scyther/gui/Protocols/MultiProtocolAttacks/boyd.spdl

57 lines
1.0 KiB
Plaintext
Raw Normal View History

usertype Sessionkey;
usertype Macseed;
const m: Function;
secret unm: Function;
const f: Function;
inversekeys (m, unm);
/*
* Boyd key agreement
*
* Boyd & Mathuria: Protocols for authentication and key establishment
* (2003) p. 101
*
* Note that MAC_ks(x) has been interpreted as MAC(x,ks); this
* assumption causes some possible false attacks.
*/
protocol boyd(I,R,S)
{
role I
{
fresh ni: Nonce;
var nr: Nonce;
var ks: Macseed;
send_1 (I,S, I,R, ni );
read_3 (R,I, { I,R, ks }k(I,S), m(ni, m(ks,ni,nr)), nr );
send_4 (I,R, m(nr, m(ks,ni,nr)) );
claim_6 (I, Secret, m(ks,ni,nr) );
}
role R
{
var ni: Nonce;
fresh nr: Nonce;
var ks: Macseed;
read_2 (S,R, { I,R, ks }k(I,S), { I,R, ks }k(R,S), ni );
send_3 (R,I, { I,R, ks }k(I,S), m(ni, m(ks,ni,nr)), nr );
read_4 (I,R, m(nr, m(ks,ni,nr)) );
claim_10 (R, Secret, m(ks,ni,nr));
}
role S
{
var ni,nr: Nonce;
fresh ks: Macseed;
read_1 (I,S, I,R, ni );
send_2 (S,R, { I,R, ks }k(I,S), { I,R, ks }k(R,S), ni );
}
}