2006-11-21 13:42:06 +00:00
|
|
|
# SmartRight view-only
|
|
|
|
|
#
|
|
|
|
|
# Modelled after the description in the SPORE library
|
|
|
|
|
# http://www.lsv.ens-cachan.fr/spore/smartright_viewonly.html
|
|
|
|
|
#
|
|
|
|
|
# Note:
|
|
|
|
|
# According to SPORE there are no known attacks on this protocol
|
|
|
|
|
#
|
|
|
|
|
# Note:
|
|
|
|
|
# Scyther finds an attack because the value of VoR in te last message can
|
|
|
|
|
# be replaced with an arbitrary value
|
|
|
|
|
|
2012-04-23 14:53:28 +01:00
|
|
|
hashfunction hash;
|
2006-11-21 13:42:06 +00:00
|
|
|
usertype SessionKey;
|
|
|
|
|
usertype XorKey;
|
|
|
|
|
const Vor: XorKey;
|
|
|
|
|
|
|
|
|
|
protocol smartright(I,R)
|
|
|
|
|
{
|
|
|
|
|
role I
|
|
|
|
|
{
|
2012-04-23 14:53:28 +01:00
|
|
|
fresh VoKey: SessionKey;
|
|
|
|
|
fresh VoR: XorKey;
|
|
|
|
|
fresh CW;
|
2006-11-21 13:42:06 +00:00
|
|
|
var VoRi: Nonce;
|
|
|
|
|
|
|
|
|
|
send_1(I,R, {VoKey,{CW}VoR}k(I,R));
|
|
|
|
|
read_2(R,I, VoRi);
|
|
|
|
|
send_3(I,R, VoR, {{VoRi}hash}VoKey);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
role R
|
|
|
|
|
{
|
|
|
|
|
var T: Ticket;
|
|
|
|
|
var VoR: XorKey;
|
|
|
|
|
var VoKey: SessionKey;
|
2012-04-23 14:53:28 +01:00
|
|
|
fresh VoRi: Nonce;
|
2006-11-21 13:42:06 +00:00
|
|
|
|
|
|
|
|
read_1(I,R, {VoKey,T}k(I,R));
|
|
|
|
|
send_2(R,I, VoRi);
|
|
|
|
|
read_3(I,R, VoR,{{VoRi}hash}VoKey);
|
|
|
|
|
|
|
|
|
|
claim_R1(R,Nisynch);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
