75 lines
1.4 KiB
Plaintext
75 lines
1.4 KiB
Plaintext
usertype Sessionkey;
|
|
usertype Keypart;
|
|
hashfunction f;
|
|
|
|
/*
|
|
* Gong nonce based alternative
|
|
*
|
|
* Boyd & Mathuria: Protocols for authentication and key establishment
|
|
* (2003) p. 101
|
|
*/
|
|
|
|
protocol gongnonceb(I,R,S)
|
|
{
|
|
role I
|
|
{
|
|
fresh ni: Nonce;
|
|
var nr: Nonce;
|
|
fresh ki: Keypart;
|
|
var kr: Keypart;
|
|
|
|
send_1 (I,S, I,R, { I,S,I, ki, R }k(I,S), ni );
|
|
read_4 (S,I, { S,I,R,kr,I }k(I,S), { R,I,ni }f(ki,kr), nr );
|
|
send_5 (I,R, { I,R,nr }f(ki,kr) );
|
|
|
|
claim_6 (I, Secret, ki);
|
|
claim_7 (I, Secret, kr);
|
|
claim_8 (I, Nisynch);
|
|
claim_9 (I, Niagree);
|
|
}
|
|
|
|
role R
|
|
{
|
|
var ni: Nonce;
|
|
fresh nr: Nonce;
|
|
fresh kr: Keypart;
|
|
var ki: Keypart;
|
|
|
|
read_2 (S,R, I,R, { S,R,I, ki, R }k(R,S), ni );
|
|
send_3 (R,S, { R,S,R,kr,I }k(R,S), { R,I, ni }f(ki,kr), nr );
|
|
read_5 (I,R, { I,R,nr }f(ki,kr) );
|
|
|
|
claim_10 (R, Secret, ki);
|
|
claim_11 (R, Secret, kr);
|
|
claim_12 (R, Nisynch);
|
|
claim_13 (R, Niagree);
|
|
}
|
|
|
|
role S
|
|
{
|
|
var ni,nr: Nonce;
|
|
var ki,kr: Keypart;
|
|
var T;
|
|
|
|
read_1 (I,S, I,R, { I,S,I, ki, R }k(I,S), ni );
|
|
send_2 (S,R, I,R, { S,R,I, ki, R }k(R,S), ni );
|
|
read_3 (R,S, { R,S,R,kr,I }k(R,S), T, nr );
|
|
send_4 (S,I, { S,I,R,kr,I }k(I,S), T, nr );
|
|
}
|
|
}
|
|
|
|
const Alice,Bob,Simon,Eve: Agent;
|
|
|
|
untrusted Eve;
|
|
const ne: Nonce;
|
|
const kpe: Keypart;
|
|
const ke: Sessionkey;
|
|
compromised k(Eve,Eve);
|
|
compromised k(Eve,Alice);
|
|
compromised k(Eve,Bob);
|
|
compromised k(Eve,Simon);
|
|
compromised k(Alice,Eve);
|
|
compromised k(Bob,Eve);
|
|
compromised k(Simon,Eve);
|
|
|