- Added feature for multi-party protocols (weaker precondition on Reachable)

This commit is contained in:
ccremers 2007-01-16 17:22:51 +00:00
parent a8cf31973b
commit eaa6ef1345
8 changed files with 124 additions and 80 deletions

View File

@ -6,6 +6,11 @@ Scyther 1.0-beta6
* Added Mac support (added universal binary)
* Fixed bug in scripting backend (e.g. with mpa.py)
* Added claim parameter for Reachable claim; Reachable,R means
that role R should be trusted (as well as the actor), but not
any other claim. This can be useful for showing stronger
authentication properties of protocols with more than two
parties.
Scyther 1.0-beta5

Binary file not shown.

View File

@ -707,6 +707,29 @@ arachne_claim_nisynch (const System sys, const int claim_run,
return arachne_claim_authentications (sys, claim_run, claim_index, 1);
}
//! Are all agents trusted of the claim run (as required by the property?)
int
pruneClaimRunTrusted (const System sys)
{
if (sys->trustedRoles == NULL)
{
// all agents need to be trusted
if (!isRunTrusted (sys, 0))
{
return true;
}
}
else
{
// a subset is trusted
if (!isAgentlistTrusted (sys, sys->trustedRoles))
{
return true;
}
}
return false;
}
//! Prune determination for specific properties
/**
* Sometimes, a property holds in part of the tree. Thus, we don't need to explore that part further if we want to find an attack.
@ -716,6 +739,19 @@ arachne_claim_nisynch (const System sys, const int claim_run,
int
prune_claim_specifics (const System sys)
{
// generic status of (all) roles trusted or not
if (pruneClaimRunTrusted (sys))
{
if (switches.output == PROOF)
{
indentPrint ();
eprintf
("Pruned because all agents of the claim run must be trusted.\n");
}
return true;
}
// specific claims
if (sys->current_claim->type == CLAIM_Niagree)
{
if (arachne_claim_niagree (sys, 0, sys->current_claim->ev))
@ -757,6 +793,10 @@ add_claim_specifics (const System sys, const Claimlist cl, const Roledef rd,
/*
* different cases
*/
// per default, all agents are trusted
sys->trustedRoles = NULL;
if (cl->type == CLAIM_Secret)
{
int newgoals;
@ -791,6 +831,8 @@ add_claim_specifics (const System sys, const Claimlist cl, const Roledef rd,
if (cl->type == CLAIM_Reachable)
{
int flag;
if (switches.check)
{
// For reachability claims in check mode, we restrict the number of runs to the number of roles of this protocol
@ -801,7 +843,28 @@ add_claim_specifics (const System sys, const Claimlist cl, const Roledef rd,
rolecount = termlistLength (protocol->rolenames);
switches.runs = rolecount;
}
return callback ();
if (rd->message != NULL)
{
sys->trustedRoles = tuple_to_termlist (rd->message);
#ifdef DEBUG
if (DEBUGL (2))
{
eprintf ("Trusted roles : ");
termlistPrint (sys->trustedRoles);
eprintf ("\n");
}
#endif
}
flag = callback ();
if (rd->message != NULL)
{
termlistDelete (sys->trustedRoles);
sys->trustedRoles = NULL;
}
return flag;
}
return callback ();

View File

@ -998,22 +998,7 @@ runInstanceCreate (Tac tc)
roleInstance (sys, p, r, instParams, NULL); // technically, we don't need to do this for Arachne [fix later]
/* after creation analysis */
/* AC1: untrusted agents */
/* first: determine whether the run is untrusted,
* by checking whether one of the untrusted agents occurs
* in the run instance */
if (!isAgentlistTrusted (sys, instParams))
{
/* nothing yet */
/* claims handle this themselves */
/* some reduction might be possible, by cutting of the last few actions
* of such an untrusted run */
/* but most of it might be handled dynamically */
}
/* AC2: originator assumption for CLP ? */
/* originator assumption for CLP ? */
/* TODO */
}

View File

@ -246,18 +246,6 @@ prune_theorems (const System sys)
return true;
}
// Check if all agents of the main run are valid
if (!isRunTrusted (sys, 0))
{
if (switches.output == PROOF)
{
indentPrint ();
eprintf
("Pruned because all agents of the claim run must be trusted.\n");
}
return true;
}
// Check if the actors of all other runs are not untrusted
if (sys->untrusted != NULL)
{

View File

@ -74,9 +74,11 @@ systemInit ()
sys->knowledgedefined = false; // currently, we have backwards compatibility for empty role knowledge defs (disabling well-formedness rules)
sys->attackid = 0; // First attack will have id 1, because the counter is increased before any attacks are displayed.
/* arachne assist */
bindingInit (sys);
sys->bindings = NULL;
sys->current_claim = NULL;
sys->trustedRoles = NULL;
/* reset global counters */
systemReset (sys);

View File

@ -150,6 +150,7 @@ struct system
/* Arachne assistance */
List bindings; //!< List of bindings
Claimlist current_claim; //!< The claim under current investigation
Termlist trustedRoles; //!< Roles that should be trusted for this claim (the default, NULL, means all)
};
typedef struct system *System;