diff --git a/spdl/SPORE/ksl-lowe.spdl b/spdl/SPORE/ksl-lowe.spdl new file mode 100644 index 0000000..f952381 --- /dev/null +++ b/spdl/SPORE/ksl-lowe.spdl @@ -0,0 +1,85 @@ +# Lowe modified KSL +# +# Modelled after the description in the SPORE library +# http://www.lsv.ens-cachan.fr/spore/kslLowe.html +# +# Note: +# This protocol uses a ticket so scyther will only be able to verify +# the protocol using the ARACHNE engine (-a) and type 2 matching (-m2) +# +# Note: +# According to SPORE there are no attacks on this protocol, scyther +# finds one however. This has to be investigated further. + +usertype Server, SessionKey, GeneralizedTimestamp, Ticket, TicketKey; +secret k: Function; + +const a, b, e: Agent; +const s: Server; + + +const ne: Nonce; +const kee: SessionKey; +untrusted e; +compromised k(e,s); + +protocol kslLowe(A,B,S) +{ + role A + { + const Na, Ma: Nonce; + var Nc, Mb: Nonce; + var T: Ticket; + var Kab: SessionKey; + + send_1(A,B, Na, A); + read_4(B,A, { Na,B,Kab }k(A,S), T, Nc, {B,Na}Kab ); + send_5(A,B, { Nc }Kab ); + + send_6(A,B, Ma,T ); + read_7(B,A, Mb,{Ma, B}Kab ); + send_8(A,B, {A,Mb}Kab ); + + claim_A1(A,Secret, Kab); + claim_A2(A,Niagree); + claim_A3(A,Nisynch); + } + + role B + { + var Na,Ma: Nonce; + const Nb,Nc,Mb: Nonce; + var Kab: SessionKey; + const Kbb: TicketKey; + const Tb: GeneralizedTimestamp; + var T: Ticket; + + read_1(A,B, Na, A); + send_2(B,S, Na, A, Nb, B ); + read_3(S,B, { A, Nb, Kab }k(B,S), T ); + send_4(B,A, T, { Tb, A, Kab }Kbb, Nc, {B, Na}Kab ); + read_5(A,B, { Nc }Kab ); + + read_6(A,B, Ma,{ Tb, A, Kab }Kbb ); + send_7(B,A, Mb,{Ma,B}Kab ); + read_8(A,B, {A,Mb}Kab ); + + claim_B1(B,Secret, Kab); + claim_B2(B,Niagree); + claim_B3(B,Nisynch); + } + + role S + { + var Na, Nb: Nonce; + const Kab: SessionKey; + + read_2(B,S, Na, A, Nb, B ); + send_3(S,B, { A, Nb, Kab }k(B,S), { Na,B,Kab }k(A,S) ); + } +} + +run kslLowe.A(a,b,s); +run kslLowe.B(a,b,s); +run kslLowe.S(a,b,s); + diff --git a/spdl/SPORE/ksl.spdl b/spdl/SPORE/ksl.spdl new file mode 100644 index 0000000..8c8f821 --- /dev/null +++ b/spdl/SPORE/ksl.spdl @@ -0,0 +1,82 @@ +# KSL +# +# Modelled after the description in the SPORE library +# http://www.lsv.ens-cachan.fr/spore/ksl.html +# +# Note: +# This protocol uses a ticket so scyther will only be able to verify +# the protocol using the ARACHNE engine (-a) and type 2 matching (-m2) +# + + +usertype Server, SessionKey, GeneralizedTimestamp, Ticket, TicketKey; +secret k: Function; + +const a, b, e: Agent; +const s: Server; + +const ne: Nonce; +const kee: SessionKey; +untrusted e; +compromised k(e,s); + +protocol ksl(A,B,S) +{ + role A + { + const Na, Ma: Nonce; + var Nc, Mb: Nonce; + var T: Ticket; + var Kab: SessionKey; + + send_1(A,B, Na, A); + read_4(B,A, { Na,B,Kab }k(A,S), T, Nc, {Na}Kab ); + send_5(A,B, { Nc }Kab ); + + send_6(A,B, Ma,T ); + read_7(B,A, Mb,{Ma}Kab ); + send_8(A,B, {Mb}Kab ); + + claim_A1(A,Secret, Kab); + claim_A2(A,Niagree); + claim_A3(A,Nisynch); + } + + role B + { + var Na,Ma: Nonce; + const Nb,Nc,Mb: Nonce; + var Kab: SessionKey; + const Kbb: TicketKey; + const Tb: GeneralizedTimestamp; + var T: Ticket; + + read_1(A,B, Na, A); + send_2(B,S, Na, A, Nb, B ); + read_3(S,B, { Nb, A, Kab }k(B,S), T ); + send_4(B,A, T, { Tb, A, Kab }Kbb, Nc, {Na}Kab ); + read_5(A,B, { Nc }Kab ); + + read_6(A,B, Ma,{ Tb, A, Kab }Kbb ); + send_7(B,A, Mb,{Ma}Kab ); + read_8(A,B, {Mb}Kab ); + + claim_B1(B,Secret, Kab); + claim_B2(B,Niagree); + claim_B3(B,Nisynch); + } + + role S + { + var Na, Nb: Nonce; + const Kab: SessionKey; + + read_2(B,S, Na, A, Nb, B ); + send_3(S,B, { Nb, A, Kab }k(B,S), { Na,B,Kab }k(A,S) ); + } +} + +run ksl.A(a,b,s); +run ksl.B(a,b,s); +run ksl.S(a,b,s); + diff --git a/spdl/SPORE/neumannstub.spdl b/spdl/SPORE/neumannstub.spdl new file mode 100644 index 0000000..07e97de --- /dev/null +++ b/spdl/SPORE/neumannstub.spdl @@ -0,0 +1,79 @@ +# Neumann Stubblebine +# +# Modelled after the description in the SPORE library +# http://www.lsv.ens-cachan.fr/spore/neumannStubblebine.html +# +# Note: +# This protocol uses a ticket so scyther will only be able to verify +# the protocol using the ARACHNE engine (-a) and type 2 matching (-m2) +# + + +usertype Server, SessionKey, TimeStamp, Ticket, TicketKey; +secret k: Function; + +const a, b, e: Agent; +const s: Server; + +const ne: Nonce; +const kee: SessionKey; +untrusted e; +compromised k(e,s); + +protocol neustub(I,R,S) +{ + role I + { + const Ni,Mi: Nonce; + var Nr,Mr: Nonce; + var T: Ticket; + var Tb: TimeStamp; + var Kir: SessionKey; + + send_1(I,R, I, Ni); + read_3(S,I, { R,Ni,Kir,Tb}k(I,S), T, Nr); + send_4(I,R,T,{Nr}Kir); + send_5(I,R,Mi,T); + read_6(R,I,Mr,{Mi}Kir); + send_7(I,R,{Mr}Kir); + + claim_I1(I,Secret, Kir); + claim_I2(I,Niagree); + claim_I3(I,Nisynch); + } + + role R + { + var Ni,Mi: Nonce; + const Nr,Mr: Nonce; + var Kir: SessionKey; + const Tb: TimeStamp; + var T: Ticket; + + read_1(I,R, I, Ni); + send_2(R,S, R, {I, Ni, Tb}k(R,S),Nr); + read_4(I,R,{I,Kir,Tb}k(R,S),{Nr}Kir); + read_5(I,R,Mi,T); + send_6(R,I,Mr,{Mi}Kir); + read_7(I,R,{Mr}Kir); + + claim_R1(R,Secret, Kir); + claim_R2(R,Niagree); + claim_R3(R,Nisynch); + } + + role S + { + var Ni, Nr: Nonce; + const Kir: SessionKey; + var Tb: TimeStamp; + + read_2(R,S, R, {I,Ni,Tb}k(R,S), Nr); + send_3(S,I, { R, Ni, Kir, Tb}k(I,S), { I,Kir,Tb}k(R,S),Nr ); + } +} + +run neustub.A(a,b,s); +run neustub.B(a,b,s); +run neustub.S(a,b,s); +