From 673e0218c5c18a67248908455fae73d399ea5288 Mon Sep 17 00:00:00 2001 From: gijs Date: Mon, 23 May 2005 11:39:13 +0000 Subject: [PATCH] - Adding Woo and Lam - Adding Woo and Lam Pi (includes a possible attack that is not listed in SPORE) --- spdl/SPORE/woo-lam-pi.spdl | 67 ++++++++++++++++++++++++++++++++ spdl/SPORE/woo-lam.spdl | 79 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 146 insertions(+) create mode 100644 spdl/SPORE/woo-lam-pi.spdl create mode 100644 spdl/SPORE/woo-lam.spdl diff --git a/spdl/SPORE/woo-lam-pi.spdl b/spdl/SPORE/woo-lam-pi.spdl new file mode 100644 index 0000000..37b7233 --- /dev/null +++ b/spdl/SPORE/woo-lam-pi.spdl @@ -0,0 +1,67 @@ +# Woo and Lam Pi +# +# Modelled after the description in the SPORE library +# http://www.lsv.ens-cachan.fr/spore/wooLamPi.html +# +# Note: +# This protocol uses a ticket so scyther will only be able to verify +# the protocol using the ARACHNE engine (-a) and type 2 matching (-m2) +# +# Note: +# Scyther finds an attack that appears to be legit, but is not present in +# SPORE. +# + +usertype Ticket; + +secret k: Function; + +protocol woolamPi(I,R,S) +{ + role I + { + var Nr: Nonce; + + send_1(I,R, I); + read_2(R,I, Nr); + send_3(I,R, {Nr}k(I,S)); + + } + + role R + { + const Nr: Nonce; + var T: Ticket; + + read_1(I,R, I); + send_2(R,I, Nr); + read_3(I,R, T); + send_4(R,S, {I, T}k(R,S)); + read_5(S,R, {Nr}k(R,S)); + + claim_R1(R,Nisynch); + } + + role S + { + var Nr: Nonce; + + read_4(R,S, {I,{Nr}k(I,S)}k(R,S)); + send_5(S,R, {Nr}k(R,S)); + } +} + +const Alice,Bob,Eve,Simon: Agent; +const Te: Ticket; +const Ne: Nonce; + + +untrusted Eve; +compromised k(Eve,Simon); + +run woolamPi.I (Agent,Agent,Simon); +run woolamPi.R (Agent,Agent,Simon); +run woolamPi.S (Agent,Agent,Simon); + + + diff --git a/spdl/SPORE/woo-lam.spdl b/spdl/SPORE/woo-lam.spdl new file mode 100644 index 0000000..b494771 --- /dev/null +++ b/spdl/SPORE/woo-lam.spdl @@ -0,0 +1,79 @@ +# Woo and Lam Mutual Authentication +# +# Modelled after the description in the SPORE library +# http://www.lsv.ens-cachan.fr/spore/wooLamMutual.html +# +# Note: +# This protocol uses a ticket so scyther will only be able to verify +# the protocol using the ARACHNE engine (-a) and type 2 matching (-m2) +# + + +usertype Key; +usertype Ticket; + +secret k: Function; + +protocol woolam(I,R,S) +{ + role I + { + const N1: Nonce; + var Kir: Key; + var N2: Nonce; + + send_1(I,R, I, N1); + read_2(R,I, R, N2); + send_3(I,R, {I, R, N1, N2}k(I,S)); + read_6(R,I, {R, N1, N2, Kir}k(I,S), {N1,N2}Kir); + send_7(I,R, {N2}Kir); + + + claim_I1(I,Secret,Kir); + claim_I2(I,Nisynch); + } + + role R + { + const N2: Nonce; + var N1: Nonce; + var Kir: Key; + var T1,T2: Ticket; + + read_1(I,R, I, N1); + send_2(R,I, R, N2); + read_3(I,R, T1); + send_4(R,S, T1, {I, R, N1, N2}k(R,S)); + read_5(S,R, T2, {I, N1, N2, Kir}k(R,S)); + send_6(R,I, T2, {N1,N2}Kir); + read_7(I,R, {N2}Kir); + + claim_R1(R,Secret,Kir); + claim_R2(R,Nisynch); + } + + role S + { + const Kir: Key; + var N1,N2: Nonce; + + read_4(R,S, {I, R, N1, N2}k(I,S), {I, R, N1, N2}k(R,S)); + send_5(S,R, {R, N1, N2, Kir}k(I,S), {I, N1, N2, Kir}k(R,S)); + } +} + +const Alice,Bob,Eve,Simon: Agent; +const Ke: Key; +const Te: Ticket; +const Ne: Nonce; + + +untrusted Eve; +compromised k(Eve,Simon); + +run woolam.I (Agent,Agent,Simon); +run woolam.R (Agent,Agent,Simon); +run woolam.S (Agent,Agent,Simon); + + +