Changes:
1. Reverted restricted use of 'hashfunction': 'function' can now be used as an alternative (but they are identical).
2. Functions can be specified to be secret, as we had before.
Together with the newer 'inversekeyfunctions' declaration, this allows for the clean definition of alternative key infrastructures.
Example usage:
secret function sk2;
function pk2;
inversekeyfunctions (sk2,pk2);
Conflicts:
src/compiler.c
Previously, weak agreement and aliveness claims would enforce a requirement for all agents in the range
of the rho of the claim run.
For some three-party protocols this was stronger than needed. We now allow an
optional role name parameter for these claims; if such a parameter is used, the claim
is only evaluated for the agents performing that role.
En passant fixed a potential bug: aliveness and weak agreement require a run for each
agent, but previously we didn't check if these were helper protocols. Clearly they
should not be.
The fix requires a significant reworking of the function handling. This
is a first attempt.
Conflicts:
src/knowledge.c
src/knowledge.h
Regression test suggests that the Hashfunction fix works.
There is a new event:
not match(t1,t2)
where t1,t2 are terms.
They are implemented by using a special claim that simply stores the
intended inequality. The pruning theorems (prune_theorems.c) ensure that
these terms never become equal. If there are equal, the constraint is
violated. As long as they are not equal, there exists a solution using
groung terms such that their instantiation is not equal.
Currently not very efficient implemented and the graph out output is
also ugly for now.
Conflicts:
gui/Scyther/Trace.py
src/compiler.c
src/scanner.l
Introduced a new event:
match(pattern,groundterm)
This event can only be executed if pattern can be matched to groundterm.
Variable substitutions are persistent with respect to later events in
the same role.
Currently implemented as syntactic sugar, essentially unfolded in role R to:
fresh x;
send ( R,R, { groundterm }x );
recv ( R,R, { pattern }x );
This work is not complete yet in the send that the output still contains
the unfolding. Ideally, the graph rendered detects this syntactic sugar
and renders a simplified event. This should be possible on the basis of
the label name prefix.
Conflicts:
src/compiler.c
src/parser.y
src/scanner.l
src/tac.h
This is not a full copy from the compromise branch. In particular,
some counts (in arachne.c) are missing, as well as the modified dot output (dotout.c).
The automatic mechanism to assign labels to claims was dependent on the
context. In practice, a claim could get a different label when analyzed in
isolation compared to when analyzed in parallel with some other protocols. This
caused problems for the multi-protocol analysis.
When untyped variables occur, the encryption level depth pruning is for
now unjustified. Maybe we can get a proof later. Previously this was
hidden, which was a bad design decision. Now the output is much
clearer.
