RTOS/SDK_STM32F302x
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[修改] 增加freeRTOS

Browse Source 
1. 版本FreeRTOSv202212.01,命名为kernel;
This commit is contained in:
gaoyang3513
2023-05-06 16:43:01 +00:00
commit a345df017b
20944 changed files with 11094377 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
kernel/FreeRTOS-Plus/Source/corePKCS11/test/CMakeLists.txt Normal file
View File

@ -0,0 +1,74 @@
cmake_minimum_required(VERSION 3.13.0)
project("corePKCS11 tests" LANGUAGES C)
# Allow the project to be organized into folders.
set_property(GLOBAL PROPERTY USE_FOLDERS ON)
set_directory_properties(PROPERTIES EP_PREFIX "${CMAKE_BINARY_DIR}/_deps")
# Do not allow in-source build.
if(${PROJECT_SOURCE_DIR} STREQUAL ${PROJECT_BINARY_DIR})
message(
FATAL_ERROR
"In-source build is not allowed. Please build in a separate directory, such as ${PROJECT_SOURCE_DIR}/build."
)
endif()
# Set global path variables.
get_filename_component(__MODULE_ROOT_DIR "${CMAKE_CURRENT_LIST_DIR}/.." ABSOLUTE)
set(MODULE_ROOT_DIR ${__MODULE_ROOT_DIR} CACHE INTERNAL "corePKCS11 repository root.")
option(SYSTEM_TESTS "Set this to ON to build system tests" ON)
option(UNIT_TESTS "Set this to ON to build unit tests" ON)
# Set output directories.
set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin)
set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib)
set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib)
include(${MODULE_ROOT_DIR}/tools/mbedtls.cmake)
include(${MODULE_ROOT_DIR}/tools/unity.cmake)
include(${MODULE_ROOT_DIR}/tools/cmock.cmake)
# ========================================
# Test Configuration
# ========================================
# Define a CMock resource path.
set(CMOCK_DIR ${MODULE_ROOT_DIR}/test/unit-test/CMock CACHE INTERNAL
"CMock library source directory."
)
# Use CTest utility for managing test runs. This has to be added BEFORE defining test targets with
# add_test()
enable_testing()
if(UNIT_TESTS)
add_subdirectory(pkcs11_mbedtls_utest)
add_subdirectory(pkcs11_utils_utest)
add_subdirectory(wrapper_utest)
endif()
if(SYSTEM_TESTS)
add_subdirectory(mbedtls_integration)
endif()
add_subdirectory(coverity_analysis)
# ========================================
# Coverage Analysis configuration
# ========================================
# Add a target for running coverage on tests.
add_custom_target(
coverage
COMMAND ${CMAKE_COMMAND} -P ${MODULE_ROOT_DIR}/tools/cmock/coverage.cmake
DEPENDS cmock
unity
$<$<TARGET_EXISTS:core_pkcs11_mbedtls_utest>:core_pkcs11_mbedtls_utest>
$<$<TARGET_EXISTS:pkcs11_wrapper_utest>:pkcs11_wrapper_utest>
$<$<TARGET_EXISTS:pkcs11_utils_utest>:pkcs11_utils_utest>
$<$<TARGET_EXISTS:integration_mbedtls_2>:integration_mbedtls_2>
$<$<TARGET_EXISTS:integration_mbedtls_3>:integration_mbedtls_3>
WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
)

24
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/.gitignore vendored Normal file
View File

@ -0,0 +1,24 @@
# Emitted when running CBMC proofs
proofs/**/logs
proofs/**/gotos
proofs/**/report
proofs/**/html
proofs/output
# Emitted by CBMC Viewer
TAGS-*
# Emitted by Arpa
arpa_cmake/
arpa-validation-logs/
Makefile.arpa
# Emitted by litani
.ninja_deps
.ninja_log
.litani_cache_dir
# These files should be overwritten whenever prepare.py runs
cbmc-batch.yaml
__pycache__/

6
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/include/README.md Normal file
View File

@ -0,0 +1,6 @@
CBMC proof include files
========================
This directory contains include files written for CBMC proof. It is
common to write some code to model aspects of the system under test,
and the header files for this code go here.

173
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/include/core_pkcs11_config.h Normal file
View File

@ -0,0 +1,173 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file aws_pkcs11_config.h
* @brief PCKS#11 config options.
*/
#ifndef _AWS_PKCS11_CONFIG_H_
#define _AWS_PKCS11_CONFIG_H_
/*
* @brief define away log macros.
*/
#ifndef LogError
#define LogError( message )
#endif
#ifndef LogWarn
#define LogWarn( message )
#endif
#ifndef LogInfo
#define LogInfo( message )
#endif
#ifndef LogDebug
#define LogDebug( message )
#endif
/**
* @brief Malloc API used by core_pkcs11.h
*/
#define pkcs11configPKCS11_MALLOC malloc
/**
* @brief Free API used by core_pkcs11.h
*/
#define pkcs11configPKCS11_FREE free
/**
* @brief PKCS #11 default user PIN.
*
* The PKCS #11 standard specifies the presence of a user PIN. That feature is
* sensible for applications that have an interactive user interface and memory
* protections. However, since typical microcontroller applications lack one or
* both of those, the user PIN is assumed to be used herein for interoperability
* purposes only, and not as a security feature.
*/
#define pkcs11configPKCS11_DEFAULT_USER_PIN "0000"
/**
* @brief Maximum length (in characters) for a PKCS #11 CKA_LABEL
* attribute.
*/
#define pkcs11configMAX_LABEL_LENGTH 32
/**
* @brief Maximum number of token objects that can be stored
* by the PKCS #11 module.
*/
#define pkcs11configMAX_NUM_OBJECTS 1
/**
* @brief Maximum number of sessions that can be stored
* by the PKCS #11 module.
*/
#define pkcs11configMAX_SESSIONS 2
/**
* @brief Set to 1 if OTA image verification via PKCS #11 module is supported.
*
* If set to 0, OTA code signing certificate is built in via
* aws_ota_codesigner_certificate.h.
*/
#define pkcs11configOTA_SUPPORTED 0
/**
* @brief Set to 1 if PAL supports storage for JITP certificate,
* code verify certificate, and trusted server root certificate.
*
* If set to 0, PAL does not support storage mechanism for these, and
* they are accessed via headers compiled into the code.
*/
#define pkcs11configJITP_CODEVERIFY_ROOT_CERT_SUPPORTED 0
/**
* @brief The PKCS #11 label for device private key.
*
* Private key for connection to AWS IoT endpoint. The corresponding
* public key should be registered with the AWS IoT endpoint.
*/
#define pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS "Device Priv TLS Key"
/**
* @brief The PKCS #11 label for device public key.
*
* The public key corresponding to pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS.
*/
#define pkcs11configLABEL_DEVICE_PUBLIC_KEY_FOR_TLS "Device Pub TLS Key"
/**
* @brief The PKCS #11 label for the device certificate.
*
* Device certificate corresponding to pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS.
*/
#define pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS "Device Cert"
/**
* @brief The PKCS #11 label for the object to be used for code verification.
*
* Used by over-the-air update code to verify an incoming signed image.
*/
#define pkcs11configLABEL_CODE_VERIFICATION_KEY "Code Verify Key"
/**
* @brief The PKCS #11 label for a claim certificate useful for provisioning with
* Fleet Provisioning feature of AWS IoT Core through the "Provisioning by Claim" workflow.
*
* For more information on Fleet Provisioning, refer to this
* [AWS document](https://docs.aws.amazon.com/iot/latest/developerguide/provision-wo-cert.html)
*/
#define pkcs11configLABEL_CLAIM_CERTIFICATE "Claim Cert"
/**
* @brief The PKCS #11 label for a claim private key useful for provisioning with
* Fleet Provisioning feature of AWS IoT Core through the "Provisioning by Claim" workflow.
*
* For more information on Fleet Provisioning, refer to this
* [AWS document](https://docs.aws.amazon.com/iot/latest/developerguide/provision-wo-cert.html)
*/
#define pkcs11configLABEL_CLAIM_PRIVATE_KEY "Claim Key"
/**
* @brief The PKCS #11 label for Just-In-Time-Provisioning.
*
* The certificate corresponding to the issuer of the device certificate
* (pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS) when using the JITR or
* JITP flow.
*/
#define pkcs11configLABEL_JITP_CERTIFICATE "JITP Cert"
/**
* @brief The PKCS #11 label for the AWS Trusted Root Certificate.
*
* @see aws_default_root_certificates.h
*/
#define pkcs11configLABEL_ROOT_CERTIFICATE "Root Cert"
#endif /* _AWS_PKCS11_CONFIG_H_ include guard. */

3363
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/include/mbedtls_config.h Normal file
View File

File diff suppressed because it is too large Load Diff

37
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/include/pkcs11_interface_stubs.h Normal file
View File

@ -0,0 +1,37 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file pkcs11_interface_stubs.h
* @brief Stubs to mock calls to PKCS #11.
*/
#ifndef __PKCS11_INTERFACE_STUBS_H_
#define __PKCS11_INTERFACE_STUBS_H_
#include "pkcs11.h"
CK_RV C_GetFunctionList( CK_FUNCTION_LIST_PTR_PTR ppFunctionList );
#endif

61
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_CloseSession/C_CloseSession_harness.c Normal file
View File

@ -0,0 +1,61 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_CloseSession_harness.c
* @brief Implements the proof harness for C_CloseSession function.
*/
#include <stddef.h>
#include "core_pkcs11.h"
#include "core_pkcs11_config.h"
void harness()
{
CK_RV xResult;
CK_FLAGS xFlags;
CK_SESSION_HANDLE * pxSession = malloc( sizeof( CK_SESSION_HANDLE ) );
/* Cover the case when the corePKCS11 module is not already initialized. */
if( pxSession != NULL )
{
( void ) C_CloseSession( *pxSession );
}
xResult = C_Initialize( NULL );
__CPROVER_assume( xResult == CKR_OK );
xResult = C_OpenSession( 0, xFlags, NULL, 0, pxSession );
if( xResult == CKR_OK )
{
__CPROVER_assert( *pxSession > CK_INVALID_HANDLE && *pxSession <= pkcs11configMAX_SESSIONS, "For the C_OpenSession result to "
"be CKR_OK, we expect the session handle to be a valid value." );
}
if( pxSession != NULL )
{
( void ) C_CloseSession( *pxSession );
}
}

26
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_CloseSession/Makefile Normal file
View File

@ -0,0 +1,26 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_CloseSession_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_CloseSession
DEFINES +=
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
REMOVE_FUNCTION_BODY += C_Finalize
REMOVE_FUNCTION_BODY += C_GetFunctionList
REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_free
REMOVE_FUNCTION_BODY += mbedtls_entropy_free
UNWINDSET +=
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_CloseSession/README.md Normal file
View File

@ -0,0 +1,20 @@
C_CloseSession proof
==============
This directory contains a memory safety proof for C_CloseSession.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_CloseSession/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

7
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_CloseSession/cbmc-viewer.json Normal file
View File

@ -0,0 +1,7 @@
{ "expected-missing-functions":
[
],
"proof-name": "C_CloseSession",
"proof-root": "test/cbmc/proofs"
}

97
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_CreateObject/C_CreateObject_harness.c Normal file
View File

@ -0,0 +1,97 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_CreateObject_harness.c
* @brief Implements the proof harness for C_CreateObject function.
*/
#include <stddef.h>
#include "mbedtls/sha256.h"
#include "mbedtls/pk.h"
#include "mbedtls/cmac.h"
#include "core_pkcs11_config.h"
#include "core_pkcs11.h"
/* Internal struct for corePKCS11 mbed TLS implementation, but we don't really care what it contains
* in this proof.
*
* It is just copied over from "core_pkcs11_mbedtls.c" so the structure is correct.
*/
typedef struct P11Session
{
CK_ULONG ulState;
CK_BBOOL xOpened;
CK_MECHANISM_TYPE xOperationDigestMechanism;
CK_BYTE * pxFindObjectLabel;
CK_ULONG xFindObjectLabelLen;
CK_MECHANISM_TYPE xOperationVerifyMechanism;
mbedtls_threading_mutex_t xVerifyMutex;
CK_OBJECT_HANDLE xVerifyKeyHandle;
mbedtls_pk_context xVerifyKey;
CK_MECHANISM_TYPE xOperationSignMechanism;
mbedtls_threading_mutex_t xSignMutex;
CK_OBJECT_HANDLE xSignKeyHandle;
mbedtls_pk_context xSignKey;
mbedtls_sha256_context xSHA256Context;
CK_OBJECT_HANDLE xHMACKeyHandle;
mbedtls_md_context_t xHMACSecretContext;
CK_OBJECT_HANDLE xCMACKeyHandle;
mbedtls_cipher_context_t xCMACSecretContext;
} P11Session_t;
CK_RV __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCheckValidSessionAndModule( const P11Session_t * pxSession )
{
CK_RV xResult;
__CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
return xResult;
}
void harness()
{
CK_RV xResult;
CK_OBJECT_HANDLE * pxObject = malloc( sizeof( CK_OBJECT_HANDLE ) );
CK_SESSION_HANDLE xSession;
CK_ULONG ulCount;
__CPROVER_assume( ulCount < TEMPLATE_SIZE );
CK_ATTRIBUTE_PTR xTemplate = malloc( sizeof( CK_ATTRIBUTE ) * ulCount );
if( xTemplate != NULL )
{
for( int i = 0; i < ulCount; i++ )
{
xTemplate[ i ].pValue = malloc( xTemplate[ i ].ulValueLen );
__CPROVER_assume( xTemplate[ i ].pValue != NULL );
}
}
__CPROVER_assume( xSession > CK_INVALID_HANDLE && xSession <= pkcs11configMAX_SESSIONS );
( void ) C_CreateObject( xSession,
( CK_ATTRIBUTE_PTR ) xTemplate,
ulCount,
pxObject );
}

65
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_CreateObject/Makefile Normal file
View File

@ -0,0 +1,65 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_CreateObject_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_CreateObject
# TEMPLATE_SIZE is bounded to reduce proof run time. A user can have an
# arbitrarily large template size, but our library generally only cares about
# some attributes. Memory safety can be proven within a reasonable bound
# past what our stack cares about. It adds not value to the proof to input the
# largest possible template of the maximum CK_ULONG size.
#
# Not recommended to increase this size, will lead to long proof times, with no
# more increase in coverage.
TEMPLATE_SIZE=6
# Defined in `core_pkcs11_config.h`
MAX_LABEL_SIZE=32
# Defined in `core_pkcs11_config.h`
# Should be one more than the total number of objects in the PKCS stack.
MAX_OBJECT_NUM=2
DEFINES += -DTEMPLATE_SIZE=$(TEMPLATE_SIZE)
DEFINES += -DTEMPLATE_ATTRIBUTE_MAX_SIZE=$(TEMPLATE_ATTRIBUTE_MAX_SIZE)
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
REMOVE_FUNCTION_BODY += C_Initialize
REMOVE_FUNCTION_BODY += C_Finalize
REMOVE_FUNCTION_BODY += C_GetFunctionList
REMOVE_FUNCTION_BODY += PKCS11_PAL_Initialize
REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_free
REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_init
REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_seed
REMOVE_FUNCTION_BODY += mbedtls_entropy_free
REMOVE_FUNCTION_BODY += mbedtls_entropy_init
REMOVE_FUNCTION_BODY += threading_mutex_free
REMOVE_FUNCTION_BODY += threading_mutex_init
REMOVE_FUNCTION_BODY += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvMbedTLS_Initialize
UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCreateCertificate.0:$(TEMPLATE_SIZE)
UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvGetKeyType.0:$(TEMPLATE_SIZE)
UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvGetObjectClass.0:$(TEMPLATE_SIZE)
UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCreateECKey.0:$(TEMPLATE_SIZE)
UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvGetLabel.0:$(TEMPLATE_SIZE)
UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCreateRsaKey.0:$(TEMPLATE_SIZE)
UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCreateSHA256HMAC.0:$(TEMPLATE_SIZE)
UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCreateAESCMAC.0:$(TEMPLATE_SIZE)
UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvAddObjectToList.0:$(MAX_OBJECT_NUM)
UNWINDSET += harness.0:$(TEMPLATE_SIZE)
UNWINDSET += memcmp.0:$(MAX_LABEL_SIZE)
UNWINDSET += strncmp.0:$(MAX_LABEL_SIZE)
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_CreateObject/README.md Normal file
View File

@ -0,0 +1,20 @@
C_CreateObject proof
==============
This directory contains a memory safety proof for C_CreateObject.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_CreateObject/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

7
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_CreateObject/cbmc-viewer.json Normal file
View File

@ -0,0 +1,7 @@
{ "expected-missing-functions":
[
],
"proof-name": "C_CreateObject",
"proof-root": "test/cbmc/proofs"
}

106
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DestroyObject/C_DestroyObject_harness.c Normal file
View File

@ -0,0 +1,106 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_DestroyObject_harness.c
* @brief Implements the proof harness for C_DestroyObject function.
*/
#include "mbedtls/ecp.h"
#include "mbedtls/oid.h"
#include "mbedtls/sha256.h"
#include "mbedtls/pk.h"
#include "mbedtls/cmac.h"
#include "core_pkcs11_config.h"
#include "core_pkcs11.h"
/* Internal struct for corePKCS11 mbed TLS implementation, but we don't really care what it contains
* in this proof.
*
* It is just copied over from "core_pkcs11_mbedtls.c" so the structure is correct.
*/
typedef struct P11Session
{
CK_ULONG ulState;
CK_BBOOL xOpened;
CK_MECHANISM_TYPE xOperationDigestMechanism;
CK_BYTE * pxFindObjectLabel;
CK_ULONG xFindObjectLabelLen;
CK_MECHANISM_TYPE xOperationVerifyMechanism;
mbedtls_threading_mutex_t xVerifyMutex;
CK_OBJECT_HANDLE xVerifyKeyHandle;
mbedtls_pk_context xVerifyKey;
CK_MECHANISM_TYPE xOperationSignMechanism;
mbedtls_threading_mutex_t xSignMutex;
CK_OBJECT_HANDLE xSignKeyHandle;
mbedtls_pk_context xSignKey;
mbedtls_sha256_context xSHA256Context;
CK_OBJECT_HANDLE xHMACKeyHandle;
mbedtls_md_context_t xHMACSecretContext;
CK_OBJECT_HANDLE xCMACKeyHandle;
mbedtls_cipher_context_t xCMACSecretContext;
} P11Session_t;
CK_RV __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCheckValidSessionAndModule( const P11Session_t * pxSession )
{
CK_RV xResult;
__CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
return xResult;
}
void __CPROVER_file_local_core_pkcs11_mbedtls_c_prvFindObjectInListByHandle( CK_OBJECT_HANDLE xAppHandle,
CK_OBJECT_HANDLE_PTR pxPalHandle,
CK_BYTE_PTR * ppcLabel,
CK_ULONG_PTR pxLabelLength )
{
CK_OBJECT_HANDLE handle;
CK_ULONG xLen;
__CPROVER_assert( pxPalHandle != NULL, "ppcLabel was NULL." );
__CPROVER_assert( ppcLabel != NULL, "ppcLabel was NULL." );
__CPROVER_assert( pxLabelLength != NULL, "ppcLabel was NULL." );
__CPROVER_assume( handle < MAX_OBJECT_NUM );
*pxPalHandle = handle;
*ppcLabel = malloc( xLen );
*pxLabelLength = xLen;
}
void harness()
{
CK_SESSION_HANDLE hSession;
CK_OBJECT_HANDLE hObject;
CK_RV xResult;
/* We need to populate the PKCS module with mutexes. Rather than stubbing out
* some critical paths, we can just initialize the module.
*/
xResult = C_Initialize( NULL );
__CPROVER_assume( xResult == CKR_OK );
__CPROVER_assume( ( hSession > CK_INVALID_HANDLE ) &&
( hSession <= pkcs11configMAX_SESSIONS ) );
( void ) C_DestroyObject( hSession, hObject );
}

38
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DestroyObject/Makefile Normal file
View File

@ -0,0 +1,38 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_DestroyObject_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_DestroyObject
# Defined in `core_pkcs11_config.h`
MAX_OBJECT_NUM=2
# Defined in `core_pkcs11_config.h`
MAX_LABEL_SIZE=32
DEFINES += -DMAX_OBJECT_NUM=$(MAX_OBJECT_NUM)
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
REMOVE_FUNCTION_BODY += C_Finalize
REMOVE_FUNCTION_BODY += C_GetFunctionList
# Same as max label size in the core_pkcs11_config.h
UNWINDSET += strncmp.0:$(MAX_LABEL_SIZE)
UNWINDSET += strlen.0:$(MAX_LABEL_SIZE)
UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvFindObjectInListByLabel.0:$(MAX_OBJECT_NUM)
UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvDeleteObjectFromList.0:$(MAX_OBJECT_NUM)
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DestroyObject/README.md Normal file
View File

@ -0,0 +1,20 @@
C_DestroyObject proof
==============
This directory contains a memory safety proof for C_DestroyObject.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DestroyObject/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

7
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DestroyObject/cbmc-viewer.json Normal file
View File

@ -0,0 +1,7 @@
{ "expected-missing-functions":
[
],
"proof-name": "C_DestroyObject",
"proof-root": "test/cbmc/proofs"
}

100
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DigestFinal/C_DigestFinal_harness.c Normal file
View File

@ -0,0 +1,100 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_DigestFinal_harness.c
* @brief Implements the proof harness for C_DigestFinal function.
*/
#include "mbedtls/pk.h"
#include "mbedtls/sha256.h"
#include "mbedtls/cmac.h"
#include "core_pkcs11_config.h"
#include "core_pkcs11.h"
/* Internal struct for corePKCS11 mbed TLS implementation, but we don't really care what it contains
* in this proof.
*
* It is just copied over from "core_pkcs11_mbedtls.c" so the structure is correct.
*/
typedef struct P11Session
{
CK_ULONG ulState;
CK_BBOOL xOpened;
CK_MECHANISM_TYPE xOperationDigestMechanism;
CK_BYTE * pxFindObjectLabel;
CK_ULONG xFindObjectLabelLen;
CK_MECHANISM_TYPE xOperationVerifyMechanism;
mbedtls_threading_mutex_t xVerifyMutex;
CK_OBJECT_HANDLE xVerifyKeyHandle;
mbedtls_pk_context xVerifyKey;
CK_MECHANISM_TYPE xOperationSignMechanism;
mbedtls_threading_mutex_t xSignMutex;
CK_OBJECT_HANDLE xSignKeyHandle;
mbedtls_pk_context xSignKey;
mbedtls_sha256_context xSHA256Context;
CK_OBJECT_HANDLE xHMACKeyHandle;
mbedtls_md_context_t xHMACSecretContext;
CK_OBJECT_HANDLE xCMACKeyHandle;
mbedtls_cipher_context_t xCMACSecretContext;
} P11Session_t;
CK_RV __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCheckValidSessionAndModule( P11Session_t * pxSession )
{
CK_RV xResult;
__CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
pxSession->xOperationDigestMechanism = nondet_bool() ? CKM_SHA256 : CKM_SHA224;
return xResult;
}
CK_BBOOL __CPROVER_file_local_core_pkcs11_mbedtls_c_prvOperationActive( const P11Session_t * pxSession )
{
CK_RV xResult;
__CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
return xResult;
}
void harness()
{
CK_SESSION_HANDLE hSession;
CK_ULONG * pulPartLen = malloc( sizeof( CK_ULONG ) );
CK_RV xResult;
CK_BYTE_PTR pPart;
if( pulPartLen != NULL )
{
pPart = malloc( *pulPartLen );
}
__CPROVER_assume( hSession > CK_INVALID_HANDLE && hSession <= pkcs11configMAX_SESSIONS );
xResult = C_DigestFinal( hSession, pPart, pulPartLen );
if( ( ( xResult == CKR_OK ) && ( pulPartLen != NULL ) ) )
{
__CPROVER_assert( *pulPartLen == 32, "Since we only do SHA-256 we expect "
"the output buffer to always be 32 bytes." );
}
}

22
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DigestFinal/Makefile Normal file
View File

@ -0,0 +1,22 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_DigestFinal_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_DigestFinal
DEFINES +=
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
REMOVE_FUNCTION_BODY +=
UNWINDSET +=
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DigestFinal/README.md Normal file
View File

@ -0,0 +1,20 @@
C_DigestFinal proof
==============
This directory contains a memory safety proof for C_DigestFinal.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DigestFinal/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

7
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DigestFinal/cbmc-viewer.json Normal file
View File

@ -0,0 +1,7 @@
{ "expected-missing-functions":
[
],
"proof-name": "C_DigestFinal",
"proof-root": "test/cbmc/proofs"
}

82
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DigestInit/C_DigestInit_harness.c Normal file
View File

@ -0,0 +1,82 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_DigestInit_harness.c
* @brief Implements the proof harness for C_DigestInit function.
*/
#include "mbedtls/pk.h"
#include "mbedtls/sha256.h"
#include "mbedtls/cmac.h"
#include "core_pkcs11_config.h"
#include "core_pkcs11.h"
/* Internal struct for corePKCS11 mbed TLS implementation, but we don't really care what it contains
* in this proof.
*
* It is just copied over from "core_pkcs11_mbedtls.c" so the structure is correct.
*/
typedef struct P11Session
{
CK_ULONG ulState;
CK_BBOOL xOpened;
CK_MECHANISM_TYPE xOperationDigestMechanism;
CK_BYTE * pxFindObjectLabel;
CK_ULONG xFindObjectLabelLen;
CK_MECHANISM_TYPE xOperationVerifyMechanism;
mbedtls_threading_mutex_t xVerifyMutex;
CK_OBJECT_HANDLE xVerifyKeyHandle;
mbedtls_pk_context xVerifyKey;
CK_MECHANISM_TYPE xOperationSignMechanism;
mbedtls_threading_mutex_t xSignMutex;
CK_OBJECT_HANDLE xSignKeyHandle;
mbedtls_pk_context xSignKey;
mbedtls_sha256_context xSHA256Context;
CK_OBJECT_HANDLE xHMACKeyHandle;
mbedtls_md_context_t xHMACSecretContext;
CK_OBJECT_HANDLE xCMACKeyHandle;
mbedtls_cipher_context_t xCMACSecretContext;
} P11Session_t;
CK_RV __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCheckValidSessionAndModule( const P11Session_t * pxSession )
{
__CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
return CKR_OK;
}
CK_BBOOL __CPROVER_file_local_core_pkcs11_mbedtls_c_prvOperationActive( const P11Session_t * pxSession )
{
__CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
return nondet_bool() ? CK_TRUE : CK_FALSE;
}
void harness()
{
CK_SESSION_HANDLE hSession;
CK_MECHANISM * pxMech = malloc( sizeof( CK_MECHANISM ) );
__CPROVER_assume( ( hSession > CK_INVALID_HANDLE ) && ( hSession <= pkcs11configMAX_SESSIONS ) );
( void ) C_DigestInit( hSession, pxMech );
}

22
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DigestInit/Makefile Normal file
View File

@ -0,0 +1,22 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_DigestInit_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_DigestInit
DEFINES +=
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
REMOVE_FUNCTION_BODY +=
UNWINDSET +=
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DigestInit/README.md Normal file
View File

@ -0,0 +1,20 @@
C_DigestInit proof
==============
This directory contains a memory safety proof for C_DigestInit.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DigestInit/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

7
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DigestInit/cbmc-viewer.json Normal file
View File

@ -0,0 +1,7 @@
{ "expected-missing-functions":
[
],
"proof-name": "C_DigestInit",
"proof-root": "test/cbmc/proofs"
}

90
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DigestUpdate/C_DigestUpdate_harness.c Normal file
View File

@ -0,0 +1,90 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_DigestUpdate_harness.c
* @brief Implements the proof harness for C_DigestUpdate function.
*/
#include "mbedtls/sha256.h"
#include "mbedtls/pk.h"
#include "mbedtls/cmac.h"
#include "core_pkcs11_config.h"
#include "core_pkcs11.h"
/* Internal struct for corePKCS11 mbed TLS implementation, but we don't really care what it contains
* in this proof.
*
* It is just copied over from "core_pkcs11_mbedtls.c" so the structure is correct.
*/
typedef struct P11Session
{
CK_ULONG ulState;
CK_BBOOL xOpened;
CK_MECHANISM_TYPE xOperationDigestMechanism;
CK_BYTE * pxFindObjectLabel;
CK_ULONG xFindObjectLabelLen;
CK_MECHANISM_TYPE xOperationVerifyMechanism;
mbedtls_threading_mutex_t xVerifyMutex;
CK_OBJECT_HANDLE xVerifyKeyHandle;
mbedtls_pk_context xVerifyKey;
CK_MECHANISM_TYPE xOperationSignMechanism;
mbedtls_threading_mutex_t xSignMutex;
CK_OBJECT_HANDLE xSignKeyHandle;
mbedtls_pk_context xSignKey;
mbedtls_sha256_context xSHA256Context;
CK_OBJECT_HANDLE xHMACKeyHandle;
mbedtls_md_context_t xHMACSecretContext;
CK_OBJECT_HANDLE xCMACKeyHandle;
mbedtls_cipher_context_t xCMACSecretContext;
} P11Session_t;
CK_RV __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCheckValidSessionAndModule( P11Session_t * pxSession )
{
CK_RV xResult;
CK_MECHANISM_TYPE xMechanism;
__CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
pxSession->xOperationDigestMechanism = xMechanism;
return xResult;
}
CK_BBOOL __CPROVER_file_local_core_pkcs11_mbedtls_c_prvOperationActive( const P11Session_t * pxSession )
{
CK_BBOOL xBool;
__CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
return xBool;
}
void harness()
{
CK_SESSION_HANDLE hSession;
CK_ULONG ulPartlen;
CK_BYTE_PTR pPart = malloc( ulPartlen );
__CPROVER_assume( hSession > CK_INVALID_HANDLE && hSession <= pkcs11configMAX_SESSIONS );
( void ) C_DigestUpdate( hSession, pPart, ulPartlen );
}

22
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DigestUpdate/Makefile Normal file
View File

@ -0,0 +1,22 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_DigestUpdate_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_DigestUpdate
DEFINES +=
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
REMOVE_FUNCTION_BODY +=
UNWINDSET +=
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DigestUpdate/README.md Normal file
View File

@ -0,0 +1,20 @@
C_DigestUpdate proof
==============
This directory contains a memory safety proof for C_DigestUpdate.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DigestUpdate/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

7
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_DigestUpdate/cbmc-viewer.json Normal file
View File

@ -0,0 +1,7 @@
{ "expected-missing-functions":
[
],
"proof-name": "C_DigestUpdate",
"proof-root": "test/cbmc/proofs"
}

41
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_Finalize/C_Finalize_harness.c Normal file
View File

@ -0,0 +1,41 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_Finalize_harness.c
* @brief Implements the proof harness for C_Finalize function.
*/
#include <stddef.h>
#include "core_pkcs11.h"
void harness()
{
CK_RV xResult = C_Initialize( NULL );
if( xResult == CKR_OK )
{
( void ) C_Finalize( NULL );
}
}

23
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_Finalize/Makefile Normal file
View File

@ -0,0 +1,23 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_Finalize_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_Finalize
DEFINES +=
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
REMOVE_FUNCTION_BODY +=
UNWINDSET +=
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_Finalize/README.md Normal file
View File

@ -0,0 +1,20 @@
C_Finalize proof
==============
This directory contains a memory safety proof for C_Finalize.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_Finalize/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

7
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_Finalize/cbmc-viewer.json Normal file
View File

@ -0,0 +1,7 @@
{ "expected-missing-functions":
[
],
"proof-name": "C_Finalize",
"proof-root": "test/cbmc/proofs"
}

106
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_FindObjects/C_FindObjects_harness.c Normal file
View File

@ -0,0 +1,106 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_FindObjects_harness.c
* @brief Implements the proof harness for C_FindObjects function.
*/
#include <stddef.h>
#include <stdlib.h>
#include <string.h>
#include "mbedtls/ecp.h"
#include "mbedtls/cmac.h"
#include "mbedtls/oid.h"
#include "mbedtls/sha256.h"
#include "mbedtls/pk.h"
#include "core_pkcs11_config.h"
#include "core_pkcs11.h"
/* Internal struct for corePKCS11 mbed TLS implementation, but we don't really care what it contains
* in this proof.
*
* It is just copied over from "core_pkcs11_mbedtls.c" so the structure is correct.
*/
typedef struct P11Session
{
CK_ULONG ulState;
CK_BBOOL xOpened;
CK_MECHANISM_TYPE xOperationDigestMechanism;
CK_BYTE * pxFindObjectLabel;
CK_ULONG xFindObjectLabelLen;
CK_MECHANISM_TYPE xOperationVerifyMechanism;
mbedtls_threading_mutex_t xVerifyMutex;
CK_OBJECT_HANDLE xVerifyKeyHandle;
mbedtls_pk_context xVerifyKey;
CK_MECHANISM_TYPE xOperationSignMechanism;
mbedtls_threading_mutex_t xSignMutex;
CK_OBJECT_HANDLE xSignKeyHandle;
mbedtls_pk_context xSignKey;
mbedtls_sha256_context xSHA256Context;
CK_OBJECT_HANDLE xHMACKeyHandle;
mbedtls_md_context_t xHMACSecretContext;
CK_OBJECT_HANDLE xCMACKeyHandle;
mbedtls_cipher_context_t xCMACSecretContext;
} P11Session_t;
CK_RV __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCheckValidSessionAndModule( P11Session_t * pxSession )
{
pxSession->pxFindObjectLabel = malloc( sizeof( pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS ) );
__CPROVER_assume( pxSession->pxFindObjectLabel != NULL );
memcpy( pxSession->pxFindObjectLabel, pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS, sizeof( pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS ) );
pxSession->xFindObjectLabelLen = sizeof( pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS );
return CKR_OK;
}
CK_BBOOL __CPROVER_file_local_core_pkcs11_mbedtls_c_prvOperationActive( const P11Session_t * pxSession )
{
__CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
return CK_FALSE;
}
void harness()
{
CK_RV xResult;
CK_SESSION_HANDLE xSession;
CK_OBJECT_HANDLE hObject;
CK_ULONG ulMaxObjectCount;
CK_ULONG ulObjectCount;
__CPROVER_assume( xSession >= 1 && xSession <= pkcs11configMAX_SESSIONS );
/* This port assumes seraching for max 1 object a time. */
__CPROVER_assume( ulMaxObjectCount == 1 );
/* We initialize here so the module can have valid mutexes. */
xResult = C_Initialize( NULL );
__CPROVER_assume( xResult == CKR_OK );
xResult = C_FindObjects( xSession, &hObject, ulMaxObjectCount, &ulObjectCount );
if( xResult == CKR_OK )
{
__CPROVER_assert( ( ( ulObjectCount == 1 ) || ( ulObjectCount == 0 ) ), "This port supports only finding one object." );
}
}

28
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_FindObjects/Makefile Normal file
View File

@ -0,0 +1,28 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_FindObjects_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_FindObjects
DEFINES +=
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
REMOVE_FUNCTION_BODY += C_Finalize
REMOVE_FUNCTION_BODY += C_GetFunctionList
# This should be similar to the dummy data length in "core_pkcs11_pal_stubs.c" PKCS11_PAL_GetObjectValue
UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvFindObjectInListByLabel.0:13
# This should align with the max object count configured in core_pkcs11_config.h
UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvAddObjectToList.0:2
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_FindObjects/README.md Normal file
View File

@ -0,0 +1,20 @@
C_FindObjects proof
==============
This directory contains a memory safety proof for C_FindObjects.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_FindObjects/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

7
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_FindObjects/cbmc-viewer.json Normal file
View File

@ -0,0 +1,7 @@
{ "expected-missing-functions":
[
],
"proof-name": "C_FindObjects",
"proof-root": "test/cbmc/proofs"
}

94
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_FindObjectsFinal/C_FindObjectsFinal_harness.c Normal file
View File

@ -0,0 +1,94 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_FindObjectsFinal_harness.c
* @brief Implements the proof harness for C_FindObjectsFinal function.
*/
#include <stddef.h>
#include <stdlib.h>
#include <string.h>
#include "mbedtls/ecp.h"
#include "mbedtls/cmac.h"
#include "mbedtls/oid.h"
#include "mbedtls/sha256.h"
#include "mbedtls/pk.h"
#include "core_pkcs11_config.h"
#include "core_pkcs11.h"
/* Internal struct for corePKCS11 mbed TLS implementation, but we don't really care what it contains
* in this proof.
*
* It is just copied over from "core_pkcs11_mbedtls.c" so the structure is correct.
*/
typedef struct P11Session
{
CK_ULONG ulState;
CK_BBOOL xOpened;
CK_MECHANISM_TYPE xOperationDigestMechanism;
CK_BYTE * pxFindObjectLabel;
CK_ULONG xFindObjectLabelLen;
CK_MECHANISM_TYPE xOperationVerifyMechanism;
mbedtls_threading_mutex_t xVerifyMutex;
CK_OBJECT_HANDLE xVerifyKeyHandle;
mbedtls_pk_context xVerifyKey;
CK_MECHANISM_TYPE xOperationSignMechanism;
mbedtls_threading_mutex_t xSignMutex;
CK_OBJECT_HANDLE xSignKeyHandle;
mbedtls_pk_context xSignKey;
mbedtls_sha256_context xSHA256Context;
CK_OBJECT_HANDLE xHMACKeyHandle;
mbedtls_md_context_t xHMACSecretContext;
CK_OBJECT_HANDLE xCMACKeyHandle;
mbedtls_cipher_context_t xCMACSecretContext;
} P11Session_t;
CK_RV __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCheckValidSessionAndModule( P11Session_t * pxSession )
{
if( nondet_bool() )
{
pxSession->pxFindObjectLabel = malloc( sizeof( pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS ) );
pxSession->xFindObjectLabelLen = sizeof( pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS );
__CPROVER_assume( pxSession->pxFindObjectLabel != NULL );
memcpy( pxSession->pxFindObjectLabel, pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS, sizeof( pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS ) );
}
return CKR_OK;
}
CK_BBOOL __CPROVER_file_local_core_pkcs11_mbedtls_c_prvOperationActive( const P11Session_t * pxSession )
{
__CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
return CK_FALSE;
}
void harness()
{
CK_SESSION_HANDLE xSession;
__CPROVER_assume( xSession >= 1 && xSession <= pkcs11configMAX_SESSIONS );
( void ) C_FindObjectsFinal( xSession );
}

21
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_FindObjectsFinal/Makefile Normal file
View File

@ -0,0 +1,21 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_FindObjectsFinal_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_FindObjectsFinal
DEFINES +=
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
REMOVE_FUNCTION_BODY +=
UNWINDSET +=
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_FindObjectsFinal/README.md Normal file
View File

@ -0,0 +1,20 @@
C_FindObjectsFinal proof
==============
This directory contains a memory safety proof for C_FindObjectsFinal.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_FindObjectsFinal/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

7
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_FindObjectsFinal/cbmc-viewer.json Normal file
View File

@ -0,0 +1,7 @@
{ "expected-missing-functions":
[
],
"proof-name": "C_FindObjectsFinal",
"proof-root": "test/cbmc/proofs"
}

97
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_FindObjectsInit/C_FindObjectsInit_harness.c Normal file
View File

@ -0,0 +1,97 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_FindObjectsInit_harness.c
* @brief Implements the proof harness for C_FindObjectsInit function.
*/
#include <stddef.h>
#include <stdlib.h>
#include "mbedtls/ecp.h"
#include "mbedtls/cmac.h"
#include "mbedtls/oid.h"
#include "mbedtls/sha256.h"
#include "mbedtls/pk.h"
#include "core_pkcs11_config.h"
#include "core_pkcs11.h"
/* Internal struct for corePKCS11 mbed TLS implementation, but we don't really care what it contains
* in this proof.
*
* It is just copied over from "core_pkcs11_mbedtls.c" so the structure is correct.
*/
typedef struct P11Session
{
CK_ULONG ulState;
CK_BBOOL xOpened;
CK_MECHANISM_TYPE xOperationDigestMechanism;
CK_BYTE * pxFindObjectLabel;
CK_ULONG xFindObjectLabelLen;
CK_MECHANISM_TYPE xOperationVerifyMechanism;
mbedtls_threading_mutex_t xVerifyMutex;
CK_OBJECT_HANDLE xVerifyKeyHandle;
mbedtls_pk_context xVerifyKey;
CK_MECHANISM_TYPE xOperationSignMechanism;
mbedtls_threading_mutex_t xSignMutex;
CK_OBJECT_HANDLE xSignKeyHandle;
mbedtls_pk_context xSignKey;
mbedtls_sha256_context xSHA256Context;
CK_OBJECT_HANDLE xHMACKeyHandle;
mbedtls_md_context_t xHMACSecretContext;
CK_OBJECT_HANDLE xCMACKeyHandle;
mbedtls_cipher_context_t xCMACSecretContext;
} P11Session_t;
CK_RV __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCheckValidSessionAndModule( const P11Session_t * pxSession )
{
return CKR_OK;
}
CK_BBOOL __CPROVER_file_local_core_pkcs11_mbedtls_c_prvOperationActive( const P11Session_t * pxSession )
{
__CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
return CK_FALSE;
}
void harness()
{
CK_SESSION_HANDLE xSession;
CK_ATTRIBUTE_PTR pxTemplate;
CK_ULONG ulDataLen;
__CPROVER_assume( ulDataLen > 0 && ulDataLen < TEMPLATE_SIZE );
pxTemplate = malloc( sizeof( CK_ATTRIBUTE ) * ulDataLen );
__CPROVER_assume( pxTemplate != NULL );
for( int i = 0; i < ulDataLen; i++ )
{
__CPROVER_assume( pxTemplate[ i ].ulValueLen <= 300 );
pxTemplate[ i ].pValue = malloc( pxTemplate[ i ].ulValueLen );
__CPROVER_assume( pxTemplate[ i ].pValue != NULL );
}
__CPROVER_assume( xSession >= 1 && xSession <= pkcs11configMAX_SESSIONS );
C_FindObjectsInit( xSession, pxTemplate, ulDataLen );
}

25
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_FindObjectsInit/Makefile Normal file
View File

@ -0,0 +1,25 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_FindObjectsInit_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_FindObjectsInit
TEMPLATE_SIZE=10
DEFINES += -DTEMPLATE_SIZE=$(TEMPLATE_SIZE)
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
REMOVE_FUNCTION_BODY +=
UNWINDSET += C_FindObjectsInit.0:$(TEMPLATE_SIZE)
UNWINDSET += harness.0:$(TEMPLATE_SIZE)
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_FindObjectsInit/README.md Normal file
View File

@ -0,0 +1,20 @@
C_FindObjectsInit proof
==============
This directory contains a memory safety proof for C_FindObjectsInit.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_FindObjectsInit/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

7
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_FindObjectsInit/cbmc-viewer.json Normal file
View File

@ -0,0 +1,7 @@
{ "expected-missing-functions":
[
],
"proof-name": "C_FindObjectsInit",
"proof-root": "test/cbmc/proofs"
}

109
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GenerateKeyPair/C_GenerateKeyPair_harness.c Normal file
View File

@ -0,0 +1,109 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_GenerateKeyPair_harness.c
* @brief Implements the proof harness for C_GenerateKeyPair function.
*/
#include <stddef.h>
#include "mbedtls/sha256.h"
#include "mbedtls/cmac.h"
#include "mbedtls/pk.h"
#include "core_pkcs11_config.h"
#include "core_pkcs11.h"
/* Internal struct for corePKCS11 mbed TLS implementation, but we don't really care what it contains
* in this proof.
*
* It is just copied over from "core_pkcs11_mbedtls.c" so the structure is correct.
*/
typedef struct P11Session
{
CK_ULONG ulState;
CK_BBOOL xOpened;
CK_MECHANISM_TYPE xOperationDigestMechanism;
CK_BYTE * pxFindObjectLabel;
CK_ULONG xFindObjectLabelLen;
CK_MECHANISM_TYPE xOperationVerifyMechanism;
mbedtls_threading_mutex_t xVerifyMutex;
CK_OBJECT_HANDLE xVerifyKeyHandle;
mbedtls_pk_context xVerifyKey;
CK_MECHANISM_TYPE xOperationSignMechanism;
mbedtls_threading_mutex_t xSignMutex;
CK_OBJECT_HANDLE xSignKeyHandle;
mbedtls_pk_context xSignKey;
mbedtls_sha256_context xSHA256Context;
CK_OBJECT_HANDLE xHMACKeyHandle;
mbedtls_md_context_t xHMACSecretContext;
CK_OBJECT_HANDLE xCMACKeyHandle;
mbedtls_cipher_context_t xCMACSecretContext;
} P11Session_t;
CK_RV __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCheckValidSessionAndModule( const P11Session_t * pxSession )
{
return CKR_OK;
}
void harness()
{
CK_SESSION_HANDLE xSession;
CK_ATTRIBUTE_PTR pxPublicKey;
CK_ATTRIBUTE_PTR pxPrivateKey;
CK_OBJECT_HANDLE * pxPrivKeyHandle = malloc( sizeof( CK_OBJECT_HANDLE ) );
CK_OBJECT_HANDLE * pxPubKeyHandle = malloc( sizeof( CK_OBJECT_HANDLE ) );
CK_MECHANISM * pxMechanism = malloc( sizeof( CK_MECHANISM ) );
CK_ULONG ulPubKeyAttrLen;
CK_ULONG ulPrivKeyAttrLen;
__CPROVER_assume( ulPrivKeyAttrLen > 0 && ulPubKeyAttrLen < TEMPLATE_SIZE );
pxPublicKey = malloc( sizeof( CK_ATTRIBUTE ) * ulPubKeyAttrLen );
__CPROVER_assume( pxPublicKey != NULL );
__CPROVER_assume( ulPrivKeyAttrLen > 0 && ulPrivKeyAttrLen < TEMPLATE_SIZE );
pxPrivateKey = malloc( sizeof( CK_ATTRIBUTE ) * ulPrivKeyAttrLen );
__CPROVER_assume( pxPrivateKey != NULL );
for( int i = 0; i < ulPubKeyAttrLen; i++ )
{
pxPublicKey[ i ].pValue = malloc( pxPublicKey[ i ].ulValueLen );
__CPROVER_assume( pxPublicKey[ i ].pValue != NULL );
}
for( int i = 0; i < ulPrivKeyAttrLen; i++ )
{
pxPrivateKey[ i ].pValue = malloc( pxPrivateKey[ i ].ulValueLen );
__CPROVER_assume( pxPrivateKey[ i ].pValue != NULL );
}
__CPROVER_assume( xSession > CK_INVALID_HANDLE && xSession <= pkcs11configMAX_SESSIONS );
( void ) C_GenerateKeyPair( xSession,
pxMechanism,
pxPublicKey,
ulPubKeyAttrLen,
pxPrivateKey,
ulPrivKeyAttrLen,
pxPubKeyHandle,
pxPrivKeyHandle );
}

46
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GenerateKeyPair/Makefile Normal file
View File

@ -0,0 +1,46 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_GenerateKeyPair_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_GenerateKeyPair
TEMPLATE_SIZE=10
DEFINES += -DTEMPLATE_SIZE=$(TEMPLATE_SIZE)
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
REMOVE_FUNCTION_BODY += C_Initialize
REMOVE_FUNCTION_BODY += C_Finalize
REMOVE_FUNCTION_BODY += C_GetFunctionList
REMOVE_FUNCTION_BODY += PKCS11_PAL_DestroyObject
REMOVE_FUNCTION_BODY += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvMbedTLS_Initialize
REMOVE_FUNCTION_BODY += PKCS11_PAL_Initialize
REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_init
REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_seed
REMOVE_FUNCTION_BODY += mbedtls_entropy_init
UNWINDSET += harness.0:10
UNWINDSET += harness.1:10
UNWINDSET += memcmp.0:32
UNWINDSET += memcpy.0:32
# The nested memcmp in this loop will exponentially increase the CBMC bounds checking.
# Be very careful increasing this. At the time of writing this, the PKCS stack was
# configured to store just one object.
UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvAddObjectToList.0:2
UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvDeleteObjectFromList.0:2
UNWINDSET += C_GenerateKeyPair.0:$(TEMPLATE_SIZE)
UNWINDSET += C_GenerateKeyPair.1:$(TEMPLATE_SIZE)
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GenerateKeyPair/README.md Normal file
View File

@ -0,0 +1,20 @@
C_GenerateKeyPair proof
==============
This directory contains a memory safety proof for C_GenerateKeyPair.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GenerateKeyPair/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

7
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GenerateKeyPair/cbmc-viewer.json Normal file
View File

@ -0,0 +1,7 @@
{ "expected-missing-functions":
[
],
"proof-name": "C_GenerateKeyPair",
"proof-root": "test/cbmc/proofs"
}

79
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GenerateRandom/C_GenerateRandom_harness.c Normal file
View File

@ -0,0 +1,79 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_GenerateRandom_harness.c
* @brief Implements the proof harness for C_GenerateRandom function.
*/
#include <stddef.h>
#include <stdlib.h>
#include "mbedtls/sha256.h"
#include "mbedtls/cmac.h"
#include "mbedtls/pk.h"
#include "core_pkcs11.h"
/* Internal struct for corePKCS11 mbed TLS implementation, but we don't really care what it contains
* in this proof.
*
* It is just copied over from "core_pkcs11_mbedtls.c" so the structure is correct.
*/
typedef struct P11Session
{
CK_ULONG ulState;
CK_BBOOL xOpened;
CK_MECHANISM_TYPE xOperationDigestMechanism;
CK_BYTE * pxFindObjectLabel;
CK_ULONG xFindObjectLabelLen;
CK_MECHANISM_TYPE xOperationVerifyMechanism;
mbedtls_threading_mutex_t xVerifyMutex;
CK_OBJECT_HANDLE xVerifyKeyHandle;
mbedtls_pk_context xVerifyKey;
CK_MECHANISM_TYPE xOperationSignMechanism;
mbedtls_threading_mutex_t xSignMutex;
CK_OBJECT_HANDLE xSignKeyHandle;
mbedtls_pk_context xSignKey;
mbedtls_sha256_context xSHA256Context;
CK_OBJECT_HANDLE xHMACKeyHandle;
mbedtls_md_context_t xHMACSecretContext;
CK_OBJECT_HANDLE xCMACKeyHandle;
mbedtls_cipher_context_t xCMACSecretContext;
} P11Session_t;
CK_RV __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCheckValidSessionAndModule( const P11Session_t * pxSession )
{
CK_RV xResult;
return xResult;
}
void harness()
{
CK_BYTE_PTR pucRandData;
CK_ULONG ulRandLen;
CK_SESSION_HANDLE xSession;
pucRandData = malloc( ( sizeof( CK_BYTE ) ) * ulRandLen );
( void ) C_GenerateRandom( xSession, pucRandData, ulRandLen );
}

30
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GenerateRandom/Makefile Normal file
View File

@ -0,0 +1,30 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_GenerateRandom_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_GenerateRandom
DEFINES +=
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
REMOVE_FUNCTION_BODY += C_Initialize
REMOVE_FUNCTION_BODY += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvMbedTLS_Initialize
REMOVE_FUNCTION_BODY += C_Finalize
REMOVE_FUNCTION_BODY += PKCS11_PAL_Initialize
REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_init
REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_seed
REMOVE_FUNCTION_BODY += mbedtls_entropy_init
UNWINDSET +=
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GenerateRandom/README.md Normal file
View File

@ -0,0 +1,20 @@
C_GenerateRandom proof
==============
This directory contains a memory safety proof for C_GenerateRandom.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GenerateRandom/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

7
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GenerateRandom/cbmc-viewer.json Normal file
View File

@ -0,0 +1,7 @@
{ "expected-missing-functions":
[
],
"proof-name": "C_GenerateRandom",
"proof-root": "test/cbmc/proofs"
}

107
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetAttributeValue/C_GetAttributeValue_harness.c Normal file
View File

@ -0,0 +1,107 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_GetAttributeValue_harness.c
* @brief Implements the proof harness for C_GetAttributeValue function.
*/
#include <stddef.h>
#include "mbedtls/sha256.h"
#include "mbedtls/cmac.h"
#include "mbedtls/pk.h"
#include "core_pkcs11_config.h"
#include "core_pkcs11.h"
/* Internal struct for corePKCS11 mbed TLS implementation, but we don't really care what it contains
* in this proof.
*
* It is just copied over from "core_pkcs11_mbedtls.c" so the structure is correct.
*/
typedef struct P11Session
{
CK_ULONG ulState;
CK_BBOOL xOpened;
CK_MECHANISM_TYPE xOperationDigestMechanism;
CK_BYTE * pxFindObjectLabel;
CK_ULONG xFindObjectLabelLen;
CK_MECHANISM_TYPE xOperationVerifyMechanism;
mbedtls_threading_mutex_t xVerifyMutex;
CK_OBJECT_HANDLE xVerifyKeyHandle;
mbedtls_pk_context xVerifyKey;
CK_MECHANISM_TYPE xOperationSignMechanism;
mbedtls_threading_mutex_t xSignMutex;
CK_OBJECT_HANDLE xSignKeyHandle;
mbedtls_pk_context xSignKey;
mbedtls_sha256_context xSHA256Context;
CK_OBJECT_HANDLE xHMACKeyHandle;
mbedtls_md_context_t xHMACSecretContext;
CK_OBJECT_HANDLE xCMACKeyHandle;
mbedtls_cipher_context_t xCMACSecretContext;
} P11Session_t;
CK_RV __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCheckValidSessionAndModule( const P11Session_t * pxSession )
{
CK_RV xResult;
__CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
return xResult;
}
void __CPROVER_file_local_core_pkcs11_mbedtls_c_prvFindObjectInListByHandle( CK_OBJECT_HANDLE xAppHandle,
CK_OBJECT_HANDLE_PTR pxPalHandle,
CK_BYTE_PTR * ppcLabel,
CK_ULONG_PTR pxLabelLength )
{
CK_OBJECT_HANDLE handle;
__CPROVER_assert( pxPalHandle != NULL, "ppcLabel was NULL." );
__CPROVER_assert( ppcLabel != NULL, "ppcLabel was NULL." );
__CPROVER_assert( pxLabelLength != NULL, "ppcLabel was NULL." );
__CPROVER_assume( handle < MAX_OBJECT_NUM );
*pxPalHandle = handle;
}
void harness()
{
CK_SESSION_HANDLE hSession;
CK_OBJECT_HANDLE xObject;
CK_ULONG ulCount;
CK_RV xResult;
__CPROVER_assume( ulCount <= TEMPLATE_SIZE && ulCount > 0 );
CK_ATTRIBUTE_PTR pTemplate = malloc( sizeof( CK_ATTRIBUTE ) * ulCount );
if( pTemplate != NULL )
{
for( int i = 0; i < ulCount; i++ )
{
pTemplate[ i ].pValue = malloc( pTemplate[ i ].ulValueLen );
}
}
__CPROVER_assume( hSession > CK_INVALID_HANDLE && hSession <= pkcs11configMAX_SESSIONS );
( void ) C_GetAttributeValue( hSession, xObject, pTemplate, ulCount );
}

41
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetAttributeValue/Makefile Normal file
View File

@ -0,0 +1,41 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_GetAttributeValue_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_GetAttributeValue
# Size of attribute template.
TEMPLATE_SIZE=9
# Needs to be one bigger than TEMPLATE_SIZE
UNWIND_SIZE=10
# Defined in `core_pkcs11_config.h`
# Should be one more than the total number of objects in the PKCS stack.
MAX_OBJECT_NUM=2
DEFINES += -DTEMPLATE_SIZE=$(TEMPLATE_SIZE)
DEFINES += -DMAX_OBJECT_NUM=$(MAX_OBJECT_NUM)
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
REMOVE_FUNCTION_BODY +=
# In the harness we are going to assume 8 as there are only 7 cases we care about in the loop, plus 1 for the
# default in the switch statement. We will unroll 1 extra time for good measure.
# The number is arbitrary, but we bound the loop so it doesn't check forever.
# NOTE: If this proof is slow we can reduce this unwind.
UNWINDSET += C_GetAttributeValue.0:$(UNWIND_SIZE)
UNWINDSET += harness.0:$(UNWIND_SIZE)
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetAttributeValue/README.md Normal file
View File

@ -0,0 +1,20 @@
C_GetAttributeValue proof
==============
This directory contains a memory safety proof for C_GetAttributeValue.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetAttributeValue/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

7
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetAttributeValue/cbmc-viewer.json Normal file
View File

@ -0,0 +1,7 @@
{ "expected-missing-functions":
[
],
"proof-name": "C_GetAttributeValue",
"proof-root": "../test/cbmc/proofs"
}

38
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetFunctionList/C_GetFunctionList_harness.c Normal file
View File

@ -0,0 +1,38 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_GetFunctionList_harness.c
* @brief Implements the proof harness for C_GetFunctionList function.
*/
#include <stddef.h>
#include "core_pkcs11.h"
void harness()
{
CK_FUNCTION_LIST_PTR pxFunctionList = malloc( sizeof( CK_FUNCTION_LIST ) );
( void ) C_GetFunctionList( pxFunctionList );
}

21
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetFunctionList/Makefile Normal file
View File

@ -0,0 +1,21 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_GetFunctionList_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_GetFunctionList
DEFINES +=
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
REMOVE_FUNCTION_BODY +=
UNWINDSET +=
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetFunctionList/README.md Normal file
View File

@ -0,0 +1,20 @@
C_GetFunctionList proof
==============
This directory contains a memory safety proof for C_GetFunctionList.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetFunctionList/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

7
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetFunctionList/cbmc-viewer.json Normal file
View File

@ -0,0 +1,7 @@
{ "expected-missing-functions":
[
],
"proof-name": "C_GetFunctionList",
"proof-root": "test/cbmc/proofs"
}

40
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetMechanismInfo/C_GetMechanismInfo_harness.c Normal file
View File

@ -0,0 +1,40 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_GetMechanismInfo_harness.c
* @brief Implements the proof harness for C_GetMechanismInfo function.
*/
#include <stddef.h>
#include "core_pkcs11.h"
void harness()
{
CK_SLOT_ID xSlotId;
CK_MECHANISM_TYPE xMech;
CK_MECHANISM_INFO * pxMechInfo = malloc( sizeof( CK_MECHANISM_INFO ) );
( void ) C_GetMechanismInfo( xSlotId, xMech, pxMechInfo );
}

26
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetMechanismInfo/Makefile Normal file
View File

@ -0,0 +1,26 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_GetMechanismInfo_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_GetMechanismInfo
DEFINES +=
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
REMOVE_FUNCTION_BODY +=
# Add the time of writing this proof, 5 mechanisms are supported.
# One extra unwind to prove memory safety.
UNWINDSET += C_GetMechanismInfo.0:6
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetMechanismInfo/README.md Normal file
View File

@ -0,0 +1,20 @@
C_GetMechanismInfo proof
==============
This directory contains a memory safety proof for C_GetMechanismInfo.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetMechanismInfo/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

7
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetMechanismInfo/cbmc-viewer.json Normal file
View File

@ -0,0 +1,7 @@
{ "expected-missing-functions":
[
],
"proof-name": "C_GetMechanismInfo",
"proof-root": "test/cbmc/proofs"
}

55
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetSlotList/C_GetSlotList_harness.c Normal file
View File

@ -0,0 +1,55 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_GetSlotList_harness.c
* @brief Implements the proof harness for C_GetSlotList function.
*/
#include <stddef.h>
#include "core_pkcs11.h"
void harness()
{
CK_BBOOL xToken;
CK_ULONG * pulSlotSize = malloc( sizeof( CK_ULONG ) );
CK_SLOT_ID_PTR pxSlot;
CK_RV xResult;
if( pulSlotSize != NULL )
{
/* Multiplication overflow protection for the harness. */
__CPROVER_assume( sizeof( CK_SLOT_ID ) == *pulSlotSize / sizeof( CK_SLOT_ID ) );
pxSlot = malloc( sizeof( CK_SLOT_ID ) * *pulSlotSize );
}
/* Check case for uninitialized stack. */
( void ) C_GetSlotList( xToken, pxSlot, pulSlotSize );
/* Respect the API contract. PKCS #11 MUST be initialized before getting a slot. */
xResult = C_Initialize( NULL );
__CPROVER_assume( xResult == CKR_OK );
( void ) C_GetSlotList( xToken, pxSlot, pulSlotSize );
}

28
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetSlotList/Makefile Normal file
View File

@ -0,0 +1,28 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_GetSlotList_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_GetSlotList
DEFINES +=
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
# This proof doesn't care about these stubs
REMOVE_FUNCTION_BODY += C_Finalize
REMOVE_FUNCTION_BODY += C_GetFunctionList
REMOVE_FUNCTION_BODY += threading_mutex_free
REMOVE_FUNCTION_BODY += threading_mutex_lock
REMOVE_FUNCTION_BODY += threading_mutex_unlock
UNWINDSET +=
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetSlotList/README.md Normal file
View File

@ -0,0 +1,20 @@
C_GetSlotList proof
==============
This directory contains a memory safety proof for C_GetSlotList.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetSlotList/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

7
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_GetSlotList/cbmc-viewer.json Normal file
View File

@ -0,0 +1,7 @@
{ "expected-missing-functions":
[
],
"proof-name": "C_GetSlotList",
"proof-root": "test/cbmc/proofs"
}

36
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_Initialize/C_Initialize_harness.c Normal file
View File

@ -0,0 +1,36 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_Initialize_harness.c
* @brief Implements the proof harness for C_Initialize function.
*/
#include <stddef.h>
#include "core_pkcs11.h"
void harness()
{
( void ) C_Initialize( NULL );
}

29
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_Initialize/Makefile Normal file
View File

@ -0,0 +1,29 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_Initialize_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_Initialize
DEFINES +=
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
REMOVE_FUNCTION_BODY += C_Finalize
REMOVE_FUNCTION_BODY += C_GetFunctionList
REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_free
REMOVE_FUNCTION_BODY += mbedtls_entropy_free
REMOVE_FUNCTION_BODY += mbedtls_mutex_free
REMOVE_FUNCTION_BODY += mbedtls_mutex_lock
REMOVE_FUNCTION_BODY += mbedtls_mutex_unlock
UNWINDSET +=
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_Initialize/README.md Normal file
View File

@ -0,0 +1,20 @@
C_Initialize proof
==============
This directory contains a memory safety proof for C_Initialize.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_Initialize/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

7
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_Initialize/cbmc-viewer.json Normal file
View File

@ -0,0 +1,7 @@
{ "expected-missing-functions":
[
],
"proof-name": "C_Initialize",
"proof-root": "test/cbmc/proofs"
}

48
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_OpenSession/C_OpenSession_harness.c Normal file
View File

@ -0,0 +1,48 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_OpenSession_harness.c
* @brief Implements the proof harness for C_OpenSession function.
*/
#include <stddef.h>
#include "core_pkcs11.h"
void harness()
{
CK_RV xResult;
CK_FLAGS xFlags;
CK_SESSION_HANDLE * pxSession = malloc( sizeof( CK_SESSION_HANDLE ) );
xResult = C_Initialize( NULL );
__CPROVER__assume( xResult == CKR_OK );
xResult = C_OpenSession( 0, xFlags, NULL, 0, pxSession );
if( xResult == CKR_OK )
{
__CPROVER_assert( *pxSession != CK_INVALID_HANDLE, "Handle must be valid if CKR_OK is returned." );
}
}

24
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_OpenSession/Makefile Normal file
View File

@ -0,0 +1,24 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_OpenSession_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_OpenSession
DEFINES +=
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
REMOVE_FUNCTION_BODY += C_Finalize
REMOVE_FUNCTION_BODY += C_GetFunctionList
UNWINDSET +=
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_OpenSession/README.md Normal file
View File

@ -0,0 +1,20 @@
C_OpenSession proof
==============
This directory contains a memory safety proof for C_OpenSession.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_OpenSession/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

7
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_OpenSession/cbmc-viewer.json Normal file
View File

@ -0,0 +1,7 @@
{ "expected-missing-functions":
[
],
"proof-name": "C_OpenSession",
"proof-root": "test/cbmc/proofs"
}

116
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_Sign/C_Sign_harness.c Normal file
View File

@ -0,0 +1,116 @@
/*
* corePKCS11 v3.5.0
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* SPDX-License-Identifier: MIT
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/**
* @file C_Sign_harness.c
* @brief Implements the proof harness for C_Sign function.
*/
#include <stdbool.h>
#include <stddef.h>
#include "mbedtls/sha256.h"
#include "mbedtls/cmac.h"
#include "mbedtls/pk.h"
#include "core_pkcs11_config.h"
#include "core_pkcs11.h"
/* Internal struct for corePKCS11 mbed TLS implementation, but we don't really care what it contains
* in this proof.
*
* It is just copied over from "core_pkcs11_mbedtls.c" so the structure is correct.
*/
typedef struct P11Session
{
CK_ULONG ulState;
CK_BBOOL xOpened;
CK_MECHANISM_TYPE xOperationDigestMechanism;
CK_BYTE * pxFindObjectLabel;
CK_ULONG xFindObjectLabelLen;
CK_MECHANISM_TYPE xOperationVerifyMechanism;
mbedtls_threading_mutex_t xVerifyMutex;
CK_OBJECT_HANDLE xVerifyKeyHandle;
mbedtls_pk_context xVerifyKey;
CK_MECHANISM_TYPE xOperationSignMechanism;
mbedtls_threading_mutex_t xSignMutex;
CK_OBJECT_HANDLE xSignKeyHandle;
mbedtls_pk_context xSignKey;
mbedtls_sha256_context xSHA256Context;
CK_OBJECT_HANDLE xHMACKeyHandle;
mbedtls_md_context_t xHMACSecretContext;
CK_OBJECT_HANDLE xCMACKeyHandle;
mbedtls_cipher_context_t xCMACSecretContext;
} P11Session_t;
CK_RV __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCheckValidSessionAndModule( P11Session_t * pxSession )
{
CK_RV xResult;
CK_MECHANISM_TYPE xOpp;
__CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
pxSession->xOperationSignMechanism = xOpp;
return xResult;
}
CK_BBOOL __CPROVER_file_local_core_pkcs11_mbedtls_c_prvOperationActive( const P11Session_t * pxSession )
{
CK_BBOOL xBool;
__CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
return xBool;
}
void __CPROVER_file_local_core_pkcs11_mbedtls_c_prvFindObjectInListByHandle( CK_OBJECT_HANDLE xAppHandle,
CK_OBJECT_HANDLE_PTR pxPalHandle,
CK_BYTE_PTR * ppcLabel,
CK_ULONG_PTR pxLabelLength )
{
CK_OBJECT_HANDLE handle;
__CPROVER_assert( pxPalHandle != NULL, "ppcLabel was NULL." );
__CPROVER_assert( ppcLabel != NULL, "ppcLabel was NULL." );
__CPROVER_assert( pxLabelLength != NULL, "ppcLabel was NULL." );
__CPROVER_assume( handle < MAX_OBJECT_NUM );
*pxPalHandle = handle;
}
void harness()
{
CK_SESSION_HANDLE xSession;
CK_MECHANISM xMechanism;
CK_ULONG ulDataLen;
CK_ULONG * pulSignatureLen = malloc( sizeof( CK_ULONG ) );
CK_BYTE_PTR pData = malloc( sizeof( CK_BYTE ) * ulDataLen );
CK_BYTE_PTR pSignature;
if( pulSignatureLen != NULL )
{
pSignature = malloc( sizeof( CK_BYTE ) * ( *pulSignatureLen ) );
}
__CPROVER_assume( ( xSession > CK_INVALID_HANDLE ) && ( xSession <= pkcs11configMAX_SESSIONS ) );
( void ) C_Sign( xSession, pData, ulDataLen, pSignature, pulSignatureLen );
}

38
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_Sign/Makefile Normal file
View File

@ -0,0 +1,38 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
HARNESS_ENTRY = harness
HARNESS_FILE = C_Sign_harness
# This should be a unique identifier for this proof, and will appear on the
# Litani dashboard. It can be human-readable and contain spaces if you wish.
PROOF_UID = C_Sign
# Defined in `core_pkcs11_config.h`
# Should be one more than the total number of objects in the PKCS stack.
MAX_OBJECT_NUM=2
DEFINES += -DMAX_OBJECT_NUM=$(MAX_OBJECT_NUM)
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls/include
INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
REMOVE_FUNCTION_BODY += C_Initialize
REMOVE_FUNCTION_BODY += C_OpenSession
REMOVE_FUNCTION_BODY += C_Finalize
REMOVE_FUNCTION_BODY += C_GetFunctionList
REMOVE_FUNCTION_BODY += PKCS11_PAL_Initialize
REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_init
REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_seed
REMOVE_FUNCTION_BODY += mbedtls_entropy_free
REMOVE_FUNCTION_BODY += mbedtls_entropy_init
REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_free
REMOVE_FUNCTION_BODY += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvMbedTLS_Initialize
UNWINDSET +=
PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pki_utils_stubs.c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
include ../Makefile.common

20
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_Sign/README.md Normal file
View File

@ -0,0 +1,20 @@
C_Sign proof
==============
This directory contains a memory safety proof for C_Sign.
To run the proof.
-------------
* Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
to your path.
* Run `make`.
* Open html/index.html in a web browser.
To use [`arpa`](https://github.com/awslabs/aws-proof-build-assistant) to simplify writing Makefiles.
-------------
* Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
* Use Makefile.arpa as the starting point for your proof Makefile by:
1. Modifying Makefile.arpa (if required).
2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).

1
kernel/FreeRTOS-Plus/Source/corePKCS11/test/cbmc/proofs/C_Sign/cbmc-proof.txt Normal file
View File

@ -0,0 +1 @@
# This file marks this directory as containing a CBMC proof.

Some files were not shown because too many files have changed in this diff Show More