# CCITT X.509 (1)
#
# Modelled after the description in the SPORE library
# http://www.lsv.ens-cachan.fr/spore/ccittx509_1.html
#
# Note:
# The attack in SPORE is not found as this is not an attack against
# synchronisation, but an attack against the freshness of Xa and Ya
# which can currently not be modelled in scyther
#

usertype Timestamp;

protocol ccitt509-1(I,R)
{
    role I
    {
        fresh Ta: Timestamp;
        fresh Na,Xa,Ya: Nonce;
        send_1(I,R, I,{Ta, Na, R, Xa,{Ya}pk(R)}sk(I));
        # claim_2(I,Nisynch);
        # This claim is useless as there are no preceding recv events
    }    
    
    role R
    {
        var Ta: Timestamp;
        var Na,Xa,Ya: Nonce;

        recv_1(I,R, I,{Ta, Na, R, Xa,{Ya}pk(R)}sk(I));
        claim_3(R,Nisynch);
        # There should also be Fresh Xa and Fresh Ya claims here
    }
}