56c032f4a5
- Use builtin Ticket type instead of user type - Remove remark that -m2 matching is required as it no longer is
65 lines
1.4 KiB
Plaintext
65 lines
1.4 KiB
Plaintext
# SmartRight view-only
|
|
#
|
|
# Modelled after the description in the SPORE library
|
|
# http://www.lsv.ens-cachan.fr/spore/smartright_viewonly.html
|
|
#
|
|
# Note:
|
|
# According to SPORE there are no known attacks on this protocol
|
|
#
|
|
# Note:
|
|
# This protocol uses a ticket so scyther will only be able to verify
|
|
# the protocol using the ARACHNE engine (-a)
|
|
#
|
|
# Note:
|
|
# Scyther finds an attack because the value of VoR in te last message can
|
|
# be replaced with an arbitrary value
|
|
|
|
const hash: Function;
|
|
secret unhash: Function;
|
|
secret k: Function;
|
|
inversekeys (hash,unhash);
|
|
usertype SessionKey;
|
|
usertype XorKey;
|
|
const Vor: XorKey;
|
|
|
|
protocol smartright(I,R)
|
|
{
|
|
role I
|
|
{
|
|
const VoKey: SessionKey;
|
|
const VoR: XorKey;
|
|
const CW;
|
|
var VoRi: Nonce;
|
|
|
|
send_1(I,R, {VoKey,{CW}VoR}k(I,R));
|
|
read_2(R,I, VoRi);
|
|
send_3(I,R, VoR, {{VoRi}hash}VoKey);
|
|
}
|
|
|
|
role R
|
|
{
|
|
var T: Ticket;
|
|
var VoR: XorKey;
|
|
var VoKey: SessionKey;
|
|
const VoRi: Nonce;
|
|
|
|
read_1(I,R, {VoKey,T}k(I,R));
|
|
send_2(R,I, VoRi);
|
|
read_3(I,R, VoR,{{VoRi}hash}VoKey);
|
|
|
|
claim_R1(R,Nisynch);
|
|
}
|
|
}
|
|
|
|
const Alice,Bob,Eve: Agent;
|
|
|
|
untrusted Eve;
|
|
const ne: Nonce;
|
|
|
|
# General scenario, 2 parallel runs of the protocol
|
|
|
|
run smartright.I(Agent,Agent);
|
|
run smartright.R(Agent,Agent);
|
|
run smartright.I(Agent,Agent);
|
|
run smartright.R(Agent,Agent);
|