- Adding NotModelled.txt, describing which SPORE protocols have not been

modelled and why
- Adding ccitt509 and friends
This commit is contained in:
gijs 2005-04-29 13:14:23 +00:00
parent 0b22c4a4bb
commit 113a3c5dfc
3 changed files with 107 additions and 0 deletions

View File

@ -0,0 +1,6 @@
The following protocols have not been modelled for use in Scyther:
- CAM http://www.lsv.ens-cachan.fr/spore/cam.html
This protocol only consists of one message and corresponding database actions.
The description given in SPORE is unsuitable for formalisation.

View File

@ -0,0 +1,51 @@
# CCITT X.509 (1)
#
# Modelled after the description in the SPORE library
# http://www.lsv.ens-cachan.fr/spore/ccittx509_1.html
#
# Note:
# The attack in SPORE is not found as this is not an attack against
# synchronisation, but an attack against the freshness of Xa and Ya
# which can currently not be modelled in scyther
#
const pk: Function;
secret sk: Function;
inversekeys(pk,sk);
usertype Timestamp;
protocol ccitt5091(I,R)
{
role I
{
const Ta: Timestamp;
const Na,Xa,Ya: Nonce;
send_1(I,R, I,{Ta, Na, R, Xa,{Ya}pk(R)}sk(I));
# claim_2(I,Nisynch);
# This claim is useless as there are no preceding read events
}
role R
{
var Ta: Timestamp;
var Na,Xa,Ya: Nonce;
read_1(I,R, I,{Ta, Na, R, Xa,{Ya}pk(R)}sk(I));
claim_3(R,Nisynch);
# There should also be Fresh Xa and Fresh Ya claims here
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const ne: Nonce;
const te: Timestamp;
compromised sk(Eve);
# General scenario, 2 parallel runs of the protocol
run ccitt5091.I(Agent,Agent);
run ccitt5091.R(Agent,Agent);
run ccitt5091.I(Agent,Agent);
run ccitt5091.R(Agent,Agent);

View File

@ -0,0 +1,50 @@
# CCITT X.509 (1c)
#
# Modelled after the description in the SPORE library
# http://www.lsv.ens-cachan.fr/spore/ccittx509_1c.html
#
# Note:
# According to SPORE there are no known attacks on this protocol
#
const pk,hash: Function;
secret sk,unhash: Function;
inversekeys (hash,unhash);
inversekeys(pk,sk);
usertype Timestamp;
protocol ccitt5091c(I,R)
{
role I
{
const Ta: Timestamp;
const Na,Xa,Ya: Nonce;
send_1(I,R, I,{Ta, Na, R, Xa,{Ya,{hash(Ya)}sk(I)}pk(R)}sk(I));
# claim_2(I,Nisynch);
# This claim is useless as there are no preceding read events
}
role R
{
var Ta: Timestamp;
var Na,Xa,Ya: Nonce;
read(I,R, I,{Ta, Na, R, Xa,{Ya,{hash(Ya)}sk(I)}pk(R)}sk(I));
claim_3(R,Nisynch);
# There should also be Fresh Xa and Fresh Ya claims here
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const ne: Nonce;
const te: Timestamp;
compromised sk(Eve);
# General scenario, 2 parallel runs of the protocol
run ccitt5091c.I(Agent,Agent);
run ccitt5091c.R(Agent,Agent);
run ccitt5091c.I(Agent,Agent);
run ccitt5091c.R(Agent,Agent);