59 lines
929 B
Plaintext
59 lines
929 B
Plaintext
/*
|
|
Bilateral Key Exchange with Public Key protocol (bkeONE)
|
|
*/
|
|
|
|
usertype Key;
|
|
|
|
const pk,hash: Function;
|
|
secret sk,unhash: Function;
|
|
|
|
inversekeys (pk,sk);
|
|
inversekeys (hash,unhash);
|
|
|
|
protocol bkeONE(I,R)
|
|
{
|
|
role I
|
|
{
|
|
const ni: Nonce;
|
|
var nr: Nonce;
|
|
var kir: Key;
|
|
|
|
send_1 (I,R, { ni,I }pk(R) );
|
|
read_2 (R,I, { hash(ni),nr,R,kir }pk(I) );
|
|
send_3 (I,R, { hash(nr) }kir );
|
|
claim_4 (I, Secret, kir );
|
|
}
|
|
|
|
role R
|
|
{
|
|
var ni: Nonce;
|
|
const nr: Nonce;
|
|
const kir: Key;
|
|
|
|
read_1 (I,R, { ni,I }pk(R) );
|
|
send_2 (R,I, { hash(ni),nr,R,kir }pk(I) );
|
|
read_3 (I,R, { hash(nr) }kir );
|
|
claim_5 (R, Secret, kir );
|
|
}
|
|
}
|
|
|
|
const a,e: Agent;
|
|
|
|
untrusted e;
|
|
compromised sk(e);
|
|
const ne: Nonce;
|
|
|
|
run bkeONE.I(a,Agent);
|
|
run bkeONE.R(Agent,a);
|
|
run bkeONE.I(a,Agent);
|
|
run bkeONE.R(Agent,a);
|
|
|
|
run bkeONE.I(a,Agent);
|
|
run bkeONE.R(Agent,a);
|
|
run bkeONE.I(a,Agent);
|
|
run bkeONE.R(Agent,a);
|
|
|
|
run bkeONE.I(a,Agent);
|
|
run bkeONE.R(Agent,a);
|
|
|