the
sign_header
branch
from
de4cede to
5a4f1cb
Compare
adpaco-aws
force-pushed
the
sign_header
branch
from
5a4f1cb to
0dd0ee0
Compare
|
The last changes include a stub for @feliperodri can you take a look at this stub and let us know what you think? The original function can be found here: aws-encryption-sdk-c/source/header.c Lines 472 to 568 in 6a2ee0e |
| PROOF_SOURCES += $(COMMON_PROOF_STUB)/aws_byte_buf_write_stub.c | ||
| PROOF_SOURCES += $(COMMON_PROOF_STUB)/aws_hash_iter_overrides.c |
There was a problem hiding this comment.
Could you create a GitHub issue to standardize the name of stubs? Some of them use as sufix stub some others use overrides some other use something else... (no a blocker for this PR).
| /* | ||
| * Stub for aws_cryptosdk_hdr_write | ||
| * The original function declares an aws_byte_buf output variable where | ||
| * different components of the header get written, but the actual output | ||
| * of the function is bytes_written. Therefore, we assign a nondet. value | ||
| * to this variable in case of success or zero both outbuf and outlen in | ||
| * case of failure | ||
| */ |
There was a problem hiding this comment.
nit: Suggestion:
/**
* The original aws_cryptosdk_hdr_write function declares an aws_byte_buf
* output variable where different components of the header get written,
* however, the actual output of the function is bytes_written. Therefore,
* we assign a nondeterministic value to bytes_written in case of success
* or zero both outbuf and outlen in case of failure.
*/There was a problem hiding this comment.
The stub looks great. How much gain in performance?
There was a problem hiding this comment.
Thanks! It was ~40min on my dedicated machine before, but only ~10min now 😄
* Split aws_cryptosdk_hdr_parse into smaller functions Resolves #639. * Adds harness, Makefile and yaml for sign_header * Added preconditions to source code and added checks for memcpy * Update Makefile * Remove unneeded empty slot assumption * Use new hdr_setup in harness and fix comment * Added comment about when the object-bits flag is required * Added preconditions of lne of byte bufs * Use CBMC_OBJECT_BITS flag * Make len != 0 check explicit * Use session_setup and aws_session_is_valid * Remove signctx precondition in harness. Weaken precondition in EVPDigestUpdate * Stub out hdr_write. Use default CBMC_OBJECT_BITS value * Remove unwind value for hdr_write * Add and improve documentation Co-authored-by: Alex Chew <[email protected]> Co-authored-by: Alex Chew <[email protected]> Co-authored-by: Adrian Palacios <[email protected]> Co-authored-by: Adrian Palacios <[email protected]>
* Split aws_cryptosdk_hdr_parse into smaller functions Resolves aws#639. * Adds harness, Makefile and yaml for sign_header * Added preconditions to source code and added checks for memcpy * Update Makefile * Remove unneeded empty slot assumption * Use new hdr_setup in harness and fix comment * Added comment about when the object-bits flag is required * Added preconditions of lne of byte bufs * Use CBMC_OBJECT_BITS flag * Make len != 0 check explicit * Use session_setup and aws_session_is_valid * Remove signctx precondition in harness. Weaken precondition in EVPDigestUpdate * Stub out hdr_write. Use default CBMC_OBJECT_BITS value * Remove unwind value for hdr_write * Add and improve documentation Co-authored-by: Alex Chew <[email protected]> Co-authored-by: Alex Chew <[email protected]> Co-authored-by: Adrian Palacios <[email protected]> Co-authored-by: Adrian Palacios <[email protected]>
* Split aws_cryptosdk_hdr_parse into smaller functions Resolves aws#639. * Adds harness, Makefile and yaml for sign_header * Added preconditions to source code and added checks for memcpy * Update Makefile * Remove unneeded empty slot assumption * Use new hdr_setup in harness and fix comment * Added comment about when the object-bits flag is required * Added preconditions of lne of byte bufs * Use CBMC_OBJECT_BITS flag * Make len != 0 check explicit * Use session_setup and aws_session_is_valid * Remove signctx precondition in harness. Weaken precondition in EVPDigestUpdate * Stub out hdr_write. Use default CBMC_OBJECT_BITS value * Remove unwind value for hdr_write * Add and improve documentation Co-authored-by: Alex Chew <[email protected]> Co-authored-by: Alex Chew <[email protected]> Co-authored-by: Adrian Palacios <[email protected]> Co-authored-by: Adrian Palacios <[email protected]>
* Split aws_cryptosdk_hdr_parse into smaller functions Resolves aws#639. * Adds harness, Makefile and yaml for sign_header * Added preconditions to source code and added checks for memcpy * Update Makefile * Remove unneeded empty slot assumption * Use new hdr_setup in harness and fix comment * Added comment about when the object-bits flag is required * Added preconditions of lne of byte bufs * Use CBMC_OBJECT_BITS flag * Make len != 0 check explicit * Use session_setup and aws_session_is_valid * Remove signctx precondition in harness. Weaken precondition in EVPDigestUpdate * Stub out hdr_write. Use default CBMC_OBJECT_BITS value * Remove unwind value for hdr_write * Add and improve documentation Co-authored-by: Alex Chew <[email protected]> Co-authored-by: Alex Chew <[email protected]> Co-authored-by: Adrian Palacios <[email protected]> Co-authored-by: Adrian Palacios <[email protected]>
* Split aws_cryptosdk_hdr_parse into smaller functions Resolves aws#639. * Adds harness, Makefile and yaml for sign_header * Added preconditions to source code and added checks for memcpy * Update Makefile * Remove unneeded empty slot assumption * Use new hdr_setup in harness and fix comment * Added comment about when the object-bits flag is required * Added preconditions of lne of byte bufs * Use CBMC_OBJECT_BITS flag * Make len != 0 check explicit * Use session_setup and aws_session_is_valid * Remove signctx precondition in harness. Weaken precondition in EVPDigestUpdate * Stub out hdr_write. Use default CBMC_OBJECT_BITS value * Remove unwind value for hdr_write * Add and improve documentation Co-authored-by: Alex Chew <[email protected]> Co-authored-by: Alex Chew <[email protected]> Co-authored-by: Adrian Palacios <[email protected]> Co-authored-by: Adrian Palacios <[email protected]>
* Split aws_cryptosdk_hdr_parse into smaller functions Resolves #639. * Adds harness, Makefile and yaml for sign_header * Added preconditions to source code and added checks for memcpy * Update Makefile * Remove unneeded empty slot assumption * Use new hdr_setup in harness and fix comment * Added comment about when the object-bits flag is required * Added preconditions of lne of byte bufs * Use CBMC_OBJECT_BITS flag * Make len != 0 check explicit * Use session_setup and aws_session_is_valid * Remove signctx precondition in harness. Weaken precondition in EVPDigestUpdate * Stub out hdr_write. Use default CBMC_OBJECT_BITS value * Remove unwind value for hdr_write * Add and improve documentation Co-authored-by: Alex Chew <[email protected]> Co-authored-by: Alex Chew <[email protected]> Co-authored-by: Adrian Palacios <[email protected]> Co-authored-by: Adrian Palacios <[email protected]>
Adds harness, Makefile and yaml for sign_header.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Check any applicable: