├── .cmake-format.yaml
├── .github
├── .cSpellWords.txt
├── CODEOWNERS
├── CONTRIBUTING.md
├── actions
│ └── url_verifier.sh
├── memory_statistics_config.json
├── pull_request_template.md
└── workflows
│ ├── ci.yml
│ ├── doxygen.yml
│ └── release.yml
├── .gitignore
├── .gitmodules
├── CHANGELOG.md
├── CODE_OF_CONDUCT.md
├── LICENSE
├── MISRA.md
├── README.md
├── SECURITY.md
├── cspell.config.yaml
├── docs
├── doxygen
│ ├── config.doxyfile
│ ├── include
│ │ └── size_table.md
│ ├── layout.xml
│ ├── pages.dox
│ └── style.css
├── images
│ ├── pkcs11_digest.png
│ ├── pkcs11_object_generate.png
│ ├── pkcs11_object_import.png
│ ├── pkcs11_rng.png
│ └── pkcs11_sign_verify.png
└── plantuml
│ ├── pkcs11_digest.pu
│ ├── pkcs11_object_generate.pu
│ ├── pkcs11_object_import.pu
│ ├── pkcs11_rng.pu
│ └── pkcs11_sign_verify.pu
├── manifest.yml
├── pkcsFilePaths.cmake
├── source
├── core_pkcs11.c
├── core_pki_utils.c
├── dependency
│ └── 3rdparty
│ │ └── mbedtls_utils
│ │ ├── mbedtls_utils.c
│ │ └── mbedtls_utils.h
├── include
│ ├── core_pkcs11.h
│ ├── core_pkcs11_config_defaults.h
│ ├── core_pkcs11_pal.h
│ └── core_pki_utils.h
└── portable
│ ├── mbedtls
│ └── core_pkcs11_mbedtls.c
│ └── os
│ ├── core_pkcs11_pal_utils.c
│ ├── core_pkcs11_pal_utils.h
│ ├── freertos_winsim
│ └── core_pkcs11_pal.c
│ └── posix
│ └── core_pkcs11_pal.c
├── test
├── CMakeLists.txt
├── cbmc
│ ├── .gitignore
│ ├── include
│ │ ├── README.md
│ │ ├── core_pkcs11_config.h
│ │ ├── mbedtls_config.h
│ │ └── pkcs11_interface_stubs.h
│ ├── proofs
│ │ ├── C_CloseSession
│ │ │ ├── C_CloseSession_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_CreateObject
│ │ │ ├── C_CreateObject_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_DestroyObject
│ │ │ ├── C_DestroyObject_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_DigestFinal
│ │ │ ├── C_DigestFinal_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_DigestInit
│ │ │ ├── C_DigestInit_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_DigestUpdate
│ │ │ ├── C_DigestUpdate_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_Finalize
│ │ │ ├── C_Finalize_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_FindObjects
│ │ │ ├── C_FindObjects_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_FindObjectsFinal
│ │ │ ├── C_FindObjectsFinal_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_FindObjectsInit
│ │ │ ├── C_FindObjectsInit_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_GenerateKeyPair
│ │ │ ├── C_GenerateKeyPair_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_GenerateRandom
│ │ │ ├── C_GenerateRandom_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_GetAttributeValue
│ │ │ ├── C_GetAttributeValue_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_GetFunctionList
│ │ │ ├── C_GetFunctionList_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_GetMechanismInfo
│ │ │ ├── C_GetMechanismInfo_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_GetSlotList
│ │ │ ├── C_GetSlotList_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_Initialize
│ │ │ ├── C_Initialize_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_OpenSession
│ │ │ ├── C_OpenSession_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_Sign
│ │ │ ├── C_Sign_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_SignInit
│ │ │ ├── C_SignInit_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_Verify
│ │ │ ├── C_Verify_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── C_VerifyInit
│ │ │ ├── C_VerifyInit_harness.c
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── Makefile-project-defines
│ │ ├── Makefile-project-targets
│ │ ├── Makefile-project-testing
│ │ ├── Makefile-template-defines
│ │ ├── Makefile.common
│ │ ├── PKI_mbedTLSSignatureToPkcs11Signature
│ │ │ ├── Makefile
│ │ │ ├── PKI_mbedTLSSignatureToPkcs11Signature_harness.c
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── PKI_pkcs11SignatureTombedTLSSignature
│ │ │ ├── Makefile
│ │ │ ├── PKI_pkcs11SignatureTombedTLSSignature_harness.c
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ └── cbmc-viewer.json
│ │ ├── README.md
│ │ ├── lib
│ │ │ ├── __init__.py
│ │ │ ├── print_tool_versions.py
│ │ │ └── summarize.py
│ │ ├── run-cbmc-proofs.py
│ │ ├── vAppendSHA256AlgorithmIdentifierSequence
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ ├── cbmc-viewer.json
│ │ │ └── vAppendSHA256AlgorithmIdentifierSequence_harness.c
│ │ ├── xFindObjectWithLabelAndClass
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ ├── cbmc-viewer.json
│ │ │ └── xFindObjectWithLabelAndClass_harness.c
│ │ ├── xGetSlotList
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ ├── cbmc-viewer.json
│ │ │ └── xGetSlotList_harness.c
│ │ ├── xInitializePKCS11
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ ├── cbmc-viewer.json
│ │ │ └── xInitializePKCS11_harness.c
│ │ ├── xInitializePkcs11Session
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ ├── cbmc-viewer.json
│ │ │ └── xInitializePkcs11Session_harness.c
│ │ └── xInitializePkcs11Token
│ │ │ ├── Makefile
│ │ │ ├── README.md
│ │ │ ├── cbmc-proof.txt
│ │ │ ├── cbmc-viewer.json
│ │ │ └── xInitializePkcs11Token_harness.c
│ ├── sources
│ │ └── README.md
│ └── stubs
│ │ ├── README.md
│ │ ├── core_pkcs11_pal_stubs.c
│ │ ├── core_pki_utils_stubs.c
│ │ ├── mbedtls_stubs.c
│ │ └── pkcs11_interface_stubs.c
├── coverity_analysis
│ └── CMakeLists.txt
├── include
│ ├── core_pkcs11_config.h
│ ├── logging_levels.h
│ ├── logging_stack.h
│ ├── malloc_stub.h
│ ├── mock_osal.h
│ └── pkcs11_defs.h
├── mbedtls_integration
│ ├── CMakeLists.txt
│ ├── core_pkcs11_config.h
│ ├── core_pkcs11_mbedtls_config.yml
│ ├── core_pkcs11_test_config.h
│ └── mbedtls_integration_test.c
├── pkcs11_mbedtls_utest
│ ├── CMakeLists.txt
│ ├── core_pkcs11_mbedtls_config.yml
│ └── core_pkcs11_mbedtls_utest.c
├── pkcs11_utils_utest
│ ├── CMakeLists.txt
│ ├── pkcs11_utils_config.yml
│ └── pkcs11_utils_utest.c
└── wrapper_utest
│ ├── CMakeLists.txt
│ ├── core_pkcs11_utest.c
│ └── wrapper_utest_config.yml
└── tools
├── cmock.cmake
├── cmock
└── coverage.cmake
├── coverity
├── README.md
└── misra.config
├── mbedtls.cmake
├── mbedtls_configure.sh
├── pkcs11_api.cmake
└── unity.cmake
/.github/.cSpellWords.txt:
--------------------------------------------------------------------------------
1 | abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu
2 | ABEF
3 | AESCMAC
4 | aesni
5 | AESNI
6 | BBOOL
7 | Bgkqhki
8 | Bhargavan
9 | cbmc
10 | CBMC
11 | cbor
12 | CBOR
13 | Chth
14 | cmac
15 | CMAC
16 | cmock
17 | Cmock
18 | CMock
19 | CMOCK
20 | coremqtt
21 | coverity
22 | Coverity
23 | CSDK
24 | CSRS
25 | ctest
26 | DCMOCK
27 | DCOV
28 | decihours
29 | Decihours
30 | DECIHOURS
31 | dgst
32 | DNDEBUG
33 | Drbg
34 | DSYSTEM
35 | DUNIT
36 | DUNITTEST
37 | DUNITY
38 | ecdh
39 | ecjpake
40 | EABNVYL
41 | ECKEY
42 | FAAOCAQE
43 | Fithb
44 | Gaëtan
45 | Gcbs
46 | getpacketid
47 | ggdb
48 | havege
49 | HAVEGE
50 | hkdf
51 | HKDF
52 | isystem
53 | JITP
54 | JITR
55 | JLATES
56 | Karthikeyan
57 | lcov
58 | LPDWORD
59 | LPWORD
60 | mbed
61 | MBED
62 | mbedcrypto
63 | MBEDTLSSL
64 | Merkle
65 | misra
66 | Misra
67 | MISRA
68 | MQTT
69 | mypy
70 | NISTP
71 | nondet
72 | Nondet
73 | NONDET
74 | Optiga
75 | OPTIM
76 | osal
77 | PAKE
78 | pcertificate
79 | pkimbedtlssignaturetopkcs
80 | pkparse
81 | pkwrite
82 | ppublic
83 | ppuc
84 | pylint
85 | pytest
86 | pyyaml
87 | RCVT
88 | RSAES
89 | RSASSA
90 | scsv
91 | SCSV
92 | SECP
93 | sinclude
94 | SSLV
95 | UDBL
96 | UNACKED
97 | unhashed
98 | unpadded
99 | Unpadded
100 | UNPADDED
101 | UNSUB
102 | UNSUBACK
103 | unsubscriptions
104 | utest
105 | vect
106 | Vect
107 | VECT
108 | VEIQ
109 | VQIDAQAB
110 | Wunused
111 | xfindobjectwithlabelandclass
112 | xgetslotlist
113 | xinitializepkcs
114 | xtea
115 | XTEA
116 | yfiv
117 | zeroize
118 | ZEROIZE
119 |
--------------------------------------------------------------------------------
/.github/CODEOWNERS:
--------------------------------------------------------------------------------
1 | # Each line is a file pattern followed by one or more owners.
2 |
3 | # These owners will be the default owners for everything in
4 | # the repo. Unless a later match takes precedence,
5 | # @global-owner1 and @global-owner2 will be requested for
6 | # review when someone opens a pull request.
7 | * @FreeRTOS/pr-bar-raiser
8 |
9 | # Order is important; the last matching pattern takes the most
10 | # precedence. When someone opens a pull request that only
11 | # modifies JS files, only @js-owner and not the global
12 | # owner(s) will be requested for a review.
13 | # *.c FreeRTOS/pr-bar-raiser
14 |
15 | # You can also use email addresses if you prefer. They'll be
16 | # used to look up users just like we do for commit author
17 | # emails.
18 | # *.go docs@example.com
19 |
20 | # In this example, @doctocat owns any files in the build/logs
21 | # directory at the root of the repository and any of its
22 | # subdirectories.
23 | # /build/logs/ @doctocat
24 |
25 | # The `docs/*` pattern will match files like
26 | # `docs/getting-started.md` but not further nested files like
27 | # `docs/build-app/troubleshooting.md`.
28 | # docs/* docs@example.com
29 |
30 | # In this example, @octocat owns any file in an apps directory
31 | # anywhere in your repository.
32 | # apps/ @octocat
33 |
34 | # In this example, @doctocat owns any file in the `/docs`
35 | # directory in the root of your repository and any of its
36 | # subdirectories.
37 | # /docs/ @doctocat
38 |
39 |
40 |
41 |
--------------------------------------------------------------------------------
/.github/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contributing Guidelines
2 |
3 | Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional
4 | documentation, we greatly value feedback and contributions from our community.
5 |
6 | Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
7 | information to effectively respond to your bug report or contribution.
8 |
9 |
10 | ## Reporting Bugs/Feature Requests
11 |
12 | We welcome you to use the GitHub issue tracker to report bugs or suggest features.
13 |
14 | When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already
15 | reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
16 |
17 | * A reproducible test case or series of steps
18 | * The version of our code being used
19 | * Any modifications you've made relevant to the bug
20 | * Anything unusual about your environment or deployment
21 |
22 |
23 | ## Contributing via Pull Requests
24 | Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
25 |
26 | 1. You are working against the latest source on the *main* branch.
27 | 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
28 | 3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
29 |
30 | To send us a pull request, please:
31 |
32 | 1. Fork the repository.
33 | 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
34 | 3. Ensure local tests pass.
35 | 4. Commit to your fork using clear commit messages.
36 | 5. Send us a pull request, answering any default questions in the pull request interface.
37 | 6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
38 |
39 | GitHub provides additional document on [forking a repository](https://docs.github.com/en/get-started/quickstart/fork-a-repo) and
40 | [creating a pull request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request).
41 |
42 |
43 | ## Finding contributions to work on
44 | Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start.
45 |
46 |
47 | ## Code of Conduct
48 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
49 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
50 | opensource-codeofconduct@amazon.com with any additional questions or comments.
51 |
52 |
53 | ## Security issue notifications
54 | If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
55 |
56 |
57 | ## Licensing
58 |
59 | See the [LICENSE](../LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
60 |
61 | We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
62 |
--------------------------------------------------------------------------------
/.github/actions/url_verifier.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -
2 |
3 | PROJECT=$1
4 | echo "Verifying url links of: ${PROJECT}"
5 | if [ ! -d "$PROJECT" ]
6 | then
7 | echo "Directory passed does not exist"
8 | exit 2
9 | fi
10 |
11 | SCRIPT_RET=0
12 |
13 | set -o nounset # Treat unset variables as an error
14 |
15 | declare -A dict
16 |
17 | function test {
18 | while IFS= read -r LINE; do
19 | FILE=$(echo $LINE | cut -f 1 -d ':')
20 | URL=$(echo $LINE | grep -IoE '\b(https?|ftp|file)://[-A-Za-z0-9+&@#/%?=~_|!:,.;]*[-A-Za-z0-9+&@#/%=~_|]')
21 |
22 | # remove trailing / if it exists curl diferenciate between links with
23 | # and without / at the end
24 | # URL=`echo "$URL" | sed 's,/$,,'`
25 | dict+=(["$URL"]="$FILE ")
26 | done < <(grep -e 'https\?://' ${PROJECT} -RIa --exclude='*.exe' --exclude-dir=.git | tr '*' ' ')
27 |
28 | for UNIQ_URL in ${!dict[@]} # loop urls
29 | do
30 | CURL_RES=$(curl -I ${UNIQ_URL} 2>/dev/null| head -n 1 | cut -f 2 -d ' ')
31 | RES=$?
32 |
33 | if [ "${CURL_RES}" == '' -o "${CURL_RES}" != '200' ]
34 | then
35 | echo "URL is: ${UNIQ_URL}"
36 | echo "File names: ${dict[$UNIQ_URL]}"
37 | if [ "${CURL_RES}" == '' ] # curl returned an error
38 | then
39 | CURL_RES=$RES
40 | SCRIPT_RET=1
41 | elif [ "${CURL_RES}" == '403' ]
42 | then
43 | SCRIPT_RET=1
44 | fi
45 | echo Result is: "${CURL_RES}"
46 | echo "================================="
47 | fi
48 | done
49 |
50 | if [ "${SCRIPT_RET}" -eq 0 ]
51 | then
52 | exit 0
53 | else
54 | exit 1
55 | fi
56 | }
57 |
58 | test
59 |
60 |
--------------------------------------------------------------------------------
/.github/memory_statistics_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "lib_name": "corePKCS11",
3 | "src": [
4 | "source/core_pkcs11.c",
5 | "source/core_pki_utils.c",
6 | "source/portable/mbedtls/core_pkcs11_mbedtls.c"
7 | ],
8 | "include": [
9 | "source/include",
10 | "source/dependency/3rdparty/pkcs11/published/2-40-errata-1",
11 | "build/_deps/mbedtls_2-src/include",
12 | "source/dependency/3rdparty/mbedtls_utils",
13 | "test/include"
14 | ]
15 | }
16 |
--------------------------------------------------------------------------------
/.github/pull_request_template.md:
--------------------------------------------------------------------------------
1 |
2 |
3 | Description
4 | -----------
5 |
6 |
7 | Test Steps
8 | -----------
9 |
10 |
11 | Checklist:
12 | ----------
13 |
14 |
15 | - [ ] I have tested my changes. No regression in existing tests.
16 | - [ ] I have modified and/or added unit-tests to cover the code changes in this Pull Request.
17 |
18 | Related Issue
19 | -----------
20 |
21 | By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
22 |
--------------------------------------------------------------------------------
/.github/workflows/doxygen.yml:
--------------------------------------------------------------------------------
1 | name: Doxygen Generation
2 | on:
3 | push:
4 | branches: [main]
5 | workflow_dispatch:
6 | jobs:
7 | doxygen-generation:
8 | runs-on: ubuntu-latest
9 | steps:
10 | - name: Doxygen generation
11 | uses: FreeRTOS/CI-CD-Github-Actions/doxygen-generation@main
12 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Ignore documentation output.
2 | **/docs/**/output/*
3 |
4 | # Ignore CMake build directory.
5 | build/
6 |
7 | # Ignore build artifacts
8 | *.o
9 |
10 | # Ignore code coverage artifacts
11 | *.gcda
12 | *.gcno
13 | *.gcov
14 |
15 | **/*.dat
16 |
17 | .DS_Store
18 |
19 |
--------------------------------------------------------------------------------
/.gitmodules:
--------------------------------------------------------------------------------
1 | [submodule "source/dependency/3rdparty/pkcs11"]
2 | path = source/dependency/3rdparty/pkcs11
3 | url = https://github.com/oasis-tcs/pkcs11.git
4 |
--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
1 | ## Code of Conduct
2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
4 | opensource-codeofconduct@amazon.com with any additional questions or comments.
5 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining a copy
4 | of this software and associated documentation files (the "Software"), to deal
5 | in the Software without restriction, including without limitation the rights
6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7 | copies of the Software, and to permit persons to whom the Software is
8 | furnished to do so, subject to the following conditions:
9 |
10 | The above copyright notice and this permission notice shall be included in all
11 | copies or substantial portions of the Software.
12 |
13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
19 | SOFTWARE.
20 |
--------------------------------------------------------------------------------
/MISRA.md:
--------------------------------------------------------------------------------
1 | # MISRA Compliance
2 |
3 | The PKCS #11 library files conform to the [MISRA C:2012](https://www.misra.org.uk)
4 | guidelines, with some noted exceptions. Compliance is checked with Coverity static analysis.
5 | The specific deviations, suppressed inline, are listed below.
6 |
7 | Additionally, [MISRA configuration file](https://github.com/FreeRTOS/corePKCS11/blob/main/tools/coverity/misra.config) contains the project wide deviations.
8 |
9 | ### Suppressed with Coverity Comments
10 | To find the violation references in the source files run grep on the source code
11 | with ( Assuming rule 10.5 violation; with justification in point 1 ):
12 | ```
13 | grep 'MISRA Ref 10.5.1' . -rI
14 | ```
15 |
16 | #### Rule 10.5
17 |
18 | _Ref 10.5.1_
19 |
20 | - MISRA C-2012 Rule 10.5 The value of an expression should not be cast to an
21 | inappropriate essential type. The boolean type of the PKCS #11 standard is
22 | an unsigned char, which is an acceptable base type for a boolean type.
23 |
24 | #### Rule 11.1
25 |
26 | _Ref 11.1.1_
27 |
28 | - MISRA C-2012 Rule 11.1 Doesn't allow conversions between function pointers and any other type
29 | However, since we're just using this to suppress the compiler warning, we're also fine with
30 | suppressing the MISRA violation related to this line as well.
31 |
32 |
33 | #### Rule 12.1
34 |
35 | _Ref 12.1.1_
36 |
37 | - MISRA C-2012 Rule 12.1 Requires precedence of operators within an expression to be explicit.
38 | The third party macro being used here throws a violation when used. Adding additional parens to the
39 | call or to the decleration doesn't remove the violation, so we suppress it.
40 |
41 | #### Rule 11.5
42 |
43 | _Ref 11.5.1_
44 |
45 | - MISRA C-2012 Rule 11.5 Allow casts from `void *`. Fields such as publish
46 | payloads are passed as `void *` and must be cast to the correct data type before use.
47 |
--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
1 | ## Reporting a Vulnerability
2 |
3 | If you discover a potential security issue in this project, we ask that you notify AWS/Amazon Security
4 | via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting/) or directly via email to aws-security@amazon.com.
5 | Please do **not** create a public github issue.
6 |
--------------------------------------------------------------------------------
/cspell.config.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | $schema: https://raw.githubusercontent.com/streetsidesoftware/cspell/main/cspell.schema.json
3 | version: '0.2'
4 | # Allows things like stringLength
5 | allowCompoundWords: true
6 |
7 | # Read files not to spell check from the git ignore
8 | useGitignore: true
9 |
10 | # Language settings for C
11 | languageSettings:
12 | - caseSensitive: false
13 | enabled: true
14 | languageId: c
15 | locale: "*"
16 |
17 | # Add a dictionary, and the path to the word list
18 | dictionaryDefinitions:
19 | - name: freertos-words
20 | path: '.github/.cSpellWords.txt'
21 | addWords: true
22 |
23 | dictionaries:
24 | - freertos-words
25 |
26 | # Paths and files to ignore
27 | ignorePaths:
28 | - 'dependency'
29 | - 'docs'
30 | - 'ThirdParty'
31 | - 'History.txt'
32 |
--------------------------------------------------------------------------------
/docs/doxygen/include/size_table.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
Code Size of corePKCS11 (example generated with GCC for ARM Cortex-M)
4 |
5 |
6 |
File
7 |
With -O1 Optimization
8 |
With -Os Optimization
9 |
10 |
11 |
core_pkcs11.c
12 |
0.8K
13 |
0.7K
14 |
15 |
16 |
core_pki_utils.c
17 |
0.5K
18 |
0.3K
19 |
20 |
21 |
core_pkcs11_mbedtls.c
22 |
9.4K
23 |
7.7K
24 |
25 |
26 |
Total estimates
27 |
10.7K
28 |
8.7K
29 |
30 |
31 |
--------------------------------------------------------------------------------
/docs/doxygen/style.css:
--------------------------------------------------------------------------------
1 | /*
2 | * Stylesheet for Doxygen HTML output.
3 | *
4 | * This file defines styles for custom elements in the header/footer and
5 | * overrides some of the default Doxygen styles.
6 | *
7 | * Styles in this file do not affect the treeview sidebar.
8 | */
9 |
10 | /* Set the margins to place a small amount of whitespace on the left and right
11 | * side of the page. */
12 | div.contents {
13 | margin-left:4em;
14 | margin-right:4em;
15 | }
16 |
17 | /* Justify text in paragraphs. */
18 | p {
19 | text-align: justify;
20 | }
21 |
22 | /* Style of section headings. */
23 | h1 {
24 | border-bottom: 1px solid #879ECB;
25 | color: #354C7B;
26 | font-size: 160%;
27 | font-weight: normal;
28 | padding-bottom: 4px;
29 | padding-top: 8px;
30 | }
31 |
32 | /* Style of subsection headings. */
33 | h2:not(.memtitle):not(.groupheader) {
34 | font-size: 125%;
35 | margin-bottom: 0px;
36 | margin-top: 16px;
37 | padding: 0px;
38 | }
39 |
40 | /* Style of paragraphs immediately after subsection headings. */
41 | h2 + p {
42 | margin: 0px;
43 | padding: 0px;
44 | }
45 |
46 | /* Style of subsection headings. */
47 | h3 {
48 | font-size: 100%;
49 | margin-bottom: 0px;
50 | margin-left: 2em;
51 | margin-right: 2em;
52 | }
53 |
54 | /* Style of paragraphs immediately after subsubsection headings. */
55 | h3 + p {
56 | margin-top: 0px;
57 | margin-left: 2em;
58 | margin-right: 2em;
59 | }
60 |
61 | /* Style of the prefix "AWS IoT Device SDK C" that appears in the header. */
62 | #csdkprefix {
63 | color: #757575;
64 | }
65 |
66 | /* Style of the "Return to main page" link that appears in the header. */
67 | #returntomain {
68 | padding: 0.5em;
69 | }
70 |
71 | /* Style of the dividers on Configuration Settings pages. */
72 | div.configpagedivider {
73 | margin-left: 0px !important;
74 | margin-right: 0px !important;
75 | margin-top: 20px !important;
76 | }
77 |
78 | /* Style of configuration setting names. */
79 | dl.section.user ~ h1 {
80 | border-bottom: none;
81 | color: #000000;
82 | font-family: monospace, fixed;
83 | font-size: 16px;
84 | margin-bottom: 0px;
85 | margin-left: 2em;
86 | margin-top: 1.5em;
87 | }
88 |
89 | /* Style of paragraphs on a configuration settings page. */
90 | dl.section.user ~ * {
91 | margin-bottom: 10px;
92 | margin-left: 4em;
93 | margin-right: 4em;
94 | margin-top: 0px;
95 | }
96 |
97 | /* Hide the configuration setting marker. */
98 | dl.section.user {
99 | display: none;
100 | }
101 |
102 | /* Overrides for code fragments and lines. */
103 | div.fragment {
104 | background: #ffffff;
105 | border: none;
106 | padding: 5px;
107 | }
108 |
109 | div.line {
110 | color: #3a3a3a;
111 | }
112 |
113 | /* Overrides for code syntax highlighting colors. */
114 | span.comment {
115 | color: #008000;
116 | }
117 |
118 | span.keyword, span.keywordtype, span.keywordflow {
119 | color: #0000ff;
120 | }
121 |
122 | span.preprocessor {
123 | color: #50015a;
124 | }
125 |
126 | span.stringliteral, span.charliteral {
127 | color: #800c0c;
128 | }
129 |
130 | a.code, a.code:visited, a.line, a.line:visited {
131 | color: #496194;
132 | }
133 |
--------------------------------------------------------------------------------
/docs/images/pkcs11_digest.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FreeRTOS/corePKCS11/0a5fb6c9dd6233d5a869ab9970440be594d2a1c8/docs/images/pkcs11_digest.png
--------------------------------------------------------------------------------
/docs/images/pkcs11_object_generate.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FreeRTOS/corePKCS11/0a5fb6c9dd6233d5a869ab9970440be594d2a1c8/docs/images/pkcs11_object_generate.png
--------------------------------------------------------------------------------
/docs/images/pkcs11_object_import.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FreeRTOS/corePKCS11/0a5fb6c9dd6233d5a869ab9970440be594d2a1c8/docs/images/pkcs11_object_import.png
--------------------------------------------------------------------------------
/docs/images/pkcs11_rng.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FreeRTOS/corePKCS11/0a5fb6c9dd6233d5a869ab9970440be594d2a1c8/docs/images/pkcs11_rng.png
--------------------------------------------------------------------------------
/docs/images/pkcs11_sign_verify.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FreeRTOS/corePKCS11/0a5fb6c9dd6233d5a869ab9970440be594d2a1c8/docs/images/pkcs11_sign_verify.png
--------------------------------------------------------------------------------
/docs/plantuml/pkcs11_digest.pu:
--------------------------------------------------------------------------------
1 | @startuml
2 | skinparam classFontSize 8
3 | skinparam classFontName Helvetica
4 | autonumber
5 |
6 | participant "Application" as app
7 | participant "PKCS #11" as pkcs
8 |
9 | box "PKCS #11 - Creating A Message Digest" #LightBlue
10 | participant app
11 | participant pkcs
12 | end box
13 |
14 | app -> pkcs: Acquire function list with C_GetFunctionList
15 | pkcs -> app: Return CK_FUNCTION_LIST_PTR with supported functions
16 |
17 | app -> pkcs: Initialize with C_Initialize
18 |
19 | app -> pkcs: Query for a slot with C_GetSlotList
20 | pkcs -> app: Return an array of CK_SLOT_IDs
21 |
22 | app -> pkcs: Open a new session with a slot using C_OpenSession
23 | pkcs -> app: Return a CK_SESSION_HANDLE
24 |
25 | app -> pkcs: Log in to current session with C_Login
26 |
27 | app -> pkcs: Query for supported mechanisms with C_GetMechanismInfo
28 | pkcs -> app: Return CK_MECHANISM_INFO
29 |
30 | app -> pkcs: Start a digest operation using SHA-256 by passing CKM_SHA256 to C_DigestInit
31 | app -> pkcs: Pass bytes buffer of message to C_DigestUpdate
32 | app -> pkcs: Pass bytes buffer for storing the digest to C_DigestFinal
33 | pkcs -> app: Fill buffer with digest bytes
34 |
35 | app -> pkcs: Close session with C_CloseSession
36 | app -> pkcs: Uninitialize with C_Finalize
37 |
38 | @enduml
39 |
--------------------------------------------------------------------------------
/docs/plantuml/pkcs11_object_generate.pu:
--------------------------------------------------------------------------------
1 | @startuml
2 | skinparam classFontSize 8
3 | skinparam classFontName Helvetica
4 | autonumber
5 |
6 | participant "Application" as app
7 | participant "PKCS #11" as pkcs
8 |
9 | box "PKCS #11 - Generating A Key Pair" #LightBlue
10 | participant app
11 | participant pkcs
12 | end box
13 |
14 | app -> pkcs: Acquire function list with C_GetFunctionList
15 | pkcs -> app: Return CK_FUNCTION_LIST_PTR with supported functions
16 |
17 | app -> pkcs: Initialize with C_Initialize
18 |
19 | app -> pkcs: Query for a slot with C_GetSlotList
20 | pkcs -> app: Return an array of CK_SLOT_IDs
21 |
22 | app -> pkcs: Open a new session with a slot using C_OpenSession
23 | pkcs -> app: Return a CK_SESSION_HANDLE
24 |
25 | app -> pkcs: Log in to current session with C_Login
26 |
27 | app -> pkcs: Pass CK_ATTRIBUTEs template to C_CreateKeyPair
28 | pkcs -> app: Return CK_OBJECT_HANDLE for public key and for private key
29 |
30 | app -> pkcs: Close session with C_CloseSession
31 | app -> pkcs: Uninitialize with C_Finalize
32 |
33 | @endumlf
34 |
--------------------------------------------------------------------------------
/docs/plantuml/pkcs11_object_import.pu:
--------------------------------------------------------------------------------
1 | @startuml
2 | skinparam classFontSize 8
3 | skinparam classFontName Helvetica
4 | autonumber
5 |
6 | participant "Application" as app
7 | participant "PKCS #11" as pkcs
8 |
9 | box "PKCS #11 - Importing A Crypto Object" #LightBlue
10 | participant app
11 | participant pkcs
12 | end box
13 |
14 | app -> pkcs: Acquire function list with C_GetFunctionList
15 | pkcs -> app: Return CK_FUNCTION_LIST_PTR with supported functions
16 |
17 | app -> pkcs: Initialize with C_Initialize
18 |
19 | app -> pkcs: Query for a slot with C_GetSlotList
20 | pkcs -> app: Return an array of CK_SLOT_IDs
21 |
22 | app -> pkcs: Open a new session with a slot using C_OpenSession
23 | pkcs -> app: Return a CK_SESSION_HANDLE
24 |
25 | app -> pkcs: Log in to current session with C_Login
26 |
27 | app -> pkcs: Pass Attribute template to C_CreateObject
28 | pkcs -> app: Return CK_OBJECT_HANDLE associated with the new object
29 |
30 | app -> pkcs: Close session with C_CloseSession
31 | app -> pkcs: Uninitialize with C_Finalize
32 |
33 | @enduml
34 |
--------------------------------------------------------------------------------
/docs/plantuml/pkcs11_rng.pu:
--------------------------------------------------------------------------------
1 | @startuml
2 | skinparam classFontSize 8
3 | skinparam classFontName Helvetica
4 | autonumber
5 |
6 | participant "Application" as app
7 | participant "PKCS #11" as pkcs
8 |
9 | box "PKCS #11 - Generating A Random Number" #LightBlue
10 | participant app
11 | participant pkcs
12 | end box
13 |
14 | app -> pkcs: Acquire function list with C_GetFunctionList
15 | pkcs -> app: Return CK_FUNCTION_LIST_PTR with supported functions
16 |
17 | app -> pkcs: Initialize with C_Initialize
18 |
19 | app -> pkcs: Query for a slot with C_GetSlotList
20 | pkcs -> app: Return an array of CK_SLOT_IDs
21 |
22 | app -> pkcs: Open a new session with a slot using C_OpenSession
23 | pkcs -> app: Return a CK_SESSION_HANDLE
24 |
25 | app -> pkcs: Log in to current session with C_Login
26 |
27 | app -> pkcs: Request an array of random bytes with C_GenerateRandom
28 | pkcs -> app: Return an array of random bytes
29 |
30 | app -> pkcs: Close session with C_CloseSession
31 | app -> pkcs: Uninitialize with C_Finalize
32 |
33 | @enduml
34 |
--------------------------------------------------------------------------------
/docs/plantuml/pkcs11_sign_verify.pu:
--------------------------------------------------------------------------------
1 | @startuml
2 | skinparam classFontSize 8
3 | skinparam classFontName Helvetica
4 | autonumber
5 |
6 | participant "Application" as app
7 | participant "PKCS #11" as pkcs
8 |
9 | box "PKCS #11 - Signing And Verifying A Signature" #LightBlue
10 | participant app
11 | participant pkcs
12 | end box
13 |
14 | app -> pkcs: Acquire function list with C_GetFunctionList
15 | pkcs -> app: Return CK_FUNCTION_LIST_PTR with supported functions
16 |
17 | app -> pkcs: Initialize with C_Initialize
18 |
19 | app -> pkcs: Query for a slot with C_GetSlotList
20 | pkcs -> app: Return an array of CK_SLOT_IDs
21 |
22 | app -> pkcs: Open a new session with a slot using C_OpenSession
23 | pkcs -> app: Return a CK_SESSION_HANDLE
24 |
25 | app -> pkcs: Log in to current session with C_Login
26 |
27 | app -> pkcs: Initiate a find operation by passing a CK_ATTRIBUTEs template to C_FindObjectsInit
28 | app -> pkcs: Request a CK_OBJECT_HANDLE
29 | pkcs -> app: Return CK_OBJECT_HANDLE for the appropriate object
30 | app -> pkcs: Clean up find operation with C_FindObjectsFinal
31 |
32 | app -> pkcs: Start a digest operation using SHA-256 by passing CKM_SHA256 C_DigestInit
33 | app -> pkcs: Provide bytes buffer of message to hash with C_DigestUpdate
34 | app -> pkcs: Provide bytes buffer to store digest in with C_DigestFinal
35 | pkcs -> app: Fill buffer with digest bytes
36 |
37 | app -> pkcs: Start a sign operation by passing the signature mechanism and private key handle to C_SignInit
38 | app -> pkcs: Provide bytes buffer of message hash and bytes buffer to store the signature to C_Sign
39 | pkcs -> app: Fill signature buffer with signature bytes of hash buffer
40 |
41 | app -> pkcs: Start a verify operation by passing the verify mechanism and public key handle to C_VerifyInit
42 | app -> pkcs: Provide bytes buffer of message hash and bytes buffer of the signature to C_Verify
43 | pkcs -> app: Return OK if public key could verify signature
44 |
45 | app -> pkcs: Close session with C_CloseSession
46 | app -> pkcs: Uninitialize with C_Finalize
47 |
48 | @endumla
49 |
50 |
--------------------------------------------------------------------------------
/manifest.yml:
--------------------------------------------------------------------------------
1 | name: "corePKCS11"
2 | version: "v3.6.3"
3 | description: "Software implementation of the PKCS #11 standard."
4 | license: "MIT"
5 |
6 | dependencies:
7 | - name: "pkcs11"
8 | version: "2-40-errata-1"
9 | license: "OASIS-IPR"
10 | repository:
11 | type: "git"
12 | url: "https://github.com/oasis-tcs/pkcs11.git"
13 | path: "source/dependency/3rdparty/pkcs11"
14 |
--------------------------------------------------------------------------------
/pkcsFilePaths.cmake:
--------------------------------------------------------------------------------
1 | # This file is to add source files and include directories
2 | # into variables so that it can be reused from different repositories
3 | # in their Cmake based build system by including this file.
4 | #
5 | # Files specific to the repository such as test runner, platform tests
6 | # are not added to the variables.
7 |
8 | # corePKCS11 library source files.
9 | set( PKCS_SOURCES
10 | "${CMAKE_CURRENT_LIST_DIR}/source/core_pkcs11.c"
11 | "${CMAKE_CURRENT_LIST_DIR}/source/portable/mbedtls/core_pkcs11_mbedtls.c"
12 | "${CMAKE_CURRENT_LIST_DIR}/source/core_pki_utils.c"
13 | )
14 |
15 | # corePKCS11 library public include directories.
16 | set( PKCS_INCLUDE_PUBLIC_DIRS
17 | "${CMAKE_CURRENT_LIST_DIR}/source/dependency/3rdparty/pkcs11/published/2-40-errata-1"
18 | "${CMAKE_CURRENT_LIST_DIR}/source/include"
19 | )
20 |
21 | # corePKCS11 PAL Posix source files.
22 | set( PKCS_PAL_POSIX_SOURCES
23 | "${CMAKE_CURRENT_LIST_DIR}/source/portable/os/core_pkcs11_pal_utils.c"
24 | "${CMAKE_CURRENT_LIST_DIR}/source/portable/os/posix/core_pkcs11_pal.c"
25 | )
26 |
27 | # corePKCS11 PAL Windows source files.
28 | set( PKCS_PAL_WINDOWS_SOURCES
29 | "${CMAKE_CURRENT_LIST_DIR}/source/portable/os/core_pkcs11_pal_utils.c"
30 | "${CMAKE_CURRENT_LIST_DIR}/source/portable/os/freertos_winsim/core_pkcs11_pal.c"
31 | )
32 |
33 | # corePKCS11 PAL shared include directories.
34 | set( PKCS_PAL_INCLUDE_PUBLIC_DIRS
35 | "${CMAKE_CURRENT_LIST_DIR}/source/portable/os"
36 | )
37 |
--------------------------------------------------------------------------------
/source/dependency/3rdparty/mbedtls_utils/mbedtls_utils.h:
--------------------------------------------------------------------------------
1 | /*
2 | * corePKCS11 v3.6.3
3 | * Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | *
5 | * SPDX-License-Identifier: MIT
6 | *
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy of
8 | * this software and associated documentation files (the "Software"), to deal in
9 | * the Software without restriction, including without limitation the rights to
10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
11 | * the Software, and to permit persons to whom the Software is furnished to do so,
12 | * subject to the following conditions:
13 | *
14 | * The above copyright notice and this permission notice shall be included in all
15 | * copies or substantial portions of the Software.
16 | *
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
19 | * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
20 | * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
21 | * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 | */
24 |
25 | /**
26 | * @file mbedtls_utils.h
27 | * @brief Helper functions originating from mbedTLS.
28 | */
29 |
30 | #ifndef _MBEDTLS_UTILS_H_
31 | #define _MBEDTLS_UTILS_H_
32 |
33 | /* Standard includes. */
34 | #include
35 |
36 | /* *INDENT-OFF* */
37 | #ifdef __cplusplus
38 | extern "C" {
39 | #endif
40 | /* *INDENT-ON* */
41 |
42 | /*-----------------------------------------------------------*/
43 |
44 | /**
45 | * @brief Converts PEM documents into DER formatted byte arrays.
46 | * This is a helper function from MbedTLS util pem2der.c
47 | * (https://github.com/ARMmbed/mbedtls/blob/development/programs/util/pem2der.c#L75)
48 | *
49 | * @param pucInput[in] Pointer to PEM object
50 | * @param xLen[in] Length of PEM object
51 | * @param pucOutput[out] Pointer to buffer where DER object will be placed
52 | * @param pxOlen[in/out] Pointer to length of DER buffer. This value is updated
53 | * to contain the actual length of the converted DER object.
54 | *
55 | * @return 0 if successful. Negative if conversion failed. If buffer is not
56 | * large enough to hold converted object, pxOlen is still updated but -1 is
57 | * returned.
58 | */
59 | int convert_pem_to_der( const unsigned char * pucInput,
60 | size_t xLen,
61 | unsigned char * pucOutput,
62 | size_t * pxOlen );
63 |
64 | /*-----------------------------------------------------------*/
65 |
66 |
67 |
68 | /**
69 | * @brief This function is a modified version of the static function
70 | * rsa_rsassa_pkcs1_v15_encode() inside of rsa.c in MbedTLS. It has been
71 | * extracted so that corePKCS11 libraries and testing may use it.
72 | *
73 | * Formats cryptographically hashed data for RSA signing in accordance
74 | * with PKCS #1 version 1.5.
75 | *
76 | * Currently assumes SHA-256.
77 | *
78 | * @param hash[in] Buffer containing the hashed message or the raw data.
79 | * @param dst_len[in] Length of the encoded message.
80 | * @param dst[out] Buffer to hold the encoded message.
81 | */
82 | int PKI_RSA_RSASSA_PKCS1_v15_Encode( const unsigned char * hash,
83 | size_t dst_len,
84 | unsigned char * dst );
85 |
86 | /* *INDENT-OFF* */
87 | #ifdef __cplusplus
88 | }
89 | #endif
90 | /* *INDENT-ON* */
91 |
92 | #endif /* ifndef _MBEDTLS_UTILS_H_ */
93 |
--------------------------------------------------------------------------------
/source/portable/os/core_pkcs11_pal_utils.h:
--------------------------------------------------------------------------------
1 | /*
2 | * corePKCS11 v3.6.3
3 | * Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | *
5 | * SPDX-License-Identifier: MIT
6 | *
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy of
8 | * this software and associated documentation files (the "Software"), to deal in
9 | * the Software without restriction, including without limitation the rights to
10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
11 | * the Software, and to permit persons to whom the Software is furnished to do so,
12 | * subject to the following conditions:
13 | *
14 | * The above copyright notice and this permission notice shall be included in all
15 | * copies or substantial portions of the Software.
16 | *
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
19 | * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
20 | * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
21 | * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 | */
24 |
25 | /**
26 | * @file core_pkcs11_pal_utils.h
27 | * @brief Utility functions that are common for the software based PKCS #11
28 | * implementation provided by corePKCS11 for both PAL layers of POSIX and
29 | * Windows Simulator based FreeRTOS environments.
30 | * These utils contain information of the on-flash storage files used for
31 | * storing all PKCS #11 labels supported by the corePKCS11 library.
32 | */
33 | /*-----------------------------------------------------------*/
34 |
35 | /* PKCS 11 includes. */
36 | #include "core_pkcs11_config.h"
37 | #include "core_pkcs11_config_defaults.h"
38 | #include "core_pkcs11.h"
39 |
40 | /**
41 | * @ingroup pkcs11_enums
42 | * @brief Enums for managing PKCS #11 object types.
43 | *
44 | */
45 | enum eObjectHandles
46 | {
47 | eInvalidHandle = 0, /**< According to PKCS #11 spec, 0 is never a valid object handle. */
48 | eAwsDevicePrivateKey = 1, /**< Private Key. */
49 | eAwsDevicePublicKey, /**< Public Key. */
50 | eAwsDeviceCertificate, /**< Certificate. */
51 | eAwsCodeSigningKey, /**< Code Signing Key. */
52 | eAwsHMACSecretKey, /**< HMAC Secret Key. */
53 | eAwsCMACSecretKey, /**< CMAC Secret Key. */
54 | eAwsClaimPrivateKey, /**< Provisioning Claim Private Key. */
55 | eAwsClaimCertificate /**< Provisioning Claim Certificate. */
56 | };
57 |
58 |
59 | /**
60 | * @brief Checks to see if a file exists
61 | *
62 | * @param[in] pcLabel The PKCS #11 label to convert to a file name
63 | * @param[out] pcFileName The name of the file to check for existence.
64 | * @param[out] pHandle The type of the PKCS #11 object.
65 | *
66 | */
67 | void PAL_UTILS_LabelToFilenameHandle( const char * pcLabel,
68 | const char ** pcFileName,
69 | CK_OBJECT_HANDLE_PTR pHandle );
70 |
71 | /**
72 | * @brief Maps object handle to file name.
73 | *
74 | * @param[in] pcLabel The PKCS #11 label to convert to a file name
75 | * @param[out] pcFileName This will be populated with the file name that the
76 | * @p pcLabel maps to.
77 | * @param[out] pIsPrivateKey This will be set to true if the object handle
78 | * represents a secret credential like asymmetric private key or a symmetric
79 | * key.
80 | */
81 | CK_RV PAL_UTILS_HandleToFilename( CK_OBJECT_HANDLE xHandle,
82 | const char ** pcFileName,
83 | CK_BBOOL * pIsPrivateKey );
84 |
--------------------------------------------------------------------------------
/test/CMakeLists.txt:
--------------------------------------------------------------------------------
1 | cmake_minimum_required(VERSION 3.13.0)
2 | project( "corePKCS11 tests"
3 | VERSION 3.6.1
4 | LANGUAGES C)
5 |
6 | # Allow the project to be organized into folders.
7 | set_property(GLOBAL PROPERTY USE_FOLDERS ON)
8 | set_directory_properties(PROPERTIES EP_PREFIX "${CMAKE_BINARY_DIR}/_deps")
9 |
10 | # Do not allow in-source build.
11 | if(${PROJECT_SOURCE_DIR} STREQUAL ${PROJECT_BINARY_DIR})
12 | message(
13 | FATAL_ERROR
14 | "In-source build is not allowed. Please build in a separate directory, such as ${PROJECT_SOURCE_DIR}/build."
15 | )
16 | endif()
17 |
18 | # Set global path variables.
19 | get_filename_component(__MODULE_ROOT_DIR "${CMAKE_CURRENT_LIST_DIR}/.." ABSOLUTE)
20 | set(MODULE_ROOT_DIR ${__MODULE_ROOT_DIR} CACHE INTERNAL "corePKCS11 repository root.")
21 |
22 | option(SYSTEM_TESTS "Set this to ON to build system tests" ON)
23 | option(UNITTEST "Set this to ON to build unit tests" ON)
24 | option(COV_ANALYSIS "Set this to ON to build coverity_analysis target" ON)
25 |
26 | # Set output directories.
27 | set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR})
28 | set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib)
29 | set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib)
30 |
31 | include(${MODULE_ROOT_DIR}/tools/mbedtls.cmake)
32 |
33 | if(UNITTEST OR SYSTEM_TESTS)
34 | include(${MODULE_ROOT_DIR}/tools/unity.cmake)
35 | include(${MODULE_ROOT_DIR}/tools/cmock.cmake)
36 | endif()
37 |
38 | # ========================================
39 | # Test Configuration
40 | # ========================================
41 |
42 | # Define a CMock resource path.
43 | set(
44 | CMOCK_DIR
45 | ${MODULE_ROOT_DIR}/test/unit-test/CMock
46 | CACHE INTERNAL
47 | "CMock library source directory."
48 | )
49 |
50 | # Use CTest utility for managing test runs. This has to be added BEFORE defining test targets with
51 | # add_test()
52 | enable_testing()
53 |
54 | if(UNITTEST)
55 | add_subdirectory(pkcs11_mbedtls_utest)
56 | add_subdirectory(pkcs11_utils_utest)
57 | add_subdirectory(wrapper_utest)
58 | endif()
59 |
60 | if(SYSTEM_TESTS)
61 | add_subdirectory(mbedtls_integration)
62 | endif()
63 |
64 | if(COV_ANALYSIS)
65 | add_subdirectory(coverity_analysis)
66 | endif()
67 |
68 | # ========================================
69 | # Coverage Analysis configuration
70 | # ========================================
71 |
72 | if(UNITTEST OR SYSTEM_TESTS)
73 | # Add a target for running coverage on tests.
74 | add_custom_target(
75 | coverage
76 | COMMAND ${CMAKE_COMMAND} -P ${MODULE_ROOT_DIR}/tools/cmock/coverage.cmake
77 | DEPENDS cmock
78 | unity
79 | $<$:core_pkcs11_mbedtls_utest>
80 | $<$:pkcs11_wrapper_utest>
81 | $<$:pkcs11_utils_utest>
82 | $<$:integration_mbedtls_2>
83 | $<$:integration_mbedtls_3>
84 | WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
85 | )
86 | endif()
87 |
--------------------------------------------------------------------------------
/test/cbmc/.gitignore:
--------------------------------------------------------------------------------
1 | # Emitted when running CBMC proofs
2 | proofs/**/logs
3 | proofs/**/gotos
4 | proofs/**/report
5 | proofs/**/html
6 | proofs/output
7 |
8 | # Emitted by CBMC Viewer
9 | TAGS-*
10 |
11 | # Emitted by Arpa
12 | arpa_cmake/
13 | arpa-validation-logs/
14 | Makefile.arpa
15 |
16 | # Emitted by litani
17 | .ninja_deps
18 | .ninja_log
19 | .litani_cache_dir
20 |
21 | # These files should be overwritten whenever prepare.py runs
22 | cbmc-batch.yaml
23 |
24 | __pycache__/
25 |
--------------------------------------------------------------------------------
/test/cbmc/include/README.md:
--------------------------------------------------------------------------------
1 | CBMC proof include files
2 | ========================
3 |
4 | This directory contains include files written for CBMC proof. It is
5 | common to write some code to model aspects of the system under test,
6 | and the header files for this code go here.
7 |
--------------------------------------------------------------------------------
/test/cbmc/include/pkcs11_interface_stubs.h:
--------------------------------------------------------------------------------
1 | /*
2 | * corePKCS11 v3.6.3
3 | * Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | *
5 | * SPDX-License-Identifier: MIT
6 | *
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy of
8 | * this software and associated documentation files (the "Software"), to deal in
9 | * the Software without restriction, including without limitation the rights to
10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
11 | * the Software, and to permit persons to whom the Software is furnished to do so,
12 | * subject to the following conditions:
13 | *
14 | * The above copyright notice and this permission notice shall be included in all
15 | * copies or substantial portions of the Software.
16 | *
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
19 | * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
20 | * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
21 | * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 | */
24 |
25 | /**
26 | * @file pkcs11_interface_stubs.h
27 | * @brief Stubs to mock calls to PKCS #11.
28 | */
29 |
30 | #ifndef __PKCS11_INTERFACE_STUBS_H_
31 | #define __PKCS11_INTERFACE_STUBS_H_
32 |
33 | #include "pkcs11.h"
34 |
35 | CK_RV C_GetFunctionList( CK_FUNCTION_LIST_PTR_PTR ppFunctionList );
36 |
37 | #endif
38 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_CloseSession/C_CloseSession_harness.c:
--------------------------------------------------------------------------------
1 | /*
2 | * corePKCS11 v3.6.3
3 | * Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | *
5 | * SPDX-License-Identifier: MIT
6 | *
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy of
8 | * this software and associated documentation files (the "Software"), to deal in
9 | * the Software without restriction, including without limitation the rights to
10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
11 | * the Software, and to permit persons to whom the Software is furnished to do so,
12 | * subject to the following conditions:
13 | *
14 | * The above copyright notice and this permission notice shall be included in all
15 | * copies or substantial portions of the Software.
16 | *
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
19 | * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
20 | * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
21 | * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 | */
24 |
25 | /**
26 | * @file C_CloseSession_harness.c
27 | * @brief Implements the proof harness for C_CloseSession function.
28 | */
29 |
30 | #include
31 | #include "core_pkcs11.h"
32 | #include "core_pkcs11_config.h"
33 |
34 | void harness()
35 | {
36 | CK_RV xResult;
37 | CK_FLAGS xFlags;
38 | CK_SESSION_HANDLE * pxSession = malloc( sizeof( CK_SESSION_HANDLE ) );
39 |
40 | /* Cover the case when the corePKCS11 module is not already initialized. */
41 | if( pxSession != NULL )
42 | {
43 | ( void ) C_CloseSession( *pxSession );
44 | }
45 |
46 | xResult = C_Initialize( NULL );
47 | __CPROVER_assume( xResult == CKR_OK );
48 |
49 | xResult = C_OpenSession( 0, xFlags, NULL, 0, pxSession );
50 |
51 | if( xResult == CKR_OK )
52 | {
53 | __CPROVER_assert( *pxSession > CK_INVALID_HANDLE && *pxSession <= pkcs11configMAX_SESSIONS, "For the C_OpenSession result to "
54 | "be CKR_OK, we expect the session handle to be a valid value." );
55 | }
56 |
57 | if( pxSession != NULL )
58 | {
59 | ( void ) C_CloseSession( *pxSession );
60 | }
61 | }
62 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_CloseSession/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_CloseSession_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_CloseSession
10 |
11 | DEFINES +=
12 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
13 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
14 |
15 | REMOVE_FUNCTION_BODY += C_Finalize
16 | REMOVE_FUNCTION_BODY += C_GetFunctionList
17 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_free
18 | REMOVE_FUNCTION_BODY += mbedtls_entropy_free
19 | UNWINDSET +=
20 |
21 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
22 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
23 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
24 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
25 |
26 | include ../Makefile.common
27 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_CloseSession/README.md:
--------------------------------------------------------------------------------
1 | C_CloseSession proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_CloseSession.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_CloseSession/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_CloseSession/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_CloseSession",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_CreateObject/C_CreateObject_harness.c:
--------------------------------------------------------------------------------
1 | /*
2 | * corePKCS11 v3.6.3
3 | * Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | *
5 | * SPDX-License-Identifier: MIT
6 | *
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy of
8 | * this software and associated documentation files (the "Software"), to deal in
9 | * the Software without restriction, including without limitation the rights to
10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
11 | * the Software, and to permit persons to whom the Software is furnished to do so,
12 | * subject to the following conditions:
13 | *
14 | * The above copyright notice and this permission notice shall be included in all
15 | * copies or substantial portions of the Software.
16 | *
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
19 | * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
20 | * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
21 | * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 | */
24 |
25 | /**
26 | * @file C_CreateObject_harness.c
27 | * @brief Implements the proof harness for C_CreateObject function.
28 | */
29 |
30 | #include
31 | #include "mbedtls/sha256.h"
32 | #include "mbedtls/pk.h"
33 | #include "mbedtls/cmac.h"
34 | #include "core_pkcs11_config.h"
35 | #include "core_pkcs11.h"
36 |
37 | /* Internal struct for corePKCS11 mbed TLS implementation, but we don't really care what it contains
38 | * in this proof.
39 | *
40 | * It is just copied over from "core_pkcs11_mbedtls.c" so the structure is correct.
41 | */
42 | typedef struct P11Session
43 | {
44 | CK_ULONG ulState;
45 | CK_BBOOL xOpened;
46 | CK_MECHANISM_TYPE xOperationDigestMechanism;
47 | CK_BYTE * pxFindObjectLabel;
48 | CK_ULONG xFindObjectLabelLen;
49 | CK_MECHANISM_TYPE xOperationVerifyMechanism;
50 | mbedtls_threading_mutex_t xVerifyMutex;
51 | CK_OBJECT_HANDLE xVerifyKeyHandle;
52 | mbedtls_pk_context xVerifyKey;
53 | CK_MECHANISM_TYPE xOperationSignMechanism;
54 | mbedtls_threading_mutex_t xSignMutex;
55 | CK_OBJECT_HANDLE xSignKeyHandle;
56 | mbedtls_pk_context xSignKey;
57 | mbedtls_sha256_context xSHA256Context;
58 | CK_OBJECT_HANDLE xHMACKeyHandle;
59 | mbedtls_md_context_t xHMACSecretContext;
60 | CK_OBJECT_HANDLE xCMACKeyHandle;
61 | mbedtls_cipher_context_t xCMACSecretContext;
62 | } P11Session_t;
63 |
64 | CK_RV __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCheckValidSessionAndModule( const P11Session_t * pxSession )
65 | {
66 | CK_RV xResult;
67 |
68 | __CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
69 |
70 | return xResult;
71 | }
72 |
73 | void harness()
74 | {
75 | CK_RV xResult;
76 | CK_OBJECT_HANDLE * pxObject = malloc( sizeof( CK_OBJECT_HANDLE ) );
77 | CK_SESSION_HANDLE xSession;
78 | CK_ULONG ulCount;
79 |
80 | __CPROVER_assume( ulCount < TEMPLATE_SIZE );
81 | CK_ATTRIBUTE_PTR xTemplate = malloc( sizeof( CK_ATTRIBUTE ) * ulCount );
82 |
83 | if( xTemplate != NULL )
84 | {
85 | for( int i = 0; i < ulCount; i++ )
86 | {
87 | xTemplate[ i ].pValue = malloc( xTemplate[ i ].ulValueLen );
88 | __CPROVER_assume( xTemplate[ i ].pValue != NULL );
89 | }
90 | }
91 |
92 | __CPROVER_assume( xSession > CK_INVALID_HANDLE && xSession <= pkcs11configMAX_SESSIONS );
93 | ( void ) C_CreateObject( xSession,
94 | ( CK_ATTRIBUTE_PTR ) xTemplate,
95 | ulCount,
96 | pxObject );
97 | }
98 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_CreateObject/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_CreateObject_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_CreateObject
10 |
11 | # TEMPLATE_SIZE is bounded to reduce proof run time. A user can have an
12 | # arbitrarily large template size, but our library generally only cares about
13 | # some attributes. Memory safety can be proven within a reasonable bound
14 | # past what our stack cares about. It adds not value to the proof to input the
15 | # largest possible template of the maximum CK_ULONG size.
16 | #
17 | # Not recommended to increase this size, will lead to long proof times, with no
18 | # more increase in coverage.
19 | TEMPLATE_SIZE=6
20 |
21 | # Defined in `core_pkcs11_config.h`
22 | MAX_LABEL_SIZE=32
23 |
24 | # Defined in `core_pkcs11_config.h`
25 | # Should be one more than the total number of objects in the PKCS stack.
26 | MAX_OBJECT_NUM=2
27 |
28 | DEFINES += -DTEMPLATE_SIZE=$(TEMPLATE_SIZE)
29 | DEFINES += -DTEMPLATE_ATTRIBUTE_MAX_SIZE=$(TEMPLATE_ATTRIBUTE_MAX_SIZE)
30 |
31 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
32 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
33 |
34 | REMOVE_FUNCTION_BODY += C_Initialize
35 | REMOVE_FUNCTION_BODY += C_Finalize
36 | REMOVE_FUNCTION_BODY += C_GetFunctionList
37 | REMOVE_FUNCTION_BODY += PKCS11_PAL_Initialize
38 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_free
39 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_init
40 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_seed
41 | REMOVE_FUNCTION_BODY += mbedtls_entropy_free
42 | REMOVE_FUNCTION_BODY += mbedtls_entropy_init
43 | REMOVE_FUNCTION_BODY += threading_mutex_free
44 | REMOVE_FUNCTION_BODY += threading_mutex_init
45 | REMOVE_FUNCTION_BODY += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvMbedTLS_Initialize
46 |
47 | UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCreateCertificate.0:$(TEMPLATE_SIZE)
48 | UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvGetKeyType.0:$(TEMPLATE_SIZE)
49 | UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvGetObjectClass.0:$(TEMPLATE_SIZE)
50 | UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCreateECKey.0:$(TEMPLATE_SIZE)
51 | UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvGetLabel.0:$(TEMPLATE_SIZE)
52 | UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCreateRsaKey.0:$(TEMPLATE_SIZE)
53 | UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCreateSHA256HMAC.0:$(TEMPLATE_SIZE)
54 | UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCreateAESCMAC.0:$(TEMPLATE_SIZE)
55 | UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvAddObjectToList.0:$(MAX_OBJECT_NUM)
56 | UNWINDSET += harness.0:$(TEMPLATE_SIZE)
57 | UNWINDSET += memcmp.0:$(MAX_LABEL_SIZE)
58 | UNWINDSET += strncmp.0:$(MAX_LABEL_SIZE)
59 |
60 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
61 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
62 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
63 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
64 |
65 | include ../Makefile.common
66 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_CreateObject/README.md:
--------------------------------------------------------------------------------
1 | C_CreateObject proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_CreateObject.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_CreateObject/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_CreateObject/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_CreateObject",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_DestroyObject/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_DestroyObject_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_DestroyObject
10 |
11 | # Defined in `core_pkcs11_config.h`
12 | MAX_OBJECT_NUM=2
13 |
14 | # Defined in `core_pkcs11_config.h`
15 | MAX_LABEL_SIZE=32
16 |
17 | DEFINES += -DMAX_OBJECT_NUM=$(MAX_OBJECT_NUM)
18 |
19 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
20 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
21 |
22 | REMOVE_FUNCTION_BODY += C_Finalize
23 | REMOVE_FUNCTION_BODY += C_GetFunctionList
24 |
25 | # Same as max label size in the core_pkcs11_config.h
26 | UNWINDSET += strncmp.0:$(MAX_LABEL_SIZE)
27 | UNWINDSET += strlen.0:$(MAX_LABEL_SIZE)
28 |
29 | UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvFindObjectInListByLabel.0:$(MAX_OBJECT_NUM)
30 | UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvDeleteObjectFromList.0:$(MAX_OBJECT_NUM)
31 |
32 |
33 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
34 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
35 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
36 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
37 |
38 | include ../Makefile.common
39 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_DestroyObject/README.md:
--------------------------------------------------------------------------------
1 | C_DestroyObject proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_DestroyObject.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_DestroyObject/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_DestroyObject/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_DestroyObject",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_DigestFinal/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_DigestFinal_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_DigestFinal
10 |
11 | DEFINES +=
12 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
13 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
14 |
15 | REMOVE_FUNCTION_BODY +=
16 | UNWINDSET +=
17 |
18 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
19 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
20 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
21 |
22 | include ../Makefile.common
23 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_DigestFinal/README.md:
--------------------------------------------------------------------------------
1 | C_DigestFinal proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_DigestFinal.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_DigestFinal/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_DigestFinal/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_DigestFinal",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_DigestInit/C_DigestInit_harness.c:
--------------------------------------------------------------------------------
1 | /*
2 | * corePKCS11 v3.6.3
3 | * Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | *
5 | * SPDX-License-Identifier: MIT
6 | *
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy of
8 | * this software and associated documentation files (the "Software"), to deal in
9 | * the Software without restriction, including without limitation the rights to
10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
11 | * the Software, and to permit persons to whom the Software is furnished to do so,
12 | * subject to the following conditions:
13 | *
14 | * The above copyright notice and this permission notice shall be included in all
15 | * copies or substantial portions of the Software.
16 | *
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
19 | * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
20 | * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
21 | * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 | */
24 |
25 | /**
26 | * @file C_DigestInit_harness.c
27 | * @brief Implements the proof harness for C_DigestInit function.
28 | */
29 |
30 | #include "mbedtls/pk.h"
31 | #include "mbedtls/sha256.h"
32 | #include "mbedtls/cmac.h"
33 | #include "core_pkcs11_config.h"
34 | #include "core_pkcs11.h"
35 |
36 | /* Internal struct for corePKCS11 mbed TLS implementation, but we don't really care what it contains
37 | * in this proof.
38 | *
39 | * It is just copied over from "core_pkcs11_mbedtls.c" so the structure is correct.
40 | */
41 | typedef struct P11Session
42 | {
43 | CK_ULONG ulState;
44 | CK_BBOOL xOpened;
45 | CK_MECHANISM_TYPE xOperationDigestMechanism;
46 | CK_BYTE * pxFindObjectLabel;
47 | CK_ULONG xFindObjectLabelLen;
48 | CK_MECHANISM_TYPE xOperationVerifyMechanism;
49 | mbedtls_threading_mutex_t xVerifyMutex;
50 | CK_OBJECT_HANDLE xVerifyKeyHandle;
51 | mbedtls_pk_context xVerifyKey;
52 | CK_MECHANISM_TYPE xOperationSignMechanism;
53 | mbedtls_threading_mutex_t xSignMutex;
54 | CK_OBJECT_HANDLE xSignKeyHandle;
55 | mbedtls_pk_context xSignKey;
56 | mbedtls_sha256_context xSHA256Context;
57 | CK_OBJECT_HANDLE xHMACKeyHandle;
58 | mbedtls_md_context_t xHMACSecretContext;
59 | CK_OBJECT_HANDLE xCMACKeyHandle;
60 | mbedtls_cipher_context_t xCMACSecretContext;
61 | } P11Session_t;
62 |
63 | CK_RV __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCheckValidSessionAndModule( const P11Session_t * pxSession )
64 | {
65 | __CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
66 | return CKR_OK;
67 | }
68 |
69 | CK_BBOOL __CPROVER_file_local_core_pkcs11_mbedtls_c_prvOperationActive( const P11Session_t * pxSession )
70 | {
71 | __CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
72 | return nondet_bool() ? CK_TRUE : CK_FALSE;
73 | }
74 |
75 | void harness()
76 | {
77 | CK_SESSION_HANDLE hSession;
78 | CK_MECHANISM * pxMech = malloc( sizeof( CK_MECHANISM ) );
79 |
80 | __CPROVER_assume( ( hSession > CK_INVALID_HANDLE ) && ( hSession <= pkcs11configMAX_SESSIONS ) );
81 | ( void ) C_DigestInit( hSession, pxMech );
82 | }
83 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_DigestInit/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_DigestInit_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_DigestInit
10 |
11 | DEFINES +=
12 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
13 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
14 |
15 | REMOVE_FUNCTION_BODY +=
16 | UNWINDSET +=
17 |
18 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
19 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
20 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
21 |
22 | include ../Makefile.common
23 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_DigestInit/README.md:
--------------------------------------------------------------------------------
1 | C_DigestInit proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_DigestInit.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_DigestInit/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_DigestInit/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_DigestInit",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_DigestUpdate/C_DigestUpdate_harness.c:
--------------------------------------------------------------------------------
1 | /*
2 | * corePKCS11 v3.6.3
3 | * Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | *
5 | * SPDX-License-Identifier: MIT
6 | *
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy of
8 | * this software and associated documentation files (the "Software"), to deal in
9 | * the Software without restriction, including without limitation the rights to
10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
11 | * the Software, and to permit persons to whom the Software is furnished to do so,
12 | * subject to the following conditions:
13 | *
14 | * The above copyright notice and this permission notice shall be included in all
15 | * copies or substantial portions of the Software.
16 | *
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
19 | * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
20 | * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
21 | * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 | */
24 |
25 | /**
26 | * @file C_DigestUpdate_harness.c
27 | * @brief Implements the proof harness for C_DigestUpdate function.
28 | */
29 |
30 | #include "mbedtls/sha256.h"
31 | #include "mbedtls/pk.h"
32 | #include "mbedtls/cmac.h"
33 | #include "core_pkcs11_config.h"
34 | #include "core_pkcs11.h"
35 |
36 | /* Internal struct for corePKCS11 mbed TLS implementation, but we don't really care what it contains
37 | * in this proof.
38 | *
39 | * It is just copied over from "core_pkcs11_mbedtls.c" so the structure is correct.
40 | */
41 | typedef struct P11Session
42 | {
43 | CK_ULONG ulState;
44 | CK_BBOOL xOpened;
45 | CK_MECHANISM_TYPE xOperationDigestMechanism;
46 | CK_BYTE * pxFindObjectLabel;
47 | CK_ULONG xFindObjectLabelLen;
48 | CK_MECHANISM_TYPE xOperationVerifyMechanism;
49 | mbedtls_threading_mutex_t xVerifyMutex;
50 | CK_OBJECT_HANDLE xVerifyKeyHandle;
51 | mbedtls_pk_context xVerifyKey;
52 | CK_MECHANISM_TYPE xOperationSignMechanism;
53 | mbedtls_threading_mutex_t xSignMutex;
54 | CK_OBJECT_HANDLE xSignKeyHandle;
55 | mbedtls_pk_context xSignKey;
56 | mbedtls_sha256_context xSHA256Context;
57 | CK_OBJECT_HANDLE xHMACKeyHandle;
58 | mbedtls_md_context_t xHMACSecretContext;
59 | CK_OBJECT_HANDLE xCMACKeyHandle;
60 | mbedtls_cipher_context_t xCMACSecretContext;
61 | } P11Session_t;
62 |
63 | CK_RV __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCheckValidSessionAndModule( P11Session_t * pxSession )
64 | {
65 | CK_RV xResult;
66 | CK_MECHANISM_TYPE xMechanism;
67 |
68 | __CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
69 | pxSession->xOperationDigestMechanism = xMechanism;
70 | return xResult;
71 | }
72 |
73 | CK_BBOOL __CPROVER_file_local_core_pkcs11_mbedtls_c_prvOperationActive( const P11Session_t * pxSession )
74 | {
75 | CK_BBOOL xBool;
76 |
77 | __CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
78 | return xBool;
79 | }
80 |
81 | void harness()
82 | {
83 | CK_SESSION_HANDLE hSession;
84 | CK_ULONG ulPartlen;
85 |
86 | CK_BYTE_PTR pPart = malloc( ulPartlen );
87 |
88 | __CPROVER_assume( hSession > CK_INVALID_HANDLE && hSession <= pkcs11configMAX_SESSIONS );
89 | ( void ) C_DigestUpdate( hSession, pPart, ulPartlen );
90 | }
91 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_DigestUpdate/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_DigestUpdate_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_DigestUpdate
10 |
11 | DEFINES +=
12 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
13 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
14 |
15 | REMOVE_FUNCTION_BODY +=
16 | UNWINDSET +=
17 |
18 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
19 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
20 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
21 |
22 | include ../Makefile.common
23 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_DigestUpdate/README.md:
--------------------------------------------------------------------------------
1 | C_DigestUpdate proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_DigestUpdate.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_DigestUpdate/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_DigestUpdate/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_DigestUpdate",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_Finalize/C_Finalize_harness.c:
--------------------------------------------------------------------------------
1 | /*
2 | * corePKCS11 v3.6.3
3 | * Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | *
5 | * SPDX-License-Identifier: MIT
6 | *
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy of
8 | * this software and associated documentation files (the "Software"), to deal in
9 | * the Software without restriction, including without limitation the rights to
10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
11 | * the Software, and to permit persons to whom the Software is furnished to do so,
12 | * subject to the following conditions:
13 | *
14 | * The above copyright notice and this permission notice shall be included in all
15 | * copies or substantial portions of the Software.
16 | *
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
19 | * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
20 | * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
21 | * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 | */
24 |
25 | /**
26 | * @file C_Finalize_harness.c
27 | * @brief Implements the proof harness for C_Finalize function.
28 | */
29 |
30 | #include
31 | #include "core_pkcs11.h"
32 |
33 | void harness()
34 | {
35 | CK_RV xResult = C_Initialize( NULL );
36 |
37 | if( xResult == CKR_OK )
38 | {
39 | ( void ) C_Finalize( NULL );
40 | }
41 | }
42 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_Finalize/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_Finalize_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_Finalize
10 |
11 | DEFINES +=
12 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
13 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
14 |
15 | REMOVE_FUNCTION_BODY +=
16 | UNWINDSET +=
17 |
18 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
19 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
20 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
21 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
22 |
23 | include ../Makefile.common
24 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_Finalize/README.md:
--------------------------------------------------------------------------------
1 | C_Finalize proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_Finalize.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_Finalize/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_Finalize/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_Finalize",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_FindObjects/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_FindObjects_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_FindObjects
10 |
11 | DEFINES +=
12 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
13 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
14 |
15 | REMOVE_FUNCTION_BODY += C_Finalize
16 | REMOVE_FUNCTION_BODY += C_GetFunctionList
17 |
18 | # This should be similar to the dummy data length in "core_pkcs11_pal_stubs.c" PKCS11_PAL_GetObjectValue
19 | UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvFindObjectInListByLabel.0:13
20 | # This should align with the max object count configured in core_pkcs11_config.h
21 | UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvAddObjectToList.0:2
22 |
23 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
24 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
25 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
26 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
27 |
28 | include ../Makefile.common
29 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_FindObjects/README.md:
--------------------------------------------------------------------------------
1 | C_FindObjects proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_FindObjects.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_FindObjects/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_FindObjects/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_FindObjects",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_FindObjectsFinal/C_FindObjectsFinal_harness.c:
--------------------------------------------------------------------------------
1 | /*
2 | * corePKCS11 v3.6.3
3 | * Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | *
5 | * SPDX-License-Identifier: MIT
6 | *
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy of
8 | * this software and associated documentation files (the "Software"), to deal in
9 | * the Software without restriction, including without limitation the rights to
10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
11 | * the Software, and to permit persons to whom the Software is furnished to do so,
12 | * subject to the following conditions:
13 | *
14 | * The above copyright notice and this permission notice shall be included in all
15 | * copies or substantial portions of the Software.
16 | *
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
19 | * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
20 | * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
21 | * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 | */
24 |
25 | /**
26 | * @file C_FindObjectsFinal_harness.c
27 | * @brief Implements the proof harness for C_FindObjectsFinal function.
28 | */
29 |
30 | #include
31 | #include
32 | #include
33 | #include "mbedtls/ecp.h"
34 | #include "mbedtls/cmac.h"
35 | #include "mbedtls/oid.h"
36 | #include "mbedtls/sha256.h"
37 | #include "mbedtls/pk.h"
38 | #include "core_pkcs11_config.h"
39 | #include "core_pkcs11.h"
40 |
41 | /* Internal struct for corePKCS11 mbed TLS implementation, but we don't really care what it contains
42 | * in this proof.
43 | *
44 | * It is just copied over from "core_pkcs11_mbedtls.c" so the structure is correct.
45 | */
46 | typedef struct P11Session
47 | {
48 | CK_ULONG ulState;
49 | CK_BBOOL xOpened;
50 | CK_MECHANISM_TYPE xOperationDigestMechanism;
51 | CK_BYTE * pxFindObjectLabel;
52 | CK_ULONG xFindObjectLabelLen;
53 | CK_MECHANISM_TYPE xOperationVerifyMechanism;
54 | mbedtls_threading_mutex_t xVerifyMutex;
55 | CK_OBJECT_HANDLE xVerifyKeyHandle;
56 | mbedtls_pk_context xVerifyKey;
57 | CK_MECHANISM_TYPE xOperationSignMechanism;
58 | mbedtls_threading_mutex_t xSignMutex;
59 | CK_OBJECT_HANDLE xSignKeyHandle;
60 | mbedtls_pk_context xSignKey;
61 | mbedtls_sha256_context xSHA256Context;
62 | CK_OBJECT_HANDLE xHMACKeyHandle;
63 | mbedtls_md_context_t xHMACSecretContext;
64 | CK_OBJECT_HANDLE xCMACKeyHandle;
65 | mbedtls_cipher_context_t xCMACSecretContext;
66 | } P11Session_t;
67 |
68 | CK_RV __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCheckValidSessionAndModule( P11Session_t * pxSession )
69 | {
70 | if( nondet_bool() )
71 | {
72 | pxSession->pxFindObjectLabel = malloc( sizeof( pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS ) );
73 | pxSession->xFindObjectLabelLen = sizeof( pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS );
74 | __CPROVER_assume( pxSession->pxFindObjectLabel != NULL );
75 |
76 | memcpy( pxSession->pxFindObjectLabel, pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS, sizeof( pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS ) );
77 | }
78 |
79 | return CKR_OK;
80 | }
81 |
82 | CK_BBOOL __CPROVER_file_local_core_pkcs11_mbedtls_c_prvOperationActive( const P11Session_t * pxSession )
83 | {
84 | __CPROVER_assert( pxSession != NULL, "pxSession was NULL." );
85 | return CK_FALSE;
86 | }
87 |
88 | void harness()
89 | {
90 | CK_SESSION_HANDLE xSession;
91 |
92 | __CPROVER_assume( xSession >= 1 && xSession <= pkcs11configMAX_SESSIONS );
93 | ( void ) C_FindObjectsFinal( xSession );
94 | }
95 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_FindObjectsFinal/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_FindObjectsFinal_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_FindObjectsFinal
10 |
11 | DEFINES +=
12 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
13 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
14 |
15 | REMOVE_FUNCTION_BODY +=
16 | UNWINDSET +=
17 |
18 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
19 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
20 |
21 | include ../Makefile.common
22 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_FindObjectsFinal/README.md:
--------------------------------------------------------------------------------
1 | C_FindObjectsFinal proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_FindObjectsFinal.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_FindObjectsFinal/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_FindObjectsFinal/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_FindObjectsFinal",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_FindObjectsInit/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_FindObjectsInit_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_FindObjectsInit
10 |
11 | TEMPLATE_SIZE=10
12 |
13 | DEFINES += -DTEMPLATE_SIZE=$(TEMPLATE_SIZE)
14 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
15 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
16 |
17 | REMOVE_FUNCTION_BODY +=
18 | UNWINDSET += C_FindObjectsInit.0:$(TEMPLATE_SIZE)
19 | UNWINDSET += harness.0:$(TEMPLATE_SIZE)
20 |
21 |
22 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
23 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
24 |
25 | include ../Makefile.common
26 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_FindObjectsInit/README.md:
--------------------------------------------------------------------------------
1 | C_FindObjectsInit proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_FindObjectsInit.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_FindObjectsInit/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_FindObjectsInit/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_FindObjectsInit",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GenerateKeyPair/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_GenerateKeyPair_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_GenerateKeyPair
10 |
11 | TEMPLATE_SIZE=10
12 |
13 | DEFINES += -DTEMPLATE_SIZE=$(TEMPLATE_SIZE)
14 |
15 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
16 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
17 |
18 | REMOVE_FUNCTION_BODY += C_Initialize
19 | REMOVE_FUNCTION_BODY += C_Finalize
20 | REMOVE_FUNCTION_BODY += C_GetFunctionList
21 | REMOVE_FUNCTION_BODY += PKCS11_PAL_DestroyObject
22 | REMOVE_FUNCTION_BODY += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvMbedTLS_Initialize
23 | REMOVE_FUNCTION_BODY += PKCS11_PAL_Initialize
24 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_init
25 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_seed
26 | REMOVE_FUNCTION_BODY += mbedtls_entropy_init
27 |
28 | UNWINDSET += harness.0:10
29 | UNWINDSET += harness.1:10
30 | UNWINDSET += memcmp.0:32
31 | UNWINDSET += memcpy.0:32
32 |
33 | # The nested memcmp in this loop will exponentially increase the CBMC bounds checking.
34 | # Be very careful increasing this. At the time of writing this, the PKCS stack was
35 | # configured to store just one object.
36 | UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvAddObjectToList.0:2
37 | UNWINDSET += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvDeleteObjectFromList.0:2
38 | UNWINDSET += C_GenerateKeyPair.0:$(TEMPLATE_SIZE)
39 | UNWINDSET += C_GenerateKeyPair.1:$(TEMPLATE_SIZE)
40 |
41 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
42 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
43 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
44 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
45 |
46 | include ../Makefile.common
47 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GenerateKeyPair/README.md:
--------------------------------------------------------------------------------
1 | C_GenerateKeyPair proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_GenerateKeyPair.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GenerateKeyPair/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GenerateKeyPair/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_GenerateKeyPair",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GenerateRandom/C_GenerateRandom_harness.c:
--------------------------------------------------------------------------------
1 | /*
2 | * corePKCS11 v3.6.3
3 | * Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | *
5 | * SPDX-License-Identifier: MIT
6 | *
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy of
8 | * this software and associated documentation files (the "Software"), to deal in
9 | * the Software without restriction, including without limitation the rights to
10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
11 | * the Software, and to permit persons to whom the Software is furnished to do so,
12 | * subject to the following conditions:
13 | *
14 | * The above copyright notice and this permission notice shall be included in all
15 | * copies or substantial portions of the Software.
16 | *
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
19 | * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
20 | * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
21 | * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 | */
24 |
25 | /**
26 | * @file C_GenerateRandom_harness.c
27 | * @brief Implements the proof harness for C_GenerateRandom function.
28 | */
29 |
30 | #include
31 | #include
32 | #include "mbedtls/sha256.h"
33 | #include "mbedtls/cmac.h"
34 | #include "mbedtls/pk.h"
35 | #include "core_pkcs11.h"
36 |
37 | /* Internal struct for corePKCS11 mbed TLS implementation, but we don't really care what it contains
38 | * in this proof.
39 | *
40 | * It is just copied over from "core_pkcs11_mbedtls.c" so the structure is correct.
41 | */
42 | typedef struct P11Session
43 | {
44 | CK_ULONG ulState;
45 | CK_BBOOL xOpened;
46 | CK_MECHANISM_TYPE xOperationDigestMechanism;
47 | CK_BYTE * pxFindObjectLabel;
48 | CK_ULONG xFindObjectLabelLen;
49 | CK_MECHANISM_TYPE xOperationVerifyMechanism;
50 | mbedtls_threading_mutex_t xVerifyMutex;
51 | CK_OBJECT_HANDLE xVerifyKeyHandle;
52 | mbedtls_pk_context xVerifyKey;
53 | CK_MECHANISM_TYPE xOperationSignMechanism;
54 | mbedtls_threading_mutex_t xSignMutex;
55 | CK_OBJECT_HANDLE xSignKeyHandle;
56 | mbedtls_pk_context xSignKey;
57 | mbedtls_sha256_context xSHA256Context;
58 | CK_OBJECT_HANDLE xHMACKeyHandle;
59 | mbedtls_md_context_t xHMACSecretContext;
60 | CK_OBJECT_HANDLE xCMACKeyHandle;
61 | mbedtls_cipher_context_t xCMACSecretContext;
62 | } P11Session_t;
63 |
64 | CK_RV __CPROVER_file_local_core_pkcs11_mbedtls_c_prvCheckValidSessionAndModule( const P11Session_t * pxSession )
65 | {
66 | CK_RV xResult;
67 |
68 | return xResult;
69 | }
70 |
71 | void harness()
72 | {
73 | CK_BYTE_PTR pucRandData;
74 | CK_ULONG ulRandLen;
75 | CK_SESSION_HANDLE xSession;
76 |
77 | pucRandData = malloc( ( sizeof( CK_BYTE ) ) * ulRandLen );
78 | ( void ) C_GenerateRandom( xSession, pucRandData, ulRandLen );
79 | }
80 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GenerateRandom/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_GenerateRandom_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_GenerateRandom
10 |
11 | DEFINES +=
12 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
13 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
14 |
15 | REMOVE_FUNCTION_BODY += C_Initialize
16 | REMOVE_FUNCTION_BODY += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvMbedTLS_Initialize
17 | REMOVE_FUNCTION_BODY += C_Finalize
18 | REMOVE_FUNCTION_BODY += PKCS11_PAL_Initialize
19 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_init
20 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_seed
21 | REMOVE_FUNCTION_BODY += mbedtls_entropy_init
22 | UNWINDSET +=
23 |
24 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
25 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
26 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
27 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
28 |
29 |
30 | include ../Makefile.common
31 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GenerateRandom/README.md:
--------------------------------------------------------------------------------
1 | C_GenerateRandom proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_GenerateRandom.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GenerateRandom/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GenerateRandom/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_GenerateRandom",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetAttributeValue/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_GetAttributeValue_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_GetAttributeValue
10 |
11 | # Size of attribute template.
12 | TEMPLATE_SIZE=9
13 |
14 | # Needs to be one bigger than TEMPLATE_SIZE
15 | UNWIND_SIZE=10
16 |
17 | # Defined in `core_pkcs11_config.h`
18 | # Should be one more than the total number of objects in the PKCS stack.
19 | MAX_OBJECT_NUM=2
20 |
21 | DEFINES += -DTEMPLATE_SIZE=$(TEMPLATE_SIZE)
22 | DEFINES += -DMAX_OBJECT_NUM=$(MAX_OBJECT_NUM)
23 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
24 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
25 |
26 | REMOVE_FUNCTION_BODY +=
27 |
28 | # In the harness we are going to assume 8 as there are only 7 cases we care about in the loop, plus 1 for the
29 | # default in the switch statement. We will unroll 1 extra time for good measure.
30 | # The number is arbitrary, but we bound the loop so it doesn't check forever.
31 | # NOTE: If this proof is slow we can reduce this unwind.
32 | UNWINDSET += C_GetAttributeValue.0:$(UNWIND_SIZE)
33 | UNWINDSET += harness.0:$(UNWIND_SIZE)
34 |
35 |
36 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
37 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
38 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
39 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
40 |
41 | include ../Makefile.common
42 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetAttributeValue/README.md:
--------------------------------------------------------------------------------
1 | C_GetAttributeValue proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_GetAttributeValue.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetAttributeValue/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetAttributeValue/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_GetAttributeValue",
6 | "proof-root": "../test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetFunctionList/C_GetFunctionList_harness.c:
--------------------------------------------------------------------------------
1 | /*
2 | * corePKCS11 v3.6.3
3 | * Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | *
5 | * SPDX-License-Identifier: MIT
6 | *
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy of
8 | * this software and associated documentation files (the "Software"), to deal in
9 | * the Software without restriction, including without limitation the rights to
10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
11 | * the Software, and to permit persons to whom the Software is furnished to do so,
12 | * subject to the following conditions:
13 | *
14 | * The above copyright notice and this permission notice shall be included in all
15 | * copies or substantial portions of the Software.
16 | *
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
19 | * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
20 | * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
21 | * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 | */
24 |
25 | /**
26 | * @file C_GetFunctionList_harness.c
27 | * @brief Implements the proof harness for C_GetFunctionList function.
28 | */
29 |
30 | #include
31 | #include "core_pkcs11.h"
32 |
33 | void harness()
34 | {
35 | CK_FUNCTION_LIST_PTR pxFunctionList = malloc( sizeof( CK_FUNCTION_LIST ) );
36 |
37 | ( void ) C_GetFunctionList( pxFunctionList );
38 | }
39 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetFunctionList/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_GetFunctionList_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_GetFunctionList
10 |
11 | DEFINES +=
12 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
13 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
14 |
15 | REMOVE_FUNCTION_BODY +=
16 | UNWINDSET +=
17 |
18 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
19 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
20 |
21 | include ../Makefile.common
22 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetFunctionList/README.md:
--------------------------------------------------------------------------------
1 | C_GetFunctionList proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_GetFunctionList.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetFunctionList/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetFunctionList/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_GetFunctionList",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetMechanismInfo/C_GetMechanismInfo_harness.c:
--------------------------------------------------------------------------------
1 | /*
2 | * corePKCS11 v3.6.3
3 | * Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | *
5 | * SPDX-License-Identifier: MIT
6 | *
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy of
8 | * this software and associated documentation files (the "Software"), to deal in
9 | * the Software without restriction, including without limitation the rights to
10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
11 | * the Software, and to permit persons to whom the Software is furnished to do so,
12 | * subject to the following conditions:
13 | *
14 | * The above copyright notice and this permission notice shall be included in all
15 | * copies or substantial portions of the Software.
16 | *
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
19 | * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
20 | * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
21 | * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 | */
24 |
25 | /**
26 | * @file C_GetMechanismInfo_harness.c
27 | * @brief Implements the proof harness for C_GetMechanismInfo function.
28 | */
29 |
30 | #include
31 | #include "core_pkcs11.h"
32 |
33 | void harness()
34 | {
35 | CK_SLOT_ID xSlotId;
36 | CK_MECHANISM_TYPE xMech;
37 | CK_MECHANISM_INFO * pxMechInfo = malloc( sizeof( CK_MECHANISM_INFO ) );
38 |
39 | ( void ) C_GetMechanismInfo( xSlotId, xMech, pxMechInfo );
40 | }
41 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetMechanismInfo/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_GetMechanismInfo_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_GetMechanismInfo
10 |
11 | DEFINES +=
12 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
13 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
14 |
15 | REMOVE_FUNCTION_BODY +=
16 |
17 | # Add the time of writing this proof, 5 mechanisms are supported.
18 | # One extra unwind to prove memory safety.
19 | UNWINDSET += C_GetMechanismInfo.0:6
20 |
21 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
22 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
23 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
24 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
25 |
26 | include ../Makefile.common
27 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetMechanismInfo/README.md:
--------------------------------------------------------------------------------
1 | C_GetMechanismInfo proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_GetMechanismInfo.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetMechanismInfo/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetMechanismInfo/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_GetMechanismInfo",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetSlotList/C_GetSlotList_harness.c:
--------------------------------------------------------------------------------
1 | /*
2 | * corePKCS11 v3.6.3
3 | * Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | *
5 | * SPDX-License-Identifier: MIT
6 | *
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy of
8 | * this software and associated documentation files (the "Software"), to deal in
9 | * the Software without restriction, including without limitation the rights to
10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
11 | * the Software, and to permit persons to whom the Software is furnished to do so,
12 | * subject to the following conditions:
13 | *
14 | * The above copyright notice and this permission notice shall be included in all
15 | * copies or substantial portions of the Software.
16 | *
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
19 | * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
20 | * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
21 | * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 | */
24 |
25 | /**
26 | * @file C_GetSlotList_harness.c
27 | * @brief Implements the proof harness for C_GetSlotList function.
28 | */
29 |
30 | #include
31 | #include "core_pkcs11.h"
32 |
33 | void harness()
34 | {
35 | CK_BBOOL xToken;
36 | CK_ULONG * pulSlotSize = malloc( sizeof( CK_ULONG ) );
37 | CK_SLOT_ID_PTR pxSlot;
38 | CK_RV xResult;
39 |
40 | if( pulSlotSize != NULL )
41 | {
42 | /* Multiplication overflow protection for the harness. */
43 | __CPROVER_assume( sizeof( CK_SLOT_ID ) == *pulSlotSize / sizeof( CK_SLOT_ID ) );
44 | pxSlot = malloc( sizeof( CK_SLOT_ID ) * *pulSlotSize );
45 | }
46 |
47 | /* Check case for uninitialized stack. */
48 | ( void ) C_GetSlotList( xToken, pxSlot, pulSlotSize );
49 |
50 | /* Respect the API contract. PKCS #11 MUST be initialized before getting a slot. */
51 | xResult = C_Initialize( NULL );
52 | __CPROVER_assume( xResult == CKR_OK );
53 |
54 | ( void ) C_GetSlotList( xToken, pxSlot, pulSlotSize );
55 | }
56 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetSlotList/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_GetSlotList_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_GetSlotList
10 |
11 | DEFINES +=
12 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
13 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
14 |
15 | # This proof doesn't care about these stubs
16 | REMOVE_FUNCTION_BODY += C_Finalize
17 | REMOVE_FUNCTION_BODY += C_GetFunctionList
18 | REMOVE_FUNCTION_BODY += threading_mutex_free
19 | REMOVE_FUNCTION_BODY += threading_mutex_lock
20 | REMOVE_FUNCTION_BODY += threading_mutex_unlock
21 | UNWINDSET +=
22 |
23 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
24 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
25 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
26 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
27 |
28 | include ../Makefile.common
29 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetSlotList/README.md:
--------------------------------------------------------------------------------
1 | C_GetSlotList proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_GetSlotList.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetSlotList/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_GetSlotList/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_GetSlotList",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_Initialize/C_Initialize_harness.c:
--------------------------------------------------------------------------------
1 | /*
2 | * corePKCS11 v3.6.3
3 | * Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | *
5 | * SPDX-License-Identifier: MIT
6 | *
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy of
8 | * this software and associated documentation files (the "Software"), to deal in
9 | * the Software without restriction, including without limitation the rights to
10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
11 | * the Software, and to permit persons to whom the Software is furnished to do so,
12 | * subject to the following conditions:
13 | *
14 | * The above copyright notice and this permission notice shall be included in all
15 | * copies or substantial portions of the Software.
16 | *
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
19 | * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
20 | * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
21 | * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 | */
24 |
25 | /**
26 | * @file C_Initialize_harness.c
27 | * @brief Implements the proof harness for C_Initialize function.
28 | */
29 |
30 | #include
31 | #include "core_pkcs11.h"
32 |
33 | void harness()
34 | {
35 | ( void ) C_Initialize( NULL );
36 | }
37 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_Initialize/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_Initialize_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_Initialize
10 |
11 | DEFINES +=
12 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
13 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
14 |
15 | REMOVE_FUNCTION_BODY += C_Finalize
16 | REMOVE_FUNCTION_BODY += C_GetFunctionList
17 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_free
18 | REMOVE_FUNCTION_BODY += mbedtls_entropy_free
19 | REMOVE_FUNCTION_BODY += mbedtls_mutex_free
20 | REMOVE_FUNCTION_BODY += mbedtls_mutex_lock
21 | REMOVE_FUNCTION_BODY += mbedtls_mutex_unlock
22 | UNWINDSET +=
23 |
24 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
25 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
26 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
27 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
28 |
29 | include ../Makefile.common
30 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_Initialize/README.md:
--------------------------------------------------------------------------------
1 | C_Initialize proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_Initialize.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_Initialize/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_Initialize/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_Initialize",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_OpenSession/C_OpenSession_harness.c:
--------------------------------------------------------------------------------
1 | /*
2 | * corePKCS11 v3.6.3
3 | * Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | *
5 | * SPDX-License-Identifier: MIT
6 | *
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy of
8 | * this software and associated documentation files (the "Software"), to deal in
9 | * the Software without restriction, including without limitation the rights to
10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
11 | * the Software, and to permit persons to whom the Software is furnished to do so,
12 | * subject to the following conditions:
13 | *
14 | * The above copyright notice and this permission notice shall be included in all
15 | * copies or substantial portions of the Software.
16 | *
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
19 | * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
20 | * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
21 | * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 | */
24 |
25 | /**
26 | * @file C_OpenSession_harness.c
27 | * @brief Implements the proof harness for C_OpenSession function.
28 | */
29 |
30 | #include
31 | #include "core_pkcs11.h"
32 |
33 | void harness()
34 | {
35 | CK_RV xResult;
36 | CK_FLAGS xFlags;
37 | CK_SESSION_HANDLE * pxSession = malloc( sizeof( CK_SESSION_HANDLE ) );
38 |
39 | xResult = C_Initialize( NULL );
40 | __CPROVER__assume( xResult == CKR_OK );
41 |
42 | xResult = C_OpenSession( 0, xFlags, NULL, 0, pxSession );
43 |
44 | if( xResult == CKR_OK )
45 | {
46 | __CPROVER_assert( *pxSession != CK_INVALID_HANDLE, "Handle must be valid if CKR_OK is returned." );
47 | }
48 | }
49 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_OpenSession/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_OpenSession_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_OpenSession
10 |
11 | DEFINES +=
12 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
13 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
14 |
15 | REMOVE_FUNCTION_BODY += C_Finalize
16 | REMOVE_FUNCTION_BODY += C_GetFunctionList
17 | UNWINDSET +=
18 |
19 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
20 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
21 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
22 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
23 |
24 | include ../Makefile.common
25 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_OpenSession/README.md:
--------------------------------------------------------------------------------
1 | C_OpenSession proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_OpenSession.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_OpenSession/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_OpenSession/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_OpenSession",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_Sign/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_Sign_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_Sign
10 |
11 | # Defined in `core_pkcs11_config.h`
12 | # Should be one more than the total number of objects in the PKCS stack.
13 | MAX_OBJECT_NUM=2
14 |
15 | DEFINES += -DMAX_OBJECT_NUM=$(MAX_OBJECT_NUM)
16 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
17 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
18 |
19 | REMOVE_FUNCTION_BODY += C_Initialize
20 | REMOVE_FUNCTION_BODY += C_OpenSession
21 | REMOVE_FUNCTION_BODY += C_Finalize
22 | REMOVE_FUNCTION_BODY += C_GetFunctionList
23 | REMOVE_FUNCTION_BODY += PKCS11_PAL_Initialize
24 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_init
25 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_seed
26 | REMOVE_FUNCTION_BODY += mbedtls_entropy_free
27 | REMOVE_FUNCTION_BODY += mbedtls_entropy_init
28 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_free
29 | REMOVE_FUNCTION_BODY += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvMbedTLS_Initialize
30 | UNWINDSET +=
31 |
32 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
33 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pki_utils_stubs.c
34 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
35 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
36 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
37 |
38 | include ../Makefile.common
39 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_Sign/README.md:
--------------------------------------------------------------------------------
1 | C_Sign proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_Sign.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_Sign/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_Sign/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_Sign",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_SignInit/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_SignInit_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_SignInit
10 |
11 | # Defined in `core_pkcs11_config.h`
12 | # Should be one more than the total number of objects in the PKCS stack.
13 | MAX_OBJECT_NUM=2
14 |
15 | DEFINES += -DMAX_OBJECT_NUM=$(MAX_OBJECT_NUM)
16 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
17 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
18 |
19 | REMOVE_FUNCTION_BODY += C_Initialize
20 | REMOVE_FUNCTION_BODY += C_OpenSession
21 | REMOVE_FUNCTION_BODY += C_Finalize
22 | REMOVE_FUNCTION_BODY += C_GetFunctionList
23 | REMOVE_FUNCTION_BODY += PKCS11_PAL_Initialize
24 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_init
25 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_seed
26 | REMOVE_FUNCTION_BODY += mbedtls_entropy_free
27 | REMOVE_FUNCTION_BODY += mbedtls_entropy_init
28 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_free
29 | REMOVE_FUNCTION_BODY += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvMbedTLS_Initialize
30 |
31 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
32 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
33 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
34 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
35 |
36 | include ../Makefile.common
37 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_SignInit/README.md:
--------------------------------------------------------------------------------
1 | C_SignInit proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_SignInit.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_SignInit/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_SignInit/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_SignInit",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_Verify/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_Verify_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_Verify
10 |
11 | # Defined in `core_pkcs11_config.h`
12 | # Should be one more than the total number of objects in the PKCS stack.
13 | MAX_OBJECT_NUM=2
14 |
15 | DEFINES += -DMAX_OBJECT_NUM=$(MAX_OBJECT_NUM)
16 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
17 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
18 |
19 | REMOVE_FUNCTION_BODY += C_Initialize
20 | REMOVE_FUNCTION_BODY += C_OpenSession
21 | REMOVE_FUNCTION_BODY += C_Finalize
22 | REMOVE_FUNCTION_BODY += C_GetFunctionList
23 | REMOVE_FUNCTION_BODY += PKCS11_PAL_Initialize
24 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_init
25 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_seed
26 | REMOVE_FUNCTION_BODY += mbedtls_entropy_free
27 | REMOVE_FUNCTION_BODY += mbedtls_entropy_init
28 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_free
29 | REMOVE_FUNCTION_BODY += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvMbedTLS_Initialize
30 |
31 | # SHA256 hashes to 32 bytes always. Need one extra unwind to prove memory safety.
32 | UNWINDSET += memcmp.0:33
33 |
34 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
35 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
36 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
37 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
38 |
39 | include ../Makefile.common
40 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_Verify/README.md:
--------------------------------------------------------------------------------
1 | C_Verify proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_Verify.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_Verify/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_Verify/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_Verify",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_VerifyInit/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = C_VerifyInit_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = C_VerifyInit
10 |
11 | # Defined in `core_pkcs11_config.h`
12 | # Should be one more than the total number of objects in the PKCS stack.
13 | MAX_OBJECT_NUM=2
14 |
15 | DEFINES += -DMAX_OBJECT_NUM=$(MAX_OBJECT_NUM)
16 | INCLUDES += -I$(SRCDIR)/test/build/_deps/mbedtls_2-src/include
17 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/mbedtls_utils
18 |
19 | REMOVE_FUNCTION_BODY += C_Initialize
20 | REMOVE_FUNCTION_BODY += C_OpenSession
21 | REMOVE_FUNCTION_BODY += C_Finalize
22 | REMOVE_FUNCTION_BODY += C_GetFunctionList
23 | REMOVE_FUNCTION_BODY += PKCS11_PAL_Initialize
24 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_init
25 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_seed
26 | REMOVE_FUNCTION_BODY += mbedtls_entropy_free
27 | REMOVE_FUNCTION_BODY += mbedtls_entropy_init
28 | REMOVE_FUNCTION_BODY += mbedtls_ctr_drbg_free
29 | REMOVE_FUNCTION_BODY += __CPROVER_file_local_core_pkcs11_mbedtls_c_prvMbedTLS_Initialize
30 |
31 | UNWINDSET +=
32 |
33 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
34 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/mbedtls_stubs.c
35 | PROOF_SOURCES += $(SRCDIR)/test/cbmc/stubs/core_pkcs11_pal_stubs.c
36 | PROJECT_SOURCES += $(SRCDIR)/source/portable/mbedtls/core_pkcs11_mbedtls.c
37 |
38 | include ../Makefile.common
39 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_VerifyInit/README.md:
--------------------------------------------------------------------------------
1 | C_VerifyInit proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for C_VerifyInit.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_VerifyInit/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/C_VerifyInit/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "C_VerifyInit",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/Makefile-project-defines:
--------------------------------------------------------------------------------
1 | # -*- mode: makefile -*-
2 | # The first line sets the emacs major mode to Makefile
3 |
4 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
5 | # SPDX-License-Identifier: MIT-0
6 |
7 | ################################################################
8 | # Use this file to give project-specific definitions of the command
9 | # line arguments to pass to CBMC tools like goto-cc to build the goto
10 | # binaries and cbmc to do the property and coverage checking.
11 | #
12 | # Use this file to override most default definitions of variables in
13 | # Makefile.common.
14 | ################################################################
15 |
16 | # Flags to pass to goto-cc for compilation (typically those passed to gcc -c)
17 | # COMPILE_FLAGS =
18 | COMPILE_FLAGS += -fPIC
19 | COMPILE_FLAGS += -std=gnu90
20 | COMPILE_FLAGS += -DMBEDTLS_CONFIG_FILE=""
21 |
22 | # Flags to pass to goto-cc for linking (typically those passed to gcc)
23 | # LINK_FLAGS =
24 |
25 | # Preprocessor include paths -I...
26 | # Consider adding
27 | # INCLUDES += -I$(CBMC_ROOT)/include
28 | # You will want to decide what order that comes in relative to the other
29 | # include directories in your project.
30 | #
31 | # INCLUDES =
32 | INCLUDES += -I$(SRCDIR)/source/include
33 | INCLUDES += -I$(CBMC_ROOT)/include
34 | INCLUDES += -I$(SRCDIR)/source/dependency/3rdparty/pkcs11/published/2-40-errata-1
35 |
36 | # Preprocessor definitions -D...
37 | # DEFINES =
38 |
39 | # Path to arpa executable
40 | # ARPA =
41 |
42 | # Flags to pass to cmake for building the project
43 | # ARPA_CMAKE_FLAGS =
44 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/Makefile-project-targets:
--------------------------------------------------------------------------------
1 | # -*- mode: makefile -*-
2 | # The first line sets the emacs major mode to Makefile
3 |
4 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
5 | # SPDX-License-Identifier: MIT-0
6 |
7 | ################################################################
8 | # Use this file to give project-specific targets, including targets
9 | # that may depend on targets defined in Makefile.common.
10 | ################################################################
11 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/Makefile-project-testing:
--------------------------------------------------------------------------------
1 | # -*- mode: makefile -*-
2 | # The first line sets the emacs major mode to Makefile
3 |
4 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
5 | # SPDX-License-Identifier: MIT-0
6 |
7 | ################################################################
8 | # Use this file to define project-specific targets and definitions for
9 | # unit testing or continuous integration that may depend on targets
10 | # defined in Makefile.common
11 | ################################################################
12 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/Makefile-template-defines:
--------------------------------------------------------------------------------
1 |
2 | # Absolute path to the root of the source tree.
3 | #
4 | SRCDIR ?= $(abspath $(PROOF_ROOT)/../../..)
5 |
6 |
7 | # Absolute path to the litani script.
8 | #
9 | LITANI ?= litani
10 |
11 |
12 | # Name of this proof project, displayed in proof reports. For example,
13 | # "s2n" or "Amazon FreeRTOS". For projects with multiple proof roots,
14 | # this may be overridden on the command-line to Make, for example
15 | #
16 | # make PROJECT_NAME="FreeRTOS MQTT" report
17 | #
18 | PROJECT_NAME = "corePKCS11"
19 |
20 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/PKI_mbedTLSSignatureToPkcs11Signature/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = PKI_mbedTLSSignatureToPkcs11Signature_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = PKI_mbedTLSSignatureToPkcs11Signature
10 |
11 | DEFINES +=
12 | INCLUDES +=
13 |
14 | REMOVE_FUNCTION_BODY +=
15 | UNWINDSET +=
16 |
17 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
18 | PROJECT_SOURCES += $(SRCDIR)/source/core_pki_utils.c
19 |
20 | include ../Makefile.common
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/PKI_mbedTLSSignatureToPkcs11Signature/PKI_mbedTLSSignatureToPkcs11Signature_harness.c:
--------------------------------------------------------------------------------
1 | /*
2 | * corePKCS11 v3.6.3
3 | * Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | *
5 | * SPDX-License-Identifier: MIT
6 | *
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy of
8 | * this software and associated documentation files (the "Software"), to deal in
9 | * the Software without restriction, including without limitation the rights to
10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
11 | * the Software, and to permit persons to whom the Software is furnished to do so,
12 | * subject to the following conditions:
13 | *
14 | * The above copyright notice and this permission notice shall be included in all
15 | * copies or substantial portions of the Software.
16 | *
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
19 | * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
20 | * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
21 | * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 | */
24 |
25 | /**
26 | * @file PKI_mbedTLSSignatureToPkcs11Signature_harness.c
27 | * @brief Implements the proof harness for PKI_mbedTLSSignatureToPkcs11Signature function.
28 | */
29 | #include "core_pki_utils.h"
30 |
31 | #define mbedtlsEncodedBufferLen 72
32 | #define ASN1EncodedBufferLen 64
33 |
34 |
35 | void harness()
36 | {
37 | uint8_t * pucSig;
38 | const uint8_t * pucMbedSig;
39 | uint32_t ulSigLen;
40 | uint32_t ulMbedSigLen;
41 |
42 | __CPROVER_assume( ulSigLen >= ASN1EncodedBufferLen && ulMbedSigLen >= mbedtlsEncodedBufferLen );
43 | pucSig = malloc( ulSigLen * sizeof( uint8_t ) );
44 | pucMbedSig = malloc( ulMbedSigLen * sizeof( uint8_t ) );
45 |
46 | PKI_mbedTLSSignatureToPkcs11Signature( pucSig, pucMbedSig );
47 | }
48 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/PKI_mbedTLSSignatureToPkcs11Signature/README.md:
--------------------------------------------------------------------------------
1 | PKI_mbedTLSSignatureToPkcs11Signature proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for PKI_mbedTLSSignatureToPkcs11Signature.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/PKI_mbedTLSSignatureToPkcs11Signature/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/PKI_mbedTLSSignatureToPkcs11Signature/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "PKI_mbedTLSSignatureToPkcs11Signature",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/PKI_pkcs11SignatureTombedTLSSignature/Makefile:
--------------------------------------------------------------------------------
1 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2 | # SPDX-License-Identifier: MIT-0
3 |
4 | HARNESS_ENTRY = harness
5 | HARNESS_FILE = PKI_pkcs11SignatureTombedTLSSignature_harness
6 |
7 | # This should be a unique identifier for this proof, and will appear on the
8 | # Litani dashboard. It can be human-readable and contain spaces if you wish.
9 | PROOF_UID = PKI_pkcs11SignatureTombedTLSSignature
10 |
11 | DEFINES +=
12 | INCLUDES +=
13 |
14 | REMOVE_FUNCTION_BODY +=
15 | UNWINDSET +=
16 |
17 | PROOF_SOURCES += $(PROOFDIR)/$(HARNESS_FILE).c
18 | PROJECT_SOURCES += $(SRCDIR)/source/core_pki_utils.c
19 |
20 | include ../Makefile.common
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/PKI_pkcs11SignatureTombedTLSSignature/PKI_pkcs11SignatureTombedTLSSignature_harness.c:
--------------------------------------------------------------------------------
1 | /*
2 | * corePKCS11 v3.6.3
3 | * Copyright (C) 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | *
5 | * SPDX-License-Identifier: MIT
6 | *
7 | * Permission is hereby granted, free of charge, to any person obtaining a copy of
8 | * this software and associated documentation files (the "Software"), to deal in
9 | * the Software without restriction, including without limitation the rights to
10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
11 | * the Software, and to permit persons to whom the Software is furnished to do so,
12 | * subject to the following conditions:
13 | *
14 | * The above copyright notice and this permission notice shall be included in all
15 | * copies or substantial portions of the Software.
16 | *
17 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
19 | * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
20 | * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
21 | * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 | */
24 |
25 | /**
26 | * @file PKI_pkcs11SignatureTombedTLSSignature_harness.c
27 | * @brief Implements the proof harness for PKI_pkcs11SignatureTombedTLSSignature function.
28 | */
29 |
30 | #include "core_pki_utils.h"
31 |
32 | #define mbedtlsEncodedBufferLen 72
33 |
34 | void harness()
35 | {
36 | int8_t ucReturn;
37 | uint8_t * pucSig;
38 | uint32_t ulSigLen;
39 | size_t ulReturnLen;
40 |
41 | __CPROVER_assume( ulSigLen >= mbedtlsEncodedBufferLen );
42 | pucSig = malloc( ulSigLen * sizeof( uint8_t ) );
43 |
44 | ucReturn = PKI_pkcs11SignatureTombedTLSSignature( pucSig, &ulReturnLen );
45 |
46 | if( ucReturn != -1 )
47 | {
48 | __CPROVER_assert( ulReturnLen <= mbedtlsEncodedBufferLen, "The signature was larger than expected." );
49 | }
50 | }
51 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/PKI_pkcs11SignatureTombedTLSSignature/README.md:
--------------------------------------------------------------------------------
1 | PKI_pkcs11SignatureTombedTLSSignature proof
2 | ==============
3 |
4 | This directory contains a memory safety proof for PKI_pkcs11SignatureTombedTLSSignature.
5 |
6 | To run the proof.
7 | -------------
8 |
9 | * Add `cbmc`, `goto-cc`, `goto-instrument`, `goto-analyzer`, and `cbmc-viewer`
10 | to your path.
11 | * Run `make`.
12 | * Open html/index.html in a web browser.
13 |
14 | To use [`arpa`](https://awslabs.github.io/aws-proof-build-assistant) to simplify writing Makefiles.
15 | -------------
16 |
17 | * Run `make arpa` to generate a Makefile.arpa that contains relevant build information for the proof.
18 | * Use Makefile.arpa as the starting point for your proof Makefile by:
19 | 1. Modifying Makefile.arpa (if required).
20 | 2. Including Makefile.arpa into the existing proof Makefile (add `sinclude Makefile.arpa` at the bottom of the Makefile, right before `include ../Makefile.common`).
21 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/PKI_pkcs11SignatureTombedTLSSignature/cbmc-proof.txt:
--------------------------------------------------------------------------------
1 | # This file marks this directory as containing a CBMC proof.
2 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/PKI_pkcs11SignatureTombedTLSSignature/cbmc-viewer.json:
--------------------------------------------------------------------------------
1 | { "expected-missing-functions":
2 | [
3 |
4 | ],
5 | "proof-name": "PKI_pkcs11SignatureTombedTLSSignature",
6 | "proof-root": "test/cbmc/proofs"
7 | }
8 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/README.md:
--------------------------------------------------------------------------------
1 | CBMC proofs
2 | ===========
3 |
4 | This directory contains the CBMC proofs. Each proof is in its own
5 | directory.
6 |
7 | This directory includes four Makefiles.
8 |
9 | One Makefile describes the basic workflow for building and running proofs:
10 |
11 | * Makefile.common:
12 | * make: builds the goto binary, does the cbmc property checking
13 | and coverage checking, and builds the final report.
14 | * make goto: builds the goto binary
15 | * make result: does cbmc property checking
16 | * make coverage: does cbmc coverage checking
17 | * make report: builds the final report
18 |
19 | Three included Makefiles describe project-specific settings and can override
20 | definitions in Makefile.common:
21 |
22 | * Makefile-project-defines: definitions like compiler flags
23 | required to build the goto binaries, and definitions to override
24 | definitions in Makefile.common.
25 | * Makefile-project-targets: other make targets needed for the project
26 | * Makefile-project-testing: other definitions and targets needed for
27 | unit testing or continuous integration.
28 |
--------------------------------------------------------------------------------
/test/cbmc/proofs/lib/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FreeRTOS/corePKCS11/0a5fb6c9dd6233d5a869ab9970440be594d2a1c8/test/cbmc/proofs/lib/__init__.py
--------------------------------------------------------------------------------
/test/cbmc/proofs/lib/print_tool_versions.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 | #
3 | # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
4 | # SPDX-License-Identifier: MIT-0
5 |
6 |
7 | import logging
8 | import pathlib
9 | import shutil
10 | import subprocess
11 |
12 |
13 | _TOOLS = [
14 | "cadical",
15 | "cbmc",
16 | "cbmc-viewer",
17 | "cbmc-starter-kit-update",
18 | "kissat",
19 | "litani",
20 | ]
21 |
22 |
23 | def _format_versions(table):
24 | lines = [
25 | "
",
26 | '
Tool Versions
',
27 | ]
28 | for tool, version in table.items():
29 | if version:
30 | v_str = f'