andr3/scyther
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Scanned protocols for new obligatory check.

Browse Source
This commit is contained in:
ccremers 2007-01-29 15:05:15 +00:00
parent 9ca722e3cc
commit cf84e83f9f
39 changed files with 102 additions and 250 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
gui/Scyther/Bin/scyther-linux
View File

Binary file not shown.

BIN
gui/Scyther/Bin/scyther-w32.exe
View File

Binary file not shown.

8
spdl/SPORE/andrew-ban-concrete.spdl
View File

@ -28,8 +28,8 @@ protocol @swapkey(X)
{
var I,R: Agent;
var T:Ticket;
read_X1(X,X,I,R,{T}k(I,R));
send_X2(X,X,{T}k(R,I));
read_!X1(X,X,I,R,{T}k(I,R));
send_!X2(X,X,{T}k(R,I));
}
}
@ -42,8 +42,8 @@ protocol andrew-Concrete^KeyCompromise(C)
const kir: SessionKey;
var I,R: Agent;
read_C1(C,C, I,R);
send_C2(C,C, (I,ni),
read_!C1(C,C, I,R);
send_!C2(C,C, (I,ni),
{ni,kir}k(I,R),
{ni}kir,
nr,

4
spdl/SPORE/andrew-ban.spdl
View File

@ -25,8 +25,8 @@ protocol andrew-Ban^KeyCompromise(C)
const kir: SessionKey;
var I,R: Agent;
read_C1(C,C, I,R);
send_C2(C,C, (I,{ni}k(I,R)),
read_!C1(C,C, I,R);
send_!C2(C,C, (I,{ni}k(I,R)),
{ni,nr}k(I,R),
{nr}k(I,R),
{kir,nr2,ni}k(I,R),

4
spdl/SPORE/andrew-lowe-ban.spdl
View File

@ -32,8 +32,8 @@ protocol andrew-LoweBan^KeyCompromise(C)
const kir: SessionKey;
var I,R: Agent;
read_C1(C,C, I,R);
send_C2(C,C, (I,ni),
read_!C1(C,C, I,R);
send_!C2(C,C, (I,ni),
{ni,kir,R}k(I,R),
{ni}kir,
nr,

4
spdl/SPORE/andrew.spdl
View File

@ -24,8 +24,8 @@ protocol andrew^KeyCompromise(C)
const kir: SessionKey;
var I,R: Agent;
read_C1(C,C, I,R);
send_C2(C,C, (I,{ni}k(I,R)),
read_!C1(C,C, I,R);
send_!C2(C,C, (I,{ni}k(I,R)),
{succ(ni),nr}k(I,R),
{succ(nr)}k(I,R),
{kir,nr2}k(I,R),

4
spdl/SPORE/denning-sacco-lowe.spdl
View File

@ -27,8 +27,8 @@ protocol denningSacco-Lowe^KeyCompromise(C)
const T: ExpiredTimeStamp;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, (I,R),
read_!C1(C,C, I,R,S);
send_!C2(C,C, (I,R),
{R,Kir,T,{Kir,I,T}k(R,S)}k(I,S),
{Kir,I,T}k(R,S),
{Nr}Kir,

4
spdl/SPORE/denning-sacco.spdl
View File

@ -22,8 +22,8 @@ protocol denningSacco^KeyCompromise(C)
const T: ExpiredTimeStamp;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, (I,R),
read_!C1(C,C, I,R,S);
send_!C2(C,C, (I,R),
{R,Kir,T,{Kir,I,T}k(R,S)}k(I,S),
{Kir,I,T}k(R,S),
Kir

4
spdl/SPORE/kaochow-v2.spdl
View File

@ -18,8 +18,8 @@ protocol kaochow-2^KeyCompromise(C)
const Kir,Kt: SessionKey;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, (I,R,Ni),
read_!C1(C,C, I,R,S);
send_!C2(C,C, (I,R,Ni),
{I,R,Ni,Kir,Kt}k(I,S),
{I,R,Ni,Kir,Kt}k(R,S),
R, Nr,

4
spdl/SPORE/kaochow-v3.spdl
View File

@ -21,8 +21,8 @@ protocol kaochow-3^KeyCompromise(C)
const T2: ExpiredTimeStamp;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, (I,R,Ni),
read_!C1(C,C, I,R,S);
send_!C2(C,C, (I,R,Ni),
{I,R,Ni,Kir,Kt}k(I,S),
{I,R,Ni,Kir,Kt}k(R,S),
{Ni,Kir}Kt,

4
spdl/SPORE/kaochow.spdl
View File

@ -18,8 +18,8 @@ protocol kaochow^KeyCompromise(C)
const Kir: SessionKey;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, (I,R,Ni),
read_!C1(C,C, I,R,S);
send_!C2(C,C, (I,R,Ni),
{I,R,Ni,Kir}k(I,S),
{I,R,Ni,Kir}k(R,S),
{Ni}Kir, Nr,

4
spdl/SPORE/key-compromise/needham-schroeder-sk.spdl
View File

@ -27,8 +27,8 @@ protocol needhamschroederSessionKeyCompromise(C)
const Kir: SessionKey;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, (I,R,Ni),
read_!C1(C,C, I,R,S);
send_!C2(C,C, (I,R,Ni),
{Ni,R,Kir,{Kir,I}k(R,S)}k(I,S),
{Kir,I}k(R,S),
{Nr}Kir,

4
spdl/SPORE/ksl-lowe.spdl
View File

@ -33,8 +33,8 @@ protocol ksl-Lowe^KeyCompromise(C)
const Tr: ExpiredTimeStamp;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, (Ni,I),
read_!C1(C,C, I,R,S);
send_!C2(C,C, (Ni,I),
(Ni,I,Nr,R),
{I,Nr,Kir}k(R,S),{Ni,R,Kir}k(I,S),
{Tr,I,Kir}Kbb,Nc,{R,Ni}k(I,R),

4
spdl/SPORE/needham-schroeder-sk-amend.spdl
View File

@ -27,8 +27,8 @@ protocol needhamschroedersk-amend^KeyCompromise(C)
const Kir: SessionKey;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, I,
read_!C1(C,C, I,R,S);
send_!C2(C,C, I,
{I,Nr}k(R,S),
I,R,Ni,{I,Nr}k(R,S),
{Ni,R,Kir,{Kir,Nr,I}k(R,S)}k(I,S),

4
spdl/SPORE/needham-schroeder-sk.spdl
View File

@ -23,8 +23,8 @@ protocol needhamschroedersk^KeyCompromise(C)
const Kir: SessionKey;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, (I,R,Ni),
read_!C1(C,C, I,R,S);
send_!C2(C,C, (I,R,Ni),
{Ni,R,Kir,{Kir,I}k(R,S)}k(I,S),
{Kir,I}k(R,S),
{Nr}Kir,

4
spdl/SPORE/neumannstub-hwang.spdl
View File

@ -32,8 +32,8 @@ protocol neustub-Hwang^KeyCompromise(C)
const Tr: ExpiredTimeStamp;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, I,Ni,
read_!C1(C,C, I,R,S);
send_!C2(C,C, I,Ni,
R,{I,Ni,Tr,Nr}k(R,S),
{R,Ni,Kir,Tr}k(I,S),
{I,Kir,Tr}k(R,S), Nr,

4
spdl/SPORE/neumannstub-keycompromise.spdl
View File

@ -31,8 +31,8 @@ protocol neustub^KeyCompromise(C)
const Tr: ExpiredTimeStamp;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, I,Ni,
read_!C1(C,C, I,R,S);
send_!C2(C,C, I,Ni,
R,{I,Ni,Tr}k(R,S),Nr,
{R,Ni,Kir,Tr}k(I,S),
{I,Kir,Tr}k(R,S), Nr,

4
spdl/SPORE/otwayrees.spdl
View File

@ -21,8 +21,8 @@ protocol otwayRees^KeyCompromise(C)
const Kir: SessionKey;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, M,I,R,{Ni,M,I,R}k(I,S),
read_!C1(C,C, I,R,S);
send_!C2(C,C, M,I,R,{Ni,M,I,R}k(I,S),
{Nr,M,I,R}k(R,S),
{Ni,Kir}k(I,S), {Nr,Kir}k(R,S),
Kir

4
spdl/SPORE/tmn.spdl
View File

@ -23,8 +23,8 @@ protocol tmn^KeyCompromise(C)
const Kr,Ki: SessionKey;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, R,{Ki}pk(S),
read_!C1(C,C, I,R,S);
send_!C2(C,C, R,{Ki}pk(S),
I, {Kr}pk(S),
{Kr}Ki,
Kr

4
spdl/SPORE/wmf-lowe.spdl
View File

@ -29,8 +29,8 @@ protocol wmf-Lowe^KeyCompromise(C)
const Ti,Ts: ExpiredTimeStamp;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, I, {I,Ti,R,Kir}k(I,S),
read_!C1(C,C, I,R,S);
send_!C2(C,C, I, {I,Ti,R,Kir}k(I,S),
{S,Ts,I,Kir}k(R,S),
{R,Nr}Kir,
{I,{Nr}succ}Kir,

4
spdl/SPORE/wmf.spdl
View File

@ -26,8 +26,8 @@ protocol wmf^KeyCompromise(C)
const Ti,Ts: ExpiredTimeStamp;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, I, {I,Ti,R,Kir}k(I,S),
read_!C1(C,C, I,R,S);
send_!C2(C,C, I, {I,Ti,R,Kir}k(I,S),
{S,Ts,I,Kir}k(R,S),
Kir
);

4
spdl/SPORE/woo-lam.spdl
View File

@ -20,8 +20,8 @@ protocol woolam^KeyCompromise(C)
const Kir: SessionKey;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, I,N1,
read_!C1(C,C, I,R,S);
send_!C2(C,C, I,N1,
R,N2,
{I,R,N1,N2}k(I,S),
{I,R,N1,N2}k(R,S),

4
spdl/SPORE/yahalom-ban.spdl
View File

@ -19,8 +19,8 @@ protocol yahalom-BAN^KeyCompromise(C)
const Kir: SessionKey;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, I,Ni,
read_!C1(C,C, I,R,S);
send_!C2(C,C, I,Ni,
R,Nr,{I,Ni}k(R,S),
Nr,{R,Kir,Ni}k(I,S),
{I,Kir,Nr}k(R,S),

40
spdl/SPORE/yahalom-paulson.spdl
View File

@ -11,26 +11,26 @@ const Compromised: Function;
usertype SessionKey;
protocol yahalom-Paulson^KeyCompromise(C)
{
// Read the names of 3 agents and disclose a session between them including
// corresponding session key to simulate key compromise
role C {
const Ni,Nr: Nonce;
const Kir: SessionKey;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, I,Ni,
R,Nr,{I,Ni}k(R,S),
Nr,{R,Kir,Ni}k(I,S),
{I,R,Kir,Nr}k(R,S),
{Nr}Kir,
Kir
);
claim_C3(C,Empty, (Compromised,Kir));
}
}
//protocol yahalom-Paulson^KeyCompromise(C)
//{
// // Read the names of 3 agents and disclose a session between them including
// // corresponding session key to simulate key compromise
// role C {
// const Ni,Nr: Nonce;
// const Kir: SessionKey;
// var I,R,S: Agent;
//
// read_!C1(C,C, I,R,S);
// send_!C2(C,C, I,Ni,
// R,Nr,{I,Ni}k(R,S),
// Nr,{R,Kir,Ni}k(I,S),
// {I,R,Kir,Nr}k(R,S),
// {Nr}Kir,
// Kir
// );
// claim_C3(C,Empty, (Compromised,Kir));
// }
//}
protocol yahalom-Paulson(I,R,S)

4
spdl/SPORE/yahalom.spdl
View File

@ -20,8 +20,8 @@ protocol yahalom^KeyCompromise(C)
const Kir: SessionKey;
var I,R,S: Agent;
read_C1(C,C, I,R,S);
send_C2(C,C, I,Ni,
read_!C1(C,C, I,R,S);
send_!C2(C,C, I,Ni,
R,{I,Ni,Nr}k(R,S),
{R,Kir,Ni,Nr}k(I,S),
{I,Kir}k(R,S),

2
spdl/misc/bkepk-ce2.spdl
View File

@ -40,7 +40,7 @@ protocol bkepkCE2(A,B,testnonce)
{
var n: Nonce;
read_4 (testnonce,testnonce, n);
read_!4 (testnonce,testnonce, n);
}
}

4
spdl/misc/bunava-1-3.spdl
View File

@ -20,8 +20,8 @@ protocol intruderhelp(Swap)
var T: Ticket;
var R0,R1: Agent;
read_1(Swap,Swap, { T }k(R0,R1) );
send_2(Swap,Swap, { T }k(R1,R0) );
read_!1(Swap,Swap, { T }k(R0,R1) );
send_!2(Swap,Swap, { T }k(R1,R0) );
}
}

4
spdl/misc/bunava-1-4.spdl
View File

@ -21,8 +21,8 @@ protocol intruderhelp(Swap)
var T: Ticket;
var A,B: Agent;
read_1(Swap,Swap, { T }k(A,B) );
send_2(Swap,Swap, { T }k(B,A) );
read_!1(Swap,Swap, { T }k(A,B) );
send_!2(Swap,Swap, { T }k(B,A) );
}
}

4
spdl/misc/bunava-2-3.spdl
View File

@ -16,8 +16,8 @@ protocol intruderhelp(Swap)
var T: Ticket;
var R0,R1: Agent;
read_1(Swap,Swap, { T }k(R0,R1) );
send_2(Swap,Swap, { T }k(R1,R0) );
read_!1(Swap,Swap, { T }k(R0,R1) );
send_!2(Swap,Swap, { T }k(R1,R0) );
}
}

16
spdl/misc/f4.spdl
View File

@ -19,17 +19,17 @@ protocol f4(I,R)
{
var nr: Nonce;
read_1(R,I, nr );
send_2(I,R, { nr }sk(I) );
read_3(R,I, {{{{ nr }sk(R)}sk(R)}sk(R)}sk(R) );
read_!1(R,I, nr );
send_!2(I,R, { nr }sk(I) );
read_!3(R,I, {{{{ nr }sk(R)}sk(R)}sk(R)}sk(R) );
claim_i1(I,Niagree);
claim_i1(I,Reachable);
}
role R
{
const nr: Nonce;
send_1(R,I, nr );
send_!1(R,I, nr );
}
}
@ -40,9 +40,3 @@ untrusted Eve;
const ne: Nonce;
compromised sk(Eve);
run f4.I(Agent,Agent);
run f4.I(Agent,Agent);
run f4.I(Agent,Agent);
run f4.I(Agent,Agent);
run f4.I(Agent,Agent);
run f4.I(Agent,Agent);

18
spdl/misc/f5.spdl
View File

@ -13,23 +13,23 @@ const pk: Function;
secret sk: Function;
inversekeys (pk,sk);
protocol f4(I,R)
protocol f5(I,R)
{
role I
{
var nr: Nonce;
read_1(R,I, nr );
send_2(I,R, { nr }sk(I) );
read_3(R,I, {{{{{ nr }sk(R)}sk(R)}sk(R)}sk(R)}sk(R) );
read_!1(R,I, nr );
send_!2(I,R, { nr }sk(I) );
read_!3(R,I, {{{{{ nr }sk(R)}sk(R)}sk(R)}sk(R)}sk(R) );
claim_i1(I,Niagree);
claim_i1(I,Reachable);
}
role R
{
const nr: Nonce;
send_1(R,I, nr );
send_!1(R,I, nr );
}
}
@ -40,9 +40,3 @@ untrusted Eve;
const ne: Nonce;
compromised sk(Eve);
run f4.I(Agent,Agent);
run f4.I(Agent,Agent);
run f4.I(Agent,Agent);
run f4.I(Agent,Agent);
run f4.I(Agent,Agent);
run f4.I(Agent,Agent);

16
spdl/misc/five-run-bound.spdl
View File

@ -10,10 +10,10 @@ protocol r5bound(I,R)
var ni: Nonce;
const k2: Nonce;
read_1 (I,R, ni );
send_2 (R,I, { ni }sk(R) );
read_3 (I,R, {{{ {k1}pk(R) }sk(I)}sk(I)}sk(I) );
send_4 (R,I, {k2}k1 );
read_!1 (I,R, ni );
send_!2 (R,I, { ni }sk(R) );
read_!3 (I,R, {{{ {k1}pk(R) }sk(I)}sk(I)}sk(I) );
send_!4 (R,I, {k2}k1 );
claim_6 (R, Secret, k2);
}
@ -22,11 +22,3 @@ protocol r5bound(I,R)
const Alice, Bob: Agent;
const ne: Nonce;
run r5bound.R(Agent);
run r5bound.R(Agent);
run r5bound.R(Agent);
run r5bound.R(Agent);
run r5bound.R(Agent);
run r5bound.R(Agent);

26
spdl/misc/nsl7.spdl
View File

@ -1,26 +0,0 @@
const pk: Function;
secret sk: Function;
inversekeys (pk,sk);
protocol nsl7(I,R)
{
role R
{
var ni;
const nr;
read_1(I,R, {I,ni}pk(R) );
send_2(R,I, {ni,nr,R}pk(I) );
read_3(I,R, {nr}pk(R) );
claim_4(R,Secret,ni);
claim_5(R,Secret,nr);
}
}
const Alice,Bob,Eve;
const ne;
untrusted Eve;
compromised sk(Eve);
run nsl7.R(Agent,Agent);
run nsl7.R(Agent,Agent);

18
spdl/misc/onetrace.spdl
View File

@ -9,22 +9,10 @@ protocol onetrace(I)
{
var input: String;
read_1(I,I, input);
send_2(I,I, Hallo);
read_3(I,I, input);
read_!1(I,I, input);
send_!2(I,I, Hallo);
read_!3(I,I, input);
claim_4(I, Secret, input);
}
}
run onetrace.I(Alice);
run onetrace.I(Alice);
run onetrace.I(Alice);
run onetrace.I(Alice);
run onetrace.I(Alice);
run onetrace.I(Alice);
run onetrace.I(Alice);
run onetrace.I(Alice);
run onetrace.I(Alice);
run onetrace.I(Alice);

10
spdl/misc/samasc-broken.spdl
View File

@ -16,14 +16,14 @@ protocol samascbroken(I,R)
const nr: Nonce;
var kir: Key;
read_1a (I,R, { kir,I }pk(R) );
send_1b (R,I, {nr,R}pk(I) );
read_!1a (I,R, { kir,I }pk(R) );
send_!1b (R,I, {nr,R}pk(I) );
/* Commenting out these two lines yields an attack: */
read_2a (I,R, { nr }kir );
send_2b (R,I, { I,R,nr }kir );
read_!2a (I,R, { nr }kir );
send_!2b (R,I, { I,R,nr }kir );
read_3 (I,R, { I,R }kir );
read_!3 (I,R, { I,R }kir );
claim_4 (R, Secret, kir );
}

6
spdl/misc/simplest.spdl
View File

@ -10,11 +10,9 @@ protocol simplest(I)
var x: Nonce;
const n: Nonce;
read_1(I,I, x);
send_2(I,I, n, {n, x}k );
read_!1(I,I, x);
send_!2(I,I, n, {n, x}k );
claim_3(I, Secret, n);
}
}
run simplest.I(Alice);
run simplest.I(Alice);

38
spdl/misc/woolam-ce.spdl
View File

@ -1,38 +0,0 @@
usertype Server, SessionKey, Token, SymmetricKey;
secret k: Function;
const Alice, Bob, Charlie, Eve: Agent;
const Simon: Server;
/* give the intruder something to work with */
const ne: Nonce;
const ke: SessionKey;
untrusted Eve;
compromised k(Eve,Simon);
const authToken: Token;
protocol woolamce(A,B,S)
{
role B
{
var Na: Nonce;
const Nb: Nonce;
var Kab: SessionKey;
var Kas : SymmetricKey;
read_1(A,B, A,Na);
send_2(B,A, B,Nb);
read_3(A,B, { A,(B,(Na,Nb)) }Kas );
send_4(B,S, { A,(B,(Na,Nb)) }Kas, { A,(B,(Na,Nb)) }k(B,S) );
read_5(S,B, { B,(Na,(Nb,Kab)) }Kas, { A,(Na,(Nb,Kab)) }k(B,S) );
send_6(B,A, { B,(Na,(Nb,Kab)) }Kas, { Na,Nb }Kab );
read_7(A,B, { Nb }Kab );
claim_8(B,Secret,authToken);
}
}
run woolamce.B(Agent,Agent,Simon);
run woolamce.B(Agent,Agent,Simon);

54
spdl/misc/yahalom.spdl
View File

@ -1,54 +0,0 @@
// Yahalom protocol
const a,b,s : Agent;
secret k : Function;
usertype Nonce, Ticket, SessionKey;
protocol yahalom(A,B,S)
{
role A
{
const na: Nonce;
var nb: Nonce;
var ticket: Ticket;
var kab: SessionKey;
send_1(A,B, A,na);
read_3(S,A, nb, {B,kab,na,nb}k(A,S), ticket );
send_4(A,B, ticket, {nb}kab );
claim_5(A, Secret,kab);
}
role B
{
const nb: Nonce;
var na: Nonce;
var ticket: Ticket;
var kab: SessionKey;
read_1(A,B, A,na);
send_2(B,S, B,nb, {A,na,nb}k(B,S) );
read_4(A,B, {A,kab}k(B,S) , {nb}kab );
claim_6(B, Secret,kab);
}
role S
{
const kab: SessionKey;
var na,nb: Nonce;
read_2(B,S, B,nb, {A,na}k(B,S) );
send_3(S,A, nb, {B,kab,na,nb}k(A,S), {A,kab}k(B,S) );
}
}
run yahalom.A(Agent,Agent,s);
run yahalom.A(Agent,Agent,s);
run yahalom.B(Agent,Agent,s);
run yahalom.B(Agent,Agent,s);
run yahalom.S(Agent,Agent,s);

4
src/compiler.c
View File

@ -2008,6 +2008,7 @@ checkLabelMatchThis (const System sys, const Protocol p, const Role readrole,
*/
if (found == 0)
{
globalError++;
eprintf ("error: for the read event ");
roledefPrint (readevent);
eprintf (" of protocol ");
@ -2015,6 +2016,7 @@ checkLabelMatchThis (const System sys, const Protocol p, const Role readrole,
eprintf
(" there is no corresponding send event (with the same label and matching content). Start the label name with '!' if this is intentional.\n");
error_die ();
globalError--;
}
}
@ -2048,10 +2050,12 @@ checkLabelMatchProtocol (const System sys, const Protocol p)
}
else
{
globalError++;
eprintf ("error: cannot determine label information for ");
roledefPrint (rd);
eprintf ("\n");
error_die ();
globalError--;
}
}
rd = rd->next;