scyther/gui/Protocols/ISO-9798/isoiec-9798-2-4-udkey.spdl

/*
 * Modeled from ISO/IEC 9798
 * Modeler: Cas Cremers, Dec. 2010
 *
 * symmetric
 * three-pass
 * mutual
 *
 * Note: the identity inside the encryption may be ommitted, if
 *   (a) the environment disallows such attacks, or
 *   (b) a unidirectional key is used
 *
 * In case (b), modeled here, the second key is reversed.
 */
protocol isoiec-9798-2-4-udkey(A,B)
{
	role A
	{
		var RB: Nonce;
		fresh RA: Nonce;
		var Text1,Text4,Text5: Ticket;
		fresh Text2,Text3: Ticket;

		recv_1(B,A, RB,Text1 );
		claim(A,Running,B,RA,RB,Text2);
		send_2(A,B, Text3, { RA, RB, Text2 }k(A,B) );
		recv_3(B,A, Text5, { RB, RA, Text4 }k(B,A) );

		claim(A,Commit,B,RA,RB,Text2,Text4);
		claim(A,Alive);
		claim(A,Weakagree);
	}
	role B
	{
		fresh RB: Nonce;
		var RA: Nonce;
		fresh Text1,Text4,Text5: Ticket;
		var Text2,Text3: Ticket;

		send_1(B,A, RB,Text1 );
		recv_2(A,B, Text3, { RA, RB, Text2 }k(A,B) );
		claim(B,Running,A,RA,RB,Text2,Text4);
		send_3(B,A, Text5, { RB, RA, Text4 }k(B,A) );

		claim(B,Commit,A,RA,RB,Text2);
		claim(B,Alive);
		claim(B,Weakagree);
	}
}
Added ISO/IEC 9798 models. 2012-11-15 11:10:06 +00:00			`/*`
			`* Modeled from ISO/IEC 9798`
			`* Modeler: Cas Cremers, Dec. 2010`
			`*`
			`* symmetric`
			`* three-pass`
			`* mutual`
			`*`
			`* Note: the identity inside the encryption may be ommitted, if`
			`* (a) the environment disallows such attacks, or`
			`* (b) a unidirectional key is used`
			`*`
			`* In case (b), modeled here, the second key is reversed.`
			`*/`
			`protocol isoiec-9798-2-4-udkey(A,B)`
			`{`
			`role A`
			`{`
			`var RB: Nonce;`
			`fresh RA: Nonce;`
			`var Text1,Text4,Text5: Ticket;`
			`fresh Text2,Text3: Ticket;`

			`recv_1(B,A, RB,Text1 );`
			`claim(A,Running,B,RA,RB,Text2);`
			`send_2(A,B, Text3, { RA, RB, Text2 }k(A,B) );`
			`recv_3(B,A, Text5, { RB, RA, Text4 }k(B,A) );`

			`claim(A,Commit,B,RA,RB,Text2,Text4);`
			`claim(A,Alive);`
			`claim(A,Weakagree);`
			`}`
			`role B`
			`{`
			`fresh RB: Nonce;`
			`var RA: Nonce;`
			`fresh Text1,Text4,Text5: Ticket;`
			`var Text2,Text3: Ticket;`

			`send_1(B,A, RB,Text1 );`
			`recv_2(A,B, Text3, { RA, RB, Text2 }k(A,B) );`
			`claim(B,Running,A,RA,RB,Text2,Text4);`
			`send_3(B,A, Text5, { RB, RA, Text4 }k(B,A) );`

			`claim(B,Commit,A,RA,RB,Text2);`
			`claim(B,Alive);`
			`claim(B,Weakagree);`
			`}`
			`}`