- Adding NotModelled.txt, describing which SPORE protocols have not been

modelled and why
- Adding ccitt509 and friends

spdl/SPORE/NotModelled.txt

@@ -0,0 +1,6 @@
+The following protocols have not been modelled for use in Scyther:
+
+- CAM http://www.lsv.ens-cachan.fr/spore/cam.html
+This protocol only consists of one message and corresponding database actions.
+The description given in SPORE is unsuitable for formalisation.
+

spdl/SPORE/ccitt509-1.spdl

@@ -0,0 +1,51 @@
+# CCITT X.509 (1)
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/ccittx509_1.html
+#
+# Note:
+# The attack in SPORE is not found as this is not an attack against
+# synchronisation, but an attack against the freshness of Xa and Ya
+# which can currently not be modelled in scyther
+#
+
+const pk: Function;
+secret sk: Function;
+inversekeys(pk,sk);
+usertype Timestamp;
+
+protocol ccitt5091(I,R)
+{
+	role I
+	{
+		const Ta: Timestamp;
+        const Na,Xa,Ya: Nonce;
+		send_1(I,R, I,{Ta, Na, R, Xa,{Ya}pk(R)}sk(I));
+        # claim_2(I,Nisynch);
+        # This claim is useless as there are no preceding read events
+	}	
+	
+	role R
+	{
+		var Ta: Timestamp;
+        var Na,Xa,Ya: Nonce;
+
+		read_1(I,R, I,{Ta, Na, R, Xa,{Ya}pk(R)}sk(I));
+		claim_3(R,Nisynch);
+        # There should also be Fresh Xa and Fresh Ya claims here
+	}
+}
+
+const Alice,Bob,Eve: Agent;
+
+untrusted Eve;
+const ne: Nonce;
+const te: Timestamp;
+compromised sk(Eve);
+
+# General scenario, 2 parallel runs of the protocol
+
+run ccitt5091.I(Agent,Agent);
+run ccitt5091.R(Agent,Agent);
+run ccitt5091.I(Agent,Agent);
+run ccitt5091.R(Agent,Agent);

spdl/SPORE/ccitt509-1c.spdl

@@ -0,0 +1,50 @@
+# CCITT X.509 (1c)
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/ccittx509_1c.html
+#
+# Note:
+# According to SPORE there are no known attacks on this protocol
+#
+
+const pk,hash: Function;
+secret sk,unhash: Function;
+inversekeys (hash,unhash);
+inversekeys(pk,sk);
+usertype Timestamp;
+
+protocol ccitt5091c(I,R)
+{
+	role I
+	{
+		const Ta: Timestamp;
+        const Na,Xa,Ya: Nonce;
+		send_1(I,R, I,{Ta, Na, R, Xa,{Ya,{hash(Ya)}sk(I)}pk(R)}sk(I));
+        # claim_2(I,Nisynch);
+        # This claim is useless as there are no preceding read events
+	}	
+	
+	role R
+	{
+		var Ta: Timestamp;
+        var Na,Xa,Ya: Nonce;
+
+		read(I,R, I,{Ta, Na, R, Xa,{Ya,{hash(Ya)}sk(I)}pk(R)}sk(I));
+		claim_3(R,Nisynch);
+        # There should also be Fresh Xa and Fresh Ya claims here
+	}
+}
+
+const Alice,Bob,Eve: Agent;
+
+untrusted Eve;
+const ne: Nonce;
+const te: Timestamp;
+compromised sk(Eve);
+
+# General scenario, 2 parallel runs of the protocol
+
+run ccitt5091c.I(Agent,Agent);
+run ccitt5091c.R(Agent,Agent);
+run ccitt5091c.I(Agent,Agent);
+run ccitt5091c.R(Agent,Agent);