68 lines
1.1 KiB
Plaintext
68 lines
1.1 KiB
Plaintext
|
/*
|
||
|
|
* Needham-Schroeder protocol
|
||
|
|
*/
|
||
|
|
|
||
|
|
// PKI infrastructure
|
||
|
|
|
||
|
|
const pk: Function;
|
||
|
|
secret sk: Function;
|
||
|
|
inversekeys (pk,sk);
|
||
|
|
|
||
|
|
// The protocol description
|
||
|
|
|
||
|
|
protocol ns3(I,R)
|
||
|
|
{
|
||
|
|
role I
|
||
|
|
{
|
||
|
|
const ni: Nonce;
|
||
|
|
var nr: Nonce;
|
||
|
|
|
||
|
|
send_1(I,R, {I,ni}pk(R) );
|
||
|
|
read_2(R,I, {ni,nr}pk(I) );
|
||
|
|
send_3(I,R, {nr}pk(R) );
|
||
|
|
claim_i1(I,Secret,ni);
|
||
|
|
claim_i2(I,Secret,nr);
|
||
|
|
claim_i3(I,Niagree);
|
||
|
|
claim_i4(I,Nisynch);
|
||
|
|
}
|
||
|
|
|
||
|
|
role R
|
||
|
|
{
|
||
|
|
var ni: Nonce;
|
||
|
|
const nr: Nonce;
|
||
|
|
|
||
|
|
read_1(I,R, {I,ni}pk(R) );
|
||
|
|
send_2(R,I, {ni,nr}pk(I) );
|
||
|
|
read_3(I,R, {nr}pk(R) );
|
||
|
|
claim_r1(R,Secret,ni);
|
||
|
|
claim_r2(R,Secret,nr);
|
||
|
|
claim_r3(R,Niagree);
|
||
|
|
claim_r4(R,Nisynch);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
// The agents in the system
|
||
|
|
|
||
|
|
const Alice,Bob: Agent;
|
||
|
|
|
||
|
|
// An untrusted agent, with leaked information
|
||
|
|
|
||
|
|
const Eve: Agent;
|
||
|
|
untrusted Eve;
|
||
|
|
const ne: Nonce;
|
||
|
|
compromised sk(Eve);
|
||
|
|
|
||
|
|
// The runs (only needed for the modelchecker algorithm)
|
||
|
|
|
||
|
|
run ns3.I(Agent,Agent);
|
||
|
|
run ns3.R(Agent,Agent);
|
||
|
|
run ns3.I(Agent,Agent);
|
||
|
|
run ns3.R(Agent,Agent);
|
||
|
|
run ns3.I(Agent,Agent);
|
||
|
|
run ns3.R(Agent,Agent);
|
||
|
|
run ns3.I(Agent,Agent);
|
||
|
|
run ns3.R(Agent,Agent);
|
||
|
|
run ns3.I(Agent,Agent);
|
||
|
|
run ns3.R(Agent,Agent);
|
||
|
|
|