2006-08-07 19:23:30 +01:00
|
|
|
#!/usr/bin/python
|
2007-06-11 13:09:24 +01:00
|
|
|
"""
|
|
|
|
Scyther : An automatic verifier for security protocols.
|
|
|
|
Copyright (C) 2007 Cas Cremers
|
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
|
|
modify it under the terms of the GNU General Public License
|
|
|
|
as published by the Free Software Foundation; either version 2
|
|
|
|
of the License, or (at your option) any later version.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program; if not, write to the Free Software
|
|
|
|
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
"""
|
|
|
|
|
2006-08-07 19:23:30 +01:00
|
|
|
|
|
|
|
"""
|
|
|
|
|
2006-08-11 18:25:34 +01:00
|
|
|
Example script to show how to perform large-scale tests using the
|
|
|
|
Scyther Python API (contained in the Scyther subdirectory)
|
|
|
|
|
|
|
|
In this example, multi-protocol attack analysis is performed on a small
|
|
|
|
test set.
|
2006-08-07 19:23:30 +01:00
|
|
|
|
2007-01-27 21:42:16 +00:00
|
|
|
Author: Cas Cremers
|
|
|
|
|
2006-08-07 19:23:30 +01:00
|
|
|
"""
|
|
|
|
|
2007-01-27 21:42:16 +00:00
|
|
|
from Scyther import Scyther
|
2010-11-09 09:07:49 +00:00
|
|
|
import time
|
|
|
|
try:
|
|
|
|
from progressbar import *
|
|
|
|
PROGRESSBAR = True
|
|
|
|
except ImportError:
|
|
|
|
from progressbarDummy import *
|
|
|
|
PROGRESSBAR = False
|
|
|
|
print """
|
|
|
|
Missing the progressbar library.
|
2006-08-07 19:23:30 +01:00
|
|
|
|
2010-11-09 09:07:49 +00:00
|
|
|
It can be downloaded from:
|
|
|
|
|
|
|
|
http://code.google.com/p/python-progressbar/
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
2010-11-11 10:16:59 +00:00
|
|
|
FOUND = []
|
2010-11-09 09:07:49 +00:00
|
|
|
|
|
|
|
def MyScyther(protocollist,filt=None,options=None):
|
2006-08-08 14:03:02 +01:00
|
|
|
"""
|
|
|
|
Evaluate the composition of the protocols in protocollist.
|
|
|
|
If there is a filter, i.e. "ns3,I1" then only this specific claim
|
|
|
|
will be evaluated.
|
|
|
|
"""
|
2006-08-07 19:23:30 +01:00
|
|
|
s = Scyther.Scyther()
|
2010-11-09 09:07:49 +00:00
|
|
|
|
2010-11-12 09:37:48 +00:00
|
|
|
if (options == None) or (options == ""):
|
2010-11-09 09:07:49 +00:00
|
|
|
# untyped matching
|
|
|
|
s.options = "--match=2"
|
|
|
|
else:
|
2010-11-12 09:37:48 +00:00
|
|
|
s.options = options.strip() # Some cleanup of string (idiot's normalization)
|
2010-11-09 09:07:49 +00:00
|
|
|
|
2006-08-07 19:23:30 +01:00
|
|
|
for protocol in protocollist:
|
|
|
|
s.addFile(protocol)
|
2010-11-09 09:07:49 +00:00
|
|
|
s.verifyOne(filt)
|
2006-08-07 19:23:30 +01:00
|
|
|
return s
|
|
|
|
|
2006-08-08 14:19:17 +01:00
|
|
|
|
2010-11-09 09:07:49 +00:00
|
|
|
def getCorrectIsolatedClaims(protocolset,options=None):
|
2006-08-07 19:23:30 +01:00
|
|
|
"""
|
|
|
|
Given a set of protocols, determine the correct claims when run in
|
|
|
|
isolation.
|
2006-08-08 14:03:02 +01:00
|
|
|
Returns a tuple, consisting of
|
|
|
|
- a list of compiling protocols
|
|
|
|
- a list of tuples (protocol,claimid) wich denote correct claims
|
2006-08-07 19:23:30 +01:00
|
|
|
"""
|
2006-08-08 14:03:02 +01:00
|
|
|
correctclaims = []
|
|
|
|
goodprotocols = []
|
2010-11-09 09:07:49 +00:00
|
|
|
|
|
|
|
widgets = ['Scanning for claims that are correct in isolation: ', Percentage(), ' ',
|
|
|
|
Bar(marker='#',left='[',right=']')
|
|
|
|
]
|
|
|
|
pbar = ProgressBar(widgets=widgets, maxval=len(protocolset))
|
|
|
|
pbar.start()
|
|
|
|
count = 0
|
2006-08-07 19:23:30 +01:00
|
|
|
for protocol in protocolset:
|
|
|
|
# verify protocol in isolation
|
2010-11-09 09:07:49 +00:00
|
|
|
s = MyScyther([protocol],options=options)
|
2006-08-07 19:23:30 +01:00
|
|
|
# investigate the results
|
2007-01-27 21:42:16 +00:00
|
|
|
goodprotocols.append(protocol)
|
|
|
|
for claim in s.claims:
|
|
|
|
if claim.okay:
|
|
|
|
correctclaims.append((protocol,claim.id))
|
2010-11-09 09:07:49 +00:00
|
|
|
count += 1
|
|
|
|
pbar.update(count)
|
|
|
|
pbar.finish()
|
2006-08-08 14:03:02 +01:00
|
|
|
return (goodprotocols,correctclaims)
|
2006-08-07 19:23:30 +01:00
|
|
|
|
2010-11-09 09:07:49 +00:00
|
|
|
|
|
|
|
def verifyMPAlist(mpalist,claimid,options=None):
|
2006-08-08 14:18:09 +01:00
|
|
|
"""
|
|
|
|
Verify the existence of an attack in this context
|
|
|
|
|
|
|
|
If an attack is found, we return False, otherwise True. This is
|
|
|
|
needed for the iteration later.
|
|
|
|
"""
|
|
|
|
# This should be a more restricted verification
|
2010-11-09 09:07:49 +00:00
|
|
|
print time.asctime(), mpalist, claimid, options # [DEBUG]
|
|
|
|
s = MyScyther(mpalist,claimid,options)
|
2006-08-08 14:18:09 +01:00
|
|
|
claim = s.getClaim(claimid)
|
|
|
|
if claim:
|
|
|
|
if not claim.okay:
|
2010-11-11 10:16:59 +00:00
|
|
|
global FOUND
|
|
|
|
|
2006-08-08 14:18:09 +01:00
|
|
|
# This is an MPA attack!
|
|
|
|
print "I've found a multi-protocol attack on claim %s in the context %s." % (claimid,str(mpalist))
|
2010-11-11 10:16:59 +00:00
|
|
|
FOUND.append((claimid,mpalist))
|
|
|
|
|
2006-08-08 14:18:09 +01:00
|
|
|
return False
|
|
|
|
else:
|
|
|
|
return True
|
|
|
|
|
2006-08-08 14:19:17 +01:00
|
|
|
|
2010-11-09 09:07:49 +00:00
|
|
|
def constructMPAlist(protocolset,claimid,mpalist,length,start,callback,options=None):
|
2006-08-08 14:18:09 +01:00
|
|
|
"""
|
|
|
|
Append a list of parallel protocols, without duplicates,
|
|
|
|
such that the added part is lexicographically ordered (from
|
|
|
|
index 'start' in the protocol list)
|
|
|
|
For each possible list, the function callback is called. If the
|
|
|
|
callback returns true, iteration proceeds (returning true in the
|
|
|
|
end), otherwise it aborts and returns false.
|
|
|
|
"""
|
|
|
|
if len(mpalist) < length:
|
|
|
|
# list is not long enough yet
|
|
|
|
for pn in range(start,len(protocolset)):
|
|
|
|
p = protocolset[pn]
|
|
|
|
if p not in mpalist:
|
2010-11-09 09:07:49 +00:00
|
|
|
if not constructMPAlist(protocolset,claimid,mpalist + [p],length,pn+1,callback,options=options):
|
2006-08-08 14:18:09 +01:00
|
|
|
return False
|
|
|
|
return True
|
|
|
|
else:
|
|
|
|
# list is long enough: callback
|
2010-11-09 09:07:49 +00:00
|
|
|
return callback(mpalist,claimid,options)
|
2006-08-08 14:18:09 +01:00
|
|
|
|
2006-08-08 14:19:17 +01:00
|
|
|
|
2010-11-09 09:07:49 +00:00
|
|
|
def findMPA(protocolset,protocol,claimid,maxcount=3,options=None):
|
2006-08-07 19:23:30 +01:00
|
|
|
"""
|
|
|
|
The protocol claim is assumed to be correct. When does it break?
|
|
|
|
"""
|
2006-08-08 14:18:09 +01:00
|
|
|
|
|
|
|
# First we examine 2-protocol attacks, and then increase the
|
|
|
|
# number of parallel protocols if we don't find any attacks on the
|
|
|
|
# claim.
|
2006-08-07 19:23:30 +01:00
|
|
|
count = 2
|
2006-08-08 14:03:02 +01:00
|
|
|
if len(protocolset) < maxcount:
|
2006-08-08 14:18:09 +01:00
|
|
|
# we cannot have more protocols in parallel than there are
|
|
|
|
# protocols.
|
2006-08-08 14:03:02 +01:00
|
|
|
maxcount = len(protocolset)
|
2006-08-07 19:23:30 +01:00
|
|
|
|
2006-08-08 14:18:09 +01:00
|
|
|
# the actual incremental search loop
|
2006-08-07 19:23:30 +01:00
|
|
|
while count <= maxcount:
|
2010-11-09 09:07:49 +00:00
|
|
|
constructMPAlist(protocolset,claimid,[protocol],count,0,verifyMPAlist,options)
|
2006-08-07 19:23:30 +01:00
|
|
|
count += 1
|
|
|
|
return None
|
|
|
|
|
2006-08-08 14:19:17 +01:00
|
|
|
|
2010-11-12 09:37:48 +00:00
|
|
|
def findAllMPA(protocolset,maxcount=3,options="",mpaoptions=""):
|
2006-08-07 19:23:30 +01:00
|
|
|
"""
|
|
|
|
Given a set of protocols, find multi-protocol attacks
|
|
|
|
"""
|
2006-08-11 18:25:34 +01:00
|
|
|
|
2010-11-11 10:16:59 +00:00
|
|
|
global FOUND
|
|
|
|
|
|
|
|
FOUND = []
|
|
|
|
|
2006-08-11 18:25:34 +01:00
|
|
|
# Find all correct claims in each protocol
|
2010-11-09 09:07:49 +00:00
|
|
|
(protocolset,correct) = getCorrectIsolatedClaims(protocolset,options)
|
2010-11-11 10:16:59 +00:00
|
|
|
print "Investigating %i correct claims." % (len(correct))
|
2006-08-11 18:25:34 +01:00
|
|
|
# For all these claims...
|
2010-11-09 09:07:49 +00:00
|
|
|
widgets = ['Scanning for MPA attacks: ', Percentage(), ' ',
|
|
|
|
Bar(marker='#',left='[',right=']')
|
|
|
|
]
|
|
|
|
pbar = ProgressBar(widgets=widgets, maxval=len(correct))
|
|
|
|
pbar.start()
|
|
|
|
count = 0
|
2010-11-12 09:37:48 +00:00
|
|
|
|
|
|
|
# Concatenate options but add space iff needed
|
|
|
|
alloptions = (options + " " + mpaoptions).strip()
|
|
|
|
|
2006-08-07 19:23:30 +01:00
|
|
|
for (protocol,claimid) in correct:
|
2006-08-11 18:25:34 +01:00
|
|
|
# Try to find multi-protocol attacks
|
2010-11-12 09:37:48 +00:00
|
|
|
findMPA(protocolset,protocol,claimid,maxcount,options=alloptions)
|
2010-11-09 09:07:49 +00:00
|
|
|
count += 1
|
|
|
|
pbar.update(count)
|
|
|
|
pbar.finish()
|
2006-08-08 14:19:17 +01:00
|
|
|
|
2010-11-11 10:16:59 +00:00
|
|
|
"""
|
|
|
|
The below computation assumes protocol names are unique to files, but if
|
|
|
|
they are not, some other errors should have been reported by the Scyther
|
|
|
|
backend anyway (conflicting protocol definitions in MPA analysis).
|
|
|
|
"""
|
|
|
|
mpaprots = []
|
|
|
|
for (claimid,mpalist) in FOUND:
|
|
|
|
pel = claimid.split(",")
|
|
|
|
pn = pel[0]
|
|
|
|
if pn not in mpaprots:
|
|
|
|
mpaprots.append(pn)
|
|
|
|
|
|
|
|
print "-" * 70
|
|
|
|
print "Summary:"
|
|
|
|
print
|
|
|
|
print "We scanned %i protocols with options [%s]." % (len(protocolset),options)
|
|
|
|
print "We found %i correct claims." % (len(correct))
|
2010-11-12 12:28:22 +00:00
|
|
|
print "We then scanned combinations of at most %i protocols with options [%s]." % (maxcount,alloptions)
|
|
|
|
print "We found %i MPA attacks." % (len(FOUND))
|
2010-11-11 10:16:59 +00:00
|
|
|
print "The attacks involve the claims of %i protocols." % (len(mpaprots))
|
|
|
|
print "-" * 70
|
|
|
|
|
2006-08-08 14:19:17 +01:00
|
|
|
|
2010-11-09 09:07:49 +00:00
|
|
|
def bigTest():
|
|
|
|
"""
|
|
|
|
Perform the tests as reported in the book.
|
|
|
|
"""
|
|
|
|
import os
|
|
|
|
|
|
|
|
testpath = "Protocols/MultiProtocolAttacks/"
|
|
|
|
fl = os.listdir(testpath)
|
|
|
|
nl = []
|
|
|
|
for fn in fl:
|
|
|
|
if fn.endswith(".spdl"):
|
|
|
|
nl.append(fn)
|
|
|
|
|
|
|
|
# Report list
|
|
|
|
print "Performing multi-protocol analysis for the following protocols:", nl
|
|
|
|
|
|
|
|
# Prepend again the path
|
|
|
|
l = []
|
|
|
|
for fn in nl:
|
|
|
|
l.append(testpath+fn)
|
|
|
|
|
2010-11-11 11:08:53 +00:00
|
|
|
### Simplified test setup
|
|
|
|
#defopts = "--max-runs=3 -T 360"
|
|
|
|
#maxcount = 2
|
2010-11-12 09:37:48 +00:00
|
|
|
#mpaopts = ""
|
2010-11-11 11:08:53 +00:00
|
|
|
|
|
|
|
### Full test setup
|
2010-11-12 09:37:48 +00:00
|
|
|
#defopts = "--max-runs=4 -T 600"
|
|
|
|
#mpaopts = ""
|
|
|
|
#maxcount = 3
|
|
|
|
|
|
|
|
### Full test setup with --init-unique
|
2010-11-11 11:08:53 +00:00
|
|
|
defopts = "--max-runs=4 -T 600"
|
2010-11-12 09:37:48 +00:00
|
|
|
mpaopts = "--init-unique"
|
2010-11-11 11:08:53 +00:00
|
|
|
maxcount = 3
|
2010-11-09 09:07:49 +00:00
|
|
|
|
|
|
|
# First typed
|
|
|
|
print "Scanning without type flaws"
|
2010-11-12 09:37:48 +00:00
|
|
|
findAllMPA(l,maxcount=maxcount,options = defopts + " --match=0", mpaoptions = mpaopts)
|
2010-11-09 09:07:49 +00:00
|
|
|
# Basic type flaws
|
|
|
|
print "Scanning for basic type flaws"
|
2010-11-12 09:37:48 +00:00
|
|
|
findAllMPA(l,maxcount=maxcount,options = defopts + " --match=1", mpaoptions = mpaopts)
|
2010-11-09 09:07:49 +00:00
|
|
|
# All type flaws
|
|
|
|
print "Scanning for any type flaws"
|
2010-11-12 09:37:48 +00:00
|
|
|
findAllMPA(l,maxcount=maxcount,options = defopts + " --match=2", mpaoptions = mpaopts)
|
2010-11-09 09:07:49 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def simpleTest():
|
2006-08-08 14:19:17 +01:00
|
|
|
"""
|
2006-08-11 18:25:34 +01:00
|
|
|
Simple test case with a few protocols
|
2006-08-08 14:19:17 +01:00
|
|
|
"""
|
2006-08-11 18:25:34 +01:00
|
|
|
|
2010-11-09 09:07:49 +00:00
|
|
|
l = ['nsl3-broken.spdl','ns3.spdl','nsl3.spdl']
|
|
|
|
print "Performing multi-protocol analysis for the following protocols:", l
|
2006-08-11 18:25:34 +01:00
|
|
|
print
|
2010-11-09 09:07:49 +00:00
|
|
|
findAllMPA(l)
|
2006-08-11 18:25:34 +01:00
|
|
|
print
|
|
|
|
print "Analysis complete."
|
2006-08-07 19:23:30 +01:00
|
|
|
|
|
|
|
|
2010-11-09 09:07:49 +00:00
|
|
|
def main():
|
|
|
|
bigTest()
|
|
|
|
#simpleTest()
|
|
|
|
|
|
|
|
|
2007-01-27 21:42:16 +00:00
|
|
|
if __name__ == '__main__':
|
|
|
|
main()
|
2006-08-07 19:23:30 +01:00
|
|
|
|
|
|
|
|
2007-01-27 21:42:16 +00:00
|
|
|
# vim: set ts=4 sw=4 et list lcs=tab\:>-:
|