scyther/testing/tls/tls-HSDDM05.cpp

/*
 * This is a model of a version of the TLS protocol as modeled by
 * He,Sundararajan,Datta,Derek and Mitchell in the paper: "A modular
 * correctness proof of IEEE 802.11i and TLS".
 *
 * The .cpp file cannot be fed into scyther directly; rather, one needs
 * to type: (for *nix type systems with cpp)
 *
 * 	cpp tls-HSDDM05.cpp >tls-HSDDM05.spdl
 *
 * in order to generate a valid spdl file for the Scyther.
 *
 * This allows for macro expansion, as seen in the next part, which is
 * particularly useful for expanding the handshakes.
 *
 */
#define CERT(a) { a,pk(a) }sk(Terence)
#define msg1 X,Nx,pa
#define msg2 Ny,pb,CERT(Y)
#define handShake1 msg1,msg2
#define msg3 CERT(X),{handShake1}sk(X),{msecret}pk(Y),hash(msecret,handShake1,clientstring)
#define handShake2 msg1,msg2,msg3
#define msg4 hash(msecret,handShake2,serverstring)


/* below is just Scyther input and no further macro definitions */

usertype Params, String;

const pk,hash: Function;
secret sk,unhash: Function;
inversekeys(pk,sk);
inversekeys(hash,unhash);

const clientstring,serverstring: String;

const Alice, Bob, Eve: Agent;
const Terence: Agent;

protocol tls-HSDDM05(X,Y)
{
	role X
	{
		fresh Nx: Nonce;
		fresh msecret: Nonce;
		fresh pa: Params;
		var Ny: Nonce;
		var pb: Params;

		send_1( X,Y, msg1 );
		recv_2( Y,X, msg2 );
		send_3( X,Y, msg3 );
		recv_4( Y,X, msg4 );

		claim_X1( X, Secret, msecret );
	}	
	
	role Y
	{
		var Nx: Nonce;
		var msecret: Nonce;
		var pa: Params;
		fresh Ny: Nonce;
		fresh pb: Params;

		recv_1( X,Y, msg1 );
		send_2( Y,X, msg2 );
		recv_3( X,Y, msg3 );
		send_4( Y,X, msg4 );

		claim_Y1( Y, Secret, msecret );
	}
}
- Added protocols 2006-11-21 13:40:50 +00:00			`/*`
			`* This is a model of a version of the TLS protocol as modeled by`
			`* He,Sundararajan,Datta,Derek and Mitchell in the paper: "A modular`
			`* correctness proof of IEEE 802.11i and TLS".`
			`*`
			`* The .cpp file cannot be fed into scyther directly; rather, one needs`
			`* to type: (for *nix type systems with cpp)`
			`*`
- Improved version of tls by the Mitchell group 2006-11-24 08:10:52 +00:00			`* cpp tls-HSDDM05.cpp >tls-HSDDM05.spdl`
- Added protocols 2006-11-21 13:40:50 +00:00			`*`
			`* in order to generate a valid spdl file for the Scyther.`
			`*`
			`* This allows for macro expansion, as seen in the next part, which is`
			`* particularly useful for expanding the handshakes.`
			`*`
			`*/`
			`#define CERT(a) { a,pk(a) }sk(Terence)`
- Improved version of tls by the Mitchell group 2006-11-24 08:10:52 +00:00			`#define msg1 X,Nx,pa`
			`#define msg2 Ny,pb,CERT(Y)`
			`#define handShake1 msg1,msg2`
			`#define msg3 CERT(X),{handShake1}sk(X),{msecret}pk(Y),hash(msecret,handShake1,clientstring)`
			`#define handShake2 msg1,msg2,msg3`
			`#define msg4 hash(msecret,handShake2,serverstring)`

- Added protocols 2006-11-21 13:40:50 +00:00
			`/* below is just Scyther input and no further macro definitions */`

			`usertype Params, String;`

			`const pk,hash: Function;`
			`secret sk,unhash: Function;`
			`inversekeys(pk,sk);`
			`inversekeys(hash,unhash);`

			`const clientstring,serverstring: String;`

			`const Alice, Bob, Eve: Agent;`
			`const Terence: Agent;`

- Improved version of tls by the Mitchell group 2006-11-24 08:10:52 +00:00			`protocol tls-HSDDM05(X,Y)`
- Added protocols 2006-11-21 13:40:50 +00:00			`{`
			`role X`
			`{`
Fixed obsolete notation in protocol specification files. Not everything is fixed yet. However, we fixed: - 'const' -> 'fresh' - Removed lines specifying 'runs' - Removed some specifications of compromised Eve and its long-term keys being compromised. 2012-05-02 22:01:08 +01:00			`fresh Nx: Nonce;`
			`fresh msecret: Nonce;`
			`fresh pa: Params;`
- Added protocols 2006-11-21 13:40:50 +00:00			`var Ny: Nonce;`
			`var pb: Params;`

- Improved version of tls by the Mitchell group 2006-11-24 08:10:52 +00:00			`send_1( X,Y, msg1 );`
Fixing remaining 'read's to 'recv'. 2012-05-02 22:26:41 +01:00			`recv_2( Y,X, msg2 );`
- Improved version of tls by the Mitchell group 2006-11-24 08:10:52 +00:00			`send_3( X,Y, msg3 );`
Fixing remaining 'read's to 'recv'. 2012-05-02 22:26:41 +01:00			`recv_4( Y,X, msg4 );`
- Added protocols 2006-11-21 13:40:50 +00:00
			`claim_X1( X, Secret, msecret );`
			`}`

			`role Y`
			`{`
			`var Nx: Nonce;`
			`var msecret: Nonce;`
			`var pa: Params;`
Fixed obsolete notation in protocol specification files. Not everything is fixed yet. However, we fixed: - 'const' -> 'fresh' - Removed lines specifying 'runs' - Removed some specifications of compromised Eve and its long-term keys being compromised. 2012-05-02 22:01:08 +01:00			`fresh Ny: Nonce;`
			`fresh pb: Params;`
- Added protocols 2006-11-21 13:40:50 +00:00
Fixing remaining 'read's to 'recv'. 2012-05-02 22:26:41 +01:00			`recv_1( X,Y, msg1 );`
- Improved version of tls by the Mitchell group 2006-11-24 08:10:52 +00:00			`send_2( Y,X, msg2 );`
Fixing remaining 'read's to 'recv'. 2012-05-02 22:26:41 +01:00			`recv_3( X,Y, msg3 );`
- Improved version of tls by the Mitchell group 2006-11-24 08:10:52 +00:00			`send_4( Y,X, msg4 );`
- Added protocols 2006-11-21 13:40:50 +00:00
			`claim_Y1( Y, Secret, msecret );`
			`}`
			`}`