aws-crt 0.1.5 → 0.1.6

data/aws-crt-ffi/crt/s2n/crypto/s2n_drbg.c

@@ -23,13 +23,15 @@
 #include "utils/s2n_random.h"
 #include "utils/s2n_blob.h"
 
+static bool ignore_prediction_resistance_for_testing = false;
+
 #define s2n_drbg_key_size(drgb) EVP_CIPHER_CTX_key_length((drbg)->ctx)
 #define s2n_drbg_seed_size(drgb) (S2N_DRBG_BLOCK_SIZE + s2n_drbg_key_size(drgb))
 
 /* This function is the same as s2n_increment_sequence_number
     but it does not check for overflow, since overflow is
     acceptable in DRBG */
-int s2n_increment_drbg_counter(struct s2n_blob *counter)
+S2N_RESULT s2n_increment_drbg_counter(struct s2n_blob *counter)
 {
     for (uint32_t i = counter->size; i > 0; i--) {
         counter->data[i-1] += 1;
@@ -39,60 +41,62 @@ int s2n_increment_drbg_counter(struct s2n_blob *counter)
 
        /* seq[i] wrapped, so let it carry */
     }
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-static int s2n_drbg_block_encrypt(EVP_CIPHER_CTX * ctx, uint8_t in[S2N_DRBG_BLOCK_SIZE], uint8_t out[S2N_DRBG_BLOCK_SIZE])
+static S2N_RESULT s2n_drbg_block_encrypt(EVP_CIPHER_CTX *ctx, uint8_t in[S2N_DRBG_BLOCK_SIZE], uint8_t out[S2N_DRBG_BLOCK_SIZE])
 {
-    POSIX_ENSURE_REF(ctx);
+    RESULT_ENSURE_REF(ctx);
+
     int len = S2N_DRBG_BLOCK_SIZE;
-    POSIX_GUARD_OSSL(EVP_EncryptUpdate(ctx, out, &len, in, S2N_DRBG_BLOCK_SIZE), S2N_ERR_DRBG);
-    POSIX_ENSURE_EQ(len, S2N_DRBG_BLOCK_SIZE);
+    RESULT_GUARD_OSSL(EVP_EncryptUpdate(ctx, out, &len, in, S2N_DRBG_BLOCK_SIZE), S2N_ERR_DRBG);
+    RESULT_ENSURE_EQ(len, S2N_DRBG_BLOCK_SIZE);
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-static int s2n_drbg_bits(struct s2n_drbg *drbg, struct s2n_blob *out)
+static S2N_RESULT s2n_drbg_bits(struct s2n_drbg *drbg, struct s2n_blob *out)
 {
-    POSIX_ENSURE_REF(drbg);
-    POSIX_ENSURE_REF(drbg->ctx);
-    POSIX_ENSURE_REF(out);
+    RESULT_ENSURE_REF(drbg);
+    RESULT_ENSURE_REF(drbg->ctx);
+    RESULT_ENSURE_REF(out);
 
     struct s2n_blob value = {0};
-    POSIX_GUARD(s2n_blob_init(&value, drbg->v, sizeof(drbg->v)));
+    RESULT_GUARD_POSIX(s2n_blob_init(&value, drbg->v, sizeof(drbg->v)));
     int block_aligned_size = out->size - (out->size % S2N_DRBG_BLOCK_SIZE);
 
     /* Per NIST SP800-90A 10.2.1.2: */
     for (int i = 0; i < block_aligned_size; i += S2N_DRBG_BLOCK_SIZE) {
-        POSIX_GUARD(s2n_increment_drbg_counter(&value));
-        POSIX_GUARD(s2n_drbg_block_encrypt(drbg->ctx, drbg->v, out->data + i));
+        RESULT_GUARD(s2n_increment_drbg_counter(&value));
+        RESULT_GUARD(s2n_drbg_block_encrypt(drbg->ctx, drbg->v, out->data + i));
         drbg->bytes_used += S2N_DRBG_BLOCK_SIZE;
     }
 
     if (out->size <= block_aligned_size) {
-        return 0;
+        return S2N_RESULT_OK;
     }
 
     uint8_t spare_block[S2N_DRBG_BLOCK_SIZE];
-    POSIX_GUARD(s2n_increment_drbg_counter(&value));
-    POSIX_GUARD(s2n_drbg_block_encrypt(drbg->ctx, drbg->v, spare_block));
+    RESULT_GUARD(s2n_increment_drbg_counter(&value));
+    RESULT_GUARD(s2n_drbg_block_encrypt(drbg->ctx, drbg->v, spare_block));
     drbg->bytes_used += S2N_DRBG_BLOCK_SIZE;
 
-    POSIX_CHECKED_MEMCPY(out->data + block_aligned_size, spare_block, out->size - block_aligned_size);
+    RESULT_CHECKED_MEMCPY(out->data + block_aligned_size, spare_block, out->size - block_aligned_size);
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-static int s2n_drbg_update(struct s2n_drbg *drbg, struct s2n_blob *provided_data)
+static S2N_RESULT s2n_drbg_update(struct s2n_drbg *drbg, struct s2n_blob *provided_data)
 {
-    POSIX_ENSURE_REF(drbg);
-    POSIX_ENSURE_REF(drbg->ctx);
+    RESULT_ENSURE_REF(drbg);
+    RESULT_ENSURE_REF(drbg->ctx);
+    RESULT_ENSURE_REF(provided_data);
 
-    s2n_stack_blob(temp_blob, s2n_drbg_seed_size(drgb), S2N_DRBG_MAX_SEED_SIZE);
+    RESULT_STACK_BLOB(temp_blob, s2n_drbg_seed_size(drgb), S2N_DRBG_MAX_SEED_SIZE);
 
-    POSIX_ENSURE_EQ(provided_data->size, s2n_drbg_seed_size(drbg));
+    RESULT_ENSURE_EQ(provided_data->size, s2n_drbg_seed_size(drbg));
 
-    POSIX_GUARD(s2n_drbg_bits(drbg, &temp_blob));
+    RESULT_GUARD(s2n_drbg_bits(drbg, &temp_blob));
 
     /* XOR in the provided data */
     for (uint32_t i = 0; i < provided_data->size; i++) {
@@ -100,102 +104,109 @@ static int s2n_drbg_update(struct s2n_drbg *drbg, struct s2n_blob *provided_data
     }
 
     /* Update the key and value */
-    POSIX_GUARD_OSSL(EVP_EncryptInit_ex(drbg->ctx, NULL, NULL, temp_blob.data, NULL), S2N_ERR_DRBG);
+    RESULT_GUARD_OSSL(EVP_EncryptInit_ex(drbg->ctx, NULL, NULL, temp_blob.data, NULL), S2N_ERR_DRBG);
 
-    POSIX_CHECKED_MEMCPY(drbg->v, temp_blob.data + s2n_drbg_key_size(drbg), S2N_DRBG_BLOCK_SIZE);
+    RESULT_CHECKED_MEMCPY(drbg->v, temp_blob.data + s2n_drbg_key_size(drbg), S2N_DRBG_BLOCK_SIZE);
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-static int s2n_drbg_mix_in_entropy(struct s2n_drbg *drbg, struct s2n_blob *entropy, struct s2n_blob *ps)
+static S2N_RESULT s2n_drbg_mix_in_entropy(struct s2n_drbg *drbg, struct s2n_blob *entropy, struct s2n_blob *ps)
 {
-    POSIX_ENSURE_REF(drbg);
-    POSIX_ENSURE_REF(drbg->ctx);
-    POSIX_ENSURE_REF(entropy);
+    RESULT_ENSURE_REF(drbg);
+    RESULT_ENSURE_REF(drbg->ctx);
+    RESULT_ENSURE_REF(entropy);
 
-    POSIX_ENSURE_GTE(entropy->size, ps->size);
+    RESULT_ENSURE_GTE(entropy->size, ps->size);
 
     for (uint32_t i = 0; i < ps->size; i++) {
         entropy->data[i] ^= ps->data[i];
     }
 
-    POSIX_GUARD(s2n_drbg_update(drbg, entropy));
+    RESULT_GUARD(s2n_drbg_update(drbg, entropy));
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-static int s2n_drbg_seed(struct s2n_drbg *drbg, struct s2n_blob *ps)
+static S2N_RESULT s2n_drbg_seed(struct s2n_drbg *drbg, struct s2n_blob *ps)
 {
-    s2n_stack_blob(blob, s2n_drbg_seed_size(drbg), S2N_DRBG_MAX_SEED_SIZE);
+    RESULT_STACK_BLOB(blob, s2n_drbg_seed_size(drbg), S2N_DRBG_MAX_SEED_SIZE);
 
-    POSIX_GUARD_RESULT(s2n_get_seed_entropy(&blob));
-    POSIX_GUARD(s2n_drbg_mix_in_entropy(drbg, &blob, ps));
+    RESULT_GUARD(s2n_get_seed_entropy(&blob));
+    RESULT_GUARD(s2n_drbg_mix_in_entropy(drbg, &blob, ps));
 
     drbg->bytes_used = 0;
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-static int s2n_drbg_mix(struct s2n_drbg *drbg, struct s2n_blob *ps)
+static S2N_RESULT s2n_drbg_mix(struct s2n_drbg *drbg, struct s2n_blob *ps)
 {
-    s2n_stack_blob(blob, s2n_drbg_seed_size(drbg), S2N_DRBG_MAX_SEED_SIZE);
+    if (s2n_unlikely(ignore_prediction_resistance_for_testing)) {
+        RESULT_ENSURE(s2n_in_unit_test(), S2N_ERR_NOT_IN_UNIT_TEST);
+        return S2N_RESULT_OK;
+    }
 
-    POSIX_GUARD_RESULT(s2n_get_mix_entropy(&blob));
-    POSIX_GUARD(s2n_drbg_mix_in_entropy(drbg, &blob, ps));
+    RESULT_STACK_BLOB(blob, s2n_drbg_seed_size(drbg), S2N_DRBG_MAX_SEED_SIZE);
+
+    RESULT_GUARD(s2n_get_mix_entropy(&blob));
+    RESULT_GUARD(s2n_drbg_mix_in_entropy(drbg, &blob, ps));
 
     drbg->mixes += 1;
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-int s2n_drbg_instantiate(struct s2n_drbg *drbg, struct s2n_blob *personalization_string, const s2n_drbg_mode mode)
+S2N_RESULT s2n_drbg_instantiate(struct s2n_drbg *drbg, struct s2n_blob *personalization_string, const s2n_drbg_mode mode)
 {
-    POSIX_ENSURE_REF(drbg);
+    RESULT_ENSURE_REF(drbg);
+    RESULT_ENSURE_REF(personalization_string);
 
     drbg->ctx = EVP_CIPHER_CTX_new();
-    S2N_ERROR_IF(!drbg->ctx, S2N_ERR_DRBG);
+    RESULT_GUARD_PTR(drbg->ctx);
 
-    s2n_evp_ctx_init(drbg->ctx);
+    RESULT_EVP_CTX_INIT(drbg->ctx);
 
     switch(mode) {
         case S2N_AES_128_CTR_NO_DF_PR:
-            POSIX_GUARD_OSSL(EVP_EncryptInit_ex(drbg->ctx, EVP_aes_128_ecb(), NULL, NULL, NULL), S2N_ERR_DRBG);
+            RESULT_GUARD_OSSL(EVP_EncryptInit_ex(drbg->ctx, EVP_aes_128_ecb(), NULL, NULL, NULL), S2N_ERR_DRBG);
             break;
         case S2N_AES_256_CTR_NO_DF_PR:
-            POSIX_GUARD_OSSL(EVP_EncryptInit_ex(drbg->ctx, EVP_aes_256_ecb(), NULL, NULL, NULL), S2N_ERR_DRBG);
+            RESULT_GUARD_OSSL(EVP_EncryptInit_ex(drbg->ctx, EVP_aes_256_ecb(), NULL, NULL, NULL), S2N_ERR_DRBG);
             break;
         default:
-            POSIX_BAIL(S2N_ERR_DRBG);
+            RESULT_BAIL(S2N_ERR_DRBG);
     }
 
-    POSIX_ENSURE_LTE(s2n_drbg_key_size(drbg), S2N_DRBG_MAX_KEY_SIZE);
-    POSIX_ENSURE_LTE(s2n_drbg_seed_size(drbg), S2N_DRBG_MAX_SEED_SIZE);
+    RESULT_ENSURE_LTE(s2n_drbg_key_size(drbg), S2N_DRBG_MAX_KEY_SIZE);
+    RESULT_ENSURE_LTE(s2n_drbg_seed_size(drbg), S2N_DRBG_MAX_SEED_SIZE);
 
     static const uint8_t zero_key[S2N_DRBG_MAX_KEY_SIZE] = {0};
 
     /* Start off with zeroed data, per 10.2.1.3.1 item 4 and 5 */
     memset(drbg->v, 0, sizeof(drbg->v));
-    POSIX_GUARD_OSSL(EVP_EncryptInit_ex(drbg->ctx, NULL, NULL, zero_key, NULL), S2N_ERR_DRBG);
+    RESULT_GUARD_OSSL(EVP_EncryptInit_ex(drbg->ctx, NULL, NULL, zero_key, NULL), S2N_ERR_DRBG);
 
     /* Copy the personalization string */
-    s2n_stack_blob(ps, s2n_drbg_seed_size(drbg), S2N_DRBG_MAX_SEED_SIZE);
-    POSIX_GUARD(s2n_blob_zero(&ps));
+    RESULT_STACK_BLOB(ps, s2n_drbg_seed_size(drbg), S2N_DRBG_MAX_SEED_SIZE);
+    RESULT_GUARD_POSIX(s2n_blob_zero(&ps));
 
-    POSIX_CHECKED_MEMCPY(ps.data, personalization_string->data, MIN(ps.size, personalization_string->size));
+    RESULT_CHECKED_MEMCPY(ps.data, personalization_string->data, MIN(ps.size, personalization_string->size));
 
     /* Seed the DRBG */
-    POSIX_GUARD(s2n_drbg_seed(drbg, &ps));
+    RESULT_GUARD(s2n_drbg_seed(drbg, &ps));
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-int s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob)
+S2N_RESULT s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob)
 {
-    POSIX_ENSURE_REF(drbg);
-    POSIX_ENSURE_REF(drbg->ctx);
-    s2n_stack_blob(zeros, s2n_drbg_seed_size(drbg), S2N_DRBG_MAX_SEED_SIZE);
+    RESULT_ENSURE_REF(drbg);
+    RESULT_ENSURE_REF(drbg->ctx);
+
+    RESULT_STACK_BLOB(zeros, s2n_drbg_seed_size(drbg), S2N_DRBG_MAX_SEED_SIZE);
 
-    S2N_ERROR_IF(blob->size > S2N_DRBG_GENERATE_LIMIT, S2N_ERR_DRBG_REQUEST_SIZE);
+    RESULT_ENSURE(blob->size <= S2N_DRBG_GENERATE_LIMIT, S2N_ERR_DRBG_REQUEST_SIZE);
 
     /* Mix in additional entropy for every randomness generation call. This
      * defense mechanism is referred to as "prediction resistance".
@@ -205,31 +216,41 @@ int s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob)
      *  2. Re-consider whether the current fork detection strategy is still
      *     sufficient.
      */
-    POSIX_GUARD(s2n_drbg_mix(drbg, &zeros));
-    POSIX_GUARD(s2n_drbg_bits(drbg, blob));
-    POSIX_GUARD(s2n_drbg_update(drbg, &zeros));
+    RESULT_GUARD(s2n_drbg_mix(drbg, &zeros));
+    RESULT_GUARD(s2n_drbg_bits(drbg, blob));
+    RESULT_GUARD(s2n_drbg_update(drbg, &zeros));
 
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-int s2n_drbg_wipe(struct s2n_drbg *drbg)
+S2N_RESULT s2n_drbg_wipe(struct s2n_drbg *drbg)
 {
-    POSIX_ENSURE_REF(drbg);
+    RESULT_ENSURE_REF(drbg);
+
     if (drbg->ctx) {
-        POSIX_GUARD_OSSL(EVP_CIPHER_CTX_cleanup(drbg->ctx), S2N_ERR_DRBG);
+        RESULT_GUARD_OSSL(EVP_CIPHER_CTX_cleanup(drbg->ctx), S2N_ERR_DRBG);
 
         EVP_CIPHER_CTX_free(drbg->ctx);
         drbg->ctx = NULL;
     }
 
     *drbg = (struct s2n_drbg) {0};
-    return 0;
+    return S2N_RESULT_OK;
 }
 
-int s2n_drbg_bytes_used(struct s2n_drbg *drbg, uint64_t *bytes_used)
+S2N_RESULT s2n_drbg_bytes_used(struct s2n_drbg *drbg, uint64_t *bytes_used)
 {
-    POSIX_ENSURE_REF(drbg);
-    POSIX_ENSURE_REF(bytes_used);
+    RESULT_ENSURE_REF(drbg);
+    RESULT_ENSURE_REF(bytes_used);
+
     *bytes_used = drbg->bytes_used;
-    return 0;
+    return S2N_RESULT_OK;
+}
+
+S2N_RESULT s2n_ignore_prediction_resistance_for_testing(bool ignore_bool) {
+    RESULT_ENSURE(s2n_in_unit_test(), S2N_ERR_NOT_IN_UNIT_TEST);
+
+    ignore_prediction_resistance_for_testing = ignore_bool;
+
+    return S2N_RESULT_OK;
 }

data/aws-crt-ffi/crt/s2n/crypto/s2n_drbg.h

@@ -52,12 +52,15 @@ typedef enum {S2N_AES_128_CTR_NO_DF_PR, S2N_AES_256_CTR_NO_DF_PR} s2n_drbg_mode;
 
 /* Per NIST SP 800-90C 6.3
  *
- * s2n's DRBG does provide prediction resistance
- * and does not support the additional_input parameter (which per 800-90C may be zero).
+ * s2n's DRBG uses prediction resistance and does not support the
+ * additional_input parameter (which per 800-90C may be zero).
  *
-  * The security strength provided by s2n's DRBG is either 128 or 256 bits depending on the s2n_drbg_mode passed in.
+ * The security strength provided by s2n's DRBG is either 128 or 256 bits
+ * depending on the s2n_drbg_mode passed in.
  */
-extern int s2n_drbg_instantiate(struct s2n_drbg *drbg, struct s2n_blob *personalization_string, const s2n_drbg_mode mode);
-extern int s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *returned_bits);
-extern int s2n_drbg_wipe(struct s2n_drbg *drbg);
-extern int s2n_drbg_bytes_used(struct s2n_drbg *drbg, uint64_t *bytes_used);
+S2N_RESULT s2n_drbg_instantiate(struct s2n_drbg *drbg, struct s2n_blob *personalization_string, const s2n_drbg_mode mode);
+S2N_RESULT s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *returned_bits);
+S2N_RESULT s2n_drbg_wipe(struct s2n_drbg *drbg);
+S2N_RESULT s2n_drbg_bytes_used(struct s2n_drbg *drbg, uint64_t *bytes_used);
+/* Use for testing only */
+S2N_RESULT s2n_ignore_prediction_resistance_for_testing(bool true_or_false);

data/aws-crt-ffi/crt/s2n/crypto/s2n_openssl.h

@@ -40,8 +40,10 @@
 
 #if (S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0)) && (!defined(OPENSSL_IS_BORINGSSL)) && (!defined(OPENSSL_IS_AWSLC))
 #define s2n_evp_ctx_init(ctx) POSIX_GUARD_OSSL(EVP_CIPHER_CTX_init(ctx), S2N_ERR_DRBG)
+#define RESULT_EVP_CTX_INIT(ctx) RESULT_GUARD_OSSL(EVP_CIPHER_CTX_init(ctx), S2N_ERR_DRBG)
 #else
 #define s2n_evp_ctx_init(ctx) EVP_CIPHER_CTX_init(ctx)
+#define RESULT_EVP_CTX_INIT(ctx) EVP_CIPHER_CTX_init(ctx)
 #endif
 
 #if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_FIPS) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_AWSLC) && !defined(OPENSSL_NO_ENGINE)

data/aws-crt-ffi/crt/s2n/error/s2n_errno.c

@@ -267,7 +267,7 @@ static const char *no_such_error = "Internal s2n error";
     ERR_ENTRY(S2N_ERR_PKEY_CTX_INIT, "Unable to initialize the libcrypto pkey context") \
     ERR_ENTRY(S2N_ERR_FORK_DETECTION_INIT, "Fork detection initialization failed") \
     ERR_ENTRY(S2N_ERR_RETRIEVE_FORK_GENERATION_NUMBER, "Retrieving fork generation number failed") \
-
+    ERR_ENTRY(S2N_ERR_SECRET_SCHEDULE_STATE, "Correct inputs to secret calculation not available") \
 /* clang-format on */
 
 #define ERR_STR_CASE(ERR, str) case ERR: return str;

data/aws-crt-ffi/crt/s2n/error/s2n_errno.h

@@ -284,6 +284,7 @@ typedef enum {
     S2N_ERR_INVALID_X509_EXTENSION_TYPE,
     S2N_ERR_INSUFFICIENT_MEM_SIZE,
     S2N_ERR_KEYING_MATERIAL_EXPIRED,
+    S2N_ERR_SECRET_SCHEDULE_STATE,
     S2N_ERR_T_USAGE_END,
 } s2n_error;
 

data/aws-crt-ffi/crt/s2n/s2n.mk

@@ -158,6 +158,13 @@ ifeq ($(S2N_UNSAFE_FUZZING_MODE),1)
 
 endif
 
+# Disable strict-prototypes check in clang
+ifneq '' '$(findstring clang,$(CC))'
+	CFLAGS += -Wno-strict-prototypes
+	DEFAULT_CFLAGS += -Wno-strict-prototypes
+	CPPFLAGS += -Wno-strict-prototypes
+endif
+
 # If COV_TOOL isn't set, pick a default COV_TOOL depending on if the LLVM Marker File was created.
 ifndef COV_TOOL
 	ifneq ("$(wildcard $(LLVM_GCOV_MARKER_FILE))","")

data/aws-crt-ffi/crt/s2n/tests/cbmc/templates/scripts/repository.py

@@ -0,0 +1,233 @@
+"""Discover repository properties like repository root, proof root, etc."""
+
+from pathlib import Path
+from subprocess import Popen, PIPE
+import subprocess
+import logging
+import json
+import re
+
+################################################################
+# Construct an ascending relative path like "../../.." from a
+# directory to an ancestor in the file system.
+#
+# The Path method dst.relative_to(src) requires that dst is a
+# descendant of src and will not produce a path like "../../..".
+
+def path_to_ancestor(descendant, ancestor):
+    """Relative path from descendant to ancestor."""
+
+    descendant = Path(descendant).resolve()
+    ancestor = Path(ancestor).resolve()
+
+    try:
+        path = descendant.relative_to(ancestor)
+    except ValueError:
+        raise UserWarning(f"{ancestor} is not an ancestor of {descendant}") from ValueError
+
+    return Path(*[Path('..') for part in path.parts])
+
+################################################################
+# Discover the roots of
+#   * the respository and
+#   * the proofs subtree installed by the starter kit.
+
+def repository_root(cwd='.', abspath=True):
+    """Path to root of repository containing current directory.
+
+    Return the absolute path if abspath is True.  If abspath is False,
+    return the relative path from the current directory.  If the
+    current directory is within a submodule of the repository, then
+    the root of the submodule is returned, not the repository itself.
+    """
+
+    cwd = Path(cwd).resolve()
+    for ancestor in [cwd, *cwd.parents]:
+        if (ancestor / '.git').is_dir():
+            return ancestor if abspath else path_to_ancestor(cwd, ancestor)
+    raise UserWarning(f"No git repository contains {cwd}")
+
+def proofs_root(cwd='.', abspath=True):
+    """Path to root of proofs subtree installed by starter kit.
+
+    Return an absolute path if abspath is True, and a path relative to
+    cwd otherwise.  Search starts at cwd and ascends until it reaches
+    the root of the enclosing repository, and raises UserWarning if
+    there is no enclosing repository."""
+
+    cwd = Path(cwd).resolve()                     # Where to start looking
+    root = repository_root(cwd=cwd, abspath=True) # Where to stop looking
+    proofs = "proofs"                             # What to look for
+
+    for path in [cwd, *cwd.parents]:
+        if path.name == proofs:
+            return path if abspath else path_to_ancestor(cwd, path)
+        if path == root:
+            break
+    raise UserWarning(f"'{cwd}' has no ancestor named '{proofs}'")
+
+################################################################
+# Discover the roots of
+#   * the litani submodule
+#   * the starter kit submodule
+
+def load_submodules(repo=None):
+    """Load file .gitmodules describing the installed submodules"""
+
+    repo = repo or repository_root()
+    try:
+        cmd = ['git', 'config', '-f', '.gitmodules', '--list']
+        kwds = {'cwd': str(repo), 'capture_output': True, 'text': True}
+        lines = subprocess.run(cmd, **kwds, check=True).stdout.splitlines()
+    except subprocess.CalledProcessError as error:
+        logging.debug(error)
+        raise UserWarning(
+            f"Can't load submodules in repository root '{repo}'"
+        ) from error
+
+    submodules = {}
+    for line in lines:
+        line=re.sub(r'\s+', ' ', line.strip())
+
+        # Output of git config is lines of the form
+        #   submodule.ORGANIZATION/REPOSITORY.path=PATH
+        #   submodule.ORGANIZATION/REPOSITORY.url=URL
+        # Parsing config output with a simple regular expression will
+        # fail if PATH or URL contains path= or url= as a substring.
+        match = re.match(r"^submodule\.(.+)\.(path|url)=(.+)", line)
+        if not match:
+            logging.debug("Can't parse git config output: '%s'", line)
+            continue
+
+        name, key, value = [string.strip() for string in match.groups()[0:3]]
+        if key == 'path':
+            value = Path(value)
+            if not value.is_dir(): # Maybe PATH included path= as a substring...
+                logging.debug("Not a directory: path %s for submodule %s", value, name)
+        submodules[name] = submodules.get(name, {})
+        submodules[name][key] = value
+
+    return submodules
+
+def submodule_root(url, submodules=None, repo=None, abspath=True):
+    """Look up path to root of submodule url in submodules."""
+
+    url = url.lower()
+    repo = Path(repo) if repo else repository_root()
+    submodules = submodules or load_submodules(repo=repo)
+
+    for _, config in submodules.items():
+        config_url = config.get("url")
+        config_path = config.get("path")
+
+        if not config_url or not config_url.lower() in [url, url+".git"]:
+            continue
+        if not config_path:
+            logging.debug("Can't find path to submodule '%s'", url)
+            logging.debug("Found submodule config = %s", config)
+            return None
+        return repo/config_path if abspath else config_path
+
+    logging.debug("Can't find submodule '%s'", url)
+    logging.debug("Found submodules = %s", submodules)
+    return None
+
+
+def litani_root(submodules=None, repo=None, abspath=True):
+    """Root of litani submodule."""
+
+    litani1 = 'https://github.com/awslabs/aws-build-accumulator'
+    litani2 = 'git@github.com:awslabs/aws-build-accumulator'
+    return (submodule_root(litani1, submodules, repo, abspath) or
+            submodule_root(litani2, submodules, repo, abspath))
+
+def starter_kit_root(submodules=None, repo=None, abspath=True):
+    """Root of starter kit submodule."""
+
+    old_starter1 = 'https://github.com/awslabs/aws-templates-for-cbmc-proofs'
+    old_starter2 = 'git@github.com:awslabs/aws-templates-for-cbmc-proofs'
+    new_starter1 = 'https://github.com/model-checking/cbmc-starter-kit'
+    new_starter2 = 'git@github.com:model-checking/cbmc-starter-kit'
+    return (submodule_root(old_starter1, submodules, repo, abspath) or
+            submodule_root(old_starter2, submodules, repo, abspath) or
+            submodule_root(new_starter1, submodules, repo, abspath) or
+            submodule_root(new_starter2, submodules, repo, abspath))
+
+################################################################
+# Discover the set of all source files in the repository that define a
+# function named func.
+
+def run(cmd, cwd=None, stdin=None):
+    """Run a command with string stdin on stdin, return stdout and stderr."""
+
+    cmd = [str(word) for word in cmd]
+    try:
+        with Popen(cmd, cwd=cwd, text=True, stdin=PIPE, stdout=PIPE, stderr=PIPE) as pipe:
+            stdout, stderr = pipe.communicate(input=stdin)
+        if pipe.returncode:
+            logging.debug("Nonzero return code %s: command: '%s'", pipe.returncode, ' '.join(cmd))
+            logging.debug("Nonzero return code %s: stderr: '%s'", pipe.returncode, pipe.stderr)
+            return None, None
+        return stdout, stderr
+    except FileNotFoundError:
+        logging.debug("FileNotFoundError: command '%s'", ' '.join(cmd))
+        return None, None
+
+def function_tags(repo='.'):
+    """List of tags for function definitions in respository source files.
+
+    Each tag is a dict '{"name": function, "path": source}' naming a
+    function and a source file defining the function."""
+
+    repo = Path(repo).resolve()
+
+    find_cmd = ['find', '.', '-name', '*.c']
+    find_stdout, _ = run(find_cmd, cwd=repo)
+    if find_stdout is None: # run() logs errors on debug
+        return []
+
+    ctags_cmd = [
+        'ctags',
+        '-L', '-', # read from standard input
+        '--c-types=f', # include only function definition tags
+        '--output-format=json', # each line is one json blob for one tag
+        '--fields=NF' # each json blob is {name="function", path="source"}
+    ]
+    ctags_stdout, _ = run(ctags_cmd, cwd=repo, stdin=find_stdout)
+    if ctags_stdout is None: # run() logs errors on debug
+        return []
+
+    blobs = ctags_stdout.splitlines()  # a list of json blobs
+    blob = '[' + ','.join(blobs) + ']' # a json blob
+    try:
+        return json.loads(blob)
+    except json.decoder.JSONDecodeError as error:
+        logging.debug("Can't load json output of ctags in %s", repo)
+        logging.debug(error)
+        return []
+
+def function_paths(func, tags):
+    """Paths to all source files in tags defining a function func."""
+
+    return sorted([tag['path'] for tag in tags if tag['name'] == func])
+
+def function_sources(func, cwd='.', repo='.', abspath=True):
+    """Paths to all source files in the repository defining a function func.
+
+    Paths are absolute if abspath is True, and relative to cwd otherwise.
+
+    """
+
+    cwd = Path(cwd).resolve()
+    repo = Path(repo).resolve()
+
+    tags = function_tags(repo)
+    paths = function_paths(func, tags)
+
+    path_to_repo = repo if abspath else path_to_ancestor(cwd, repo)
+    sources = [Path(path_to_repo, path) for path in paths]
+
+    assert all(src.is_file() for src in sources)
+    return sources
+
+################################################################

data/aws-crt-ffi/crt/s2n/tests/cbmc/templates/scripts/setup-proof.py

@@ -9,6 +9,7 @@ import logging
 import os
 import shutil
 
+import repository
 import util
 
 def proof_template_filenames():
@@ -17,16 +18,16 @@ def proof_template_filenames():
 
 def read_proof_template(filename):
     directory = os.path.join(util.templates_root(), util.PROOF_TEMPLATES)
-    with open(os.path.join(directory, filename)) as data:
+    with open(os.path.join(directory, filename), encoding='utf-8') as data:
         return data.read().splitlines()
 
 def write_proof_template(lines, filename, directory):
-    with open(os.path.join(directory, filename), "w") as data:
+    with open(os.path.join(directory, filename), "w", encoding='utf-8') as data:
         data.writelines(line + '\n' for line in lines)
 
 def rename_proof_harness(function, directory):
     shutil.move(os.path.join(directory, "FUNCTION_harness.c"),
-                os.path.join(directory, "{}_harness.c".format(function)))
+                os.path.join(directory, f"{function}_harness.c"))
 
 def patch_function_name(lines, function):
     return [line.replace("<__FUNCTION_NAME__>", function) for line in lines]
@@ -48,10 +49,10 @@ def main():
 
     logging.basicConfig(format='%(levelname)s: %(message)s')
 
-    function = util.read_function_name()
-    source_file = util.read_source_path()
-    source_root = util.read_source_root_path()
-    proof_root = util.read_proof_root_path()
+    function = util.ask_for_function_name()
+    source_file = util.ask_for_source_file(function)
+    source_root = repository.repository_root()
+    proof_root = repository.proofs_root()
 
     proof_dir = os.path.abspath(function)
     os.mkdir(proof_dir)