When an attack pattern is displayed, Scyther instantiates open variables with concrete names.
This is often more intuitive for humans.
In the case of instantiating role names, we often ended up assigning Alice to the B role and
Bob to the A role. This patch provides a more clever heuristic to find agent names
that start with the same letter as the role (variable) name. In case this fails, we
still try to map Alice to roles starting with 'I' and Bob to 'R', and otherwise we just pick something.
Also added "Simon" and "Pete" to cover some common role names.
Conflicts:
src/arachne.c
The fix requires a significant reworking of the function handling. This
is a first attempt.
Conflicts:
src/knowledge.c
src/knowledge.h
Regression test suggests that the Hashfunction fix works.
There is a new event:
not match(t1,t2)
where t1,t2 are terms.
They are implemented by using a special claim that simply stores the
intended inequality. The pruning theorems (prune_theorems.c) ensure that
these terms never become equal. If there are equal, the constraint is
violated. As long as they are not equal, there exists a solution using
groung terms such that their instantiation is not equal.
Currently not very efficient implemented and the graph out output is
also ugly for now.
Conflicts:
gui/Scyther/Trace.py
src/compiler.c
src/scanner.l
Introduced a new event:
match(pattern,groundterm)
This event can only be executed if pattern can be matched to groundterm.
Variable substitutions are persistent with respect to later events in
the same role.
Currently implemented as syntactic sugar, essentially unfolded in role R to:
fresh x;
send ( R,R, { groundterm }x );
recv ( R,R, { pattern }x );
This work is not complete yet in the send that the output still contains
the unfolding. Ideally, the graph rendered detects this syntactic sugar
and renders a simplified event. This should be possible on the basis of
the label name prefix.
Conflicts:
src/compiler.c
src/parser.y
src/scanner.l
src/tac.h
After we merged some concepts from the compromise branch, we forgot to add
for the hardcoded PKI that the adversary also should have access to (some) symmetric
keys.
There are two new claims:
claim(X,Commit,t) : check for agreement on data
claim(X,Running,t) : signaling claim
The property checked is that each claim Commit needs to be preceded by a Running
with an identical term t.
Cherry-picked from commit 99a6be00e9d3d219ec73665607e8a3a7d65d04d1
- Added new switches:
-G,--generate-statespace
-C,--generate-claims
- Claims are now allowed to have no label (they will be generated
automatically)
- Output summary shows parameter of claims
- Internally, new symbols can now be generated by
symbolNextFree(prefixsymbol)
