- Adding otway rees and smart right protocols

spdl/SPORE/NotModelled.txt

@@ -16,3 +16,8 @@ not be modelled in scyther.
 This protocol relies on algebraic properties that can not be modelled in
 scyther.
 
+- SK3
+This protocol relies on algebraic properties that can not be modelled in
+scyther. It also has the notion of channels that can not be attacked,
+which can not be modelled in scyther either.
+

spdl/SPORE/otwayrees.spdl

@@ -0,0 +1,71 @@
+# Otway Rees
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/otwayRees.html
+#
+#
+# Note:
+# This protocol uses a ticket so scyther will only be able to verify
+# the protocol using the ARACHNE engine (-a) and type 2 matching (-m2)
+#
+
+
+secret const k : Function;
+
+usertype String,SessionKey,Ticket;
+
+protocol otwayrees(I,R,S)
+{
+	role I
+	{
+		const Ni : Nonce;
+		const M : String;
+		var Kir : SessionKey;
+
+		send_1(I,R, M,I,R,{Ni,M,I,R}k(I,S) );
+		read_4(R,I, M,{Ni,Kir}k(I,S) );
+
+		claim_I1(I, Secret,Kir);
+        #claim_I2(I, Nisynch);
+	}
+
+	role R
+	{
+		var M : String;
+		const Nr : Nonce;
+		var Kir : SessionKey;
+		var T1,T2: Ticket;
+
+		read_1(I,R, M,I,R, T1 );
+		send_2(R,S, M,I,R, T1, { Nr,M,I,R }k(R,S) );
+		read_3(S,R, M, T2, { Nr,Kir }k(R,S) );
+		send_4(R,I, M, T2 );
+
+		claim_R1(R, Secret,Kir);
+        #claim_R2(R, Nisynch);
+	}
+
+	role S
+	{
+		var Ni,Nr : Nonce;
+		var M : String;
+		const Kir : SessionKey;
+		
+		read_2(R,S, M,I,R, { Ni,M,I,R}k(I,S), { Nr,M,I,R }k(R,S) );
+		send_3(S,R, M, { Ni,Kir }k(I,S) , { Nr,Kir }k(R,S) );
+	}
+}
+
+const Alice, Bob, Eve, Simon: Agent;
+
+untrusted Eve;
+compromised k(Eve,Simon);
+
+run otwayrees.A(Alice, Agent, Simon);
+run otwayrees.B(Agent, Bob, Simon);
+run otwayrees.S(Agent, Agent, Simon);
+
+run otwayrees.A(Agent, Agent, Simon);
+run otwayrees.B(Agent, Agent, Simon);
+run otwayrees.S(Agent, Agent, Simon);
+

spdl/SPORE/smartright.spdl

@@ -0,0 +1,65 @@
+# SmartRight view-only
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/smartright_viewonly.html
+#
+# Note:
+# According to SPORE there are no known attacks on this protocol
+#
+# Note:
+# This protocol uses a ticket so scyther will only be able to verify
+# the protocol using the ARACHNE engine (-a) and type 2 matching (-m2)
+#
+# Note:
+# Scyther finds an attack because the value of VoR in te last message can
+# be replaced with an arbitrary value
+
+const hash: Function;
+secret unhash: Function;
+secret k: Function;
+inversekeys (hash,unhash);
+usertype SessionKey;
+usertype Ticket;
+usertype XorKey;
+const Vor: XorKey;
+
+protocol smartright(I,R)
+{
+	role I
+	{
+		const VoKey: SessionKey;
+        const VoR: XorKey;
+        const CW;
+        var VoRi: Nonce;
+
+        send_1(I,R, {VoKey,{CW}VoR}k(I,R));
+        read_2(R,I, VoRi);
+        send_3(I,R, VoR, {{VoRi}hash}VoKey);
+	}	
+	
+	role R
+	{
+        var T: Ticket;
+        var VoR: XorKey;
+        var VoKey: SessionKey;
+        const VoRi: Nonce;
+
+        read_1(I,R, {VoKey,T}k(I,R));
+        send_2(R,I, VoRi);
+        read_3(I,R, VoR,{{VoRi}hash}VoKey);
+
+		claim_R1(R,Nisynch);
+	}
+}
+
+const Alice,Bob,Eve: Agent;
+
+untrusted Eve;
+const ne: Nonce;
+
+# General scenario, 2 parallel runs of the protocol
+
+run smartright.I(Agent,Agent);
+run smartright.R(Agent,Agent);
+run smartright.I(Agent,Agent);
+run smartright.R(Agent,Agent);