andr3/scyther
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MPA: Added code for testing self-initiator stuff.

Browse Source
This commit is contained in:
Cas Cremers 2010-11-15 17:39:03 +01:00
parent edba6aac7f
commit 08ae9a2ac9
1 changed files with 161 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

191
gui/test-mpa.py
View File

@ -35,6 +35,7 @@ from Scyther import Scyther
from optparse import OptionParser, SUPPRESS_HELP from optparse import OptionParser, SUPPRESS_HELP
import time import time
import os.path
try: try:
from progressbar import * from progressbar import *
@ -64,23 +65,24 @@ def parseArgs():
parser = OptionParser(usage=usage,description=description) parser = OptionParser(usage=usage,description=description)
# command # command
parser.add_option("-t","--typed",dest="types",default=None,action="store_const",const=[0], parser.add_option("-t","--typed",dest="types",default=[0],action="store_const",const=[0],
help="Verify protocols with respect to a typed model (-m 0)") help="Verify protocols with respect to a typed model (-m 0)")
parser.add_option("-b","--basic-types",dest="types",default=None,action="store_const",const=[1], parser.add_option("-b","--basic-types",dest="types",default=[1],action="store_const",const=[1],
help="Verify protocols with respect to basic type flaws only (-m 1)") help="Verify protocols with respect to basic type flaws only (-m 1)")
parser.add_option("-u","--untyped",dest="types",default=None,action="store_const",const=[2], parser.add_option("-u","--untyped",dest="types",default=[2],action="store_const",const=[2],
help="Verify protocols with respect to an untyped model (-m 2)") help="Verify protocols with respect to an untyped model (-m 2)")
parser.add_option("-T","--all-types",dest="types",default=[0],action="store_const",const=[0,1,2],
help="Verify protocols with respect to all matching types")
parser.add_option("-m","--max-protocols",type="int",dest="maxprotocols",default=3, parser.add_option("-m","--max-protocols",type="int",dest="maxprotocols",default=3,
help="Define maximum number of protocols in a multi-protocol attack.") help="Define maximum number of protocols in a multi-protocol attack.")
parser.add_option("-T","--all-types",dest="types",default=None,action="store_const",const=[0,1,2],
help="Verify protocols with respect to all matching types")
parser.add_option("-U","--init-unique",dest="initunique",default=False,action="store_true", parser.add_option("-U","--init-unique",dest="initunique",default=False,action="store_true",
help="Use Scythers --init-unique switch to filter out initiators talking to themselves.") help="Use Scythers --init-unique switch to filter out initiators talking to themselves.")
parser.add_option("-E","--extravert",dest="extravert",default=False,action="store_true", parser.add_option("-E","--extravert",dest="extravert",default=False,action="store_true",
help="Use Scythers --extravert switch to filter out agents talking to themselves.") help="Use Scythers --extravert switch to filter out agents talking to themselves.")
parser.add_option("","--self-communication",dest="selfcommunication",default=False,action="store_true",
help="Explore self-communication effects.")
parser.add_option("-D","--debug",dest="debug",default=False,action="store_true", parser.add_option("-D","--debug",dest="debug",default=False,action="store_true",
help="Enable debugging features.") help="Enable debugging features.")
@ -92,6 +94,48 @@ def parseArgs():
#--------------------------------------------------------------------------- #---------------------------------------------------------------------------
class Attack(object):
def __init__(self,claim,mpalist):
self.claim = claim
self.mpalist = mpalist
def protocol(self):
return self.claim.protocol
def mpashort(self):
s = []
for fn in self.mpalist:
ptn = os.path.normpath(fn)
(head,tail) = os.path.split(ptn)
s.append(tail)
return s
def __str__(self):
s = "(%s,%s)" % (self.claim.id, self.mpashort())
return s
def fullstr(self):
s = "%s,%s" % (self.claim.id, self.mpalist)
return s
def __cmp__(self,other):
s1 = self.fullstr()
s2 = other.fullstr()
if (s1 == s2):
return 0
else:
if s1 < s2:
return -1
else:
return 1
#---------------------------------------------------------------------------
def MyScyther(protocollist,filt=None,options=None): def MyScyther(protocollist,filt=None,options=None):
""" """
Evaluate the composition of the protocols in protocollist. Evaluate the composition of the protocols in protocollist.
@ -172,7 +216,7 @@ def verifyMPAlist(mpalist,claimid,options=None):
# This is an MPA attack! # This is an MPA attack!
if OPTS.debug: if OPTS.debug:
print "I've found a multi-protocol attack on claim %s in the context %s." % (claimid,str(mpalist)) print "I've found a multi-protocol attack on claim %s in the context %s." % (claimid,str(mpalist))
FOUND.append((claimid,mpalist)) FOUND.append(Attack(claim,mpalist))
return False return False
else: else:
@ -261,11 +305,12 @@ def findAllMPA(protocolset,maxcount=3,options="",mpaoptions=""):
backend anyway (conflicting protocol definitions in MPA analysis). backend anyway (conflicting protocol definitions in MPA analysis).
""" """
mpaprots = [] mpaprots = []
for (claimid,mpalist) in FOUND: res = []
pel = claimid.split(",") for att in FOUND:
pn = pel[0] pn = att.protocol()
if pn not in mpaprots: if pn not in mpaprots:
mpaprots.append(pn) mpaprots.append(pn)
res.append(att)
print "-" * 70 print "-" * 70
print "Summary:" print "Summary:"
@ -276,6 +321,107 @@ def findAllMPA(protocolset,maxcount=3,options="",mpaoptions=""):
print "We found %i MPA attacks." % (len(FOUND)) print "We found %i MPA attacks." % (len(FOUND))
print "The attacks involve the claims of %i protocols." % (len(mpaprots)) print "The attacks involve the claims of %i protocols." % (len(mpaprots))
print "-" * 70 print "-" * 70
print
return res
def showDiff(reslist):
"""
Show difference between (attacklist,descr) tuples in list
"""
for i in range(0,len(reslist)-1):
(al1,descr1) = reslist[i]
(al2,descr2) = reslist[i+1]
print "-" * 70
print "Comparing the attacks for [%s] with [%s]:" % (descr1,descr2)
print len(al1), len(al2)
print repr(al1)
print repr(al2)
for a in al2:
if a not in al1:
print "New attack: %s" % (a)
for a in al1:
if a not in al2:
print "[Strange] disappeared attack: %s" % (a)
print "-" * 70
print
def scanTypes(l = [],defopts = "",mpaopts = ""):
global OPTS, ARGS
reslist = []
if 0 in OPTS.types:
# First typed
print "Scanning without type flaws"
res = findAllMPA(l,maxcount = OPTS.maxprotocols,options = defopts + " --match=0", mpaoptions = mpaopts)
reslist.append((res,"no type flaws"))
if 1 in OPTS.types:
# Basic type flaws
print "Scanning for basic type flaws"
res = findAllMPA(l,maxcount = OPTS.maxprotocols,options = defopts + " --match=1", mpaoptions = mpaopts)
reslist.append((res,"basic type flaws"))
if 2 in OPTS.types:
# All type flaws
print "Scanning for any type flaws"
res = findAllMPA(l,maxcount = OPTS.maxprotocols,options = defopts + " --match=2", mpaoptions = mpaopts)
reslist.append((res,"type flaws"))
if len(reslist) < 1:
import sys
print "Error: we didn't do anything."
sys.exit()
return reslist
def scanSelfComm(l = [],defopts = "",mpaopts = ""):
global OPTS, ARGS
reslist = []
print "Scanning without AA-comm."
res = findAllMPA(l,maxcount = OPTS.maxprotocols,options = defopts, mpaoptions = mpaopts + " --extravert")
reslist.append((res,"Allow Alice-Alice"))
print "Scanning for AA-resp only."
res = findAllMPA(l,maxcount = OPTS.maxprotocols,options = defopts, mpaoptions = mpaopts + " --init-unique")
reslist.append((res,"Allow Alice-Alice"))
print "Scanning for AA-comm."
res = findAllMPA(l,maxcount = OPTS.maxprotocols,options = defopts, mpaoptions = mpaopts)
reslist.append((res,"Allow Alice-Alice"))
return reslist
def scanSC(l,defopts,mpaopts):
if (len(OPTS.types) > 1) and (OPTS.selfcommunication):
import sys
print "Error: cannot analyze multiple types as well as self-communication at the same time."
sys.exit()
if OPTS.selfcommunication:
reslist = scanSelfComm(l,defopts,mpaopts)
else:
reslist = scanTypes(l,defopts,mpaopts)
if len(reslist) > 1:
showDiff(reslist)
def bigTest(): def bigTest():
@ -304,11 +450,6 @@ def bigTest():
# Initialize mpa options # Initialize mpa options
mpaopts = "" mpaopts = ""
if OPTS.extravert:
mpaopts = (mpaopts + " --extravert").strip()
if OPTS.initunique:
mpaopts = (mpaopts + " --init-unique").strip()
### Simplified test setup ### Simplified test setup
#defopts = "--max-runs=3 -T 360" #defopts = "--max-runs=3 -T 360"
@ -317,23 +458,13 @@ def bigTest():
### Full test setup with --init-unique ### Full test setup with --init-unique
defopts = "--max-runs=4 -T 600" defopts = "--max-runs=4 -T 600"
maxcount = OPTS.maxprotocols
if OPTS.types == None: if OPTS.extravert:
OPTS.types = [0] mpaopts = (mpaopts + " --extravert").strip()
if OPTS.initunique:
mpaopts = (mpaopts + " --init-unique").strip()
if 0 in OPTS.types: scanSC(l,defopts,mpaopts)
# First typed
print "Scanning without type flaws"
findAllMPA(l,maxcount=maxcount,options = defopts + " --match=0", mpaoptions = mpaopts)
if 1 in OPTS.types:
# Basic type flaws
print "Scanning for basic type flaws"
findAllMPA(l,maxcount=maxcount,options = defopts + " --match=1", mpaoptions = mpaopts)
if 2 in OPTS.types:
# All type flaws
print "Scanning for any type flaws"
findAllMPA(l,maxcount=maxcount,options = defopts + " --match=2", mpaoptions = mpaopts)