- SPORE moved into gui directory by default.

2007-05-19 17:10:46 +02:00
parent 0ba35eb983
commit 9aa39bfbe2
44 changed files with 0 additions and 88 deletions
--- a/gui/Protocols/denning-sacco-lowe.spdl
+++ b/gui/Protocols/denning-sacco-lowe.spdl
@@ -0,0 +1,96 @@
+# Lowe modified Denning-Sacco shared key
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/denningSaccoLowe.html
+#
+# Note:
+# According to SPORE there are no attacks on this protocol, scyther
+# finds one however. This has to be investigated further.
+
+usertype Key;
+usertype SessionKey;
+usertype TimeStamp;
+usertype ExpiredTimeStamp;
+secret k: Function;
+usertype PseudoFunction;
+const dec: PseudoFunction;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol denningSacco-Lowe^KeyCompromise(C)
+{
+    // Read the names of 3 agents and disclose a session between them including
+    // corresponding session key to simulate key compromise
+    role C {
+        const Ni,Nr: Nonce;
+        const Kir: SessionKey;
+        const T: ExpiredTimeStamp;
+        var I,R,S: Agent;
+
+        read_!C1(C,C,    I,R,S);
+        send_!C2(C,C,    (I,R),
+                        {R,Kir,T,{Kir,I,T}k(R,S)}k(I,S),
+                        {Kir,I,T}k(R,S),
+                        {Nr}Kir,
+                        {{Nr}dec}Kir,
+                        Kir
+               );
+        claim_C3(C,Empty, (Compromised,Kir));
+    }
+}
+
+protocol denningSacco-Lowe(I,R,S)
+{
+    role I
+    {
+        var W: Ticket;
+        var Kir: SessionKey;
+        var T: TimeStamp;
+        var Nr: Nonce;
+
+        send_1(I,S, I,R );
+        read_2(S,I, {R, Kir, T, W}k(I,S) );
+        send_3(I,R, W);
+        read_4(R,I, {Nr}Kir);
+        send_5(I,R, {{Nr}dec}Kir);
+        claim_I1(I,Niagree);
+        claim_I2(I,Nisynch);
+        claim_I3(I,Secret,Kir);
+        claim_I4(I,Empty,(Fresh,Kir));
+    }    
+    
+    role R
+    {
+        var Kir: SessionKey;
+        var T: TimeStamp;
+        const Nr: Nonce;
+
+        read_3(I,R, {Kir,I,T}k(R,S));
+        send_4(R,I, {Nr}Kir);
+        read_5(I,R, {{Nr}dec}Kir);
+        claim_R1(R,Niagree);
+        claim_R2(R,Nisynch);
+        claim_R3(R,Secret,Kir);
+        claim_R4(R,Empty,(Fresh,Kir));
+    }
+    
+    role S
+    {
+        var W: Ticket;
+        const Kir: SessionKey;
+        const T: TimeStamp;
+
+        read_1(I,S, I,R );
+        send_2(S,I, {R, Kir, T, {Kir, I,T}k(R,S)}k(I,S));
+    }    
+}
+
+const Alice,Bob,Simon,Eve: Agent;
+
+untrusted Eve;
+const kee: SessionKey;
+const tee: TimeStamp;
+compromised k(Eve,Simon);
+
+
+