Open RyanGlScott opened 2 years ago
Has this issue been resolved and can be closed? If not could you update it specify what is left to do. Thank you.
@RyanGlScott
This issue has not been resolved, although some of the code described in https://github.com/aws/s2n-tls/issues/3080#issue-1015463448 shuffled around in #3155. In particular, the code which assumes that conn->client_session_resumed
is disabled now lives here:
And the code which assumes that config->use_tickets
is disabled now lives here:
Step (1) in my sketched solution would be to remove these lines instead of removing crucible_precond
statements (which no longer appear after #3155). The rest of the sketched solution should still apply.
Problem:
Currently, the SAW proofs assume that
config->use_tickets
is always disabled:https://github.com/aws/s2n-tls/blob/2c27512895e8a2945f97b5137bb0371126549007/tests/saw/spec/handshake/handshake_io_lowlevel.saw#L163-L165
In addition, the proofs currently assume that
conn->client_session_resumed
will be disabled as well. This assumption is made explicit in #3079—see https://github.com/aws/s2n-tls/pull/3079#discussion_r721291815.While these assumptions make the proofs somewhat simpler, they have the drawback of making the proofs skip over certain parts of
s2n-tls
, such as session resumption logic.Solution:
We should remove these preconditions and repair the SAW proofs accordingly. Here is a rough sketch of how this might go for the particular case of
conn->client_session_resumed
:crucible_precond
statement involvingconn_client_session_resumed_index
.connection
record which tracks if theclient_session_resumed
bit ins2n_connection
is enabled or not.setup_connection_common
, initialize this new Cryptol field with the appropriate value.The code in the
conn_set_pre_tls13_handshake_type
Cryptol function will need to be updated accordingly. Something like this, perhaps:rfc_handshake_tls12
proofs will also need to be updated.Requirements / Acceptance Criteria:
What must a solution address in order to solve the problem? How do we know the solution is complete?
client_session_resumed
were uncovered: https://github.com/aws/s2n-tls/pull/3079#discussion_r721291815make -C tests/saw tmp/verify_handshake.log
andmake -C tests/saw failure-tests
tests.Out of scope:
This does not address other hard-coded assumptions made in the SAW proofs, such as what the value of
corked_io
should be:https://github.com/aws/s2n-tls/blob/2c27512895e8a2945f97b5137bb0371126549007/tests/saw/spec/handshake/handshake_io_lowlevel.saw#L111-L113