Commit Graph

901 Commits

Author SHA1 Message Date
Cas Cremers
0d9c23c33b Reindent code for consistency. 2018-10-15 09:40:07 -04:00
Cas Cremers
369ae1e3f8 Refactoring another bit of code to avoid trampoline. 2018-10-14 22:11:25 +02:00
Cas Cremers
b56c66db0b Added some safety checks and a missing deVar to the code that localises terms. 2018-10-14 22:00:16 +02:00
Cas Cremers
69c0486376 Another removal of a nested function.
Note this one is relatively complex and error prone.
2018-10-14 21:46:55 +02:00
Cas Cremers
ec8ea5f95c Copied another iterator to remove a trampoline. 2018-10-14 20:51:19 +02:00
Cas Cremers
2ad030f919 Removed another nested function by duplicating iterator code. 2018-10-14 20:42:54 +02:00
Cas Cremers
7956eb5953 Removed a simple nested function. 2018-10-14 17:43:13 +02:00
Cas Cremers
08adc5b518 Removed a further nested function call. 2018-10-14 17:39:29 +02:00
Cas Cremers
2b4af1c290 Removed nested function in goal_add. 2018-10-14 17:29:15 +02:00
Cas Cremers
61beae203b Got rid of one nested function. 2018-10-14 17:19:05 +02:00
Cas Cremers
792eaab09c Enable warning to help locate the problem areas to fix. 2018-10-14 17:04:42 +02:00
Cas Cremers
457c68580f Added explicit flag for using gnu89 C standard. 2015-11-27 21:07:30 +00:00
Cas Cremers
6374683d17 Visualisation improvement: role variables get priority in assigning concrete values.
Previously, if a local (non-role) variable would have (implicit) agent type,
it would be assigned a concrete term before the roles. This would lead to
non-optimal choices, since we care more about the role instantiations than about other variables.

However, when making traces concrete, we use the run's 'locals' list. Because of
the way this is constructed (in reverse), non-role variables precede the role variables.
We therefore choose to traverse the list in reverse.
2014-07-06 21:31:20 +01:00
Cas Cremers
b0e5128e23 Attack output improvement: better choice of agent names.
When an attack pattern is displayed, Scyther instantiates open variables with concrete names.
This is often more intuitive for humans.

In the case of instantiating role names, we often ended up assigning Alice to the B role and
Bob to the A role. This patch provides a more clever heuristic to find agent names
that start with the same letter as the role (variable) name. In case this fails, we
still try to map Alice to roles starting with 'I' and Bob to 'R', and otherwise we just pick something.

Also added "Simon" and "Pete" to cover some common role names.

Conflicts:
	src/arachne.c
2014-06-30 17:06:23 +01:00
Cas Cremers
e966bc88dd BUGFIX: --one-role-per-agent switch had a bug that made it cut too many patterns. 2014-06-20 17:30:13 +01:00
Cas Cremers
f1f2f28f61 Rewriting option parser wrapper to ensure memory is not lost.
The option parser wrapper allocated memory in an incorrect way, which
could lead to problems especially with --xml-output, since it would
access the memory at a later point in the execution. This could then
propagate to GUI problems, since the GUI uses the --xml-output switch.
Rewrote the code to be more readable and less incorrect.
2014-06-10 14:37:40 +01:00
Cas Cremers
9cc323004c Cleanup: Refactoring XML output code to facilitate introduction of protocol xml output. 2014-04-15 22:12:43 +01:00
Cas Cremers
dc4432a18f Cleanup: Removing unused variables. 2014-04-15 22:12:12 +01:00
Cas Cremers
4fa48239a5 Cleanup: added missing header files. 2014-03-18 13:53:51 +00:00
Cas Cremers
7dcbec07a0 Cleanup: removing unused variables. 2014-03-18 13:53:33 +00:00
Cas Cremers
3df93c42e4 Bugfix: compilation was not working on recent 64-bit Ubuntu versions.
This patch addresses two 64-bit platform compilation issues:
- Force 32-bit mode for gcc using '-m32'
- Recent library modifications broke the 32-bit compilation on 64-bit machines: updated
  'compile.txt' to include the need for the 'gcc-multilib' package.
2014-02-18 10:53:24 +00:00
Cas Cremers
a20f3760e7 Updating URLs. 2013-12-23 13:11:48 +00:00
Cas Cremers
1a9d088aa8 Updated installation and compilation notes. 2013-12-11 16:48:20 +00:00
Cas Cremers
d06247fcfe Updating time stamps for next release. 2013-10-05 23:56:12 +01:00
Cas Cremers
4e78a1d3fa Removing obsolete file. 2013-10-05 23:49:13 +01:00
Cas Cremers
6134b46557 Backend DOT graph generation: Removing redundant ';' which seems to confuse more recent versions of Graphviz (>2.26) 2013-06-19 23:03:36 +02:00
Cas Cremers
45d5cb0a3a Cleanup: Cleanup of some spacing, conform coding conventions.
This is simply the result from running reindent.sh again.
2013-06-19 23:03:26 +02:00
Cas Cremers
c6280d745e Backend DOT graph generation: Removing debugging reporting of 'cost' in attack graphs.
This was confusing to casual users.
2013-06-19 23:02:58 +02:00
Cas Cremers
fe25a53232 Regression-fix: Reintroduced option for alternative PKI.
Changes:

1. Reverted restricted use of 'hashfunction': 'function' can now be used as an alternative (but they are identical).
2. Functions can be specified to be secret, as we had before.

Together with the newer 'inversekeyfunctions' declaration, this allows for the clean definition of alternative key infrastructures.

Example usage:

  secret function sk2;
  function pk2;
  inversekeyfunctions (sk2,pk2);

Conflicts:
	src/compiler.c
2013-05-24 11:27:14 +02:00
Cas Cremers
5c2eded8f9 Weakagree and Alive claims now also allow for a role parameter + BUGFIX.
Previously, weak agreement and aliveness claims would enforce a requirement for all agents in the range
of the rho of the claim run.

For some three-party protocols this was stronger than needed. We now allow an
optional role name parameter for these claims; if such a parameter is used, the claim
is only evaluated for the agents performing that role.

En passant fixed a potential bug: aliveness and weak agreement require a run for each
agent, but previously we didn't check if these were helper protocols. Clearly they
should not be.
2013-05-24 11:27:14 +02:00
Cas Cremers
7658644295 Rati Gelashvili reported a rare but annoying bug in the hash function handling.
The fix requires a significant reworking of the function handling. This
is a first attempt.

Conflicts:
	src/knowledge.c
	src/knowledge.h

Regression test suggests that the Hashfunction fix works.
2013-04-26 14:47:27 +02:00
Cas Cremers
4a1898db92 src/regression-tests: Consistent regression testing.
There is now a script

  src/regression-tests/regression-test.py

that should in the future be the default for running regression tests
instead of the ad-hoc approach we are currently using. The goal is to
ultimately have more reliable and consistent regression testing.

The script takes as input "tests.txt" and tries to perform tests from
that. This is effectively a collection of inputs to the scyther-linux
binary. The results are writting to the 'results' directory, as
test-X.out and test-X.err, where those correspond to stdout and stderr,
respectively. Additionally, a measurement of wall-clock time in seconds
is written to test-X.time.

For now, we are using the timer to ensure all tests terminate. It would
be nicer to use a less environment-dependent way of enforcing
termination.
2013-04-26 14:29:22 +02:00
Cas Cremers
b92c097b38 BUGFIX: Windows version had a compilation problem.
The use of 'strndup' in scanner.l caused problems for non-gnu modes of gcc, which
was being invoked for the mingw32 compilation. Replaced now by the more portable
strncpy + malloc version.
2012-12-17 20:51:42 +01:00
Cas Cremers
1df5bf1fc3 Fixing typos. 2012-12-15 00:00:26 +01:00
Cas Cremers
35045adf69 NEW: Scyther input files can now specify any command-line option.
By specifying:

  option "--X=Y";

in the Scyther input file, command-line options can be directly integrated.

For example, one can specify:

  option "--one-role-per-agent";
2012-12-14 23:55:07 +01:00
Cas Cremers
d88402998e NEW: Added '--one-role-per-agent' switch.
This switch disallows agents from performing multiple roles.

Conflicts:
	src/prune_theorems.c
2012-12-14 17:06:55 +01:00
Cas Cremers
8372078d07 Corrected minor comment typos.
Conflicts:
	src/prune_theorems.c
2012-12-14 17:05:20 +01:00
Cas Cremers
fb28a98086 BUGFIX: In case sources are compiled outside of git, ran into error where trying to strip None. 2012-12-14 15:35:01 +01:00
Cas Cremers
6c7493838c Implemented well-formedness check as in the 2012 book.
We check that variables occur first in receive events.
2012-12-06 09:52:13 +01:00
Cas Cremers
ae155f8169 We now also allow macro definitions in roles, and allow for macro overwrite.
In some cases, macro definitions within roles are more readable, for example for
key exchange protocols where the computations are asymmetrical.
2012-11-23 14:34:06 +01:00
Cas Cremers
a71fe51036 BUGFIX: Occurrence of multiple macro symbols in one tuple could lead to infinite loop.
The mechanism with the next pointers for tac's was working fine as long as all
tac's were unique by construction. The macro mechanism made it possible for
the same tac to occur twice in the tree. This could lead to an infinite loop.

Now we make explicit copies of the top-level tac. This should fix the problem
caused by the tuple parsing.

A more fundamental solution is to make a deep copy of the substituted terms.
2012-11-23 14:34:04 +01:00
Cas Cremers
1b4eb7cb54 BUILD: Added flag for Mac builds to enable building on 10.8 but allow also execution on 10.6 and 10.7. 2012-11-23 09:25:27 +01:00
Cas Cremers
1648d14d98 Dropped Mac PPC support for now; only Intel binaries will be available. 2012-11-22 14:35:28 +01:00
Cas Cremers
0fb7e9e24e Added support for macro definitions.
It is now possible to declare syntactic macros at the global level.

  macro ID = TERM;

After this definition, every occurrence of ID will be replaced by TERM.
For example, this can be used to avoid duplicating message definitions
among roles:

  macro M1 = { nI, I}pk(R) ;

  protocol X(I,R) {
    role I {
      send (I,R, M1);
    }
    role R {
      recv (I,R, M1);
    }
  }
2012-11-22 12:30:00 +01:00
Cas Cremers
25da320128 BUGFIX to list-length code: classical case of uninitialized variable. 2012-11-22 12:27:05 +01:00
Cas Cremers
fedd729ab2 Added support for inequality tests.
There is a new event:

  not match(t1,t2)

where t1,t2 are terms.

They are implemented by using a special claim that simply stores the
intended inequality. The pruning theorems (prune_theorems.c) ensure that
these terms never become equal. If there are equal, the constraint is
violated. As long as they are not equal, there exists a solution using
groung terms such that their instantiation is not equal.

Currently not very efficient implemented and the graph out output is
also ugly for now.

Conflicts:
	gui/Scyther/Trace.py
	src/compiler.c
	src/scanner.l
2012-11-21 13:40:15 +01:00
Cas Cremers
d4faeacd1e Implemented equality/pattern matching support.
Introduced a new event:

  match(pattern,groundterm)

This event can only be executed if pattern can be matched to groundterm.
Variable substitutions are persistent with respect to later events in
the same role.

Currently implemented as syntactic sugar, essentially unfolded in role R to:

  fresh x;
  send ( R,R, { groundterm }x );
  recv ( R,R, { pattern }x );

This work is not complete yet in the send that the output still contains
the unfolding. Ideally, the graph rendered detects this syntactic sugar
and renders a simplified event. This should be possible on the basis of
the label name prefix.

Conflicts:
	src/compiler.c
	src/parser.y
	src/scanner.l
	src/tac.h
2012-11-21 13:34:56 +01:00
Cas Cremers
1bbd2f1ab7 Introduced markers in proof output for consistency with book description. 2012-10-02 13:43:30 +02:00
Cas Cremers
fc72b5f6ff Removed remaining 'Const' declarations. 2012-07-12 13:36:40 +02:00
Cas Cremers
bb3cea7548 BUGFIX: Adversary was weakened in a previous commit wrt symmetric-key protocols.
After we merged some concepts from the compromise branch, we forgot to add
for the hardcoded PKI that the adversary also should have access to (some) symmetric
keys.
2012-07-09 11:24:42 +02:00
Cas Cremers
d44e131f63 Improved goal selection heuristic and trivial goal skipping.
After the various changes, we were no longer correctly skipping terms like pk(IV#0),
even though it is a trivial goal. This patch fixes the issue.
2012-06-12 23:12:15 +02:00
Cas Cremers
61c451d7f8 Added public functions list to knowledge structure and added AddFunction for it. 2012-06-12 23:12:15 +02:00
Cas Cremers
214e3ed09f BUGFIX: 'Empty' claims can have any arguments. 2012-06-12 23:12:14 +02:00
Cas Cremers
2ba0de6abc New refactoring of build system for linux, should be clearer.
We also avoid building the w32 binary by default.
2012-06-12 23:12:14 +02:00
Cas Cremers
f408e61b00 Removed obsolete script. 2012-06-12 23:12:14 +02:00
Cas Cremers
b26482feca Started script to describe version. 2012-06-12 23:12:14 +02:00
Cas Cremers
588ae30bef Removing obsolete 'c-minimal' terminology. 2012-05-02 10:15:45 +02:00
Cas Cremers
6fabb3b1b4 Improved checking of required parameters for various claims with informative error reporting. 2012-05-01 16:37:28 +02:00
Cas Cremers
ccae884942 Rephrasing comments. 2012-05-01 15:02:45 +02:00
Cas Cremers
5608b29dc0 Refactored first_origination code. 2012-05-01 14:46:01 +02:00
Cas Cremers
49e34e5167 CLEANUP: Forgotten garbage collection. 2012-05-01 14:27:38 +02:00
Cas Cremers
9b0915441f Synchronising MPA branch with compromise branch where possible. 2012-04-25 17:03:51 +02:00
Cas Cremers
19359f9ba9 Inherited tempfile setup from compromise branch. 2012-04-25 16:19:21 +02:00
Cas Cremers
ab324fcea8 Added syntax check for usage of agreement. 2012-04-25 15:30:15 +02:00
Cas Cremers
2242a5fcbd Fixing read->recv conventions. 2012-04-25 09:53:07 +02:00
Cas Cremers
1cbe9826ac Updated dates. 2012-04-24 13:56:51 +02:00
Cas Cremers
d9eab0bc02 CLEANUP: Remove duplicate check in pruning code. 2012-03-22 10:53:36 +01:00
Cas Cremers
aeafad484f BUGFIX: default PKI setup should have SK(E) in initial knowledge. 2011-09-08 14:49:48 +02:00
Cas Cremers
828058c3b2 BUGFIX: Weak agreement was not implemented according to Lowe's defintion. Now it is. 2011-04-26 11:50:00 +02:00
Cas Cremers
9f60184ba7 Add isTermlistSetEqual code to compare sets that are encoded as lists. 2011-04-26 11:49:40 +02:00
Cas Cremers
8ec1908306 Added cost code to match compromise branch.
Includes some refactoring in cost.c.
2011-04-26 11:49:05 +02:00
Cas Cremers
e23c79f59d CLEANUP: Refactored code. 2011-04-06 10:50:54 +02:00
Cas Cremers
61c905e922 For consistency added termlist prepend macro. 2011-04-01 15:24:55 +02:00
Cas Cremers
93cbb3e0f8 NEW: Added --role-unique switch to enforce that an agent can perform only one role. 2011-04-01 15:24:14 +02:00
Cas Cremers
4ec5ea4232 Added helper protocol support.
This is not a full copy from the compromise branch. In particular,
some counts (in arachne.c) are missing, as well as the modified dot output (dotout.c).
2011-04-01 15:23:20 +02:00
Cas Cremers
a03f06ea41 BUGFIX: Auto-claim naming scheme was context dependent.
The automatic mechanism to assign labels to claims was dependent on the
context. In practice, a claim could get a different label when analyzed in
isolation compared to when analyzed in parallel with some other protocols. This
caused problems for the multi-protocol analysis.
2011-01-27 14:12:51 +01:00
Cas Cremers
fea2bcf477 Reindenting code. 2011-01-25 17:33:12 +01:00
Cas Cremers
1814a2d7b3 BUGFIX: Removed obsolete code that was destroying commit/agreement functionality when filtering.
This is now (and has been for a while) handled by other code.
2011-01-25 17:30:59 +01:00
Cas Cremers
f883499d07 CHANGE: Changed setup of running & commit.
Now:

claim(A,Commit,B,data) => claim(B,Running,A,data) and also B is running the right protocol and role.
2011-01-24 17:32:24 +01:00
Cas Cremers
fda39f7eab BUGFIX: Skipping running/commit signals caused bugs in graphviz output. 2011-01-21 17:40:10 +01:00
Cas Cremers
5f7138c300 BUGFIX: Partial implementation of chosen name attacks could yield false type flaw attacks.
For the typed model, this was not an issue.
2011-01-18 17:03:20 +01:00
Cas Cremers
b7ab9aefeb NEW: Added default SessionKey type. 2011-01-04 15:50:47 +01:00
Cas Cremers
66e18deb3f NEW: Added claims: Commit and Running.
There are two new claims:

  claim(X,Commit,t)  : check for agreement on data
  claim(X,Running,t) : signaling claim

The property checked is that each claim Commit needs to be preceded by a Running
with an identical term t.

Cherry-picked from commit 99a6be00e9d3d219ec73665607e8a3a7d65d04d1
2011-01-04 15:50:25 +01:00
Cas Cremers
2fb0ecde97 NEW: Added Aliveness and Weak Agreement claims. 2011-01-04 15:50:25 +01:00
Cas Cremers
6afcfe1d10 NEW: Added SID & SKR dummy claims.
This allows for input file reuse among branches (i.e. compromise).
2011-01-04 15:50:25 +01:00
Cas Cremers
9624c49885 Disable some aggressive error reporting: unclear why this is actually invalid per se
in the presence of agent name variables (role names) with non-basic typing.
2010-12-31 15:43:00 +01:00
Cas Cremers
266e5fb26b BRUTUS: Added special build script.
Originates in newCompromise branch.
2010-11-11 12:14:49 +01:00
Cas Cremers
01eb5854cf EFFICIENCY: If a new dependency overlaps with an old one, we don't have to recompute the closure. 2010-11-11 10:37:18 +01:00
Cas Cremers
6cd8007ab0 EFFICIENCY: New (default) heuristic.
Given that sk/pk/k are now hardcoded, we can exploit their occurrences with this
new heuristic.

The heuristic can now scan for the lowest term depth at which either sk or k occur.
This will cause the heuristic to favor looking for sk, then sk(x), and only later
other terms. In a small test this was twice as fast. For protocols based on pk only
the performance loss should be negligible.

The old heuristic was 162, now it is 162+512 = 674.
2010-11-11 10:37:18 +01:00
Cas Cremers
fcf694dbd9 CLEANUP: Reindenting code. 2010-11-11 00:09:16 +01:00
Cas Cremers
619ecf7673 Added commented-out code to use llvm as a compiler instead of gcc when needed. 2010-11-11 00:02:36 +01:00
Cas Cremers
c25f6efd6a SPDL: Introduced 'hashfunction f;' construct to input language. 2010-11-11 00:01:31 +01:00
Cas Cremers
4ac74f321f SPDL: Introduced preconstructed PKI with pk/sk/k.
Introduced K(A1...AN) constant function for symmetric pre-shared keys.
Added inverses (pk,sk) as default constructs.
2010-11-11 00:01:31 +01:00
Cas Cremers
03a8a1b6e7 BUGFIX: Redundant parameter to eprint. 2010-11-11 00:01:17 +01:00
Cas Cremers
2557d308bb CLEANUP: Add timing output to proof output. 2010-11-11 00:01:12 +01:00
Cas Cremers
6b3d572e3b BUGFIX: Fixed long-standing bug with timer values, wrongly using CLOCKS_PER_SEC. 2010-11-10 23:55:57 +01:00
Cas Cremers
5c53d4bb9e Better reindent script (from newCompromise branch) 2010-11-10 23:55:21 +01:00
Cas Cremers
6d9d89eca2 Introduced 'fresh' for fresh value generation and added deprecation warning for 'const' usage. 2010-11-10 10:37:57 +01:00
Cas Cremers
519a9d0a81 Added factored-out 'warning_pre' function. 2010-11-10 10:37:57 +01:00
Cas Cremers
d633a62f0d BUGFIX: C-minimality was tripping over claims. 2009-01-28 20:45:58 +01:00