scyther/testing/protocols/misc/woolam-cmv.spdl

70 lines
1.2 KiB
Plaintext

/*
* Woo-lam version from Spore, as it is in Sjouke's list
*/
usertype Server, SessionKey, Token, Ticket;
secret k: Function;
const Simon: Server;
/* give the intruder something to work with */
// Scyther finds an attack using basic type flaws
const ke: SessionKey;
const authToken: Token;
protocol woolamcmv(A,B,S)
{
role A
{
fresh Na: Nonce;
var Nb: Nonce;
var Kab: SessionKey;
var t1,t2;
send_1(A,B, A,Na);
recv_2(B,A, B,Nb);
send_3(A,B, { A,B, Na,Nb }k(A,S) );
recv_6(B,A, { B,Na,Nb,Kab }k(A,S), { Na,Nb }Kab );
send_7(A,B, { Nb }Kab );
claim_8(A,Secret, Kab);
claim_9(A,Niagree);
claim_10(A,Nisynch);
}
role B
{
var Na: Nonce;
fresh Nb: Nonce;
var Kab: SessionKey;
var t1,t2;
recv_1(A,B, A,Na);
send_2(B,A, B,Nb);
recv_3(A,B, t1 );
send_4(B,S, t1, { A,B,Na,Nb }k(B,S) );
recv_5(S,B, t2, { A,Na,Nb,Kab }k(B,S) );
send_6(B,A, t2, { Na,Nb }Kab );
recv_7(A,B, { Nb }Kab );
claim_11(B,Secret, Kab);
claim_12(B,Niagree);
claim_13(B,Nisynch);
}
role S
{
var Na, Nb: Nonce;
fresh Kab: SessionKey;
recv_4(B,S, { A,B, Na,Nb }k(A,S), { A,B,Na,Nb }k(B,S) );
send_5(S,B, { B,Na,Nb,Kab }k(A,S), { A,Na,Nb,Kab }k(B,S) );
claim_14(S,Secret, Kab);
}
}