Previously, if a local (non-role) variable would have (implicit) agent type,
it would be assigned a concrete term before the roles. This would lead to
non-optimal choices, since we care more about the role instantiations than about other variables.
However, when making traces concrete, we use the run's 'locals' list. Because of
the way this is constructed (in reverse), non-role variables precede the role variables.
We therefore choose to traverse the list in reverse.
When an attack pattern is displayed, Scyther instantiates open variables with concrete names.
This is often more intuitive for humans.
In the case of instantiating role names, we often ended up assigning Alice to the B role and
Bob to the A role. This patch provides a more clever heuristic to find agent names
that start with the same letter as the role (variable) name. In case this fails, we
still try to map Alice to roles starting with 'I' and Bob to 'R', and otherwise we just pick something.
Also added "Simon" and "Pete" to cover some common role names.
Conflicts:
src/arachne.c
The option parser wrapper allocated memory in an incorrect way, which
could lead to problems especially with --xml-output, since it would
access the memory at a later point in the execution. This could then
propagate to GUI problems, since the GUI uses the --xml-output switch.
Rewrote the code to be more readable and less incorrect.
This patch addresses two 64-bit platform compilation issues:
- Force 32-bit mode for gcc using '-m32'
- Recent library modifications broke the 32-bit compilation on 64-bit machines: updated
'compile.txt' to include the need for the 'gcc-multilib' package.
Changes:
1. Reverted restricted use of 'hashfunction': 'function' can now be used as an alternative (but they are identical).
2. Functions can be specified to be secret, as we had before.
Together with the newer 'inversekeyfunctions' declaration, this allows for the clean definition of alternative key infrastructures.
Example usage:
secret function sk2;
function pk2;
inversekeyfunctions (sk2,pk2);
Conflicts:
src/compiler.c
Previously, weak agreement and aliveness claims would enforce a requirement for all agents in the range
of the rho of the claim run.
For some three-party protocols this was stronger than needed. We now allow an
optional role name parameter for these claims; if such a parameter is used, the claim
is only evaluated for the agents performing that role.
En passant fixed a potential bug: aliveness and weak agreement require a run for each
agent, but previously we didn't check if these were helper protocols. Clearly they
should not be.
The fix requires a significant reworking of the function handling. This
is a first attempt.
Conflicts:
src/knowledge.c
src/knowledge.h
Regression test suggests that the Hashfunction fix works.
There is now a script
src/regression-tests/regression-test.py
that should in the future be the default for running regression tests
instead of the ad-hoc approach we are currently using. The goal is to
ultimately have more reliable and consistent regression testing.
The script takes as input "tests.txt" and tries to perform tests from
that. This is effectively a collection of inputs to the scyther-linux
binary. The results are writting to the 'results' directory, as
test-X.out and test-X.err, where those correspond to stdout and stderr,
respectively. Additionally, a measurement of wall-clock time in seconds
is written to test-X.time.
For now, we are using the timer to ensure all tests terminate. It would
be nicer to use a less environment-dependent way of enforcing
termination.
The use of 'strndup' in scanner.l caused problems for non-gnu modes of gcc, which
was being invoked for the mingw32 compilation. Replaced now by the more portable
strncpy + malloc version.
By specifying:
option "--X=Y";
in the Scyther input file, command-line options can be directly integrated.
For example, one can specify:
option "--one-role-per-agent";
The mechanism with the next pointers for tac's was working fine as long as all
tac's were unique by construction. The macro mechanism made it possible for
the same tac to occur twice in the tree. This could lead to an infinite loop.
Now we make explicit copies of the top-level tac. This should fix the problem
caused by the tuple parsing.
A more fundamental solution is to make a deep copy of the substituted terms.
It is now possible to declare syntactic macros at the global level.
macro ID = TERM;
After this definition, every occurrence of ID will be replaced by TERM.
For example, this can be used to avoid duplicating message definitions
among roles:
macro M1 = { nI, I}pk(R) ;
protocol X(I,R) {
role I {
send (I,R, M1);
}
role R {
recv (I,R, M1);
}
}
There is a new event:
not match(t1,t2)
where t1,t2 are terms.
They are implemented by using a special claim that simply stores the
intended inequality. The pruning theorems (prune_theorems.c) ensure that
these terms never become equal. If there are equal, the constraint is
violated. As long as they are not equal, there exists a solution using
groung terms such that their instantiation is not equal.
Currently not very efficient implemented and the graph out output is
also ugly for now.
Conflicts:
gui/Scyther/Trace.py
src/compiler.c
src/scanner.l
Introduced a new event:
match(pattern,groundterm)
This event can only be executed if pattern can be matched to groundterm.
Variable substitutions are persistent with respect to later events in
the same role.
Currently implemented as syntactic sugar, essentially unfolded in role R to:
fresh x;
send ( R,R, { groundterm }x );
recv ( R,R, { pattern }x );
This work is not complete yet in the send that the output still contains
the unfolding. Ideally, the graph rendered detects this syntactic sugar
and renders a simplified event. This should be possible on the basis of
the label name prefix.
Conflicts:
src/compiler.c
src/parser.y
src/scanner.l
src/tac.h
After we merged some concepts from the compromise branch, we forgot to add
for the hardcoded PKI that the adversary also should have access to (some) symmetric
keys.
This is not a full copy from the compromise branch. In particular,
some counts (in arachne.c) are missing, as well as the modified dot output (dotout.c).
The automatic mechanism to assign labels to claims was dependent on the
context. In practice, a claim could get a different label when analyzed in
isolation compared to when analyzed in parallel with some other protocols. This
caused problems for the multi-protocol analysis.
There are two new claims:
claim(X,Commit,t) : check for agreement on data
claim(X,Running,t) : signaling claim
The property checked is that each claim Commit needs to be preceded by a Running
with an identical term t.
Cherry-picked from commit 99a6be00e9d3d219ec73665607e8a3a7d65d04d1