Large pass on protocol specification files to get rid of deprecated constructions.
This commit is contained in:
parent
30006b732a
commit
755c4519c6
@ -37,9 +37,4 @@ protocol bke(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
// An untrusted agent, with leaked information
|
||||
|
||||
const Eve: Agent;
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -65,9 +65,3 @@ protocol andrew-Concrete(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
|
||||
|
@ -50,14 +50,3 @@ protocol andrew-Ban(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
|
||||
|
@ -55,16 +55,3 @@ protocol andrew-LoweBan(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
|
||||
|
||||
|
||||
|
@ -54,17 +54,3 @@ protocol boyd(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const mcsde: Macseed;
|
||||
const ke: Sessionkey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Simon);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Simon,Eve);
|
||||
|
||||
|
@ -37,9 +37,3 @@ protocol ccitt509-ban3(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -63,12 +63,4 @@ protocol denningSacco-Lowe(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const kee: SessionKey;
|
||||
const tee: TimeStamp;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
||||
|
@ -51,12 +51,5 @@ protocol denningSacco(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const kee: SessionKey;
|
||||
const tee: TimeStamp;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
||||
|
@ -58,17 +58,3 @@ protocol gongnonceb(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const kpe: Keypart;
|
||||
const ke: Sessionkey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Simon);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Simon,Eve);
|
||||
|
||||
|
@ -55,17 +55,3 @@ protocol gongnonce(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const kpe: Keypart;
|
||||
const ke: Sessionkey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Simon);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Simon,Eve);
|
||||
|
||||
|
@ -40,17 +40,3 @@ protocol isoiec11770213(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const te: Ticket;
|
||||
const ke: Sessionkey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Simon);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Simon,Eve);
|
||||
|
||||
|
@ -53,17 +53,3 @@ protocol kaochow-2(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const te: Ticket;
|
||||
const ke: SessionKey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Simon);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Simon,Eve);
|
||||
|
||||
|
@ -57,17 +57,3 @@ protocol kaochow-3(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const te: Ticket;
|
||||
const ke: SessionKey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Simon);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Simon,Eve);
|
||||
|
||||
|
@ -53,17 +53,3 @@ protocol kaochow(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const te: Ticket;
|
||||
const ke: SessionKey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Simon);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Simon,Eve);
|
||||
|
||||
|
@ -9,21 +9,16 @@
|
||||
usertype Server, SessionKey, TimeStamp, TicketKey;
|
||||
usertype ExpiredTimeStamp;
|
||||
|
||||
const a, b, e: Agent;
|
||||
const s: Server;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
untrusted e;
|
||||
compromised k(e,s);
|
||||
|
||||
|
||||
|
||||
protocol ksl(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ni, Mi: Nonce;
|
||||
fresh Ni, Mi: Nonce;
|
||||
var Nc, Mr: Nonce;
|
||||
var T: Ticket;
|
||||
var Kir: SessionKey;
|
||||
@ -45,10 +40,10 @@ protocol ksl(I,R,S)
|
||||
role R
|
||||
{
|
||||
var Ni,Mi: Nonce;
|
||||
const Nr,Nc,Mr: Nonce;
|
||||
fresh Nr,Nc,Mr: Nonce;
|
||||
var Kir: SessionKey;
|
||||
const Kbb: TicketKey;
|
||||
const Tr: TimeStamp;
|
||||
fresh Kbb: TicketKey;
|
||||
fresh Tr: TimeStamp;
|
||||
var T: Ticket;
|
||||
|
||||
read_1(I,R, Ni, I);
|
||||
@ -70,7 +65,7 @@ protocol ksl(I,R,S)
|
||||
role S
|
||||
{
|
||||
var Ni, Nr: Nonce;
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
|
||||
read_2(R,S, Ni, I, Nr, R );
|
||||
send_3(S,R, { Nr, I, Kir }k(R,S), { Ni,R,Kir }k(I,S) );
|
||||
|
@ -64,10 +64,3 @@ protocol needhamschroedersk-amend(I,R,S)
|
||||
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
@ -54,9 +54,3 @@ protocol needhamschroedersk(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
@ -39,8 +39,3 @@ protocol ns3(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
// An untrusted agent, with leaked information
|
||||
|
||||
const Eve: Agent;
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
@ -37,8 +37,3 @@ protocol nsl3(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
// An untrusted agent, with leaked information
|
||||
|
||||
const Eve: Agent;
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
@ -54,8 +54,3 @@ protocol otwayrees(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice, Bob, Eve, Simon: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
@ -19,9 +19,3 @@ protocol soph(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const nc: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -64,9 +64,3 @@ protocol spliceAS-CJ(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -7,9 +7,6 @@
|
||||
|
||||
usertype TimeStamp, LifeTime;
|
||||
|
||||
const pk: Function;
|
||||
secret sk: Function;
|
||||
inversekeys (pk,sk);
|
||||
const inc,dec: Function;
|
||||
inversekeys (inc,dec);
|
||||
|
||||
@ -62,11 +59,3 @@ protocol spliceAS-HC(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
||||
|
||||
|
@ -64,9 +64,3 @@ protocol spliceAS(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -49,12 +49,3 @@ protocol tmn(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve,Simon: Agent;
|
||||
const Ke: SessionKey;
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
||||
|
||||
|
@ -30,11 +30,3 @@ protocol wmfbrutus(A,B,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice, Bob, Eve: Agent;
|
||||
const Simon: Server;
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
||||
|
@ -61,13 +61,3 @@ protocol wmf-Lowe(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve,Simon: Agent;
|
||||
const Ke: SessionKey;
|
||||
const Te: TimeStamp;
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
||||
|
@ -52,13 +52,3 @@ protocol wmf(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve,Simon: Agent;
|
||||
const Ke: SessionKey;
|
||||
const Te: TimeStamp;
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
||||
|
@ -18,7 +18,7 @@ protocol woolamPi-1(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Nr: Nonce;
|
||||
fresh Nr: Nonce;
|
||||
var T: Ticket;
|
||||
|
||||
read_1(I,R, I);
|
||||
@ -39,13 +39,3 @@ protocol woolamPi-1(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve,Simon: Agent;
|
||||
const Te: Ticket;
|
||||
const Ne: Nonce;
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
||||
|
@ -18,7 +18,7 @@ protocol woolamPi-2(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Nr: Nonce;
|
||||
fresh Nr: Nonce;
|
||||
var T: Ticket;
|
||||
|
||||
read_1(I,R, I);
|
||||
@ -39,13 +39,3 @@ protocol woolamPi-2(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve,Simon: Agent;
|
||||
const Te: Ticket;
|
||||
const Ne: Nonce;
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
||||
|
@ -18,7 +18,7 @@ protocol woolamPi-3(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Nr: Nonce;
|
||||
fresh Nr: Nonce;
|
||||
var T: Ticket;
|
||||
|
||||
read_1(I,R, I);
|
||||
@ -39,13 +39,3 @@ protocol woolamPi-3(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve,Simon: Agent;
|
||||
const Te: Ticket;
|
||||
const Ne: Nonce;
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
||||
|
@ -39,11 +39,3 @@ protocol woolamPi-f(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve,Simon: Agent;
|
||||
const Te: Ticket;
|
||||
const Ne: Nonce;
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
@ -9,9 +9,6 @@
|
||||
usertype Server;
|
||||
usertype SessionKey;
|
||||
|
||||
const a,b,c : Agent;
|
||||
const s : Server;
|
||||
|
||||
protocol yahalom-BAN-Paulson-modified(A,B,S)
|
||||
{
|
||||
role A
|
||||
|
@ -7,9 +7,6 @@
|
||||
usertype Server;
|
||||
usertype SessionKey;
|
||||
|
||||
const a,b,c : Agent;
|
||||
const s : Server;
|
||||
|
||||
protocol yahalom-BAN-Paulson(A,B,S)
|
||||
{
|
||||
role A
|
||||
|
@ -52,5 +52,4 @@ protocol yahalom-BAN(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Charlie,David: Agent;
|
||||
|
||||
|
@ -50,5 +50,4 @@ protocol yahalom-Lowe(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon : Agent;
|
||||
|
||||
|
@ -50,10 +50,3 @@ protocol yahalom(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon : Agent;
|
||||
|
||||
const Eve: Agent;
|
||||
untrusted Eve;
|
||||
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
@ -17,7 +17,6 @@
|
||||
#
|
||||
|
||||
usertype SessionKey;
|
||||
secret k: Function;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
@ -38,7 +37,7 @@ protocol andrew-Concrete(I,R)
|
||||
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var kir: SessionKey;
|
||||
|
||||
@ -54,8 +53,8 @@ protocol andrew-Concrete(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
const kir: SessionKey;
|
||||
fresh nr: Nonce;
|
||||
fresh kir: SessionKey;
|
||||
|
||||
read_1(I,R, I,ni );
|
||||
send_2(R,I, {ni,kir}k(I,R) );
|
||||
@ -67,9 +66,3 @@ protocol andrew-Concrete(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
|
||||
|
@ -12,7 +12,6 @@
|
||||
# According to SPORE there are no known attacks on this protocol
|
||||
#
|
||||
usertype SessionKey;
|
||||
secret k: Function;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
@ -20,7 +19,7 @@ protocol andrew-Ban(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr,nr2: Nonce;
|
||||
var kir: SessionKey;
|
||||
|
||||
@ -38,8 +37,8 @@ protocol andrew-Ban(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr,nr2: Nonce;
|
||||
const kir: SessionKey;
|
||||
fresh nr,nr2: Nonce;
|
||||
fresh kir: SessionKey;
|
||||
|
||||
read_1(I,R, I,{ni}k(I,R) );
|
||||
send_2(R,I, {ni,nr}k(I,R) );
|
||||
@ -53,14 +52,3 @@ protocol andrew-Ban(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
|
||||
|
@ -19,7 +19,6 @@
|
||||
#
|
||||
|
||||
usertype SessionKey;
|
||||
secret k: Function;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
@ -27,7 +26,7 @@ protocol andrew-LoweBan(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var kir: SessionKey;
|
||||
|
||||
@ -43,8 +42,8 @@ protocol andrew-LoweBan(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
const kir: SessionKey;
|
||||
fresh nr: Nonce;
|
||||
fresh kir: SessionKey;
|
||||
|
||||
read_1(I,R, I,ni );
|
||||
send_2(R,I, {ni,kir,R}k(I,R) );
|
||||
@ -56,16 +55,3 @@ protocol andrew-LoweBan(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
|
||||
|
||||
|
||||
|
@ -10,7 +10,6 @@
|
||||
#
|
||||
|
||||
usertype SessionKey;
|
||||
secret k: Function;
|
||||
const succ: Function;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
@ -19,7 +18,7 @@ protocol andrew(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr,nr2: Nonce;
|
||||
var kir: SessionKey;
|
||||
|
||||
@ -36,8 +35,8 @@ protocol andrew(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr,nr2: Nonce;
|
||||
const kir: SessionKey;
|
||||
fresh nr,nr2: Nonce;
|
||||
fresh kir: SessionKey;
|
||||
|
||||
read_1(I,R, I,{ni}k(I,R) );
|
||||
send_2(R,I, {succ(ni),nr}k(I,R) );
|
||||
@ -50,16 +49,3 @@ protocol andrew(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
|
||||
|
||||
|
||||
|
@ -9,17 +9,14 @@
|
||||
# which can currently not be modelled in scyther
|
||||
#
|
||||
|
||||
const pk: Function;
|
||||
secret sk: Function;
|
||||
inversekeys(pk,sk);
|
||||
usertype Timestamp;
|
||||
|
||||
protocol ccitt509-1(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ta: Timestamp;
|
||||
const Na,Xa,Ya: Nonce;
|
||||
fresh Ta: Timestamp;
|
||||
fresh Na,Xa,Ya: Nonce;
|
||||
send_1(I,R, I,{Ta, Na, R, Xa,{Ya}pk(R)}sk(I));
|
||||
# claim_2(I,Nisynch);
|
||||
# This claim is useless as there are no preceding read events
|
||||
@ -36,11 +33,3 @@ protocol ccitt509-1(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const te: Timestamp;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
||||
|
@ -7,10 +7,7 @@
|
||||
# According to SPORE there are no known attacks on this protocol
|
||||
#
|
||||
|
||||
const pk,hash: Function;
|
||||
secret sk,unhash: Function;
|
||||
inversekeys (hash,unhash);
|
||||
inversekeys(pk,sk);
|
||||
hashfunction hash;
|
||||
usertype Timestamp;
|
||||
|
||||
protocol ccitt509-1c(I,R)
|
||||
@ -35,10 +32,3 @@ protocol ccitt509-1c(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const te: Timestamp;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -8,18 +8,15 @@
|
||||
# this can not be verified using scyther
|
||||
#
|
||||
|
||||
const pk: Function;
|
||||
secret sk: Function;
|
||||
inversekeys(pk,sk);
|
||||
usertype Timestamp;
|
||||
|
||||
protocol ccitt509-3(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ta: Timestamp;
|
||||
fresh Ta: Timestamp;
|
||||
var Tb: Timestamp;
|
||||
const Na,Xa,Ya: Nonce;
|
||||
fresh Na,Xa,Ya: Nonce;
|
||||
var Xb,Nb,Yb: Nonce;
|
||||
send_1(I,R, I,{Ta, Na, R, Xa,{Ya}pk(R)}sk(I));
|
||||
read_2(R,I, R,{Tb, Nb, I, Na, Xb,{Yb}pk(I)}sk(R));
|
||||
@ -32,9 +29,9 @@ protocol ccitt509-3(I,R)
|
||||
role R
|
||||
{
|
||||
var Ta: Timestamp;
|
||||
const Tb: Timestamp;
|
||||
fresh Tb: Timestamp;
|
||||
var Na,Xa,Ya: Nonce;
|
||||
const Xb,Yb,Nb: Nonce;
|
||||
fresh Xb,Yb,Nb: Nonce;
|
||||
|
||||
read_1(I,R, I,{Ta, Na, R, Xa,{Ya}pk(R)}sk(I));
|
||||
send_2(R,I, R,{Tb, Nb, I, Na, Xb,{Yb}pk(I)}sk(R));
|
||||
@ -46,10 +43,3 @@ protocol ccitt509-3(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const te: Timestamp;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -11,10 +11,6 @@
|
||||
# According to SPORE there are no known attacks on this protocol
|
||||
#
|
||||
|
||||
const pk: Function;
|
||||
secret sk: Function;
|
||||
inversekeys(pk,sk);
|
||||
|
||||
protocol ccitt509-ban3(I,R)
|
||||
{
|
||||
role I
|
||||
@ -41,9 +37,3 @@ protocol ccitt509-ban3(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -11,7 +11,6 @@ usertype Key;
|
||||
usertype SessionKey;
|
||||
usertype TimeStamp;
|
||||
usertype ExpiredTimeStamp;
|
||||
secret k: Function;
|
||||
usertype PseudoFunction;
|
||||
const dec: PseudoFunction;
|
||||
const Fresh: Function;
|
||||
@ -41,7 +40,7 @@ protocol denningSacco-Lowe(I,R,S)
|
||||
{
|
||||
var Kir: SessionKey;
|
||||
var T: TimeStamp;
|
||||
const Nr: Nonce;
|
||||
fresh Nr: Nonce;
|
||||
|
||||
read_3(I,R, {Kir,I,T}k(R,S));
|
||||
send_4(R,I, {Nr}Kir);
|
||||
@ -55,20 +54,11 @@ protocol denningSacco-Lowe(I,R,S)
|
||||
role S
|
||||
{
|
||||
var W: Ticket;
|
||||
const Kir: SessionKey;
|
||||
const T: TimeStamp;
|
||||
fresh Kir: SessionKey;
|
||||
fresh T: TimeStamp;
|
||||
|
||||
read_1(I,S, I,R );
|
||||
send_2(S,I, {R, Kir, T, {Kir, I,T}k(R,S)}k(I,S));
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const kee: SessionKey;
|
||||
const tee: TimeStamp;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
||||
|
@ -8,7 +8,6 @@ usertype Key;
|
||||
usertype SessionKey;
|
||||
usertype TimeStamp;
|
||||
usertype ExpiredTimeStamp;
|
||||
secret k: Function;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
@ -44,20 +43,11 @@ protocol denningSacco(I,R,S)
|
||||
role S
|
||||
{
|
||||
var W: Ticket;
|
||||
const Kir: SessionKey;
|
||||
const T: TimeStamp;
|
||||
fresh Kir: SessionKey;
|
||||
fresh T: TimeStamp;
|
||||
|
||||
read_1(I,S, I,R );
|
||||
send_2(S,I, {R, Kir, T, {Kir, I,T}k(R,S)}k(I,S));
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const kee: SessionKey;
|
||||
const tee: TimeStamp;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
||||
|
@ -5,7 +5,6 @@
|
||||
#
|
||||
|
||||
usertype SessionKey;
|
||||
secret k: Function;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
@ -13,7 +12,7 @@ protocol kaochow-2(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var kir,kt: SessionKey;
|
||||
|
||||
@ -30,7 +29,7 @@ protocol kaochow-2(I,R,S)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
var kir,kt: SessionKey;
|
||||
var T: Ticket;
|
||||
|
||||
@ -47,24 +46,10 @@ protocol kaochow-2(I,R,S)
|
||||
role S
|
||||
{
|
||||
var ni: Nonce;
|
||||
const kir, kt: SessionKey;
|
||||
fresh kir, kt: SessionKey;
|
||||
|
||||
read_1 (I,S, I,R,ni);
|
||||
send_2 (S,R, {I,R,ni,kir,kt}k(I,S), { I,R,ni,kir,kt }k(R,S) );
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const te: Ticket;
|
||||
const ke: SessionKey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Simon);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Simon,Eve);
|
||||
|
||||
|
@ -7,7 +7,6 @@
|
||||
usertype SessionKey;
|
||||
usertype ExpiredTimeStamp;
|
||||
usertype TimeStamp;
|
||||
secret k: Function;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
@ -15,7 +14,7 @@ protocol kaochow-3(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var kir,kt: SessionKey;
|
||||
var T2: Ticket;
|
||||
@ -33,10 +32,10 @@ protocol kaochow-3(I,R,S)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
var kir,kt: SessionKey;
|
||||
var T: Ticket;
|
||||
const tr: TimeStamp;
|
||||
fresh tr: TimeStamp;
|
||||
|
||||
read_2 (S,R, T, { I,R,ni,kir,kt }k(R,S) );
|
||||
send_3 (R,I, T, {ni, kir}kt, nr, {I,R,tr,kir}k(R,S) );
|
||||
@ -51,24 +50,10 @@ protocol kaochow-3(I,R,S)
|
||||
role S
|
||||
{
|
||||
var ni: Nonce;
|
||||
const kir, kt: SessionKey;
|
||||
fresh kir, kt: SessionKey;
|
||||
|
||||
read_1 (I,S, I,R,ni);
|
||||
send_2 (S,R, {I,R,ni,kir,kt}k(I,S), { I,R,ni,kir,kt }k(R,S) );
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const te: Ticket;
|
||||
const ke: SessionKey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Simon);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Simon,Eve);
|
||||
|
||||
|
@ -5,7 +5,6 @@
|
||||
#
|
||||
|
||||
usertype SessionKey;
|
||||
secret k: Function;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
@ -13,7 +12,7 @@ protocol kaochow(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
var kir: SessionKey;
|
||||
|
||||
@ -30,7 +29,7 @@ protocol kaochow(I,R,S)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
var kir: SessionKey;
|
||||
var T;
|
||||
|
||||
@ -47,24 +46,10 @@ protocol kaochow(I,R,S)
|
||||
role S
|
||||
{
|
||||
var ni: Nonce;
|
||||
const kir: SessionKey;
|
||||
fresh kir: SessionKey;
|
||||
|
||||
read_1 (I,S, I,R,ni);
|
||||
send_2 (S,R, {I,R,ni,kir}k(I,S), { I,R,ni,kir }k(R,S) );
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
const te: Ticket;
|
||||
const ke: SessionKey;
|
||||
compromised k(Eve,Eve);
|
||||
compromised k(Eve,Alice);
|
||||
compromised k(Eve,Bob);
|
||||
compromised k(Eve,Simon);
|
||||
compromised k(Alice,Eve);
|
||||
compromised k(Bob,Eve);
|
||||
compromised k(Simon,Eve);
|
||||
|
||||
|
@ -9,24 +9,15 @@
|
||||
|
||||
usertype Server, SessionKey, TimeStamp, TicketKey;
|
||||
usertype ExpiredTimeStamp;
|
||||
secret k: Function;
|
||||
|
||||
const a, b, e: Agent;
|
||||
const s: Server;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
untrusted e;
|
||||
compromised k(e,s);
|
||||
|
||||
protocol ksl-Lowe(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ni, Mi: Nonce;
|
||||
fresh Ni, Mi: Nonce;
|
||||
var Nc, Mr: Nonce;
|
||||
var T: Ticket;
|
||||
var Kir: SessionKey;
|
||||
@ -48,10 +39,10 @@ protocol ksl-Lowe(I,R,S)
|
||||
role R
|
||||
{
|
||||
var Ni,Mi: Nonce;
|
||||
const Nr,Nc,Mr: Nonce;
|
||||
fresh Nr,Nc,Mr: Nonce;
|
||||
var Kir: SessionKey;
|
||||
const Kbb: TicketKey;
|
||||
const Tr: TimeStamp;
|
||||
fresh Kbb: TicketKey;
|
||||
fresh Tr: TimeStamp;
|
||||
var T: Ticket;
|
||||
|
||||
read_1(I,R, Ni, I);
|
||||
@ -73,11 +64,10 @@ protocol ksl-Lowe(I,R,S)
|
||||
role S
|
||||
{
|
||||
var Ni, Nr: Nonce;
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
|
||||
read_2(R,S, Ni, I, Nr, R );
|
||||
send_3(S,R, { I, Nr, Kir }k(R,S), { Ni,R,Kir }k(I,S) );
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
@ -8,25 +8,15 @@
|
||||
|
||||
usertype Server, SessionKey, TimeStamp, TicketKey;
|
||||
usertype ExpiredTimeStamp;
|
||||
secret k: Function;
|
||||
|
||||
const a, b, e: Agent;
|
||||
const s: Server;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
untrusted e;
|
||||
compromised k(e,s);
|
||||
|
||||
|
||||
|
||||
protocol ksl(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ni, Mi: Nonce;
|
||||
fresh Ni, Mi: Nonce;
|
||||
var Nc, Mr: Nonce;
|
||||
var T: Ticket;
|
||||
var Kir: SessionKey;
|
||||
@ -48,10 +38,10 @@ protocol ksl(I,R,S)
|
||||
role R
|
||||
{
|
||||
var Ni,Mi: Nonce;
|
||||
const Nr,Nc,Mr: Nonce;
|
||||
fresh Nr,Nc,Mr: Nonce;
|
||||
var Kir: SessionKey;
|
||||
const Kbb: TicketKey;
|
||||
const Tr: TimeStamp;
|
||||
fresh Kbb: TicketKey;
|
||||
fresh Tr: TimeStamp;
|
||||
var T: Ticket;
|
||||
|
||||
read_1(I,R, Ni, I);
|
||||
@ -73,11 +63,10 @@ protocol ksl(I,R,S)
|
||||
role S
|
||||
{
|
||||
var Ni, Nr: Nonce;
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
|
||||
read_2(R,S, Ni, I, Nr, R );
|
||||
send_3(S,R, { Nr, I, Kir }k(R,S), { Ni,R,Kir }k(I,S) );
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
@ -10,16 +10,11 @@
|
||||
# synchronisation and agreement, because the keys that the server sends
|
||||
# out can be replayed.
|
||||
|
||||
secret pk: Function; # For some reason SPORE models it such that the agents
|
||||
# do not know the public keys of the other agents
|
||||
secret sk: Function;
|
||||
inversekeys(pk,sk);
|
||||
|
||||
protocol needhamschroederpk-Lowe(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ni: Nonce;
|
||||
fresh Ni: Nonce;
|
||||
var Nr: Nonce;
|
||||
|
||||
send_1(I,S, (I,R));
|
||||
@ -34,7 +29,7 @@ protocol needhamschroederpk-Lowe(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Nr: Nonce;
|
||||
fresh Nr: Nonce;
|
||||
var Ni: Nonce;
|
||||
|
||||
read_3(I,R,{Ni,I}pk(R));
|
||||
@ -56,11 +51,3 @@ protocol needhamschroederpk-Lowe(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
compromised pk(Eve);
|
||||
compromised pk(Simon); # Needed because of the way SPORE models nsl
|
||||
|
||||
|
@ -10,7 +10,6 @@
|
||||
|
||||
|
||||
|
||||
secret k: Function;
|
||||
# Model dec that is invertible by inc
|
||||
const dec,inc: Function;
|
||||
inversekeys(dec,inc);
|
||||
@ -22,7 +21,7 @@ protocol needhamschroedersk-amend(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ni: Nonce;
|
||||
fresh Ni: Nonce;
|
||||
var Nr: Nonce;
|
||||
var Kir: SessionKey;
|
||||
var T,T2: Ticket;
|
||||
@ -42,7 +41,7 @@ protocol needhamschroedersk-amend(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Nr: Nonce;
|
||||
fresh Nr: Nonce;
|
||||
var Kir: SessionKey;
|
||||
|
||||
read_1(I,R,I);
|
||||
@ -58,17 +57,10 @@ protocol needhamschroedersk-amend(I,R,S)
|
||||
role S
|
||||
{
|
||||
var Ni,Nr: Nonce;
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
read_3(I,S,(I,R,Ni,{I,Nr}k(R,S)));
|
||||
send_4(S,I,{Ni,R,Kir,{Kir,Nr,I}k(R,S)}k(I,S));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
@ -6,7 +6,6 @@
|
||||
#
|
||||
|
||||
|
||||
secret k: Function;
|
||||
# Model dec that is invertible by inc
|
||||
const dec,inc: Function;
|
||||
inversekeys(dec,inc);
|
||||
@ -18,7 +17,7 @@ protocol needhamschroedersk(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ni: Nonce;
|
||||
fresh Ni: Nonce;
|
||||
var Nr: Nonce;
|
||||
var Kir: SessionKey;
|
||||
var T: Ticket;
|
||||
@ -35,7 +34,7 @@ protocol needhamschroedersk(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Nr: Nonce;
|
||||
fresh Nr: Nonce;
|
||||
var Kir: SessionKey;
|
||||
|
||||
read_3(I,R,{Kir,I}k(R,S));
|
||||
@ -49,15 +48,9 @@ protocol needhamschroedersk(I,R,S)
|
||||
role S
|
||||
{
|
||||
var Ni: Nonce;
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
read_1(I,S,(I,R,Ni));
|
||||
send_2(S,I,{Ni,R,Kir,{Kir,I}k(R,S)}k(I,S));
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
@ -10,16 +10,11 @@
|
||||
# synchronisation and agreement, because the keys that the server sends
|
||||
# out can be replayed.
|
||||
|
||||
secret pk: Function; # For some reason SPORE models it such that the agents
|
||||
# do not know the public keys of the other agents
|
||||
secret sk: Function;
|
||||
inversekeys(pk,sk);
|
||||
|
||||
protocol needhamschroederpk(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ni: Nonce;
|
||||
fresh Ni: Nonce;
|
||||
var Nr: Nonce;
|
||||
|
||||
send_1(I,S,(I,R));
|
||||
@ -34,7 +29,7 @@ protocol needhamschroederpk(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Nr: Nonce;
|
||||
fresh Nr: Nonce;
|
||||
var Ni: Nonce;
|
||||
|
||||
read_3(I,R,{Ni,I}pk(R));
|
||||
@ -56,12 +51,3 @@ protocol needhamschroederpk(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
compromised pk(Eve);
|
||||
compromised pk(Simon); # Needed because SPORE only assumes agents know their
|
||||
# own public key and that of the server
|
||||
|
||||
|
@ -10,27 +10,20 @@
|
||||
|
||||
usertype Server, SessionKey, TimeStamp, TicketKey;
|
||||
usertype ExpiredTimeStamp;
|
||||
secret k: Function;
|
||||
|
||||
const Alice, Bob, Simon, Eve: Agent;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
protocol neustub-GuttmanHwang^Repeat(I,R,S)
|
||||
{
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
|
||||
role I
|
||||
{
|
||||
const Mi: Nonce;
|
||||
fresh Mi: Nonce;
|
||||
var Mr: Nonce;
|
||||
const Kir: SessionKey;
|
||||
const Tr: TimeStamp;
|
||||
fresh Kir: SessionKey;
|
||||
fresh Tr: TimeStamp;
|
||||
|
||||
send_5(I,R,Mi,{I,Kir,Tr}k(R,S));
|
||||
read_6(R,I,{Mi,Mr}Kir);
|
||||
@ -43,7 +36,7 @@ protocol neustub-GuttmanHwang^Repeat(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Mr: Nonce;
|
||||
fresh Mr: Nonce;
|
||||
var Tr: TimeStamp;
|
||||
var Kir: SessionKey;
|
||||
var Mi: Nonce;
|
||||
@ -65,7 +58,7 @@ protocol neustub-GuttmanHwang(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ni: Nonce;
|
||||
fresh Ni: Nonce;
|
||||
var Nr: Nonce;
|
||||
var T: Ticket;
|
||||
var Tb: TimeStamp;
|
||||
@ -84,9 +77,9 @@ protocol neustub-GuttmanHwang(I,R,S)
|
||||
role R
|
||||
{
|
||||
var Ni,Mi: Nonce;
|
||||
const Nr,Mr: Nonce;
|
||||
fresh Nr,Mr: Nonce;
|
||||
var Kir: SessionKey;
|
||||
const Tb: TimeStamp;
|
||||
fresh Tb: TimeStamp;
|
||||
var T: Ticket;
|
||||
|
||||
read_1(I,R, I, Ni);
|
||||
@ -102,7 +95,7 @@ protocol neustub-GuttmanHwang(I,R,S)
|
||||
role S
|
||||
{
|
||||
var Ni, Nr: Nonce;
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
var Tb: TimeStamp;
|
||||
|
||||
read_!2(R,S, R, {I,Ni,Tb,Nr}k(R,S));
|
||||
|
@ -10,27 +10,20 @@
|
||||
|
||||
usertype Server, SessionKey, TimeStamp, TicketKey;
|
||||
usertype ExpiredTimeStamp;
|
||||
secret k: Function;
|
||||
|
||||
const Alice, Bob, Simon, Eve: Agent;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
protocol neustub^Repeat(I,R,S)
|
||||
{
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
|
||||
role I
|
||||
{
|
||||
const Mi: Nonce;
|
||||
fresh Mi: Nonce;
|
||||
var Mr: Nonce;
|
||||
const Kir: SessionKey;
|
||||
const Tr: TimeStamp;
|
||||
fresh Kir: SessionKey;
|
||||
fresh Tr: TimeStamp;
|
||||
|
||||
send_5(I,R,Mi,{I,Kir,Tr}k(R,S));
|
||||
read_6(R,I,{Mi,Mr}Kir);
|
||||
@ -43,7 +36,7 @@ protocol neustub^Repeat(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Mr: Nonce;
|
||||
fresh Mr: Nonce;
|
||||
var Tr: TimeStamp;
|
||||
var Kir: SessionKey;
|
||||
var Mi: Nonce;
|
||||
@ -65,7 +58,7 @@ protocol neustub(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ni: Nonce;
|
||||
fresh Ni: Nonce;
|
||||
var Nr: Nonce;
|
||||
var T: Ticket;
|
||||
var Tb: TimeStamp;
|
||||
@ -84,9 +77,9 @@ protocol neustub(I,R,S)
|
||||
role R
|
||||
{
|
||||
var Ni,Mi: Nonce;
|
||||
const Nr,Mr: Nonce;
|
||||
fresh Nr,Mr: Nonce;
|
||||
var Kir: SessionKey;
|
||||
const Tb: TimeStamp;
|
||||
fresh Tb: TimeStamp;
|
||||
var T: Ticket;
|
||||
|
||||
read_1(I,R, I, Ni);
|
||||
@ -102,7 +95,7 @@ protocol neustub(I,R,S)
|
||||
role S
|
||||
{
|
||||
var Ni, Nr: Nonce;
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
var Tb: TimeStamp;
|
||||
|
||||
read_!2(R,S, R, {I,Ni,Tb}k(R,S), Nr);
|
||||
|
@ -10,23 +10,15 @@
|
||||
|
||||
usertype Server, SessionKey, TimeStamp, TicketKey;
|
||||
usertype ExpiredTimeStamp;
|
||||
secret k: Function;
|
||||
|
||||
const a, b, e: Agent;
|
||||
const s: Server;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
untrusted e;
|
||||
compromised k(e,s);
|
||||
|
||||
protocol neustub-Hwang(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ni,Mi: Nonce;
|
||||
fresh Ni,Mi: Nonce;
|
||||
var Nr,Mr: Nonce;
|
||||
var T: Ticket;
|
||||
var Tb: TimeStamp;
|
||||
@ -48,9 +40,9 @@ protocol neustub-Hwang(I,R,S)
|
||||
role R
|
||||
{
|
||||
var Ni,Mi: Nonce;
|
||||
const Nr,Mr: Nonce;
|
||||
fresh Nr,Mr: Nonce;
|
||||
var Kir: SessionKey;
|
||||
const Tb: TimeStamp;
|
||||
fresh Tb: TimeStamp;
|
||||
var T: Ticket;
|
||||
|
||||
read_1(I,R, I, Ni);
|
||||
@ -69,7 +61,7 @@ protocol neustub-Hwang(I,R,S)
|
||||
role S
|
||||
{
|
||||
var Ni, Nr: Nonce;
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
var Tb: TimeStamp;
|
||||
|
||||
read_!2(R,S, R, {I,Ni,Tb,Nr}k(R,S));
|
||||
|
@ -10,27 +10,20 @@
|
||||
|
||||
usertype Server, SessionKey, TimeStamp, TicketKey;
|
||||
usertype ExpiredTimeStamp;
|
||||
secret k: Function;
|
||||
|
||||
const Alice, Bob, Simon, Eve: Agent;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
protocol neustub^Repeat(I,R,S)
|
||||
{
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
|
||||
role I
|
||||
{
|
||||
const Mi: Nonce;
|
||||
fresh Mi: Nonce;
|
||||
var Mr: Nonce;
|
||||
const Kir: SessionKey;
|
||||
const Tr: TimeStamp;
|
||||
fresh Kir: SessionKey;
|
||||
fresh Tr: TimeStamp;
|
||||
|
||||
send_5(I,R,Mi,{I,Kir,Tr}k(R,S));
|
||||
read_6(R,I,Mr,{Mi}Kir);
|
||||
@ -43,7 +36,7 @@ protocol neustub^Repeat(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Mr: Nonce;
|
||||
fresh Mr: Nonce;
|
||||
var Tr: TimeStamp;
|
||||
var Kir: SessionKey;
|
||||
var Mi: Nonce;
|
||||
@ -65,7 +58,7 @@ protocol neustub(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ni: Nonce;
|
||||
fresh Ni: Nonce;
|
||||
var Nr: Nonce;
|
||||
var T: Ticket;
|
||||
var Tb: TimeStamp;
|
||||
@ -84,9 +77,9 @@ protocol neustub(I,R,S)
|
||||
role R
|
||||
{
|
||||
var Ni,Mi: Nonce;
|
||||
const Nr,Mr: Nonce;
|
||||
fresh Nr,Mr: Nonce;
|
||||
var Kir: SessionKey;
|
||||
const Tb: TimeStamp;
|
||||
fresh Tb: TimeStamp;
|
||||
var T: Ticket;
|
||||
|
||||
read_1(I,R, I, Ni);
|
||||
@ -102,7 +95,7 @@ protocol neustub(I,R,S)
|
||||
role S
|
||||
{
|
||||
var Ni, Nr: Nonce;
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
var Tb: TimeStamp;
|
||||
|
||||
read_2(R,S, R, {I,Ni,Tb}k(R,S), Nr);
|
||||
|
@ -10,25 +10,17 @@
|
||||
|
||||
usertype Server, SessionKey, TimeStamp, TicketKey;
|
||||
usertype ExpiredTimeStamp;
|
||||
secret k: Function;
|
||||
|
||||
const Alice, Bob, Simon, Eve: Agent;
|
||||
|
||||
const ne: Nonce;
|
||||
const kee: SessionKey;
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
protocol neustub^Repeat(I,R,S)
|
||||
{
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
|
||||
role I
|
||||
{
|
||||
const Mi: Nonce;
|
||||
fresh Mi: Nonce;
|
||||
var Mr: Nonce;
|
||||
const Kir: SessionKey;
|
||||
const Tr: TimeStamp;
|
||||
fresh Kir: SessionKey;
|
||||
fresh Tr: TimeStamp;
|
||||
|
||||
send_5(I,R,Mi,{I,Kir,Tr}k(R,S));
|
||||
read_6(R,I,Mr,{Mi}Kir);
|
||||
@ -40,7 +32,7 @@ protocol neustub^Repeat(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Mr: Nonce;
|
||||
fresh Mr: Nonce;
|
||||
var Tr: TimeStamp;
|
||||
var Kir: SessionKey;
|
||||
var Mi: Nonce;
|
||||
@ -61,7 +53,7 @@ protocol neustub(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ni: Nonce;
|
||||
fresh Ni: Nonce;
|
||||
var Nr: Nonce;
|
||||
var T: Ticket;
|
||||
var Tb: TimeStamp;
|
||||
@ -79,9 +71,9 @@ protocol neustub(I,R,S)
|
||||
role R
|
||||
{
|
||||
var Ni,Mi: Nonce;
|
||||
const Nr,Mr: Nonce;
|
||||
fresh Nr,Mr: Nonce;
|
||||
var Kir: SessionKey;
|
||||
const Tb: TimeStamp;
|
||||
fresh Tb: TimeStamp;
|
||||
var T: Ticket;
|
||||
|
||||
read_1(I,R, I, Ni);
|
||||
@ -96,7 +88,7 @@ protocol neustub(I,R,S)
|
||||
role S
|
||||
{
|
||||
var Ni, Nr: Nonce;
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
var Tb: TimeStamp;
|
||||
|
||||
read_!2(R,S, R, {I,Ni,Tb}k(R,S), Nr);
|
||||
|
@ -5,7 +5,6 @@
|
||||
#
|
||||
|
||||
|
||||
secret const k : Function;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
@ -15,8 +14,8 @@ protocol otwayrees(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ni : Nonce;
|
||||
const M : String;
|
||||
fresh Ni : Nonce;
|
||||
fresh M : String;
|
||||
var Kir : SessionKey;
|
||||
|
||||
send_1(I,R, M,I,R,{Ni,M,I,R}k(I,S) );
|
||||
@ -30,7 +29,7 @@ protocol otwayrees(I,R,S)
|
||||
role R
|
||||
{
|
||||
var M : String;
|
||||
const Nr : Nonce;
|
||||
fresh Nr : Nonce;
|
||||
var Kir : SessionKey;
|
||||
var T1,T2: Ticket;
|
||||
|
||||
@ -48,15 +47,10 @@ protocol otwayrees(I,R,S)
|
||||
{
|
||||
var Ni,Nr : Nonce;
|
||||
var M : String;
|
||||
const Kir : SessionKey;
|
||||
fresh Kir : SessionKey;
|
||||
|
||||
read_2(R,S, M,I,R, { Ni,M,I,R}k(I,S), { Nr,M,I,R }k(R,S) );
|
||||
send_3(S,R, M, { Ni,Kir }k(I,S) , { Nr,Kir }k(R,S) );
|
||||
}
|
||||
}
|
||||
|
||||
const Alice, Bob, Eve, Simon: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
@ -10,10 +10,7 @@
|
||||
# Scyther finds an attack because the value of VoR in te last message can
|
||||
# be replaced with an arbitrary value
|
||||
|
||||
const hash: Function;
|
||||
secret unhash: Function;
|
||||
secret k: Function;
|
||||
inversekeys (hash,unhash);
|
||||
hashfunction hash;
|
||||
usertype SessionKey;
|
||||
usertype XorKey;
|
||||
const Vor: XorKey;
|
||||
@ -22,9 +19,9 @@ protocol smartright(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const VoKey: SessionKey;
|
||||
const VoR: XorKey;
|
||||
const CW;
|
||||
fresh VoKey: SessionKey;
|
||||
fresh VoR: XorKey;
|
||||
fresh CW;
|
||||
var VoRi: Nonce;
|
||||
|
||||
send_1(I,R, {VoKey,{CW}VoR}k(I,R));
|
||||
@ -37,7 +34,7 @@ protocol smartright(I,R)
|
||||
var T: Ticket;
|
||||
var VoR: XorKey;
|
||||
var VoKey: SessionKey;
|
||||
const VoRi: Nonce;
|
||||
fresh VoRi: Nonce;
|
||||
|
||||
read_1(I,R, {VoKey,T}k(I,R));
|
||||
send_2(R,I, VoRi);
|
||||
@ -47,8 +44,3 @@ protocol smartright(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
|
||||
|
@ -12,9 +12,6 @@
|
||||
|
||||
usertype TimeStamp, LifeTime;
|
||||
|
||||
const pk: Function;
|
||||
secret sk: Function;
|
||||
inversekeys (pk,sk);
|
||||
const inc,dec: Function;
|
||||
inversekeys (inc,dec);
|
||||
|
||||
@ -22,9 +19,9 @@ protocol spliceAS-CJ(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const N1,N2: Nonce;
|
||||
const T: TimeStamp;
|
||||
const L: LifeTime;
|
||||
fresh N1,N2: Nonce;
|
||||
fresh T: TimeStamp;
|
||||
fresh L: LifeTime;
|
||||
|
||||
send_1(I,S, I, R, N1 );
|
||||
read_2(S,I, S, {S, I, N1, R, pk(R)}sk(S) );
|
||||
@ -48,13 +45,13 @@ protocol spliceAS-CJ(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const N3: Nonce;
|
||||
fresh N3: Nonce;
|
||||
var N2: Nonce;
|
||||
var T: TimeStamp;
|
||||
var L: LifeTime;
|
||||
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_3(I,R, I, R, {T, L, {I, N2}pk(R)}sk(I) );
|
||||
send_4(R,S, R, I, N3 );
|
||||
@ -67,9 +64,3 @@ protocol spliceAS-CJ(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -7,9 +7,6 @@
|
||||
|
||||
usertype TimeStamp, LifeTime;
|
||||
|
||||
const pk: Function;
|
||||
secret sk: Function;
|
||||
inversekeys (pk,sk);
|
||||
const inc,dec: Function;
|
||||
inversekeys (inc,dec);
|
||||
|
||||
@ -17,9 +14,9 @@ protocol spliceAS-HC(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const N1,N2: Nonce;
|
||||
const T: TimeStamp;
|
||||
const L: LifeTime;
|
||||
fresh N1,N2: Nonce;
|
||||
fresh T: TimeStamp;
|
||||
fresh L: LifeTime;
|
||||
|
||||
send_1(I,S, I, R, N1 );
|
||||
read_2(S,I, S, {S, I, N1, R, pk(R)}sk(S) );
|
||||
@ -43,13 +40,13 @@ protocol spliceAS-HC(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const N3: Nonce;
|
||||
fresh N3: Nonce;
|
||||
var N2: Nonce;
|
||||
var T: TimeStamp;
|
||||
var L: LifeTime;
|
||||
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_3(I,R, I, R, {I, T, L, {N2}pk(R)}sk(I) );
|
||||
send_4(R,S, R, I, N3 );
|
||||
@ -62,11 +59,3 @@ protocol spliceAS-HC(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
||||
|
||||
|
@ -12,9 +12,6 @@
|
||||
|
||||
usertype TimeStamp, LifeTime;
|
||||
|
||||
const pk: Function;
|
||||
secret sk: Function;
|
||||
inversekeys (pk,sk);
|
||||
const inc,dec: Function;
|
||||
inversekeys (inc,dec);
|
||||
|
||||
@ -22,9 +19,9 @@ protocol spliceAS(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const N1,N2: Nonce;
|
||||
const T: TimeStamp;
|
||||
const L: LifeTime;
|
||||
fresh N1,N2: Nonce;
|
||||
fresh T: TimeStamp;
|
||||
fresh L: LifeTime;
|
||||
|
||||
send_1(I,S, I, R, N1 );
|
||||
read_2(S,I, S, {S, I, N1, pk(R)}sk(S) );
|
||||
@ -48,13 +45,13 @@ protocol spliceAS(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const N3: Nonce;
|
||||
fresh N3: Nonce;
|
||||
var N2: Nonce;
|
||||
var T: TimeStamp;
|
||||
var L: LifeTime;
|
||||
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_3(I,R, I, R, {I, T, L, {N2}pk(R)}sk(I) );
|
||||
send_4(R,S, R, I, N3 );
|
||||
@ -67,9 +64,3 @@ protocol spliceAS(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon,Eve: Agent;
|
||||
|
||||
untrusted Eve;
|
||||
const ne: Nonce;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -8,9 +8,6 @@
|
||||
# from the description in SPORE
|
||||
usertype SessionKey;
|
||||
|
||||
const pk: Function;
|
||||
secret sk: Function;
|
||||
inversekeys(pk,sk);
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
@ -18,7 +15,7 @@ protocol tmn(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ki: SessionKey;
|
||||
fresh Ki: SessionKey;
|
||||
var Kr: SessionKey;
|
||||
|
||||
send_1(I,S, R,{Ki}pk(S) );
|
||||
@ -31,7 +28,7 @@ protocol tmn(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Kr: SessionKey;
|
||||
fresh Kr: SessionKey;
|
||||
|
||||
read_2(S,R, I );
|
||||
send_3(R,S, I, { Kr }pk(S) );
|
||||
@ -52,12 +49,3 @@ protocol tmn(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve,Simon: Agent;
|
||||
const Ke: SessionKey;
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
||||
|
||||
|
@ -17,14 +17,12 @@ inversekeys (succ,pred);
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
secret k: Function;
|
||||
|
||||
protocol wmf-Lowe(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Kir: SessionKey;
|
||||
const Ti: TimeStamp;
|
||||
fresh Kir: SessionKey;
|
||||
fresh Ti: TimeStamp;
|
||||
var Kr: SessionKey;
|
||||
var Nr: Nonce;
|
||||
|
||||
@ -41,7 +39,7 @@ protocol wmf-Lowe(I,R,S)
|
||||
{
|
||||
var Ts: TimeStamp;
|
||||
var Kir: SessionKey;
|
||||
const Nr: Nonce;
|
||||
fresh Nr: Nonce;
|
||||
|
||||
read_2(S,R, {Ts, I, Kir}k(R,S) );
|
||||
send_3(R,I, {Nr}Kir);
|
||||
@ -55,7 +53,7 @@ protocol wmf-Lowe(I,R,S)
|
||||
role S
|
||||
{
|
||||
var Kir: SessionKey;
|
||||
const Ts: TimeStamp;
|
||||
fresh Ts: TimeStamp;
|
||||
var Ti: TimeStamp;
|
||||
|
||||
read_1(I,S, I,{Ti, R, Kir}k(I,S) );
|
||||
@ -63,13 +61,3 @@ protocol wmf-Lowe(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve,Simon: Agent;
|
||||
const Ke: SessionKey;
|
||||
const Te: TimeStamp;
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
||||
|
@ -12,7 +12,6 @@ usertype SessionKey;
|
||||
usertype TimeStamp;
|
||||
usertype ExpiredTimeStamp;
|
||||
|
||||
secret k: Function;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
@ -20,8 +19,8 @@ protocol wmf(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Kir: SessionKey;
|
||||
const Ti: TimeStamp;
|
||||
fresh Kir: SessionKey;
|
||||
fresh Ti: TimeStamp;
|
||||
var Kr: SessionKey;
|
||||
|
||||
send_1(I,S, I, {I, Ti, R, Kir}k(I,S));
|
||||
@ -45,7 +44,7 @@ protocol wmf(I,R,S)
|
||||
role S
|
||||
{
|
||||
var Kir: SessionKey;
|
||||
const Ts: TimeStamp;
|
||||
fresh Ts: TimeStamp;
|
||||
var Ti: TimeStamp;
|
||||
|
||||
read_1(I,S, I,{I, Ti, R, Kir}k(I,S) );
|
||||
@ -53,13 +52,3 @@ protocol wmf(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve,Simon: Agent;
|
||||
const Ke: SessionKey;
|
||||
const Te: TimeStamp;
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
||||
|
@ -4,8 +4,6 @@
|
||||
# http://www.lsv.ens-cachan.fr/spore/wooLamPi1.html
|
||||
#
|
||||
|
||||
secret k: Function;
|
||||
|
||||
protocol woolamPi-1(I,R,S)
|
||||
{
|
||||
role I
|
||||
@ -20,7 +18,7 @@ protocol woolamPi-1(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Nr: Nonce;
|
||||
fresh Nr: Nonce;
|
||||
var T: Ticket;
|
||||
|
||||
read_1(I,R, I);
|
||||
@ -41,13 +39,3 @@ protocol woolamPi-1(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve,Simon: Agent;
|
||||
const Te: Ticket;
|
||||
const Ne: Nonce;
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
||||
|
@ -4,8 +4,6 @@
|
||||
# http://www.lsv.ens-cachan.fr/spore/wooLamPi2.html
|
||||
#
|
||||
|
||||
secret k: Function;
|
||||
|
||||
protocol woolamPi-2(I,R,S)
|
||||
{
|
||||
role I
|
||||
@ -20,7 +18,7 @@ protocol woolamPi-2(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Nr: Nonce;
|
||||
fresh Nr: Nonce;
|
||||
var T: Ticket;
|
||||
|
||||
read_1(I,R, I);
|
||||
@ -41,13 +39,3 @@ protocol woolamPi-2(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve,Simon: Agent;
|
||||
const Te: Ticket;
|
||||
const Ne: Nonce;
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
||||
|
@ -4,8 +4,6 @@
|
||||
# http://www.lsv.ens-cachan.fr/spore/wooLamPi3.html
|
||||
#
|
||||
|
||||
secret k: Function;
|
||||
|
||||
protocol woolamPi-3(I,R,S)
|
||||
{
|
||||
role I
|
||||
@ -20,7 +18,7 @@ protocol woolamPi-3(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Nr: Nonce;
|
||||
fresh Nr: Nonce;
|
||||
var T: Ticket;
|
||||
|
||||
read_1(I,R, I);
|
||||
@ -41,13 +39,3 @@ protocol woolamPi-3(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve,Simon: Agent;
|
||||
const Te: Ticket;
|
||||
const Ne: Nonce;
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
||||
|
@ -4,8 +4,6 @@
|
||||
# http://www.lsv.ens-cachan.fr/spore/wooLamPif.html
|
||||
#
|
||||
|
||||
secret k: Function;
|
||||
|
||||
protocol woolamPi-f(I,R,S)
|
||||
{
|
||||
role I
|
||||
@ -20,7 +18,7 @@ protocol woolamPi-f(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Nr: Nonce;
|
||||
fresh Nr: Nonce;
|
||||
var T: Ticket;
|
||||
|
||||
read_1(I,R, I);
|
||||
@ -41,11 +39,3 @@ protocol woolamPi-f(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve,Simon: Agent;
|
||||
const Te: Ticket;
|
||||
const Ne: Nonce;
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
@ -8,8 +8,6 @@
|
||||
# SPORE.
|
||||
#
|
||||
|
||||
secret k: Function;
|
||||
|
||||
protocol woolamPi(I,R,S)
|
||||
{
|
||||
role I
|
||||
@ -24,7 +22,7 @@ protocol woolamPi(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Nr: Nonce;
|
||||
fresh Nr: Nonce;
|
||||
var T: Ticket;
|
||||
|
||||
read_1(I,R, I);
|
||||
@ -45,13 +43,3 @@ protocol woolamPi(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve,Simon: Agent;
|
||||
const Te: Ticket;
|
||||
const Ne: Nonce;
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
||||
|
@ -7,7 +7,6 @@
|
||||
|
||||
usertype SessionKey;
|
||||
|
||||
secret k: Function;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
@ -15,7 +14,7 @@ protocol woolam(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const N1: Nonce;
|
||||
fresh N1: Nonce;
|
||||
var Kir: SessionKey;
|
||||
var N2: Nonce;
|
||||
|
||||
@ -33,7 +32,7 @@ protocol woolam(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const N2: Nonce;
|
||||
fresh N2: Nonce;
|
||||
var N1: Nonce;
|
||||
var Kir: SessionKey;
|
||||
var T1,T2: Ticket;
|
||||
@ -53,7 +52,7 @@ protocol woolam(I,R,S)
|
||||
|
||||
role S
|
||||
{
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
var N1,N2: Nonce;
|
||||
|
||||
read_4(R,S, {I, R, N1, N2}k(I,S), {I, R, N1, N2}k(R,S));
|
||||
@ -61,14 +60,3 @@ protocol woolam(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Eve,Simon: Agent;
|
||||
const Ke: SessionKey;
|
||||
const Te: Ticket;
|
||||
const Ne: Nonce;
|
||||
|
||||
|
||||
untrusted Eve;
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
||||
|
||||
|
@ -4,8 +4,6 @@
|
||||
# http://www.lsv.ens-cachan.fr/spore/yahalomBAN.html
|
||||
#
|
||||
|
||||
secret k : Function;
|
||||
|
||||
usertype SessionKey;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
@ -14,7 +12,7 @@ protocol yahalom-BAN(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ni: Nonce;
|
||||
fresh Ni: Nonce;
|
||||
var Nr: Nonce;
|
||||
var T: Ticket;
|
||||
var Kir: SessionKey;
|
||||
@ -30,7 +28,7 @@ protocol yahalom-BAN(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Nr: Nonce;
|
||||
fresh Nr: Nonce;
|
||||
var Ni: Nonce;
|
||||
var T: Ticket;
|
||||
var Kir: SessionKey;
|
||||
@ -46,7 +44,7 @@ protocol yahalom-BAN(I,R,S)
|
||||
|
||||
role S
|
||||
{
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
var Ni,Nr: Nonce;
|
||||
|
||||
read_2(R,S, R, Nr, {I,Ni}k(R,S) );
|
||||
@ -54,5 +52,3 @@ protocol yahalom-BAN(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Charlie,David: Agent;
|
||||
|
||||
|
@ -5,8 +5,6 @@
|
||||
#
|
||||
#
|
||||
|
||||
secret k : Function;
|
||||
|
||||
usertype SessionKey;
|
||||
|
||||
|
||||
@ -14,7 +12,7 @@ protocol yahalom-Lowe(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ni: Nonce;
|
||||
fresh Ni: Nonce;
|
||||
var Nr: Nonce;
|
||||
var Kir: SessionKey;
|
||||
|
||||
@ -28,7 +26,7 @@ protocol yahalom-Lowe(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Nr: Nonce;
|
||||
fresh Nr: Nonce;
|
||||
var Ni: Nonce;
|
||||
var Kir: SessionKey;
|
||||
|
||||
@ -43,7 +41,7 @@ protocol yahalom-Lowe(I,R,S)
|
||||
|
||||
role S
|
||||
{
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
var Ni,Nr: Nonce;
|
||||
|
||||
read_2(R,S, {I,Ni,Nr}k(R,S) );
|
||||
@ -52,5 +50,3 @@ protocol yahalom-Lowe(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon : Agent;
|
||||
|
||||
|
@ -5,7 +5,6 @@
|
||||
#
|
||||
#
|
||||
|
||||
secret k : Function;
|
||||
const Fresh: Function;
|
||||
const Compromised: Function;
|
||||
|
||||
@ -15,7 +14,7 @@ protocol yahalom-Paulson(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ni: Nonce;
|
||||
fresh Ni: Nonce;
|
||||
var Nr: Nonce;
|
||||
var T: Ticket;
|
||||
var Kir: SessionKey;
|
||||
@ -31,7 +30,7 @@ protocol yahalom-Paulson(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Nr: Nonce;
|
||||
fresh Nr: Nonce;
|
||||
var Ni: Nonce;
|
||||
var T: Ticket;
|
||||
var Kir: SessionKey;
|
||||
@ -47,7 +46,7 @@ protocol yahalom-Paulson(I,R,S)
|
||||
|
||||
role S
|
||||
{
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
var Ni,Nr: Nonce;
|
||||
|
||||
read_2(R,S, R, Nr, {I,Ni}k(R,S) );
|
||||
@ -55,5 +54,3 @@ protocol yahalom-Paulson(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon : Agent;
|
||||
|
||||
|
@ -5,15 +5,13 @@
|
||||
#
|
||||
#
|
||||
|
||||
secret k : Function;
|
||||
|
||||
usertype SessionKey;
|
||||
|
||||
protocol yahalom(I,R,S)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const Ni: Nonce;
|
||||
fresh Ni: Nonce;
|
||||
var Nr: Nonce;
|
||||
var T: Ticket;
|
||||
var Kir: SessionKey;
|
||||
@ -27,7 +25,7 @@ protocol yahalom(I,R,S)
|
||||
|
||||
role R
|
||||
{
|
||||
const Nr: Nonce;
|
||||
fresh Nr: Nonce;
|
||||
var Ni: Nonce;
|
||||
var T: Ticket;
|
||||
var Kir: SessionKey;
|
||||
@ -41,7 +39,7 @@ protocol yahalom(I,R,S)
|
||||
|
||||
role S
|
||||
{
|
||||
const Kir: SessionKey;
|
||||
fresh Kir: SessionKey;
|
||||
var Ni,Nr: Nonce;
|
||||
|
||||
read_2(R,S, R, {I,Ni,Nr}k(R,S) );
|
||||
@ -52,10 +50,3 @@ protocol yahalom(I,R,S)
|
||||
}
|
||||
}
|
||||
|
||||
const Alice,Bob,Simon : Agent;
|
||||
|
||||
const Eve: Agent;
|
||||
untrusted Eve;
|
||||
|
||||
compromised k(Eve,Simon);
|
||||
|
||||
|
32
gui/mpa.spdl
32
gui/mpa.spdl
@ -2,19 +2,13 @@
|
||||
* Needham-Schroeder-Lowe protocol
|
||||
*/
|
||||
|
||||
// PKI infrastructure
|
||||
|
||||
const pk: Function;
|
||||
secret sk: Function;
|
||||
inversekeys (pk,sk);
|
||||
|
||||
// The protocol description
|
||||
|
||||
protocol nsl3(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {ni,I}pk(R) );
|
||||
@ -30,7 +24,7 @@ protocol nsl3(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {ni,I}pk(R) );
|
||||
send_2(R,I, {ni,nr,R}pk(I) );
|
||||
@ -43,30 +37,18 @@ protocol nsl3(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
// An untrusted agent, with leaked information
|
||||
|
||||
const Eve: Agent;
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
||||
/*
|
||||
* Needham-Schroeder-Lowe protocol,
|
||||
* broken version (wrong role name in first message)
|
||||
*/
|
||||
|
||||
// PKI infrastructure
|
||||
|
||||
const pk: Function;
|
||||
secret sk: Function;
|
||||
inversekeys (pk,sk);
|
||||
|
||||
// The protocol description
|
||||
|
||||
protocol nsl3-broken(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {ni,R}pk(R) );
|
||||
@ -82,7 +64,7 @@ protocol nsl3-broken(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {ni,R}pk(R) );
|
||||
send_2(R,I, {ni,nr,R}pk(I) );
|
||||
@ -95,9 +77,3 @@ protocol nsl3-broken(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
// An untrusted agent, with leaked information
|
||||
|
||||
const Eve: Agent;
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -8,7 +8,7 @@ protocol ns3(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {ni,I}pk(R) );
|
||||
@ -24,7 +24,7 @@ protocol ns3(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {ni,I}pk(R) );
|
||||
send_2(R,I, {ni,nr}pk(I) );
|
||||
|
@ -3,19 +3,13 @@
|
||||
* broken version (wrong role name in first message)
|
||||
*/
|
||||
|
||||
// PKI infrastructure
|
||||
|
||||
const pk: Function;
|
||||
secret sk: Function;
|
||||
inversekeys (pk,sk);
|
||||
|
||||
// The protocol description
|
||||
|
||||
protocol nsl3-broken(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {ni,R}pk(R) );
|
||||
@ -31,7 +25,7 @@ protocol nsl3-broken(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {ni,R}pk(R) );
|
||||
send_2(R,I, {ni,nr,R}pk(I) );
|
||||
@ -44,9 +38,3 @@ protocol nsl3-broken(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
// An untrusted agent, with leaked information
|
||||
|
||||
const Eve: Agent;
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
@ -2,19 +2,13 @@
|
||||
* Needham-Schroeder-Lowe protocol
|
||||
*/
|
||||
|
||||
// PKI infrastructure
|
||||
|
||||
const pk: Function;
|
||||
secret sk: Function;
|
||||
inversekeys (pk,sk);
|
||||
|
||||
// The protocol description
|
||||
|
||||
protocol nsl3(I,R)
|
||||
{
|
||||
role I
|
||||
{
|
||||
const ni: Nonce;
|
||||
fresh ni: Nonce;
|
||||
var nr: Nonce;
|
||||
|
||||
send_1(I,R, {ni,I}pk(R) );
|
||||
@ -30,7 +24,7 @@ protocol nsl3(I,R)
|
||||
role R
|
||||
{
|
||||
var ni: Nonce;
|
||||
const nr: Nonce;
|
||||
fresh nr: Nonce;
|
||||
|
||||
read_1(I,R, {ni,I}pk(R) );
|
||||
send_2(R,I, {ni,nr,R}pk(I) );
|
||||
@ -43,9 +37,3 @@ protocol nsl3(I,R)
|
||||
}
|
||||
}
|
||||
|
||||
// An untrusted agent, with leaked information
|
||||
|
||||
const Eve: Agent;
|
||||
untrusted Eve;
|
||||
compromised sk(Eve);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user