From 0407d94abdef0075cdb7f96d7e37bc9d59226f63 Mon Sep 17 00:00:00 2001 From: "Achim D. Brucker" Date: Mon, 2 Nov 2009 14:14:13 +0000 Subject: [PATCH] Import of originally published version of isabelle-ofmc. --- AUTHORS | 1 + COPYING | 35 + ChangeLog | 3 + README | 12 + bin/.empty | 0 examples/AnB/Bilateral-Key_Exchange.AnB | 19 + examples/AnB/Bilateral-Key_Exchange.fp | 284 +++ examples/AnB/Denning-Sacco.AnB | 24 + examples/AnB/Denning-Sacco.fp | 213 ++ .../ISOpubKeyOnePassUnilateralAuthProt.AnB | 18 + .../AnB/ISOpubKeyOnePassUnilateralAuthProt.fp | 222 ++ .../ISOsymKeyTwoPassUnilateralAuthProt.AnB | 15 + .../AnB/ISOsymKeyTwoPassUnilateralAuthProt.fp | 154 ++ examples/AnB/WideMouthFrog.AnB | 19 + examples/AnB/WideMouthFrog.fp | 209 ++ examples/AnB/nsl-ks.AnB | 26 + examples/AnB/nsl-ks.fp | 401 +++ examples/AnB/nsl.AnB | 18 + examples/AnB/nsl.fp | 275 ++ examples/Bilateral-Key_Exchange.thy | 608 +++++ examples/Denning-Sacco.thy | 488 ++++ .../ISOpubKeyOnePassUnilateralAuthProt.thy | 484 ++++ .../ISOsymKeyTwoPassUnilateralAuthProt.thy | 376 +++ examples/IsaMakefile | 83 + examples/ROOT.ML | 76 + examples/WideMouthFrog.thy | 466 ++++ examples/document/root.tex | 38 + examples/nsl-ks.thy | 814 ++++++ examples/nsl.thy | 592 +++++ src/IsaMakefile | 95 + src/ROOT.ML | 75 + src/config.sml | 82 + src/config.sml.in | 82 + src/encoder/anb2thy.cm | 68 + src/encoder/ml-yacc-lib/base.sig | 323 +++ src/encoder/ml-yacc-lib/join.sml | 118 + src/encoder/ml-yacc-lib/lrtable.sml | 83 + src/encoder/ml-yacc-lib/parser2.sml | 566 +++++ src/encoder/ml-yacc-lib/root.sml | 29 + src/encoder/ml-yacc-lib/stream.sml | 43 + src/encoder/ofmc-fp.grm | 208 ++ src/encoder/ofmc-fp.grm.sig | 54 + src/encoder/ofmc-fp.grm.sml | 1434 +++++++++++ src/encoder/ofmc-fp.lex | 131 + src/encoder/ofmc-fp.lex.sml | 2223 +++++++++++++++++ src/encoder/ofmc_abstraction.sml | 137 + src/encoder/ofmc_connector.sml | 138 + src/encoder/ofmc_encoder.sml | 70 + src/encoder/ofmc_thygen.sml | 489 ++++ src/encoder/ofmcfp.sml | 117 + src/encoder/root.sml | 57 + src/ofmc.thy | 148 ++ 52 files changed, 12743 insertions(+) create mode 100644 AUTHORS create mode 100644 COPYING create mode 100644 ChangeLog create mode 100644 README create mode 100644 bin/.empty create mode 100644 examples/AnB/Bilateral-Key_Exchange.AnB create mode 100644 examples/AnB/Bilateral-Key_Exchange.fp create mode 100644 examples/AnB/Denning-Sacco.AnB create mode 100644 examples/AnB/Denning-Sacco.fp create mode 100644 examples/AnB/ISOpubKeyOnePassUnilateralAuthProt.AnB create mode 100644 examples/AnB/ISOpubKeyOnePassUnilateralAuthProt.fp create mode 100644 examples/AnB/ISOsymKeyTwoPassUnilateralAuthProt.AnB create mode 100644 examples/AnB/ISOsymKeyTwoPassUnilateralAuthProt.fp create mode 100644 examples/AnB/WideMouthFrog.AnB create mode 100644 examples/AnB/WideMouthFrog.fp create mode 100644 examples/AnB/nsl-ks.AnB create mode 100644 examples/AnB/nsl-ks.fp create mode 100644 examples/AnB/nsl.AnB create mode 100644 examples/AnB/nsl.fp create mode 100644 examples/Bilateral-Key_Exchange.thy create mode 100644 examples/Denning-Sacco.thy create mode 100644 examples/ISOpubKeyOnePassUnilateralAuthProt.thy create mode 100644 examples/ISOsymKeyTwoPassUnilateralAuthProt.thy create mode 100644 examples/IsaMakefile create mode 100644 examples/ROOT.ML create mode 100644 examples/WideMouthFrog.thy create mode 100644 examples/document/root.tex create mode 100644 examples/nsl-ks.thy create mode 100644 examples/nsl.thy create mode 100644 src/IsaMakefile create mode 100644 src/ROOT.ML create mode 100644 src/config.sml create mode 100644 src/config.sml.in create mode 100644 src/encoder/anb2thy.cm create mode 100644 src/encoder/ml-yacc-lib/base.sig create mode 100644 src/encoder/ml-yacc-lib/join.sml create mode 100644 src/encoder/ml-yacc-lib/lrtable.sml create mode 100644 src/encoder/ml-yacc-lib/parser2.sml create mode 100644 src/encoder/ml-yacc-lib/root.sml create mode 100644 src/encoder/ml-yacc-lib/stream.sml create mode 100644 src/encoder/ofmc-fp.grm create mode 100644 src/encoder/ofmc-fp.grm.sig create mode 100644 src/encoder/ofmc-fp.grm.sml create mode 100644 src/encoder/ofmc-fp.lex create mode 100644 src/encoder/ofmc-fp.lex.sml create mode 100644 src/encoder/ofmc_abstraction.sml create mode 100644 src/encoder/ofmc_connector.sml create mode 100644 src/encoder/ofmc_encoder.sml create mode 100644 src/encoder/ofmc_thygen.sml create mode 100644 src/encoder/ofmcfp.sml create mode 100644 src/encoder/root.sml create mode 100644 src/ofmc.thy diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..2623e15 --- /dev/null +++ b/AUTHORS @@ -0,0 +1 @@ +Achim D. Brucker diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..50d3be5 --- /dev/null +++ b/COPYING @@ -0,0 +1,35 @@ +Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL +================================================== + +Copyright (c) 2009 Achim D. Brucker, Germany + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + + * Neither the name of the copyright holders nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..e97a7da --- /dev/null +++ b/ChangeLog @@ -0,0 +1,3 @@ + +2009-11-02 Achim D. Brucker + * Isabelle/OFMC: first public release (development version) diff --git a/README b/README new file mode 100644 index 0000000..21d321e --- /dev/null +++ b/README @@ -0,0 +1,12 @@ + + Isabelle/OFMC - Linking OFMC and Isabelle/HOL + ============================================= + +This is a developer release for Isabelle/OFMC, i.e., while it may be +of interested to experts, it is not yet useable by the general +public. This development version comprises a small set of Isabelle +theories and a prototypical tool, called anb2thy. Using OFMC's +fixed-point module, anb2thy generates Isabelle theory files for +protocols that haven been successfully validated by OFMC. + + diff --git a/bin/.empty b/bin/.empty new file mode 100644 index 0000000..e69de29 diff --git a/examples/AnB/Bilateral-Key_Exchange.AnB b/examples/AnB/Bilateral-Key_Exchange.AnB new file mode 100644 index 0000000..6e2b022 --- /dev/null +++ b/examples/AnB/Bilateral-Key_Exchange.AnB @@ -0,0 +1,19 @@ +Protocol: BilateralKeyExchange + +Types: Agent A,B; + Number NA,NB; + Symmetric_key K; + Function pk,f + +Knowledge: A: A,B,pk(A),pk(B),inv(pk(A)),f; + B: A,B,pk(A),pk(B),inv(pk(B)),pk,f + + + +Actions: +B->A: B,{NB,B}pk(A) +A->B: {f(NB),NA,A,K}pk(B) +B->A: {|f(NA)|}K + +Goals: +A *->* B: K \ No newline at end of file diff --git a/examples/AnB/Bilateral-Key_Exchange.fp b/examples/AnB/Bilateral-Key_Exchange.fp new file mode 100644 index 0000000..42b7501 --- /dev/null +++ b/examples/AnB/Bilateral-Key_Exchange.fp @@ -0,0 +1,284 @@ +Backend: Open-Source Fixedpoint Model-Checker version 2009c +Protocol: BilateralKeyExchange +Types: +[(Purpose,["purposeK"]),(Agent False False,["A","B"]),(Number,["NA","NB"]),(SymmetricKey,["K"]),(Function,["pk","f"])] +section rules: +step rule_0: +iknows(crypt(K,M)); +iknows(inv(K)) + +=> +iknows(M) + +step rule_1: +iknows(crypt(inv(K),M)); +iknows(K) + +=> +iknows(M) + +step rule_2: +iknows(scrypt(K,M)); +iknows(K) + +=> +iknows(M) + +step rule_3: +iknows(pair(M1,M2)) + +=> +iknows(M1); +iknows(M2) + +step rule_4: +secret(M,Agent (honest a)); +iknows(M) + +=> +attack(pair(secrecy,M)) + +step rule_5: +request(A,B,Purpose (purposeNB),M,(SID sid)) + | B/=Agent (dishonest i); +M/=Nonce (absNB(pair(B,A))) +=> +attack(pair(authentication,pair(A,pair(B,M)))) + +step rule_6: +request(A,B,Purpose (purposeNA),M,(SID sid)) + | B/=Agent (dishonest i); +M/=Nonce (absNA(pair(B,A))) +=> +attack(pair(authentication,pair(A,pair(B,M)))) + +step rule_7: +request(A,B,Purpose (purposeK),M,(SID sid)) + | B/=Agent (dishonest i); +M/=SymKey (absK(pair(B,A))) +=> +attack(pair(authentication,pair(A,pair(B,M)))) + +step rule_8: +State (rB,[Agent (B),Step 0,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),(SID sid)]) + +=> +State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (absNB(pair(Agent (B),Agent (A)))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (absNB(pair(Agent (B),Agent (A)))),Agent (B)))),(SID sid)]); +iknows(pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (absNB(pair(Agent (B),Agent (A)))),Agent (B))))) + +step rule_9: +State (rA,[Agent (A),Step 0,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),(SID sid)]); +iknows(Agent (B)); +iknows(crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))) + +=> +secret(SymKey (absK(pair(Agent (A),Agent (B)))),Agent (B)); +witness(Agent (A),Agent (B),Purpose (purposeK),SymKey (absK(pair(Agent (A),Agent (B))))); +State (rA,[Agent (A),Step 1,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),Nonce (absNA(pair(Agent (A),Agent (B)))),SymKey (absK(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Agent (A),SymKey (absK(pair(Agent (A),Agent (B)))))))),(SID sid)]); +iknows(crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Agent (A),SymKey (absK(pair(Agent (A),Agent (B))))))))) + +step rule_10: +State (rA,[Agent (A),Step 0,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),(SID sid)]); +iknows(Agent (B)); +iknows(pk(Agent (A))); +iknows(Nonce (NB)) + +=> +secret(SymKey (absK(pair(Agent (A),Agent (B)))),Agent (B)); +witness(Agent (A),Agent (B),Purpose (purposeK),SymKey (absK(pair(Agent (A),Agent (B))))); +State (rA,[Agent (A),Step 1,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),Nonce (absNA(pair(Agent (A),Agent (B)))),SymKey (absK(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Agent (A),SymKey (absK(pair(Agent (A),Agent (B)))))))),(SID sid)]); +iknows(crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Agent (A),SymKey (absK(pair(Agent (A),Agent (B))))))))) + +step rule_11: +State (rA,[Agent (A),Step 0,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),(SID sid)]); +iknows(Agent (B)); +iknows(Agent (A)); +iknows(Nonce (NB)) + +=> +secret(SymKey (absK(pair(Agent (A),Agent (B)))),Agent (B)); +witness(Agent (A),Agent (B),Purpose (purposeK),SymKey (absK(pair(Agent (A),Agent (B))))); +State (rA,[Agent (A),Step 1,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),Nonce (absNA(pair(Agent (A),Agent (B)))),SymKey (absK(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Agent (A),SymKey (absK(pair(Agent (A),Agent (B)))))))),(SID sid)]); +iknows(crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Agent (A),SymKey (absK(pair(Agent (A),Agent (B))))))))) + +step rule_12: +State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),(SID sid)]); +iknows(crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K)))))) + +=> +request(Agent (B),Agent (A),Purpose (purposeK),SymKey (K),(SID sid)); +State (rB,[Agent (B),Step 2,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),SymKey (K),Nonce (NA),f(Nonce (NB)),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),scrypt(SymKey (K),f(Nonce (NA))),(SID sid)]); +iknows(scrypt(SymKey (K),f(Nonce (NA)))) + +step rule_13: +State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),(SID sid)]); +iknows(pk(Agent (B))); +iknows(f(Nonce (NB))); +iknows(Nonce (NA)); +iknows(Agent (A)); +iknows(SymKey (K)) + +=> +request(Agent (B),Agent (A),Purpose (purposeK),SymKey (K),(SID sid)); +State (rB,[Agent (B),Step 2,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),SymKey (K),Nonce (NA),f(Nonce (NB)),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),scrypt(SymKey (K),f(Nonce (NA))),(SID sid)]); +iknows(scrypt(SymKey (K),f(Nonce (NA)))) + +step rule_14: +State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),(SID sid)]); +iknows(pk(Agent (B))); +iknows(Nonce (NB)); +iknows(Nonce (NA)); +iknows(Agent (A)); +iknows(SymKey (K)) + +=> +request(Agent (B),Agent (A),Purpose (purposeK),SymKey (K),(SID sid)); +State (rB,[Agent (B),Step 2,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),SymKey (K),Nonce (NA),f(Nonce (NB)),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),scrypt(SymKey (K),f(Nonce (NA))),(SID sid)]); +iknows(scrypt(SymKey (K),f(Nonce (NA)))) + +step rule_15: +State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),(SID sid)]); +iknows(Agent (B)); +iknows(f(Nonce (NB))); +iknows(Nonce (NA)); +iknows(Agent (A)); +iknows(SymKey (K)) + +=> +request(Agent (B),Agent (A),Purpose (purposeK),SymKey (K),(SID sid)); +State (rB,[Agent (B),Step 2,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),SymKey (K),Nonce (NA),f(Nonce (NB)),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),scrypt(SymKey (K),f(Nonce (NA))),(SID sid)]); +iknows(scrypt(SymKey (K),f(Nonce (NA)))) + +step rule_16: +State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),(SID sid)]); +iknows(Agent (B)); +iknows(Nonce (NB)); +iknows(Nonce (NA)); +iknows(Agent (A)); +iknows(SymKey (K)) + +=> +request(Agent (B),Agent (A),Purpose (purposeK),SymKey (K),(SID sid)); +State (rB,[Agent (B),Step 2,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),SymKey (K),Nonce (NA),f(Nonce (NB)),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),scrypt(SymKey (K),f(Nonce (NA))),(SID sid)]); +iknows(scrypt(SymKey (K),f(Nonce (NA)))) + +step rule_17: +State (rA,[Agent (A),Step 1,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),Nonce (NA),SymKey (K),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),(SID sid)]); +iknows(scrypt(SymKey (K),f(Nonce (NA)))) + +=> +State (rA,[Agent (A),Step 2,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),Nonce (NA),SymKey (K),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),scrypt(SymKey (K),f(Nonce (NA))),(SID sid)]) + +step rule_18: +State (rA,[Agent (A),Step 1,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),Nonce (NA),SymKey (K),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),(SID sid)]); +iknows(SymKey (K)); +iknows(f(Nonce (NA))) + +=> +State (rA,[Agent (A),Step 2,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),Nonce (NA),SymKey (K),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),scrypt(SymKey (K),f(Nonce (NA))),(SID sid)]) + +step rule_19: +State (rA,[Agent (A),Step 1,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),Nonce (NA),SymKey (K),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),(SID sid)]); +iknows(SymKey (K)); +iknows(Nonce (NA)) + +=> +State (rA,[Agent (A),Step 2,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),Nonce (NA),SymKey (K),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),scrypt(SymKey (K),f(Nonce (NA))),(SID sid)]) + + +section initial state: +init_0: iknows(Nonce (ni)); +init_1: iknows(Agent (dishonest i)); +init_2: State (rA,[Agent (honest a),Step 0,inv(pk(Agent (honest a))),pk(Agent (dishonest i)),pk(Agent (honest a)),Agent (dishonest i),(SID sid)]); +init_3: State (rA,[Agent (honest a),Step 0,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),(SID sid)]); +init_4: iknows(Step 0); +init_5: iknows(inv(pk(Agent (dishonest i)))); +init_6: iknows(pk(Agent (dishonest i))); +init_7: iknows((SID sid)); +init_8: iknows(pk(Agent (honest a))); +init_9: iknows(Agent (honest a)); +init_10: State (rB,[Agent (honest a),Step 0,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (dishonest i)),Agent (dishonest i),(SID sid)]); +init_11: State (rB,[Agent (honest a),Step 0,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),(SID sid)]); + +section fixedpoint: +fp_0: iknows(pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))))); +fp_1: iknows(pair(Agent (honest a),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))))); +fp_2: State (rB,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (dishonest i)),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))),(SID sid)]); +fp_3: State (rB,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)))),(SID sid)]); +fp_4: secret(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i)); +fp_5: witness(Agent (honest a),Agent (dishonest i),Purpose (purposeK),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))); +fp_6: State (rA,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (dishonest i)),pk(Agent (honest a)),Agent (dishonest i),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (dishonest i))),pair(Agent (dishonest i),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]); +fp_7: secret(SymKey (absK(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)); +fp_8: witness(Agent (honest a),Agent (honest a),Purpose (purposeK),SymKey (absK(pair(Agent (honest a),Agent (honest a))))); +fp_9: State (rA,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (honest a))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]); +fp_10: iknows(crypt(pk(Agent (honest a)),pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a))))))))); +fp_11: iknows(crypt(pk(Agent (dishonest i)),pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))))))); +fp_12: iknows(crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)))); +fp_13: iknows(crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))); +fp_14: iknows(pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))))); +fp_15: iknows(pair(Agent (honest a),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))))); +fp_16: iknows(pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))); +fp_17: iknows(pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))); +fp_18: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))))); +fp_19: iknows(pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))); +fp_20: State (rA,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (honest a))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]); +fp_21: iknows(crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (honest a))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a))))))))); +fp_22: iknows(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))); +fp_23: iknows(SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))); +fp_24: iknows(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))); +fp_25: iknows(f(Nonce (ni))); +fp_26: iknows(pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))))); +fp_27: iknows(pair(Agent (honest a),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))))); +fp_28: iknows(pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))); +fp_29: iknows(pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))); +fp_30: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))))); +fp_31: iknows(pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))); +fp_32: State (rA,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (dishonest i)),pk(Agent (honest a)),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i))),pair(Agent (dishonest i),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]); +fp_33: State (rA,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (dishonest i)),pk(Agent (honest a)),Agent (dishonest i),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i))),pair(Agent (dishonest i),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]); +fp_34: State (rA,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]); +fp_35: State (rA,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]); +fp_36: request(Agent (honest a),Agent (honest a),Purpose (purposeK),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),(SID sid)); +fp_37: State (rB,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),f(Nonce (absNB(pair(Agent (honest a),Agent (honest a))))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (honest a))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (honest a)))),f(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))),(SID sid)]); +fp_38: request(Agent (honest a),Agent (dishonest i),Purpose (purposeK),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),(SID sid)); +fp_39: State (rB,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (dishonest i)),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))))),(SID sid)]); +fp_40: State (rB,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (dishonest i)),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))),(SID sid)]); +fp_41: State (rB,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (dishonest i)),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),Nonce (ni),f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (ni),pair(Agent (dishonest i),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (ni))),(SID sid)]); +fp_42: State (rA,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (dishonest i)),pk(Agent (honest a)),Agent (dishonest i),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (dishonest i))),pair(Agent (dishonest i),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))),(SID sid)]); +fp_43: iknows(scrypt(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (ni)))); +fp_44: iknows(scrypt(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))))); +fp_45: iknows(scrypt(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))))); +fp_46: iknows(scrypt(SymKey (absK(pair(Agent (honest a),Agent (honest a)))),f(Nonce (absNA(pair(Agent (honest a),Agent (honest a))))))); +fp_47: iknows(crypt(pk(Agent (honest a)),pair(f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a))))))))); +fp_48: iknows(crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a))))))))); +fp_49: iknows(crypt(pk(Agent (dishonest i)),pair(f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))))))); +fp_50: iknows(crypt(pk(Agent (dishonest i)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))))))); +fp_51: iknows(pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))))); +fp_52: iknows(pair(Agent (honest a),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))))); +fp_53: iknows(pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))); +fp_54: iknows(pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))); +fp_55: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))))); +fp_56: iknows(pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))); +fp_57: iknows(pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))); +fp_58: iknows(pair(f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))); +fp_59: State (rA,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (dishonest i)),pk(Agent (honest a)),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i))),pair(Agent (dishonest i),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))),(SID sid)]); +fp_60: State (rA,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (dishonest i)),pk(Agent (honest a)),Agent (dishonest i),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i))),pair(Agent (dishonest i),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))),(SID sid)]); +fp_61: State (rA,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (honest a)))),f(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))),(SID sid)]); +fp_62: State (rA,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (honest a)))),f(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))),(SID sid)]); +fp_63: State (rA,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (honest a))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (honest a)))),f(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))),(SID sid)]); +fp_64: State (rA,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (honest a))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (honest a)))),f(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))),(SID sid)]); +fp_65: iknows(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))))); +fp_66: iknows(f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))); +fp_67: iknows(pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))))); +fp_68: iknows(pair(Agent (honest a),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))))); +fp_69: iknows(pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))); +fp_70: iknows(pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))); +fp_71: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))))); +fp_72: iknows(pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))); +fp_73: iknows(pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))); +fp_74: iknows(pair(f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))); + +section abstraction: +NB->Nonce (absNB(pair(B,A))); +NA->Nonce (absNA(pair(A,B))); +K->SymKey (absK(pair(A,B))) + diff --git a/examples/AnB/Denning-Sacco.AnB b/examples/AnB/Denning-Sacco.AnB new file mode 100644 index 0000000..44c2109 --- /dev/null +++ b/examples/AnB/Denning-Sacco.AnB @@ -0,0 +1,24 @@ +Protocol: DenningSacco + +Types: Agent A,B,s; + Number T,timestamp,Payload; + Symmetric_key KAB; + Function sk + +Knowledge: A: A,B,sk(A,s),timestamp; + B: B,A,sk(B,s),timestamp; + s: A,B,sk(A,s),sk(B,s) + +Actions: +A->s: A,B +s->A: {|B,KAB,T,{|A,KAB,T|}sk(B,s)|}sk(A,s) +A->B: {|A,KAB,T|}sk(B,s) +B->A: {|Payload|}KAB + +Goals: +B *->* A: Payload + +Abstraction: +T -> timestamp; +Payload -> payload(B,A); +KAB -> sk(A,B) diff --git a/examples/AnB/Denning-Sacco.fp b/examples/AnB/Denning-Sacco.fp new file mode 100644 index 0000000..a475af3 --- /dev/null +++ b/examples/AnB/Denning-Sacco.fp @@ -0,0 +1,213 @@ +Backend: Open-Source Fixedpoint Model-Checker version 2009c +Protocol: DenningSacco +Types: +[(Purpose,["purposePayload"]),(Agent False False,["A","B","s"]),(Number,["T","timestamp","Payload"]),(SymmetricKey,["KAB"]),(Function,["sk"])] +section rules: +step rule_0: +iknows(crypt(K,M)); +iknows(inv(K)) + +=> +iknows(M) + +step rule_1: +iknows(crypt(inv(K),M)); +iknows(K) + +=> +iknows(M) + +step rule_2: +iknows(scrypt(K,M)); +iknows(K) + +=> +iknows(M) + +step rule_3: +iknows(pair(M1,M2)) + +=> +iknows(M1); +iknows(M2) + +step rule_4: +secret(M,Agent (honest a)); +iknows(M) + +=> +attack(pair(secrecy,M)) + +step rule_5: +request(A,B,Purpose (purposePayload),M,(SID sid)) + | B/=Agent (dishonest i); +M/=Nonce (payload(pair(B,A))) +=> +attack(pair(authentication,pair(A,pair(B,M)))) + +step rule_6: +request(A,B,Purpose (purposeKAB),M,(SID sid)) + | B/=Agent (dishonest i); +M/=SymKey (sk(pair(B,A))) +=> +attack(pair(authentication,pair(A,pair(B,M)))) + +step rule_7: +State (rA,[Agent (A),Step 0,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),(SID sid)]) + +=> +State (rA,[Agent (A),Step 1,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),pair(Agent (A),Agent (B)),(SID sid)]); +iknows(pair(Agent (A),Agent (B))) + +step rule_8: +State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (B),Agent (honest a)))),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),Agent (A),(SID sid)]); +iknows(Agent (A)); +iknows(Agent (B)) + +=> +State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (B),Agent (honest a)))),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),Agent (A),pair(Agent (A),Agent (B)),SymKey (sk(pair(Agent (A),Agent (B)))),Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Agent (B),pair(SymKey (sk(pair(Agent (A),Agent (B)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Agent (A),pair(SymKey (sk(pair(Agent (A),Agent (B)))),Nonce (timestamp)))))))),(SID sid)]); +iknows(scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Agent (B),pair(SymKey (sk(pair(Agent (A),Agent (B)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Agent (A),pair(SymKey (sk(pair(Agent (A),Agent (B)))),Nonce (timestamp))))))))) + +step rule_9: +State (rA,[Agent (A),Step 1,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),pair(Agent (A),Agent (B)),(SID sid)]); +iknows(scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Agent (B),pair(SymKey (KAB),pair(Nonce (T),Agent (dishonest i)))))) + +=> +State (rA,[Agent (A),Step 2,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),pair(Agent (A),Agent (B)),Agent (dishonest i),Nonce (T),SymKey (KAB),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Agent (B),pair(SymKey (KAB),pair(Nonce (T),Agent (dishonest i))))),(SID sid)]); +iknows(Agent (dishonest i)) + +step rule_10: +State (rA,[Agent (A),Step 1,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),pair(Agent (A),Agent (B)),(SID sid)]); +iknows(SymKey (sk(pair(Agent (A),Agent (honest a))))); +iknows(Agent (B)); +iknows(SymKey (KAB)); +iknows(Nonce (T)); +iknows(Agent (dishonest i)) + +=> +State (rA,[Agent (A),Step 2,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),pair(Agent (A),Agent (B)),Agent (dishonest i),Nonce (T),SymKey (KAB),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Agent (B),pair(SymKey (KAB),pair(Nonce (T),Agent (dishonest i))))),(SID sid)]); +iknows(Agent (dishonest i)) + +step rule_11: +State (rB,[Agent (B),Step 0,Nonce (timestamp),SymKey (sk(pair(Agent (B),Agent (honest a)))),Agent (A),(SID sid)]); +iknows(scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Agent (A),pair(SymKey (KAB),Nonce (T))))) + +=> +secret(Nonce (payload(pair(Agent (B),Agent (A)))),Agent (A)); +witness(Agent (B),Agent (A),Purpose (purposePayload),Nonce (payload(pair(Agent (B),Agent (A))))); +State (rB,[Agent (B),Step 1,Nonce (timestamp),SymKey (sk(pair(Agent (B),Agent (honest a)))),Agent (A),Nonce (T),SymKey (KAB),scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Agent (A),pair(SymKey (KAB),Nonce (T)))),Nonce (payload(pair(Agent (B),Agent (A)))),scrypt(SymKey (KAB),Nonce (payload(pair(Agent (B),Agent (A))))),(SID sid)]); +iknows(scrypt(SymKey (KAB),Nonce (payload(pair(Agent (B),Agent (A)))))) + +step rule_12: +State (rB,[Agent (B),Step 0,Nonce (timestamp),SymKey (sk(pair(Agent (B),Agent (honest a)))),Agent (A),(SID sid)]); +iknows(SymKey (sk(pair(Agent (B),Agent (honest a))))); +iknows(Agent (A)); +iknows(SymKey (KAB)); +iknows(Nonce (T)) + +=> +secret(Nonce (payload(pair(Agent (B),Agent (A)))),Agent (A)); +witness(Agent (B),Agent (A),Purpose (purposePayload),Nonce (payload(pair(Agent (B),Agent (A))))); +State (rB,[Agent (B),Step 1,Nonce (timestamp),SymKey (sk(pair(Agent (B),Agent (honest a)))),Agent (A),Nonce (T),SymKey (KAB),scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Agent (A),pair(SymKey (KAB),Nonce (T)))),Nonce (payload(pair(Agent (B),Agent (A)))),scrypt(SymKey (KAB),Nonce (payload(pair(Agent (B),Agent (A))))),(SID sid)]); +iknows(scrypt(SymKey (KAB),Nonce (payload(pair(Agent (B),Agent (A)))))) + +step rule_13: +State (rA,[Agent (A),Step 2,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),pair(Agent (A),Agent (B)),Agent (dishonest i),Nonce (T),SymKey (KAB),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Agent (B),pair(SymKey (KAB),pair(Nonce (T),Agent (dishonest i))))),(SID sid)]); +iknows(scrypt(SymKey (KAB),Nonce (Payload))) + +=> +request(Agent (A),Agent (B),Purpose (purposePayload),Nonce (Payload),(SID sid)); +State (rA,[Agent (A),Step 3,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),pair(Agent (A),Agent (B)),Agent (dishonest i),Nonce (T),SymKey (KAB),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Agent (B),pair(SymKey (KAB),pair(Nonce (T),Agent (dishonest i))))),Nonce (Payload),scrypt(SymKey (KAB),Nonce (Payload)),(SID sid)]) + +step rule_14: +State (rA,[Agent (A),Step 2,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),pair(Agent (A),Agent (B)),Agent (dishonest i),Nonce (T),SymKey (KAB),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Agent (B),pair(SymKey (KAB),pair(Nonce (T),Agent (dishonest i))))),(SID sid)]); +iknows(SymKey (KAB)); +iknows(Nonce (Payload)) + +=> +request(Agent (A),Agent (B),Purpose (purposePayload),Nonce (Payload),(SID sid)); +State (rA,[Agent (A),Step 3,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),pair(Agent (A),Agent (B)),Agent (dishonest i),Nonce (T),SymKey (KAB),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Agent (B),pair(SymKey (KAB),pair(Nonce (T),Agent (dishonest i))))),Nonce (Payload),scrypt(SymKey (KAB),Nonce (Payload)),(SID sid)]) + + +section initial state: +init_0: iknows(Nonce (ni)); +init_1: iknows(Agent (dishonest i)); +init_2: State (rA,[Agent (honest a),Step 0,Nonce (timestamp),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),(SID sid)]); +init_3: State (rA,[Agent (honest a),Step 0,Nonce (timestamp),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),(SID sid)]); +init_4: iknows(Step 0); +init_5: iknows(Nonce (timestamp)); +init_6: iknows(SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))); +init_7: iknows((SID sid)); +init_8: iknows(Agent (honest a)); +init_9: State (rB,[Agent (honest a),Step 0,Nonce (timestamp),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),(SID sid)]); +init_10: State (rB,[Agent (honest a),Step 0,Nonce (timestamp),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),(SID sid)]); +init_11: State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Agent (dishonest i),(SID sid)]); +init_12: State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),Agent (honest a),(SID sid)]); +init_13: State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (honest a),Agent (dishonest i),(SID sid)]); +init_14: State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Agent (honest a),(SID sid)]); + +section fixedpoint: +fp_0: iknows(pair(Agent (honest a),Agent (honest a))); +fp_1: iknows(pair(Agent (honest a),Agent (dishonest i))); +fp_2: State (rA,[Agent (honest a),Step 1,Nonce (timestamp),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),pair(Agent (honest a),Agent (dishonest i)),(SID sid)]); +fp_3: State (rA,[Agent (honest a),Step 1,Nonce (timestamp),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),pair(Agent (honest a),Agent (honest a)),(SID sid)]); +fp_4: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Agent (dishonest i),pair(Agent (dishonest i),Agent (dishonest i)),SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))))))),(SID sid)]); +fp_5: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),Agent (honest a),pair(Agent (honest a),Agent (dishonest i)),SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),pair(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),Nonce (timestamp)))))))),(SID sid)]); +fp_6: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (honest a),Agent (dishonest i),pair(Agent (dishonest i),Agent (honest a)),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp)))))))),(SID sid)]); +fp_7: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Agent (honest a),pair(Agent (honest a),Agent (honest a)),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),pair(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),pair(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Nonce (timestamp)))))))),(SID sid)]); +fp_8: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),pair(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),pair(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Nonce (timestamp))))))))); +fp_9: iknows(scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp))))))))); +fp_10: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),pair(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),Nonce (timestamp))))))))); +fp_11: iknows(scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))))))))); +fp_12: iknows(pair(Agent (honest a),Agent (honest a))); +fp_13: iknows(pair(Agent (honest a),Agent (dishonest i))); +fp_14: iknows(pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))))); +fp_15: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))))))); +fp_16: iknows(pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))))))); +fp_17: iknows(pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp)))))); +fp_18: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp))))))); +fp_19: iknows(pair(Agent (honest a),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp)))))))); +fp_20: iknows(scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))))); +fp_21: iknows(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i))))); +fp_22: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp))))); +fp_23: iknows(pair(Agent (honest a),Agent (honest a))); +fp_24: iknows(pair(Agent (honest a),Agent (dishonest i))); +fp_25: iknows(pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))))); +fp_26: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))))))); +fp_27: iknows(pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))))))); +fp_28: iknows(pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp)))))); +fp_29: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp))))))); +fp_30: iknows(pair(Agent (honest a),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp)))))))); +fp_31: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))); +fp_32: iknows(pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))); +fp_33: secret(Nonce (payload(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i)); +fp_34: witness(Agent (honest a),Agent (dishonest i),Purpose (purposePayload),Nonce (payload(pair(Agent (honest a),Agent (dishonest i))))); +fp_35: State (rB,[Agent (honest a),Step 1,Nonce (timestamp),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),Nonce (timestamp),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp)))),Nonce (payload(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (payload(pair(Agent (honest a),Agent (dishonest i))))),(SID sid)]); +fp_36: iknows(scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (payload(pair(Agent (honest a),Agent (dishonest i)))))); +fp_37: iknows(pair(Agent (honest a),Agent (honest a))); +fp_38: iknows(pair(Agent (honest a),Agent (dishonest i))); +fp_39: iknows(pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))))); +fp_40: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))))))); +fp_41: iknows(pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))))))); +fp_42: iknows(pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp)))))); +fp_43: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp))))))); +fp_44: iknows(pair(Agent (honest a),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp)))))))); +fp_45: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))); +fp_46: iknows(pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))); +fp_47: iknows(Nonce (payload(pair(Agent (honest a),Agent (dishonest i))))); +fp_48: iknows(pair(Agent (honest a),Agent (honest a))); +fp_49: iknows(pair(Agent (honest a),Agent (dishonest i))); +fp_50: iknows(pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))))); +fp_51: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))))))); +fp_52: iknows(pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))))))); +fp_53: iknows(pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp)))))); +fp_54: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp))))))); +fp_55: iknows(pair(Agent (honest a),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp)))))))); +fp_56: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))); +fp_57: iknows(pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))); + +section abstraction: +T->timestamp; +Payload->Nonce (payload(pair(B,A))); +KAB->SymKey (sk(pair(A,B))) + diff --git a/examples/AnB/ISOpubKeyOnePassUnilateralAuthProt.AnB b/examples/AnB/ISOpubKeyOnePassUnilateralAuthProt.AnB new file mode 100644 index 0000000..b3a19bd --- /dev/null +++ b/examples/AnB/ISOpubKeyOnePassUnilateralAuthProt.AnB @@ -0,0 +1,18 @@ +Protocol: ISO_onepass_pk + +# should be fine (replay is not considered here!) + +Types: Agent A,B,s; + Number NA,Text1; + Function pk + +Knowledge: A: A,B,{A,pk(A)}inv(pk(s)),pk(A),inv(pk(A)); + B: B,pk(s) + +Actions: +A->B: {A,pk(A)}inv(pk(s)), + {NA,B,Text1}inv(pk(A)) + +Goals: +A *-> B: Text1 + diff --git a/examples/AnB/ISOpubKeyOnePassUnilateralAuthProt.fp b/examples/AnB/ISOpubKeyOnePassUnilateralAuthProt.fp new file mode 100644 index 0000000..a3945a1 --- /dev/null +++ b/examples/AnB/ISOpubKeyOnePassUnilateralAuthProt.fp @@ -0,0 +1,222 @@ +Backend: Open-Source Fixedpoint Model-Checker version 2009c +Protocol: ISO_onepass_pk +Types: +[(Purpose,["purposeText1"]),(Agent False False,["A","B","s"]),(Number,["NA","Text1"]),(Function,["pk"])] +section rules: +step rule_0: +iknows(crypt(K,M)); +iknows(inv(K)) + +=> +iknows(M) + +step rule_1: +iknows(crypt(inv(K),M)); +iknows(K) + +=> +iknows(M) + +step rule_2: +iknows(scrypt(K,M)); +iknows(K) + +=> +iknows(M) + +step rule_3: +iknows(pair(M1,M2)) + +=> +iknows(M1); +iknows(M2) + +step rule_4: +secret(M,Agent (honest a)); +iknows(M) + +=> +attack(pair(secrecy,M)) + +step rule_5: +request(A,B,Purpose (purposeNA),M,(SID sid)) + | B/=Agent (dishonest i); +M/=Nonce (absNA(pair(B,A))) +=> +attack(pair(authentication,pair(A,pair(B,M)))) + +step rule_6: +request(A,B,Purpose (purposeText1),M,(SID sid)) + | B/=Agent (dishonest i); +M/=Nonce (absText1(pair(B,A))) +=> +attack(pair(authentication,pair(A,pair(B,M)))) + +step rule_7: +State (rA,[Agent (A),Step 0,inv(pk(Agent (A))),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Agent (B),(SID sid)]) + +=> +witness(Agent (A),Agent (B),Purpose (purposeText1),Nonce (absText1(pair(Agent (A),Agent (B))))); +State (rA,[Agent (A),Step 1,inv(pk(Agent (A))),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Agent (B),Nonce (absNA(pair(Agent (A),Agent (B)))),Nonce (absText1(pair(Agent (A),Agent (B)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),crypt(inv(pk(Agent (A))),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Agent (B),Nonce (absText1(pair(Agent (A),Agent (B)))))))),(SID sid)]); +iknows(pair(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),crypt(inv(pk(Agent (A))),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Agent (B),Nonce (absText1(pair(Agent (A),Agent (B))))))))) + +step rule_8: +State (rB,[Agent (B),Step 0,pk(Agent (honest a)),(SID sid)]); +iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A))))); +iknows(crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1))))) + +=> +request(Agent (B),Agent (A),Purpose (purposeText1),Nonce (Text1),(SID sid)); +State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Nonce (Text1),Nonce (NA),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1)))),pk(Agent (A)),Agent (A),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1))))),(SID sid)]) + +step rule_9: +State (rB,[Agent (B),Step 0,pk(Agent (honest a)),(SID sid)]); +iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A))))); +iknows(inv(pk(Agent (A)))); +iknows(Nonce (NA)); +iknows(Agent (B)); +iknows(Nonce (Text1)) + +=> +request(Agent (B),Agent (A),Purpose (purposeText1),Nonce (Text1),(SID sid)); +State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Nonce (Text1),Nonce (NA),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1)))),pk(Agent (A)),Agent (A),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1))))),(SID sid)]) + +step rule_10: +State (rB,[Agent (B),Step 0,pk(Agent (honest a)),(SID sid)]); +iknows(inv(pk(Agent (honest a)))); +iknows(Agent (A)); +iknows(pk(Agent (A))); +iknows(crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1))))) + +=> +request(Agent (B),Agent (A),Purpose (purposeText1),Nonce (Text1),(SID sid)); +State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Nonce (Text1),Nonce (NA),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1)))),pk(Agent (A)),Agent (A),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1))))),(SID sid)]) + +step rule_11: +State (rB,[Agent (B),Step 0,pk(Agent (honest a)),(SID sid)]); +iknows(inv(pk(Agent (honest a)))); +iknows(Agent (A)); +iknows(pk(Agent (A))); +iknows(inv(pk(Agent (A)))); +iknows(Nonce (NA)); +iknows(Agent (B)); +iknows(Nonce (Text1)) + +=> +request(Agent (B),Agent (A),Purpose (purposeText1),Nonce (Text1),(SID sid)); +State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Nonce (Text1),Nonce (NA),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1)))),pk(Agent (A)),Agent (A),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1))))),(SID sid)]) + +step rule_12: +State (rB,[Agent (B),Step 0,pk(Agent (honest a)),(SID sid)]); +iknows(inv(pk(Agent (honest a)))); +iknows(Agent (A)); +iknows(crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1))))) + +=> +request(Agent (B),Agent (A),Purpose (purposeText1),Nonce (Text1),(SID sid)); +State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Nonce (Text1),Nonce (NA),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1)))),pk(Agent (A)),Agent (A),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1))))),(SID sid)]) + +step rule_13: +State (rB,[Agent (B),Step 0,pk(Agent (honest a)),(SID sid)]); +iknows(inv(pk(Agent (honest a)))); +iknows(Agent (A)); +iknows(inv(pk(Agent (A)))); +iknows(Nonce (NA)); +iknows(Agent (B)); +iknows(Nonce (Text1)) + +=> +request(Agent (B),Agent (A),Purpose (purposeText1),Nonce (Text1),(SID sid)); +State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Nonce (Text1),Nonce (NA),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1)))),pk(Agent (A)),Agent (A),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1))))),(SID sid)]) + + +section initial state: +init_0: iknows(Nonce (ni)); +init_1: iknows(Agent (dishonest i)); +init_2: State (rA,[Agent (honest a),Step 0,inv(pk(Agent (honest a))),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Agent (dishonest i),(SID sid)]); +init_3: State (rA,[Agent (honest a),Step 0,inv(pk(Agent (honest a))),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Agent (honest a),(SID sid)]); +init_4: iknows(Step 0); +init_5: iknows(inv(pk(Agent (dishonest i)))); +init_6: iknows(pk(Agent (dishonest i))); +init_7: iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i))))); +init_8: iknows((SID sid)); +init_9: iknows(Agent (honest a)); +init_10: State (rB,[Agent (honest a),Step 0,pk(Agent (honest a)),(SID sid)]); +init_11: iknows(pk(Agent (honest a))); + +section fixedpoint: +fp_0: iknows(pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))))); +fp_1: iknows(pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))))))); +fp_2: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i)))); +fp_3: witness(Agent (honest a),Agent (dishonest i),Purpose (purposeText1),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))); +fp_4: State (rA,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Agent (dishonest i),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]); +fp_5: witness(Agent (honest a),Agent (honest a),Purpose (purposeText1),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))); +fp_6: State (rA,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]); +fp_7: request(Agent (honest a),Agent (dishonest i),Purpose (purposeText1),Nonce (ni),(SID sid)); +fp_8: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (ni),Nonce (ni),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (ni)))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (ni))))),(SID sid)]); +fp_9: iknows(crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))); +fp_10: iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a))))); +fp_11: iknows(crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))))); +fp_12: iknows(pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))))); +fp_13: iknows(pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))))))); +fp_14: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i)))); +fp_15: iknows(pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))); +fp_16: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))))); +fp_17: iknows(pair(Agent (honest a),pk(Agent (honest a)))); +fp_18: iknows(pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))); +fp_19: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))); +fp_20: request(Agent (honest a),Agent (honest a),Purpose (purposeText1),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),(SID sid)); +fp_21: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (honest a)),Agent (honest a),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]); +fp_22: iknows(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))); +fp_23: iknows(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))); +fp_24: iknows(Nonce (absText1(pair(Agent (honest a),Agent (honest a))))); +fp_25: iknows(Nonce (absNA(pair(Agent (honest a),Agent (honest a))))); +fp_26: iknows(pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))))); +fp_27: iknows(pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))))))); +fp_28: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i)))); +fp_29: iknows(pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))); +fp_30: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))))); +fp_31: iknows(pair(Agent (honest a),pk(Agent (honest a)))); +fp_32: iknows(pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))); +fp_33: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))); +fp_34: request(Agent (honest a),Agent (dishonest i),Purpose (purposeText1),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),(SID sid)); +fp_35: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]); +fp_36: request(Agent (honest a),Agent (dishonest i),Purpose (purposeText1),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),(SID sid)); +fp_37: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]); +fp_38: request(Agent (honest a),Agent (dishonest i),Purpose (purposeText1),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),(SID sid)); +fp_39: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]); +fp_40: request(Agent (honest a),Agent (dishonest i),Purpose (purposeText1),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),(SID sid)); +fp_41: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]); +fp_42: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (ni),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (ni)))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (ni))))),(SID sid)]); +fp_43: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]); +fp_44: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]); +fp_45: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]); +fp_46: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]); +fp_47: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (ni),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (ni)))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (ni))))),(SID sid)]); +fp_48: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]); +fp_49: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]); +fp_50: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]); +fp_51: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]); +fp_52: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (ni),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (ni)))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (ni))))),(SID sid)]); +fp_53: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]); +fp_54: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]); +fp_55: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]); +fp_56: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]); +fp_57: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (ni),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (ni)))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (ni))))),(SID sid)]); +fp_58: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),Nonce (ni),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]); +fp_59: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Nonce (ni),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]); +fp_60: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),Nonce (ni),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]); +fp_61: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Nonce (ni),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]); +fp_62: iknows(pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))))); +fp_63: iknows(pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))))))); +fp_64: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i)))); +fp_65: iknows(pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))); +fp_66: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))))); +fp_67: iknows(pair(Agent (honest a),pk(Agent (honest a)))); +fp_68: iknows(pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))); +fp_69: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))); + +section abstraction: +NA->Nonce (absNA(pair(A,B))); +Text1->Nonce (absText1(pair(A,B))) + diff --git a/examples/AnB/ISOsymKeyTwoPassUnilateralAuthProt.AnB b/examples/AnB/ISOsymKeyTwoPassUnilateralAuthProt.AnB new file mode 100644 index 0000000..45c979f --- /dev/null +++ b/examples/AnB/ISOsymKeyTwoPassUnilateralAuthProt.AnB @@ -0,0 +1,15 @@ +Protocol: ISO_twopass_symm # Verified & Certified + +Types: Agent A,B; + Number NB,Text1,Text2,Text3; + Function sk + +Knowledge: A: A,B,sk(A,B); + B: B,A,sk(A,B) + +Actions: +B->A: NB +A->B: {|NB,B,Text2|}sk(A,B) + +Goals: +A *-> B: Text2 diff --git a/examples/AnB/ISOsymKeyTwoPassUnilateralAuthProt.fp b/examples/AnB/ISOsymKeyTwoPassUnilateralAuthProt.fp new file mode 100644 index 0000000..2299732 --- /dev/null +++ b/examples/AnB/ISOsymKeyTwoPassUnilateralAuthProt.fp @@ -0,0 +1,154 @@ +Backend: Open-Source Fixedpoint Model-Checker version 2009c +Protocol: ISO_twopass_symm +Types: +[(Purpose,["purposeText2"]),(Agent False False,["A","B"]),(Number,["NB","Text1","Text2","Text3"]),(Function,["sk"])] +section rules: +step rule_0: +iknows(crypt(K,M)); +iknows(inv(K)) + +=> +iknows(M) + +step rule_1: +iknows(crypt(inv(K),M)); +iknows(K) + +=> +iknows(M) + +step rule_2: +iknows(scrypt(K,M)); +iknows(K) + +=> +iknows(M) + +step rule_3: +iknows(pair(M1,M2)) + +=> +iknows(M1); +iknows(M2) + +step rule_4: +secret(M,Agent (honest a)); +iknows(M) + +=> +attack(pair(secrecy,M)) + +step rule_5: +request(A,B,Purpose (purposeNB),M,(SID sid)) + | B/=Agent (dishonest i); +M/=Nonce (absNB(pair(B,A))) +=> +attack(pair(authentication,pair(A,pair(B,M)))) + +step rule_6: +request(A,B,Purpose (purposeText2),M,(SID sid)) + | B/=Agent (dishonest i); +M/=Nonce (absText2(pair(B,A))) +=> +attack(pair(authentication,pair(A,pair(B,M)))) + +step rule_7: +State (rB,[Agent (B),Step 0,SymKey (sk(pair(Agent (A),Agent (B)))),Agent (A),(SID sid)]) + +=> +State (rB,[Agent (B),Step 1,SymKey (sk(pair(Agent (A),Agent (B)))),Agent (A),Nonce (absNB(pair(Agent (B),Agent (A)))),(SID sid)]); +iknows(Nonce (absNB(pair(Agent (B),Agent (A))))) + +step rule_8: +State (rA,[Agent (A),Step 0,SymKey (sk(pair(Agent (A),Agent (B)))),Agent (B),(SID sid)]); +iknows(Nonce (NB)) + +=> +witness(Agent (A),Agent (B),Purpose (purposeText2),Nonce (absText2(pair(Agent (A),Agent (B))))); +State (rA,[Agent (A),Step 1,SymKey (sk(pair(Agent (A),Agent (B)))),Agent (B),Nonce (NB),Nonce (absText2(pair(Agent (A),Agent (B)))),scrypt(SymKey (sk(pair(Agent (A),Agent (B)))),pair(Nonce (NB),pair(Agent (B),Nonce (absText2(pair(Agent (A),Agent (B))))))),(SID sid)]); +iknows(scrypt(SymKey (sk(pair(Agent (A),Agent (B)))),pair(Nonce (NB),pair(Agent (B),Nonce (absText2(pair(Agent (A),Agent (B)))))))) + +step rule_9: +State (rB,[Agent (B),Step 1,SymKey (sk(pair(Agent (A),Agent (B)))),Agent (A),Nonce (NB),(SID sid)]); +iknows(scrypt(SymKey (sk(pair(Agent (A),Agent (B)))),pair(Nonce (NB),pair(Agent (B),Nonce (Text2))))) + +=> +request(Agent (B),Agent (A),Purpose (purposeText2),Nonce (Text2),(SID sid)); +State (rB,[Agent (B),Step 2,SymKey (sk(pair(Agent (A),Agent (B)))),Agent (A),Nonce (NB),Nonce (Text2),scrypt(SymKey (sk(pair(Agent (A),Agent (B)))),pair(Nonce (NB),pair(Agent (B),Nonce (Text2)))),(SID sid)]) + +step rule_10: +State (rB,[Agent (B),Step 1,SymKey (sk(pair(Agent (A),Agent (B)))),Agent (A),Nonce (NB),(SID sid)]); +iknows(SymKey (sk(pair(Agent (A),Agent (B))))); +iknows(Nonce (NB)); +iknows(Agent (B)); +iknows(Nonce (Text2)) + +=> +request(Agent (B),Agent (A),Purpose (purposeText2),Nonce (Text2),(SID sid)); +State (rB,[Agent (B),Step 2,SymKey (sk(pair(Agent (A),Agent (B)))),Agent (A),Nonce (NB),Nonce (Text2),scrypt(SymKey (sk(pair(Agent (A),Agent (B)))),pair(Nonce (NB),pair(Agent (B),Nonce (Text2)))),(SID sid)]) + + +section initial state: +init_0: iknows(Nonce (ni)); +init_1: iknows(Agent (dishonest i)); +init_2: State (rA,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i),(SID sid)]); +init_3: State (rA,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),(SID sid)]); +init_4: iknows(Step 0); +init_5: iknows(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i))))); +init_6: iknows((SID sid)); +init_7: iknows(SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))); +init_8: iknows(Agent (honest a)); +init_9: State (rB,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),(SID sid)]); +init_10: State (rB,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),(SID sid)]); +init_11: iknows(SymKey (sk(pair(Agent (honest a),Agent (dishonest i))))); + +section fixedpoint: +fp_0: State (rB,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),(SID sid)]); +fp_1: State (rB,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),(SID sid)]); +fp_2: witness(Agent (honest a),Agent (dishonest i),Purpose (purposeText2),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))); +fp_3: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i),Nonce (ni),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (ni),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]); +fp_4: witness(Agent (honest a),Agent (honest a),Purpose (purposeText2),Nonce (absText2(pair(Agent (honest a),Agent (honest a))))); +fp_5: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Nonce (ni),Nonce (absText2(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]); +fp_6: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (honest a)))))))); +fp_7: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (ni),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))))))); +fp_8: iknows(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))); +fp_9: iknows(Nonce (absNB(pair(Agent (honest a),Agent (honest a))))); +fp_10: iknows(pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))))); +fp_11: iknows(pair(Nonce (ni),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))); +fp_12: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]); +fp_13: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]); +fp_14: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText2(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]); +fp_15: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Nonce (absText2(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]); +fp_16: request(Agent (honest a),Agent (dishonest i),Purpose (purposeText2),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),(SID sid)); +fp_17: State (rB,[Agent (honest a),Step 2,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]); +fp_18: request(Agent (honest a),Agent (dishonest i),Purpose (purposeText2),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),(SID sid)); +fp_19: State (rB,[Agent (honest a),Step 2,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]); +fp_20: request(Agent (honest a),Agent (dishonest i),Purpose (purposeText2),Nonce (ni),(SID sid)); +fp_21: State (rB,[Agent (honest a),Step 2,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (ni),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (ni)))),(SID sid)]); +fp_22: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (honest a)))))))); +fp_23: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (honest a)))))))); +fp_24: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))))))); +fp_25: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))))))); +fp_26: iknows(Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))); +fp_27: iknows(pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))))); +fp_28: iknows(pair(Nonce (ni),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))); +fp_29: iknows(pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))); +fp_30: iknows(pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))); +fp_31: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]); +fp_32: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText2(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]); +fp_33: request(Agent (honest a),Agent (honest a),Purpose (purposeText2),Nonce (absText2(pair(Agent (honest a),Agent (honest a)))),(SID sid)); +fp_34: State (rB,[Agent (honest a),Step 2,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Nonce (absText2(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]); +fp_35: request(Agent (honest a),Agent (dishonest i),Purpose (purposeText2),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),(SID sid)); +fp_36: State (rB,[Agent (honest a),Step 2,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]); +fp_37: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (honest a)))))))); +fp_38: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))))))); +fp_39: iknows(pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))))); +fp_40: iknows(pair(Nonce (ni),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))); +fp_41: iknows(pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))); +fp_42: iknows(pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))); +fp_43: iknows(pair(Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))); + +section abstraction: +NB->Nonce (absNB(pair(B,A))); +Text2->Nonce (absText2(pair(A,B))) + diff --git a/examples/AnB/WideMouthFrog.AnB b/examples/AnB/WideMouthFrog.AnB new file mode 100644 index 0000000..3cda9ae --- /dev/null +++ b/examples/AnB/WideMouthFrog.AnB @@ -0,0 +1,19 @@ +Protocol: WideMouthFrog +## Problem with abstract authentication + +Types: Agent A,B,s; + Number TA,TS; # actually timestamps + Symmetric_key KAB; + Function sk + +Knowledge: A: A,B,sk(A,s); + B: B,A,sk(B,s); + s: A,B,sk(A,s),sk(B,s) + +Actions: +A->s: A,{|TA,B,KAB|}sk(A,s) +s->B: {|TS,A,KAB|}sk(B,s) + +Goals: +A *->* B: KAB + diff --git a/examples/AnB/WideMouthFrog.fp b/examples/AnB/WideMouthFrog.fp new file mode 100644 index 0000000..3a5233b --- /dev/null +++ b/examples/AnB/WideMouthFrog.fp @@ -0,0 +1,209 @@ +Backend: Open-Source Fixedpoint Model-Checker version 2009c +Protocol: WideMouthFrog +Types: +[(Purpose,["purposeKAB"]),(Agent False False,["A","B","s"]),(Number,["TA","TS"]),(SymmetricKey,["KAB"]),(Function,["sk"])] +section rules: +step rule_0: +iknows(crypt(K,M)); +iknows(inv(K)) + +=> +iknows(M) + +step rule_1: +iknows(crypt(inv(K),M)); +iknows(K) + +=> +iknows(M) + +step rule_2: +iknows(scrypt(K,M)); +iknows(K) + +=> +iknows(M) + +step rule_3: +iknows(pair(M1,M2)) + +=> +iknows(M1); +iknows(M2) + +step rule_4: +secret(M,Agent (honest a)); +iknows(M) + +=> +attack(pair(secrecy,M)) + +step rule_5: +request(A,B,Purpose (purposeTA),M,(SID sid)) + | B/=Agent (dishonest i); +M/=Nonce (absTA(pair(B,A))) +=> +attack(pair(authentication,pair(A,pair(B,M)))) + +step rule_6: +request(A,B,Purpose (purposeKAB),M,(SID sid)) + | B/=Agent (dishonest i); +M/=SymKey (absKAB(pair(B,A))) +=> +attack(pair(authentication,pair(A,pair(B,M)))) + +step rule_7: +request(A,B,Purpose (purposeTS),M,(SID sid)) + | B/=Agent (dishonest i); +M/=Nonce (absTS(pair(B,A))) +=> +attack(pair(authentication,pair(A,pair(B,M)))) + +step rule_8: +State (rA,[Agent (A),Step 0,SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),(SID sid)]) + +=> +secret(SymKey (absKAB(pair(Agent (A),Agent (B)))),Agent (B)); +witness(Agent (A),Agent (B),Purpose (purposeKAB),SymKey (absKAB(pair(Agent (A),Agent (B))))); +State (rA,[Agent (A),Step 1,SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),Nonce (absTA(pair(Agent (A),Agent (B)))),SymKey (absKAB(pair(Agent (A),Agent (B)))),pair(Agent (A),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (A),Agent (B)))),pair(Agent (B),SymKey (absKAB(pair(Agent (A),Agent (B)))))))),(SID sid)]); +iknows(pair(Agent (A),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (A),Agent (B)))),pair(Agent (B),SymKey (absKAB(pair(Agent (A),Agent (B))))))))) + +step rule_9: +State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (B),Agent (honest a)))),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),Agent (A),(SID sid)]); +iknows(Agent (A)); +iknows(scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Nonce (TA),pair(Agent (B),SymKey (KAB))))) + +=> +State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (B),Agent (honest a)))),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),Agent (A),SymKey (KAB),Nonce (TA),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Nonce (TA),pair(Agent (B),SymKey (KAB)))),pair(Agent (A),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Nonce (TA),pair(Agent (B),SymKey (KAB))))),Nonce (absTS(pair(Agent (B),Agent (A)))),scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (B),Agent (A)))),pair(Agent (A),SymKey (KAB)))),(SID sid)]); +iknows(scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (B),Agent (A)))),pair(Agent (A),SymKey (KAB))))) + +step rule_10: +State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (B),Agent (honest a)))),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),Agent (A),(SID sid)]); +iknows(Agent (A)); +iknows(SymKey (sk(pair(Agent (A),Agent (honest a))))); +iknows(Nonce (TA)); +iknows(Agent (B)); +iknows(SymKey (KAB)) + +=> +State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (B),Agent (honest a)))),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),Agent (A),SymKey (KAB),Nonce (TA),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Nonce (TA),pair(Agent (B),SymKey (KAB)))),pair(Agent (A),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Nonce (TA),pair(Agent (B),SymKey (KAB))))),Nonce (absTS(pair(Agent (B),Agent (A)))),scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (B),Agent (A)))),pair(Agent (A),SymKey (KAB)))),(SID sid)]); +iknows(scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (B),Agent (A)))),pair(Agent (A),SymKey (KAB))))) + +step rule_11: +State (rB,[Agent (B),Step 0,SymKey (sk(pair(Agent (B),Agent (honest a)))),Agent (A),(SID sid)]); +iknows(scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Nonce (TS),pair(Agent (A),SymKey (KAB))))) + +=> +request(Agent (B),Agent (A),Purpose (purposeKAB),SymKey (KAB),(SID sid)); +State (rB,[Agent (B),Step 1,SymKey (sk(pair(Agent (B),Agent (honest a)))),Agent (A),SymKey (KAB),Nonce (TS),scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Nonce (TS),pair(Agent (A),SymKey (KAB)))),(SID sid)]) + +step rule_12: +State (rB,[Agent (B),Step 0,SymKey (sk(pair(Agent (B),Agent (honest a)))),Agent (A),(SID sid)]); +iknows(SymKey (sk(pair(Agent (B),Agent (honest a))))); +iknows(Nonce (TS)); +iknows(Agent (A)); +iknows(SymKey (KAB)) + +=> +request(Agent (B),Agent (A),Purpose (purposeKAB),SymKey (KAB),(SID sid)); +State (rB,[Agent (B),Step 1,SymKey (sk(pair(Agent (B),Agent (honest a)))),Agent (A),SymKey (KAB),Nonce (TS),scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Nonce (TS),pair(Agent (A),SymKey (KAB)))),(SID sid)]) + + +section initial state: +init_0: iknows(Nonce (ni)); +init_1: iknows(Agent (dishonest i)); +init_2: State (rA,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),(SID sid)]); +init_3: State (rA,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),(SID sid)]); +init_4: iknows(Step 0); +init_5: iknows(SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))); +init_6: iknows((SID sid)); +init_7: iknows(Agent (honest a)); +init_8: State (rB,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),(SID sid)]); +init_9: State (rB,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),(SID sid)]); +init_10: State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Agent (dishonest i),(SID sid)]); +init_11: State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),Agent (honest a),(SID sid)]); +init_12: State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (honest a),Agent (dishonest i),(SID sid)]); +init_13: State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Agent (honest a),(SID sid)]); + +section fixedpoint: +fp_0: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))))); +fp_1: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))))); +fp_2: secret(SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i)); +fp_3: witness(Agent (honest a),Agent (dishonest i),Purpose (purposeKAB),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))); +fp_4: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]); +fp_5: secret(SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)); +fp_6: witness(Agent (honest a),Agent (honest a),Purpose (purposeKAB),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))); +fp_7: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]); +fp_8: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (ni),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (ni),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (ni),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),(SID sid)]); +fp_9: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (honest a),Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (ni),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (ni),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (ni),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),(SID sid)]); +fp_10: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))))); +fp_11: iknows(scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))))); +fp_12: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))))))); +fp_13: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))); +fp_14: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))))); +fp_15: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))))); +fp_16: iknows(pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))); +fp_17: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))); +fp_18: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),(SID sid)]); +fp_19: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))))),Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),(SID sid)]); +fp_20: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))),Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]); +fp_21: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))),Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))),pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))))))),Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]); +fp_22: request(Agent (honest a),Agent (dishonest i),Purpose (purposeKAB),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),(SID sid)); +fp_23: State (rB,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),(SID sid)]); +fp_24: request(Agent (honest a),Agent (dishonest i),Purpose (purposeKAB),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),(SID sid)); +fp_25: State (rB,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]); +fp_26: request(Agent (honest a),Agent (honest a),Purpose (purposeKAB),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))),(SID sid)); +fp_27: State (rB,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))),Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]); +fp_28: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))))))); +fp_29: iknows(scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))); +fp_30: iknows(scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))))); +fp_31: iknows(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i))))); +fp_32: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))))); +fp_33: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))))); +fp_34: iknows(pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))); +fp_35: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))); +fp_36: iknows(pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))); +fp_37: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))); +fp_38: iknows(pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))); +fp_39: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))); +fp_40: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (honest a),Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]); +fp_41: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (honest a),Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),(SID sid)]); +fp_42: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))),Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))),pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))))))),Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]); +fp_43: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (honest a),Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),(SID sid)]); +fp_44: State (rB,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))),Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]); +fp_45: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))); +fp_46: iknows(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a))))); +fp_47: iknows(SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))); +fp_48: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))))); +fp_49: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))))); +fp_50: iknows(pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))); +fp_51: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))); +fp_52: iknows(pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))); +fp_53: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))); +fp_54: iknows(pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))); +fp_55: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))); +fp_56: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))),Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]); +fp_57: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]); +fp_58: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),(SID sid)]); +fp_59: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]); +fp_60: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (ni),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (ni),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (ni),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]); +fp_61: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (honest a),Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]); +fp_62: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (honest a),Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (ni),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (ni),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (ni),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]); +fp_63: State (rB,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]); +fp_64: iknows(scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))); +fp_65: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))))); +fp_66: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))))); +fp_67: iknows(pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))); +fp_68: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))); +fp_69: iknows(pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))); +fp_70: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))); +fp_71: iknows(pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))); +fp_72: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))); +fp_73: iknows(pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))); +fp_74: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))); + +section abstraction: +TA->Nonce (absTA(pair(A,B))); +KAB->SymKey (absKAB(pair(A,B))); +TS->Nonce (absTS(pair(B,A))) + diff --git a/examples/AnB/nsl-ks.AnB b/examples/AnB/nsl-ks.AnB new file mode 100644 index 0000000..4852f51 --- /dev/null +++ b/examples/AnB/nsl-ks.AnB @@ -0,0 +1,26 @@ +Protocol: NSL + +Types: Agent A,B,s; + Number NA,NB; + Function pk + +Knowledge: A: A,pk(A),inv(pk(A)),s,pk(s),B; + B: B,pk(B),inv(pk(B)),s,pk(s); + s: s,pk,inv(pk(s)) + +Actions: +A->s: A,B +s->A: {B,pk(B)}(inv(pk(s))) +A->B: {NA,A}(pk(B)) +B->s: B,A +s->B: {A,pk(A)}(inv(pk(s))) +B->A: {NA,NB,B}(pk(A)) +A->B: {NB}(pk(B)) + +Goals: +A *->* B: NA +B *->* A: NB + +Abstraction: +NA -> na(A,B); +NB -> nb(B,A,equals(NA,na(A,B))) diff --git a/examples/AnB/nsl-ks.fp b/examples/AnB/nsl-ks.fp new file mode 100644 index 0000000..1cbdf79 --- /dev/null +++ b/examples/AnB/nsl-ks.fp @@ -0,0 +1,401 @@ +Backend: Open-Source Fixedpoint Model-Checker version 2009c +Protocol: NSL +Types: +[(Purpose,["purposeNA","purposeNB"]),(Agent False False,["A","B","s"]),(Number,["NA","NB"]),(Function,["pk"])] +section rules: +step rule_0: +iknows(crypt(K,M)); +iknows(inv(K)) + +=> +iknows(M) + +step rule_1: +iknows(crypt(inv(K),M)); +iknows(K) + +=> +iknows(M) + +step rule_2: +iknows(scrypt(K,M)); +iknows(K) + +=> +iknows(M) + +step rule_3: +iknows(pair(M1,M2)) + +=> +iknows(M1); +iknows(M2) + +step rule_4: +secret(M,Agent (honest a)); +iknows(M) + +=> +attack(pair(secrecy,M)) + +step rule_5: +request(A,B,Purpose (purposeNA),M,(SID sid)) + | B/=Agent (dishonest i); +M/=Nonce (na(pair(B,A))) +=> +attack(pair(authentication,pair(A,pair(B,M)))) + +step rule_6: +request(A,B,Purpose (purposeNB),M,(SID sid)) + | B/=Agent (dishonest i); +M/=Nonce (nb(pair(B,pair(A,Arg1)))) +=> +attack(pair(authentication,pair(A,pair(B,M)))) + +step rule_7: +State (rA,[Agent (A),Step 0,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),(SID sid)]) + +=> +State (rA,[Agent (A),Step 1,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),(SID sid)]); +iknows(pair(Agent (A),Agent (B))) + +step rule_8: +State (rs,[Agent (honest a),Step 0,inv(pk(Agent (honest a))),(SID sid)]); +iknows(Agent (A)); +iknows(Agent (B)) + +=> +State (rs,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (B),Agent (A),pair(Agent (A),Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),(SID sid)]); +iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B))))) + +step rule_9: +State (rA,[Agent (A),Step 1,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),(SID sid)]); +iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B))))) + +=> +secret(Nonce (na(pair(Agent (A),Agent (B)))),Agent (B)); +witness(Agent (A),Agent (B),Purpose (purposeNA),Nonce (na(pair(Agent (A),Agent (B))))); +State (rA,[Agent (A),Step 2,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),pk(Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),Nonce (na(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))),(SID sid)]); +iknows(crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A)))) + +step rule_10: +State (rA,[Agent (A),Step 1,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),(SID sid)]); +iknows(inv(pk(Agent (honest a)))); +iknows(Agent (B)); +iknows(pk(Agent (B))) + +=> +secret(Nonce (na(pair(Agent (A),Agent (B)))),Agent (B)); +witness(Agent (A),Agent (B),Purpose (purposeNA),Nonce (na(pair(Agent (A),Agent (B))))); +State (rA,[Agent (A),Step 2,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),pk(Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),Nonce (na(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))),(SID sid)]); +iknows(crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A)))) + +step rule_11: +State (rA,[Agent (A),Step 1,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),(SID sid)]); +iknows(inv(pk(Agent (honest a)))); +iknows(Agent (B)) + +=> +secret(Nonce (na(pair(Agent (A),Agent (B)))),Agent (B)); +witness(Agent (A),Agent (B),Purpose (purposeNA),Nonce (na(pair(Agent (A),Agent (B))))); +State (rA,[Agent (A),Step 2,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),pk(Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),Nonce (na(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))),(SID sid)]); +iknows(crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A)))) + +step rule_12: +State (rB,[Agent (B),Step 0,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),(SID sid)]); +iknows(crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A)))) + +=> +State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),(SID sid)]); +iknows(pair(Agent (B),Agent (A))) + +step rule_13: +State (rB,[Agent (B),Step 0,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),(SID sid)]); +iknows(pk(Agent (B))); +iknows(Nonce (NA)); +iknows(Agent (A)) + +=> +State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),(SID sid)]); +iknows(pair(Agent (B),Agent (A))) + +step rule_14: +State (rB,[Agent (B),Step 0,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),(SID sid)]); +iknows(Agent (B)); +iknows(Nonce (NA)); +iknows(Agent (A)) + +=> +State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),(SID sid)]); +iknows(pair(Agent (B),Agent (A))) + +step rule_15: +State (rs,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (B),Agent (A),pair(Agent (A),Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),(SID sid)]); +iknows(Agent (B)); +iknows(Agent (A)) + +=> +State (rs,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),Agent (B),Agent (A),pair(Agent (A),Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),pair(Agent (B),Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),(SID sid)]); +iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A))))) + +step rule_16: +State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (na(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))),pair(Agent (B),Agent (A)),(SID sid)]); +iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A))))) + +=> +secret(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (A)); +witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1))))); +State (rB,[Agent (B),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (na(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),crypt(pk(Agent (A)),pair(Nonce (na(pair(Agent (A),Agent (B)))),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B)))),(SID sid)]); +iknows(crypt(pk(Agent (A)),pair(Nonce (na(pair(Agent (A),Agent (B)))),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B))))) + +step rule_17: +State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (na(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))),pair(Agent (B),Agent (A)),(SID sid)]); +iknows(inv(pk(Agent (honest a)))); +iknows(Agent (A)); +iknows(pk(Agent (A))) + +=> +secret(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (A)); +witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1))))); +State (rB,[Agent (B),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (na(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),crypt(pk(Agent (A)),pair(Nonce (na(pair(Agent (A),Agent (B)))),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B)))),(SID sid)]); +iknows(crypt(pk(Agent (A)),pair(Nonce (na(pair(Agent (A),Agent (B)))),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B))))) + +step rule_18: +State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (na(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))),pair(Agent (B),Agent (A)),(SID sid)]); +iknows(inv(pk(Agent (honest a)))); +iknows(Agent (A)) + +=> +secret(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (A)); +witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1))))); +State (rB,[Agent (B),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (na(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),crypt(pk(Agent (A)),pair(Nonce (na(pair(Agent (A),Agent (B)))),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B)))),(SID sid)]); +iknows(crypt(pk(Agent (A)),pair(Nonce (na(pair(Agent (A),Agent (B)))),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B))))) + +step rule_19: +State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),(SID sid)]); +iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A))))) + | Nonce (NA)/=Nonce (na(pair(Agent (A),Agent (B)))) +=> +secret(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (A)); +witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0))))); +State (rB,[Agent (B),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B)))),(SID sid)]); +iknows(crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B))))) + +step rule_20: +State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),(SID sid)]); +iknows(inv(pk(Agent (honest a)))); +iknows(Agent (A)); +iknows(pk(Agent (A))) + | Nonce (NA)/=Nonce (na(pair(Agent (A),Agent (B)))) +=> +secret(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (A)); +witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0))))); +State (rB,[Agent (B),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B)))),(SID sid)]); +iknows(crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B))))) + +step rule_21: +State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),(SID sid)]); +iknows(inv(pk(Agent (honest a)))); +iknows(Agent (A)) + | Nonce (NA)/=Nonce (na(pair(Agent (A),Agent (B)))) +=> +secret(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (A)); +witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0))))); +State (rB,[Agent (B),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B)))),(SID sid)]); +iknows(crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B))))) + +step rule_22: +State (rA,[Agent (A),Step 2,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),pk(Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),(SID sid)]); +iknows(crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B))))) + +=> +request(Agent (A),Agent (B),Purpose (purposeNB),Nonce (NB),(SID sid)); +State (rA,[Agent (A),Step 3,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),pk(Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)]); +iknows(crypt(pk(Agent (B)),Nonce (NB))) + +step rule_23: +State (rA,[Agent (A),Step 2,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),pk(Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),(SID sid)]); +iknows(pk(Agent (A))); +iknows(Nonce (NA)); +iknows(Nonce (NB)); +iknows(Agent (B)) + +=> +request(Agent (A),Agent (B),Purpose (purposeNB),Nonce (NB),(SID sid)); +State (rA,[Agent (A),Step 3,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),pk(Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)]); +iknows(crypt(pk(Agent (B)),Nonce (NB))) + +step rule_24: +State (rA,[Agent (A),Step 2,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),pk(Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),(SID sid)]); +iknows(Agent (A)); +iknows(Nonce (NA)); +iknows(Nonce (NB)); +iknows(Agent (B)) + +=> +request(Agent (A),Agent (B),Purpose (purposeNB),Nonce (NB),(SID sid)); +State (rA,[Agent (A),Step 3,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),pk(Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)]); +iknows(crypt(pk(Agent (B)),Nonce (NB))) + +step rule_25: +State (rB,[Agent (B),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),(SID sid)]); +iknows(crypt(pk(Agent (B)),Nonce (NB))) + +=> +request(Agent (B),Agent (A),Purpose (purposeNA),Nonce (NA),(SID sid)); +State (rB,[Agent (B),Step 3,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)]) + +step rule_26: +State (rB,[Agent (B),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),(SID sid)]); +iknows(pk(Agent (B))); +iknows(Nonce (NB)) + +=> +request(Agent (B),Agent (A),Purpose (purposeNA),Nonce (NA),(SID sid)); +State (rB,[Agent (B),Step 3,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)]) + +step rule_27: +State (rB,[Agent (B),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),(SID sid)]); +iknows(Agent (B)); +iknows(Nonce (NB)) + +=> +request(Agent (B),Agent (A),Purpose (purposeNA),Nonce (NA),(SID sid)); +State (rB,[Agent (B),Step 3,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)]) + + +section initial state: +init_0: iknows(Nonce (ni)); +init_1: iknows(Agent (dishonest i)); +init_2: State (rA,[Agent (honest a),Step 0,Agent (dishonest i),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),(SID sid)]); +init_3: State (rA,[Agent (honest a),Step 0,Agent (honest a),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),(SID sid)]); +init_4: iknows(Step 0); +init_5: iknows(pk(Agent (honest a))); +init_6: iknows(Agent (honest a)); +init_7: iknows(inv(pk(Agent (dishonest i)))); +init_8: iknows(pk(Agent (dishonest i))); +init_9: iknows((SID sid)); +init_10: iknows(Agent (honest a)); +init_11: State (rB,[Agent (honest a),Step 0,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),(SID sid)]); +init_12: State (rs,[Agent (honest a),Step 0,inv(pk(Agent (honest a))),(SID sid)]); + +section fixedpoint: +fp_0: iknows(pair(Agent (honest a),Agent (honest a))); +fp_1: iknows(pair(Agent (honest a),Agent (dishonest i))); +fp_2: State (rA,[Agent (honest a),Step 1,Agent (dishonest i),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),pair(Agent (honest a),Agent (dishonest i)),(SID sid)]); +fp_3: State (rA,[Agent (honest a),Step 1,Agent (honest a),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),pair(Agent (honest a),Agent (honest a)),(SID sid)]); +fp_4: State (rs,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (dishonest i),Agent (dishonest i),pair(Agent (dishonest i),Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),(SID sid)]); +fp_5: State (rs,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (honest a),Agent (dishonest i),pair(Agent (dishonest i),Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),(SID sid)]); +fp_6: State (rs,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (dishonest i),Agent (honest a),pair(Agent (honest a),Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),(SID sid)]); +fp_7: State (rs,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (honest a),Agent (honest a),pair(Agent (honest a),Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),(SID sid)]); +fp_8: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (dishonest i),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (dishonest i))),pair(Agent (honest a),Agent (dishonest i)),(SID sid)]); +fp_9: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (honest a),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (honest a))),pair(Agent (honest a),Agent (honest a)),(SID sid)]); +fp_10: iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a))))); +fp_11: iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i))))); +fp_12: iknows(pair(Agent (honest a),Agent (honest a))); +fp_13: iknows(pair(Agent (honest a),Agent (dishonest i))); +fp_14: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i)))); +fp_15: iknows(pair(Agent (honest a),pk(Agent (honest a)))); +fp_16: secret(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i)); +fp_17: witness(Agent (honest a),Agent (dishonest i),Purpose (purposeNA),Nonce (na(pair(Agent (honest a),Agent (dishonest i))))); +fp_18: State (rA,[Agent (honest a),Step 2,Agent (dishonest i),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),(SID sid)]); +fp_19: secret(Nonce (na(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)); +fp_20: witness(Agent (honest a),Agent (honest a),Purpose (purposeNA),Nonce (na(pair(Agent (honest a),Agent (honest a))))); +fp_21: State (rA,[Agent (honest a),Step 2,Agent (honest a),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),pair(Agent (honest a),Agent (honest a)),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Nonce (na(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),(SID sid)]); +fp_22: State (rs,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),Agent (dishonest i),Agent (dishonest i),pair(Agent (dishonest i),Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(Agent (dishonest i),Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),(SID sid)]); +fp_23: State (rs,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),Agent (honest a),Agent (dishonest i),pair(Agent (dishonest i),Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),pair(Agent (honest a),Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),(SID sid)]); +fp_24: State (rs,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),Agent (dishonest i),Agent (honest a),pair(Agent (honest a),Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(Agent (dishonest i),Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),(SID sid)]); +fp_25: State (rs,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),Agent (honest a),Agent (honest a),pair(Agent (honest a),Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),pair(Agent (honest a),Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),(SID sid)]); +fp_26: secret(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (dishonest i)); +fp_27: witness(Agent (honest a),Agent (dishonest i),Purpose (purposeNB),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))); +fp_28: State (rB,[Agent (honest a),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (dishonest i),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (dishonest i))),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),(SID sid)]); +fp_29: secret(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)); +fp_30: witness(Agent (honest a),Agent (honest a),Purpose (purposeNB),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0))))); +fp_31: State (rB,[Agent (honest a),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (honest a),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (honest a))),pair(Agent (honest a),Agent (honest a)),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)))),(SID sid)]); +fp_32: iknows(crypt(pk(Agent (honest a)),pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a))))); +fp_33: iknows(crypt(pk(Agent (dishonest i)),pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))))); +fp_34: iknows(crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)))); +fp_35: iknows(crypt(pk(Agent (dishonest i)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))); +fp_36: iknows(pair(Agent (honest a),Agent (honest a))); +fp_37: iknows(pair(Agent (honest a),Agent (dishonest i))); +fp_38: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i)))); +fp_39: iknows(pair(Agent (honest a),pk(Agent (honest a)))); +fp_40: iknows(pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))); +fp_41: iknows(pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))); +fp_42: iknows(pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))); +fp_43: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (honest a),Nonce (na(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),pair(Agent (honest a),Agent (honest a)),(SID sid)]); +fp_44: iknows(Nonce (na(pair(Agent (honest a),Agent (dishonest i))))); +fp_45: iknows(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))); +fp_46: iknows(pair(Agent (honest a),Agent (honest a))); +fp_47: iknows(pair(Agent (honest a),Agent (dishonest i))); +fp_48: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i)))); +fp_49: iknows(pair(Agent (honest a),pk(Agent (honest a)))); +fp_50: iknows(pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))); +fp_51: iknows(pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))); +fp_52: iknows(pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))); +fp_53: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (dishonest i),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i))),pair(Agent (honest a),Agent (dishonest i)),(SID sid)]); +fp_54: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (honest a),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),pair(Agent (honest a),Agent (honest a)),(SID sid)]); +fp_55: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (dishonest i),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (dishonest i))),pair(Agent (honest a),Agent (dishonest i)),(SID sid)]); +fp_56: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (honest a),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))),pair(Agent (honest a),Agent (honest a)),(SID sid)]); +fp_57: secret(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a)); +fp_58: witness(Agent (honest a),Agent (honest a),Purpose (purposeNB),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1))))); +fp_59: State (rB,[Agent (honest a),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (honest a),Nonce (na(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),pair(Agent (honest a),Agent (honest a)),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a)))),(SID sid)]); +fp_60: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNB),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),(SID sid)); +fp_61: State (rA,[Agent (honest a),Step 3,Agent (dishonest i),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),Nonce (na(pair(Agent (honest a),Agent (dishonest i))))),(SID sid)]); +fp_62: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNB),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),(SID sid)); +fp_63: State (rA,[Agent (honest a),Step 3,Agent (dishonest i),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))),(SID sid)]); +fp_64: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNB),Nonce (ni),(SID sid)); +fp_65: State (rA,[Agent (honest a),Step 3,Agent (dishonest i),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (ni),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),Nonce (ni)),(SID sid)]); +fp_66: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNA),Nonce (ni),(SID sid)); +fp_67: State (rB,[Agent (honest a),Step 3,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (dishonest i),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (dishonest i))),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))),(SID sid)]); +fp_68: iknows(crypt(pk(Agent (dishonest i)),Nonce (ni))); +fp_69: iknows(crypt(pk(Agent (dishonest i)),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))))); +fp_70: iknows(crypt(pk(Agent (dishonest i)),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))))); +fp_71: iknows(crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a))))); +fp_72: iknows(pair(Agent (honest a),Agent (honest a))); +fp_73: iknows(pair(Agent (honest a),Agent (dishonest i))); +fp_74: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i)))); +fp_75: iknows(pair(Agent (honest a),pk(Agent (honest a)))); +fp_76: iknows(pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))); +fp_77: iknows(pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))); +fp_78: iknows(pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))); +fp_79: State (rB,[Agent (honest a),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (dishonest i),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i))),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),(SID sid)]); +fp_80: State (rB,[Agent (honest a),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (honest a),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),pair(Agent (honest a),Agent (honest a)),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)))),(SID sid)]); +fp_81: State (rB,[Agent (honest a),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (dishonest i),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (dishonest i))),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),(SID sid)]); +fp_82: State (rB,[Agent (honest a),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (honest a),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))),pair(Agent (honest a),Agent (honest a)),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)))),(SID sid)]); +fp_83: request(Agent (honest a),Agent (honest a),Purpose (purposeNB),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),(SID sid)); +fp_84: State (rA,[Agent (honest a),Step 3,Agent (honest a),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),pair(Agent (honest a),Agent (honest a)),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Nonce (na(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1))))),(SID sid)]); +fp_85: iknows(crypt(pk(Agent (honest a)),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))))); +fp_86: iknows(crypt(pk(Agent (honest a)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a))))); +fp_87: iknows(crypt(pk(Agent (dishonest i)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))))); +fp_88: iknows(crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a))))); +fp_89: iknows(crypt(pk(Agent (dishonest i)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))))); +fp_90: iknows(pair(Agent (honest a),Agent (honest a))); +fp_91: iknows(pair(Agent (honest a),Agent (dishonest i))); +fp_92: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i)))); +fp_93: iknows(pair(Agent (honest a),pk(Agent (honest a)))); +fp_94: iknows(pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))); +fp_95: iknows(pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))); +fp_96: iknows(pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))); +fp_97: iknows(pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))); +fp_98: iknows(pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))); +fp_99: request(Agent (honest a),Agent (honest a),Purpose (purposeNA),Nonce (na(pair(Agent (honest a),Agent (honest a)))),(SID sid)); +fp_100: State (rB,[Agent (honest a),Step 3,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (honest a),Nonce (na(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),pair(Agent (honest a),Agent (honest a)),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1))))),(SID sid)]); +fp_101: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNA),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),(SID sid)); +fp_102: State (rB,[Agent (honest a),Step 3,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (dishonest i),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i))),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))),(SID sid)]); +fp_103: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNA),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),(SID sid)); +fp_104: State (rB,[Agent (honest a),Step 3,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (dishonest i),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (dishonest i))),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))),(SID sid)]); +fp_105: iknows(pair(Agent (honest a),Agent (honest a))); +fp_106: iknows(pair(Agent (honest a),Agent (dishonest i))); +fp_107: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i)))); +fp_108: iknows(pair(Agent (honest a),pk(Agent (honest a)))); +fp_109: iknows(pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))); +fp_110: iknows(pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))); +fp_111: iknows(pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))); +fp_112: iknows(pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))); +fp_113: iknows(pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))); + +section abstraction: +NA->Nonce (na(pair(A,B))); +NB->Nonce (nb(pair(B,pair(A,equals(pair(NA,Nonce (na(pair(A,B))))))))) + diff --git a/examples/AnB/nsl.AnB b/examples/AnB/nsl.AnB new file mode 100644 index 0000000..cbdd34a --- /dev/null +++ b/examples/AnB/nsl.AnB @@ -0,0 +1,18 @@ +Protocol: NSL # Verified + +Types: Agent A,B; + Number NA,NB; + Function pk + +Knowledge: A: A,pk,inv(pk(A)),B; + B: B,pk,inv(pk(B)) + +Actions: +A->B: {NA,A}(pk(B)) +B->A: {NA,NB,B}(pk(A)) +A->B: {NB}(pk(B)) + +Goals: +A *->* B: NA +B *->* A: NB + diff --git a/examples/AnB/nsl.fp b/examples/AnB/nsl.fp new file mode 100644 index 0000000..ae8c0b0 --- /dev/null +++ b/examples/AnB/nsl.fp @@ -0,0 +1,275 @@ +Backend: Open-Source Fixedpoint Model-Checker version 2009c +(**** REFINING ABSTRACTION: ["NA","NB"] *****) +Protocol: NSL +Types: +[(Purpose,["purposeNA","purposeNB"]),(Agent False False,["A","B"]),(Number,["NA","NB"]),(Function,["pk"])] +section rules: +step rule_0: +iknows(crypt(K,M)); +iknows(inv(K)) + +=> +iknows(M) + +step rule_1: +iknows(crypt(inv(K),M)); +iknows(K) + +=> +iknows(M) + +step rule_2: +iknows(scrypt(K,M)); +iknows(K) + +=> +iknows(M) + +step rule_3: +iknows(pair(M1,M2)) + +=> +iknows(M1); +iknows(M2) + +step rule_4: +secret(M,Agent (honest a)); +iknows(M) + +=> +attack(pair(secrecy,M)) + +step rule_5: +request(A,B,Purpose (purposeNA),M,(SID sid)) + | B/=Agent (dishonest i); +M/=Nonce (absNA(pair(B,A))) +=> +attack(pair(authentication,pair(A,pair(B,M)))) + +step rule_6: +request(A,B,Purpose (purposeNB),M,(SID sid)) + | B/=Agent (dishonest i); +M/=Nonce (absNB(pair(B,pair(A,Arg1)))) +=> +attack(pair(authentication,pair(A,pair(B,M)))) + +step rule_7: +State (rA,[Agent (A),Step 0,Agent (B),inv(pk(Agent (A))),(SID sid)]) + +=> +secret(Nonce (absNA(pair(Agent (A),Agent (B)))),Agent (B)); +witness(Agent (A),Agent (B),Purpose (purposeNA),Nonce (absNA(pair(Agent (A),Agent (B))))); +State (rA,[Agent (A),Step 1,Agent (B),inv(pk(Agent (A))),Nonce (absNA(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),Agent (A))),(SID sid)]); +iknows(crypt(pk(Agent (B)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),Agent (A)))) + +step rule_8: +State (rB,[Agent (B),Step 0,inv(pk(Agent (B))),(SID sid)]); +iknows(crypt(pk(Agent (B)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),Agent (A)))) + +=> +secret(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (A)); +witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1))))); +State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),Agent (A),Nonce (absNA(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),Agent (A))),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),crypt(pk(Agent (A)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B)))),(SID sid)]); +iknows(crypt(pk(Agent (A)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B))))) + +step rule_9: +State (rB,[Agent (B),Step 0,inv(pk(Agent (B))),(SID sid)]); +iknows(pk(Agent (B))); +iknows(Nonce (absNA(pair(Agent (A),Agent (B))))); +iknows(Agent (A)) + +=> +secret(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (A)); +witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1))))); +State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),Agent (A),Nonce (absNA(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),Agent (A))),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),crypt(pk(Agent (A)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B)))),(SID sid)]); +iknows(crypt(pk(Agent (A)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B))))) + +step rule_10: +State (rB,[Agent (B),Step 0,inv(pk(Agent (B))),(SID sid)]); +iknows(Agent (B)); +iknows(Nonce (absNA(pair(Agent (A),Agent (B))))); +iknows(Agent (A)) + +=> +secret(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (A)); +witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1))))); +State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),Agent (A),Nonce (absNA(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),Agent (A))),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),crypt(pk(Agent (A)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B)))),(SID sid)]); +iknows(crypt(pk(Agent (A)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B))))) + +step rule_11: +State (rB,[Agent (B),Step 0,inv(pk(Agent (B))),(SID sid)]); +iknows(crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A)))) + | Nonce (NA)/=Nonce (absNA(pair(Agent (A),Agent (B)))) +=> +secret(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (A)); +witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0))))); +State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B)))),(SID sid)]); +iknows(crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B))))) + +step rule_12: +State (rB,[Agent (B),Step 0,inv(pk(Agent (B))),(SID sid)]); +iknows(pk(Agent (B))); +iknows(Nonce (NA)); +iknows(Agent (A)) + | Nonce (NA)/=Nonce (absNA(pair(Agent (A),Agent (B)))) +=> +secret(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (A)); +witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0))))); +State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B)))),(SID sid)]); +iknows(crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B))))) + +step rule_13: +State (rB,[Agent (B),Step 0,inv(pk(Agent (B))),(SID sid)]); +iknows(Agent (B)); +iknows(Nonce (NA)); +iknows(Agent (A)) + | Nonce (NA)/=Nonce (absNA(pair(Agent (A),Agent (B)))) +=> +secret(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (A)); +witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0))))); +State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B)))),(SID sid)]); +iknows(crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B))))) + +step rule_14: +State (rA,[Agent (A),Step 1,Agent (B),inv(pk(Agent (A))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),(SID sid)]); +iknows(crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B))))) + +=> +request(Agent (A),Agent (B),Purpose (purposeNB),Nonce (NB),(SID sid)); +State (rA,[Agent (A),Step 2,Agent (B),inv(pk(Agent (A))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)]); +iknows(crypt(pk(Agent (B)),Nonce (NB))) + +step rule_15: +State (rA,[Agent (A),Step 1,Agent (B),inv(pk(Agent (A))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),(SID sid)]); +iknows(pk(Agent (A))); +iknows(Nonce (NA)); +iknows(Nonce (NB)); +iknows(Agent (B)) + +=> +request(Agent (A),Agent (B),Purpose (purposeNB),Nonce (NB),(SID sid)); +State (rA,[Agent (A),Step 2,Agent (B),inv(pk(Agent (A))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)]); +iknows(crypt(pk(Agent (B)),Nonce (NB))) + +step rule_16: +State (rA,[Agent (A),Step 1,Agent (B),inv(pk(Agent (A))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),(SID sid)]); +iknows(Agent (A)); +iknows(Nonce (NA)); +iknows(Nonce (NB)); +iknows(Agent (B)) + +=> +request(Agent (A),Agent (B),Purpose (purposeNB),Nonce (NB),(SID sid)); +State (rA,[Agent (A),Step 2,Agent (B),inv(pk(Agent (A))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)]); +iknows(crypt(pk(Agent (B)),Nonce (NB))) + +step rule_17: +State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),(SID sid)]); +iknows(crypt(pk(Agent (B)),Nonce (NB))) + +=> +request(Agent (B),Agent (A),Purpose (purposeNA),Nonce (NA),(SID sid)); +State (rB,[Agent (B),Step 2,inv(pk(Agent (B))),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)]) + +step rule_18: +State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),(SID sid)]); +iknows(pk(Agent (B))); +iknows(Nonce (NB)) + +=> +request(Agent (B),Agent (A),Purpose (purposeNA),Nonce (NA),(SID sid)); +State (rB,[Agent (B),Step 2,inv(pk(Agent (B))),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)]) + +step rule_19: +State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),(SID sid)]); +iknows(Agent (B)); +iknows(Nonce (NB)) + +=> +request(Agent (B),Agent (A),Purpose (purposeNA),Nonce (NA),(SID sid)); +State (rB,[Agent (B),Step 2,inv(pk(Agent (B))),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)]) + + +section initial state: +init_0: iknows(Nonce (ni)); +init_1: iknows(Agent (dishonest i)); +init_2: State (rA,[Agent (honest a),Step 0,Agent (dishonest i),inv(pk(Agent (honest a))),(SID sid)]); +init_3: State (rA,[Agent (honest a),Step 0,Agent (honest a),inv(pk(Agent (honest a))),(SID sid)]); +init_4: iknows(Step 0); +init_5: iknows(inv(pk(Agent (dishonest i)))); +init_6: iknows((SID sid)); +init_7: iknows(Agent (honest a)); +init_8: State (rB,[Agent (honest a),Step 0,inv(pk(Agent (honest a))),(SID sid)]); + +section fixedpoint: +fp_0: secret(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i)); +fp_1: witness(Agent (honest a),Agent (dishonest i),Purpose (purposeNA),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))); +fp_2: State (rA,[Agent (honest a),Step 1,Agent (dishonest i),inv(pk(Agent (honest a))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),(SID sid)]); +fp_3: secret(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)); +fp_4: witness(Agent (honest a),Agent (honest a),Purpose (purposeNA),Nonce (absNA(pair(Agent (honest a),Agent (honest a))))); +fp_5: State (rA,[Agent (honest a),Step 1,Agent (honest a),inv(pk(Agent (honest a))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),(SID sid)]); +fp_6: secret(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (dishonest i)); +fp_7: witness(Agent (honest a),Agent (dishonest i),Purpose (purposeNB),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))); +fp_8: State (rB,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (dishonest i),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (dishonest i))),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (ni),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),(SID sid)]); +fp_9: secret(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)); +fp_10: witness(Agent (honest a),Agent (honest a),Purpose (purposeNB),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0))))); +fp_11: State (rB,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (honest a),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (honest a))),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (ni),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)))),(SID sid)]); +fp_12: iknows(crypt(pk(Agent (honest a)),pair(Nonce (ni),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a))))); +fp_13: iknows(crypt(pk(Agent (dishonest i)),pair(Nonce (ni),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))))); +fp_14: iknows(crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)))); +fp_15: iknows(crypt(pk(Agent (dishonest i)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))); +fp_16: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))); +fp_17: iknows(pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))); +fp_18: iknows(pair(Nonce (ni),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))); +fp_19: secret(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a)); +fp_20: witness(Agent (honest a),Agent (honest a),Purpose (purposeNB),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1))))); +fp_21: State (rB,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a)))),(SID sid)]); +fp_22: iknows(crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a))))); +fp_23: iknows(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))); +fp_24: iknows(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))); +fp_25: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))); +fp_26: iknows(pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))); +fp_27: iknows(pair(Nonce (ni),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))); +fp_28: State (rB,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (dishonest i),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i))),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),(SID sid)]); +fp_29: State (rB,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)))),(SID sid)]); +fp_30: State (rB,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (dishonest i))),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),(SID sid)]); +fp_31: State (rB,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (honest a),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)))),(SID sid)]); +fp_32: request(Agent (honest a),Agent (honest a),Purpose (purposeNB),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),(SID sid)); +fp_33: State (rA,[Agent (honest a),Step 2,Agent (honest a),inv(pk(Agent (honest a))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1))))),(SID sid)]); +fp_34: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNB),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),(SID sid)); +fp_35: State (rA,[Agent (honest a),Step 2,Agent (dishonest i),inv(pk(Agent (honest a))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))),(SID sid)]); +fp_36: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNB),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),(SID sid)); +fp_37: State (rA,[Agent (honest a),Step 2,Agent (dishonest i),inv(pk(Agent (honest a))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))),(SID sid)]); +fp_38: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNB),Nonce (ni),(SID sid)); +fp_39: State (rA,[Agent (honest a),Step 2,Agent (dishonest i),inv(pk(Agent (honest a))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (ni),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),Nonce (ni)),(SID sid)]); +fp_40: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNA),Nonce (ni),(SID sid)); +fp_41: State (rB,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),Agent (dishonest i),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (dishonest i))),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (ni),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))),(SID sid)]); +fp_42: iknows(crypt(pk(Agent (dishonest i)),Nonce (ni))); +fp_43: iknows(crypt(pk(Agent (dishonest i)),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))))); +fp_44: iknows(crypt(pk(Agent (dishonest i)),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))); +fp_45: iknows(crypt(pk(Agent (honest a)),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))))); +fp_46: iknows(crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a))))); +fp_47: iknows(crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))))); +fp_48: iknows(crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a))))); +fp_49: iknows(crypt(pk(Agent (dishonest i)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))))); +fp_50: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))); +fp_51: iknows(pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))); +fp_52: iknows(pair(Nonce (ni),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))); +fp_53: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))); +fp_54: iknows(pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))); +fp_55: request(Agent (honest a),Agent (honest a),Purpose (purposeNA),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),(SID sid)); +fp_56: State (rB,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1))))),(SID sid)]); +fp_57: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNA),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),(SID sid)); +fp_58: State (rB,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),Agent (dishonest i),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i))),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))),(SID sid)]); +fp_59: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNA),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),(SID sid)); +fp_60: State (rB,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (dishonest i))),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))),(SID sid)]); +fp_61: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))); +fp_62: iknows(pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))); +fp_63: iknows(pair(Nonce (ni),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))); +fp_64: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))); +fp_65: iknows(pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))); + +section abstraction: +NA->Nonce (absNA(pair(A,B))); +NB->Nonce (absNB(pair(B,pair(A,equals(pair(NA,Nonce (absNA(pair(A,B))))))))) + diff --git a/examples/Bilateral-Key_Exchange.thy b/examples/Bilateral-Key_Exchange.thy new file mode 100644 index 0000000..d119f84 --- /dev/null +++ b/examples/Bilateral-Key_Exchange.thy @@ -0,0 +1,608 @@ +header {* Analysing BilateralKeyExchange *} +(* *********************************** + This file is automatically generated from the AnB file "AnB/Bilateral-Key_Exchange.AnB". + Backend: Open Source Fixedpoint Model Checker version 2009c +************************************ *) + +theory + "Bilateral-Key_Exchange" + imports + ofmc +begin + + + +section {* Protocol Model (BilateralKeyExchange) *} +datatype Role = rA | rB + +datatype Purpose = purposeK | purposeNI | purposeNA | purposeNB +datatype Agent = honest nat + | dishonest nat + +datatype Nonce = "ni" "nat" + | "absNB" "Msg" "nat" + | "absNA" "Msg" "nat" + | "NI" + | "NA" + | "NB" + and Msg = Nonce "Nonce" + | Agent "Agent" + | Purpose "Purpose" + | pair "Msg*Msg" + | scrypt "Msg*Msg" + | crypt "Msg*Msg" + | inv "Msg" + | SID "nat" + | Step "nat" + | authentication + | secrecy +(* SymKeys *) + | SymKey "Msg" + | "absK" "Msg" "nat" +(* Functions *) + | "pk" "Msg" | "f" "Msg" + + datatype Fact = Iknows Msg + | State "Role * (Msg list)" + | Secret "Msg * Msg" + | Attack "Msg" + | Witness "Msg * Msg * Msg * Msg" + | Request "Msg * Msg * Msg * Msg * Msg" + + + + +section {* Inductive Protocol Definition (BilateralKeyExchange) *} +inductive_set + BilateralKeyExchange::"Fact list set" +where + init_0: "[ Iknows(Nonce((ni Abs_NI)))] : BilateralKeyExchange" + | init_1: "[ Iknows(Agent(dishonest(i)))] : BilateralKeyExchange" + | init_2: "[ State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(dishonest(i))), pk(Agent(honest(a))), Agent(dishonest(i)), SID(sid)] )] : BilateralKeyExchange" + | init_3: "[ State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), pk(Agent(honest(a))), Agent(honest(a)), SID(sid)] )] : BilateralKeyExchange" + | init_4: "[ Iknows(Step(0))] : BilateralKeyExchange" + | init_5: "[ Iknows(inv(pk(Agent(dishonest(i)))))] : BilateralKeyExchange" + | init_6: "[ Iknows(pk(Agent(dishonest(i))))] : BilateralKeyExchange" + | init_7: "[ Iknows(SID(sid))] : BilateralKeyExchange" + | init_8: "[ Iknows(pk(Agent(honest(a))))] : BilateralKeyExchange" + | init_9: "[ Iknows(Agent(honest(a)))] : BilateralKeyExchange" + | init_10: "[ State(rB, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), pk(Agent(dishonest(i))), Agent(dishonest(i)), SID(sid)] )] : BilateralKeyExchange" + | init_11: "[ State(rB, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), pk(Agent(honest(a))), Agent(honest(a)), SID(sid)] )] : BilateralKeyExchange" + | rule_0: "[| t :BilateralKeyExchange; + Iknows(crypt(K, M)) : (set t); + Iknows(inv(K)) : (set t)|] + ==> +((Iknows(M)) + #t) : BilateralKeyExchange" + | rule_1: "[| t :BilateralKeyExchange; + Iknows(crypt(inv(K), M)) : (set t); + Iknows(K) : (set t)|] + ==> +((Iknows(M)) + #t) : BilateralKeyExchange" + | rule_2: "[| t :BilateralKeyExchange; + Iknows(scrypt(K, M)) : (set t); + Iknows(K) : (set t)|] + ==> +((Iknows(M)) + #t) : BilateralKeyExchange" + | rule_3: "[| t :BilateralKeyExchange; + Iknows(pair(M1, M2)) : (set t)|] + ==> +((Iknows(M1)) + #(Iknows(M2)) + #t) : BilateralKeyExchange" + | rule_4: "[| t :BilateralKeyExchange; + Secret(M, Agent(honest(a))) : (set t); + Iknows(M) : (set t)|] + ==> +((Attack(pair(secrecy, M))) + #t) : BilateralKeyExchange" + | rule_5: "[| t :BilateralKeyExchange; + Request(A, B, Purpose(purposeNB), M, SID(sid)) : (set t); + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_NB . + M = Nonce((absNB(pair(B, A)) Abs_NB)))|] + ==> +((Attack(pair(authentication, pair(A, pair(B, M))))) + #t) : BilateralKeyExchange" + | rule_6: "[| t :BilateralKeyExchange; + Request(A, B, Purpose(purposeNA), M, SID(sid)) : (set t); + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_NA . + M = Nonce((absNA(pair(B, A)) Abs_NA)))|] + ==> +((Attack(pair(authentication, pair(A, pair(B, M))))) + #t) : BilateralKeyExchange" + | rule_7: "[| t :BilateralKeyExchange; + Request(A, B, Purpose(purposeK), M, SID(sid)) : (set t); + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_K . + M = SymKey((absK(pair(B, A)) Abs_K)))|] + ==> +((Attack(pair(authentication, pair(A, pair(B, M))))) + #t) : BilateralKeyExchange" + | rule_8: "[| t :BilateralKeyExchange; + State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), SID(sid)] ) : (set t)|] + ==> +((State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB)), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB)), Agent(B)))), SID(sid)] )) + #(Iknows(pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB)), Agent(B)))))) + #t) : BilateralKeyExchange" + | rule_9: "[| t :BilateralKeyExchange; + State(rA, [Agent(A), Step(0), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), SID(sid)] ) : (set t); + Iknows(Agent(B)) : (set t); + Iknows(crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))) : (set t)|] + ==> +((Secret(SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), Agent(B))) + #(Witness(Agent(A), Agent(B), Purpose(purposeK), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)))) + #(State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)))))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)))))))) + #t) : BilateralKeyExchange" + | rule_10: "[| t :BilateralKeyExchange; + State(rA, [Agent(A), Step(0), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), SID(sid)] ) : (set t); + Iknows(Agent(B)) : (set t); + Iknows(pk(Agent(A))) : (set t); + Iknows(Nonce(NB)) : (set t)|] + ==> +((Secret(SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), Agent(B))) + #(Witness(Agent(A), Agent(B), Purpose(purposeK), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)))) + #(State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)))))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)))))))) + #t) : BilateralKeyExchange" + | rule_11: "[| t :BilateralKeyExchange; + State(rA, [Agent(A), Step(0), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), SID(sid)] ) : (set t); + Iknows(Agent(B)) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(Nonce(NB)) : (set t)|] + ==> +((Secret(SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), Agent(B))) + #(Witness(Agent(A), Agent(B), Purpose(purposeK), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)))) + #(State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)))))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)))))))) + #t) : BilateralKeyExchange" + | rule_12: "[| t :BilateralKeyExchange; + State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t); + Iknows(crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K)))))) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid))) + #(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] )) + #(Iknows(scrypt(SymKey(K), f(Nonce(NA))))) + #t) : BilateralKeyExchange" + | rule_13: "[| t :BilateralKeyExchange; + State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t); + Iknows(pk(Agent(B))) : (set t); + Iknows(f(Nonce(NB))) : (set t); + Iknows(Nonce(NA)) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(SymKey(K)) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid))) + #(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] )) + #(Iknows(scrypt(SymKey(K), f(Nonce(NA))))) + #t) : BilateralKeyExchange" + | rule_14: "[| t :BilateralKeyExchange; + State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t); + Iknows(pk(Agent(B))) : (set t); + Iknows(Nonce(NB)) : (set t); + Iknows(Nonce(NA)) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(SymKey(K)) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid))) + #(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] )) + #(Iknows(scrypt(SymKey(K), f(Nonce(NA))))) + #t) : BilateralKeyExchange" + | rule_15: "[| t :BilateralKeyExchange; + State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t); + Iknows(Agent(B)) : (set t); + Iknows(f(Nonce(NB))) : (set t); + Iknows(Nonce(NA)) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(SymKey(K)) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid))) + #(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] )) + #(Iknows(scrypt(SymKey(K), f(Nonce(NA))))) + #t) : BilateralKeyExchange" + | rule_16: "[| t :BilateralKeyExchange; + State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t); + Iknows(Agent(B)) : (set t); + Iknows(Nonce(NB)) : (set t); + Iknows(Nonce(NA)) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(SymKey(K)) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid))) + #(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] )) + #(Iknows(scrypt(SymKey(K), f(Nonce(NA))))) + #t) : BilateralKeyExchange" + | rule_17: "[| t :BilateralKeyExchange; + State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), SID(sid)] ) : (set t); + Iknows(scrypt(SymKey(K), f(Nonce(NA)))) : (set t)|] + ==> +((State(rA, [Agent(A), Step(2), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] )) + #t) : BilateralKeyExchange" + | rule_18: "[| t :BilateralKeyExchange; + State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), SID(sid)] ) : (set t); + Iknows(SymKey(K)) : (set t); + Iknows(f(Nonce(NA))) : (set t)|] + ==> +((State(rA, [Agent(A), Step(2), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] )) + #t) : BilateralKeyExchange" + | rule_19: "[| t :BilateralKeyExchange; + State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), SID(sid)] ) : (set t); + Iknows(SymKey(K)) : (set t); + Iknows(Nonce(NA)) : (set t)|] + ==> +((State(rA, [Agent(A), Step(2), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] )) + #t) : BilateralKeyExchange" + + +section {* Fixed-point Definition (BilateralKeyExchange) *} +constdefs BilateralKeyExchange_fp::"Fact set""BilateralKeyExchange_fp == {m. ( ? a32 a33 Abs_NB5 Abs_NB6 Abs_NB7 Abs_NB4 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 Abs_NA3 i3 Abs_NA4 Abs_NA5 Abs_NA6 Abs_NB1 Abs_NB2 Abs_NB3 a24 a25 a26 a27 a28 a29 a30 a31 a5 Abs_NI1 a6 a7 a8 Abs_NI2 a9 a10 a11 a12 a13 a14 Abs_NI3 a15 a16 a17 a18 a19 Abs_K1 a20 a21 Abs_K2 a22 a23 Abs_NA2 sid0 a4 Abs_NI0 Abs_NB0 a0 i0 Abs_NA0 a1 i1 Abs_NA1 a2 a3 i2 Abs_K0 . + (m = Iknows(Nonce((ni Abs_NI0)))) + | (m = Iknows(Agent(dishonest(i0)))) + | (m = State(rA, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), pk(Agent(dishonest(i0))), pk(Agent(honest(a2))), Agent(dishonest(i1)), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), SID(sid0)] )) + | (m = Iknows(Step(0))) + | (m = Iknows(inv(pk(Agent(dishonest(i0)))))) + | (m = Iknows(pk(Agent(dishonest(i0))))) + | (m = Iknows(SID(sid0))) + | (m = Iknows(pk(Agent(honest(a0))))) + | (m = Iknows(Agent(honest(a0)))) + | (m = State(rB, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(dishonest(i0))), Agent(dishonest(i1)), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), SID(sid0)] )) + | (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(honest(a1))), pair(Nonce((absNB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NB0)), Agent(honest(a4))))))) + | (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(dishonest(i0))), pair(Nonce((absNB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NB0)), Agent(honest(a2))))))) + | (m = State(rB, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(dishonest(i0))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NB0)), pair(Agent(honest(a4)), crypt(pk(Agent(dishonest(i3))), pair(Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i4)))) Abs_NB1)), Agent(honest(a6))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((absNB(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_NB0)), pair(Agent(honest(a7)), crypt(pk(Agent(honest(a8))), pair(Nonce((absNB(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NB1)), Agent(honest(a11))))), SID(sid0)] )) + | (m = Secret(SymKey((absK(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_K0)), Agent(dishonest(i1)))) + | (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeK), SymKey((absK(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_K0)))) + | (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(dishonest(i0))), pk(Agent(honest(a2))), Agent(dishonest(i1)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a3))), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i2)))), pair(Agent(dishonest(i3)), crypt(pk(Agent(honest(a4))), pair(Nonce((ni Abs_NI2)), Agent(dishonest(i4))))), Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i5)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a6)), Agent(dishonest(i6)))) Abs_K0)), crypt(pk(Agent(dishonest(i7))), pair(f(Nonce((ni Abs_NI3))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i8)))) Abs_NA1)), pair(Agent(honest(a8)), SymKey((absK(pair(Agent(honest(a9)), Agent(dishonest(i9)))) Abs_K1)))))), SID(sid0)] )) + | (m = Secret(SymKey((absK(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_K0)), Agent(honest(a2)))) + | (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeK), SymKey((absK(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_K0)))) + | (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a5))), pair(Nonce((ni Abs_NI1)), Agent(honest(a6)))), pair(Agent(honest(a7)), crypt(pk(Agent(honest(a8))), pair(Nonce((ni Abs_NI2)), Agent(honest(a9))))), Nonce((absNA(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a12)), Agent(honest(a13)))) Abs_K0)), crypt(pk(Agent(honest(a14))), pair(f(Nonce((ni Abs_NI3))), pair(Nonce((absNA(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_NA1)), pair(Agent(honest(a17)), SymKey((absK(pair(Agent(honest(a18)), Agent(honest(a19)))) Abs_K1)))))), SID(sid0)] )) + | (m = Iknows(crypt(pk(Agent(honest(a0))), pair(f(Nonce((ni Abs_NI0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NA0)), pair(Agent(honest(a3)), SymKey((absK(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_K0)))))))) + | (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(f(Nonce((ni Abs_NI0))), pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0)), pair(Agent(honest(a1)), SymKey((absK(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_K0)))))))) + | (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((absNB(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NB0)), Agent(honest(a3)))))) + | (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NB0)), Agent(honest(a1)))))) + | (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(honest(a1))), pair(Nonce((absNB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NB0)), Agent(honest(a4))))))) + | (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(dishonest(i0))), pair(Nonce((absNB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NB0)), Agent(honest(a2))))))) + | (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0)), Agent(honest(a1))))) + | (m = Iknows(pair(Agent(honest(a0)), SymKey((absK(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_K0))))) + | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(honest(a1)), SymKey((absK(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_K0)))))) + | (m = Iknows(pair(f(Nonce((ni Abs_NI0))), pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(honest(a1)), SymKey((absK(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_K0))))))) + | (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((absNB(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_NB0)), crypt(pk(Agent(honest(a7))), pair(Nonce((absNB(pair(Agent(honest(a8)), Agent(honest(a9)))) Abs_NB1)), Agent(honest(a10)))), pair(Agent(honest(a11)), crypt(pk(Agent(honest(a12))), pair(Nonce((absNB(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NB2)), Agent(honest(a15))))), Nonce((absNA(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a18)), Agent(honest(a19)))) Abs_K0)), crypt(pk(Agent(honest(a20))), pair(f(Nonce((absNB(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_NB3))), pair(Nonce((absNA(pair(Agent(honest(a23)), Agent(honest(a24)))) Abs_NA1)), pair(Agent(honest(a25)), SymKey((absK(pair(Agent(honest(a26)), Agent(honest(a27)))) Abs_K1)))))), SID(sid0)] )) + | (m = Iknows(crypt(pk(Agent(honest(a0))), pair(f(Nonce((absNB(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NB0))), pair(Nonce((absNA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_NA0)), pair(Agent(honest(a5)), SymKey((absK(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_K0)))))))) + | (m = Iknows(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0)))) + | (m = Iknows(SymKey((absK(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_K0)))) + | (m = Iknows(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)))) + | (m = Iknows(f(Nonce((ni Abs_NI0))))) + | (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(honest(a1))), pair(Nonce((absNB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NB0)), Agent(honest(a4))))))) + | (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(dishonest(i0))), pair(Nonce((absNB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NB0)), Agent(honest(a2))))))) + | (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0)), Agent(honest(a1))))) + | (m = Iknows(pair(Agent(honest(a0)), SymKey((absK(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_K0))))) + | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(honest(a1)), SymKey((absK(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_K0)))))) + | (m = Iknows(pair(f(Nonce((ni Abs_NI0))), pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(honest(a1)), SymKey((absK(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_K0))))))) + | (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(dishonest(i0))), pk(Agent(honest(a2))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NB0)), crypt(pk(Agent(honest(a4))), pair(Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i3)))) Abs_NB1)), Agent(dishonest(i4)))), pair(Agent(dishonest(i5)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNB(pair(Agent(honest(a7)), Agent(dishonest(i6)))) Abs_NB2)), Agent(dishonest(i7))))), Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i8)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a9)), Agent(dishonest(i9)))) Abs_K0)), crypt(pk(Agent(dishonest(i10))), pair(f(Nonce((absNB(pair(Agent(honest(a10)), Agent(dishonest(i11)))) Abs_NB3))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i12)))) Abs_NA1)), pair(Agent(honest(a12)), SymKey((absK(pair(Agent(honest(a13)), Agent(dishonest(i13)))) Abs_K1)))))), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(dishonest(i0))), pk(Agent(honest(a2))), Agent(dishonest(i1)), Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NA0)), crypt(pk(Agent(honest(a4))), pair(Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i3)))) Abs_NA1)), Agent(dishonest(i4)))), pair(Agent(dishonest(i5)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i6)))) Abs_NA2)), Agent(dishonest(i7))))), Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i8)))) Abs_NA3)), SymKey((absK(pair(Agent(honest(a9)), Agent(dishonest(i9)))) Abs_K0)), crypt(pk(Agent(dishonest(i10))), pair(f(Nonce((absNA(pair(Agent(honest(a10)), Agent(dishonest(i11)))) Abs_NA4))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i12)))) Abs_NA5)), pair(Agent(honest(a12)), SymKey((absK(pair(Agent(honest(a13)), Agent(dishonest(i13)))) Abs_K1)))))), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i0)))) Abs_NB0)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNB(pair(Agent(honest(a7)), Agent(dishonest(i1)))) Abs_NB1)), Agent(honest(a8)))), pair(Agent(honest(a9)), crypt(pk(Agent(honest(a10))), pair(Nonce((absNB(pair(Agent(honest(a11)), Agent(dishonest(i2)))) Abs_NB2)), Agent(honest(a12))))), Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_K0)), crypt(pk(Agent(honest(a17))), pair(f(Nonce((absNB(pair(Agent(honest(a18)), Agent(dishonest(i3)))) Abs_NB3))), pair(Nonce((absNA(pair(Agent(honest(a19)), Agent(honest(a20)))) Abs_NA1)), pair(Agent(honest(a21)), SymKey((absK(pair(Agent(honest(a22)), Agent(honest(a23)))) Abs_K1)))))), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i0)))) Abs_NA0)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i1)))) Abs_NA1)), Agent(honest(a8)))), pair(Agent(honest(a9)), crypt(pk(Agent(honest(a10))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i2)))) Abs_NA2)), Agent(honest(a12))))), Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA3)), SymKey((absK(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_K0)), crypt(pk(Agent(honest(a17))), pair(f(Nonce((absNA(pair(Agent(honest(a18)), Agent(dishonest(i3)))) Abs_NA4))), pair(Nonce((absNA(pair(Agent(honest(a19)), Agent(honest(a20)))) Abs_NA5)), pair(Agent(honest(a21)), SymKey((absK(pair(Agent(honest(a22)), Agent(honest(a23)))) Abs_K1)))))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeK), SymKey((absK(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_K0)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((absNB(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_NB0)), pair(Agent(honest(a7)), crypt(pk(Agent(honest(a8))), pair(Nonce((absNB(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NB1)), Agent(honest(a11))))), crypt(pk(Agent(honest(a12))), pair(Nonce((absNB(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NB2)), Agent(honest(a15)))), SymKey((absK(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_K0)), Nonce((absNA(pair(Agent(honest(a18)), Agent(honest(a19)))) Abs_NA0)), f(Nonce((absNB(pair(Agent(honest(a20)), Agent(honest(a21)))) Abs_NB3))), crypt(pk(Agent(honest(a22))), pair(f(Nonce((absNB(pair(Agent(honest(a23)), Agent(honest(a24)))) Abs_NB4))), pair(Nonce((absNA(pair(Agent(honest(a25)), Agent(honest(a26)))) Abs_NA1)), pair(Agent(honest(a27)), SymKey((absK(pair(Agent(honest(a28)), Agent(honest(a29)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a30)), Agent(honest(a31)))) Abs_K2)), f(Nonce((absNA(pair(Agent(honest(a32)), Agent(honest(a33)))) Abs_NA2)))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeK), SymKey((absK(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_K0)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(dishonest(i0))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NB0)), pair(Agent(honest(a4)), crypt(pk(Agent(dishonest(i3))), pair(Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i4)))) Abs_NB1)), Agent(honest(a6))))), crypt(pk(Agent(dishonest(i5))), pair(Nonce((absNB(pair(Agent(honest(a7)), Agent(dishonest(i6)))) Abs_NB2)), Agent(honest(a8)))), SymKey((absK(pair(Agent(honest(a9)), Agent(dishonest(i7)))) Abs_K0)), Nonce((absNB(pair(Agent(honest(a10)), Agent(dishonest(i8)))) Abs_NB3)), f(Nonce((absNB(pair(Agent(honest(a11)), Agent(dishonest(i9)))) Abs_NB4))), crypt(pk(Agent(honest(a12))), pair(f(Nonce((absNB(pair(Agent(honest(a13)), Agent(dishonest(i10)))) Abs_NB5))), pair(Nonce((absNB(pair(Agent(honest(a14)), Agent(dishonest(i11)))) Abs_NB6)), pair(Agent(dishonest(i12)), SymKey((absK(pair(Agent(honest(a15)), Agent(dishonest(i13)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a16)), Agent(dishonest(i14)))) Abs_K2)), f(Nonce((absNB(pair(Agent(honest(a17)), Agent(dishonest(i15)))) Abs_NB7)))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(dishonest(i0))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NB0)), pair(Agent(honest(a4)), crypt(pk(Agent(dishonest(i3))), pair(Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i4)))) Abs_NB1)), Agent(honest(a6))))), crypt(pk(Agent(dishonest(i5))), pair(Nonce((absNB(pair(Agent(honest(a7)), Agent(dishonest(i6)))) Abs_NB2)), Agent(honest(a8)))), SymKey((absK(pair(Agent(honest(a9)), Agent(dishonest(i7)))) Abs_K0)), Nonce((absNA(pair(Agent(honest(a10)), Agent(dishonest(i8)))) Abs_NA0)), f(Nonce((absNB(pair(Agent(honest(a11)), Agent(dishonest(i9)))) Abs_NB3))), crypt(pk(Agent(honest(a12))), pair(f(Nonce((absNB(pair(Agent(honest(a13)), Agent(dishonest(i10)))) Abs_NB4))), pair(Nonce((absNA(pair(Agent(honest(a14)), Agent(dishonest(i11)))) Abs_NA1)), pair(Agent(dishonest(i12)), SymKey((absK(pair(Agent(honest(a15)), Agent(dishonest(i13)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a16)), Agent(dishonest(i14)))) Abs_K2)), f(Nonce((absNA(pair(Agent(honest(a17)), Agent(dishonest(i15)))) Abs_NA2)))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(dishonest(i0))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NB0)), pair(Agent(honest(a4)), crypt(pk(Agent(dishonest(i3))), pair(Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i4)))) Abs_NB1)), Agent(honest(a6))))), crypt(pk(Agent(dishonest(i5))), pair(Nonce((absNB(pair(Agent(honest(a7)), Agent(dishonest(i6)))) Abs_NB2)), Agent(honest(a8)))), SymKey((absK(pair(Agent(honest(a9)), Agent(dishonest(i7)))) Abs_K0)), Nonce((ni Abs_NI0)), f(Nonce((absNB(pair(Agent(honest(a10)), Agent(dishonest(i8)))) Abs_NB3))), crypt(pk(Agent(honest(a11))), pair(f(Nonce((absNB(pair(Agent(honest(a12)), Agent(dishonest(i9)))) Abs_NB4))), pair(Nonce((ni Abs_NI1)), pair(Agent(dishonest(i10)), SymKey((absK(pair(Agent(honest(a13)), Agent(dishonest(i11)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a14)), Agent(dishonest(i12)))) Abs_K2)), f(Nonce((ni Abs_NI2)))), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(dishonest(i0))), pk(Agent(honest(a2))), Agent(dishonest(i1)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a3))), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i2)))), pair(Agent(dishonest(i3)), crypt(pk(Agent(honest(a4))), pair(Nonce((ni Abs_NI2)), Agent(dishonest(i4))))), Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i5)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a6)), Agent(dishonest(i6)))) Abs_K0)), crypt(pk(Agent(dishonest(i7))), pair(f(Nonce((ni Abs_NI3))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i8)))) Abs_NA1)), pair(Agent(honest(a8)), SymKey((absK(pair(Agent(honest(a9)), Agent(dishonest(i9)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a10)), Agent(dishonest(i10)))) Abs_K2)), f(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i11)))) Abs_NA2)))), SID(sid0)] )) + | (m = Iknows(scrypt(SymKey((absK(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_K0)), f(Nonce((ni Abs_NI0)))))) + | (m = Iknows(scrypt(SymKey((absK(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_K0)), f(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)))))) + | (m = Iknows(scrypt(SymKey((absK(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_K0)), f(Nonce((absNB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NB0)))))) + | (m = Iknows(scrypt(SymKey((absK(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_K0)), f(Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)))))) + | (m = Iknows(crypt(pk(Agent(honest(a0))), pair(f(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_NA0))), pair(Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA1)), pair(Agent(honest(a4)), SymKey((absK(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_K0)))))))) + | (m = Iknows(crypt(pk(Agent(honest(a0))), pair(f(Nonce((absNB(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_NB0))), pair(Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), pair(Agent(honest(a4)), SymKey((absK(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_K0)))))))) + | (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(f(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_NA1)), pair(Agent(honest(a2)), SymKey((absK(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_K0)))))))) + | (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(f(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NB0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_NA0)), pair(Agent(honest(a2)), SymKey((absK(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_K0)))))))) + | (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(honest(a1))), pair(Nonce((absNB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NB0)), Agent(honest(a4))))))) + | (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(dishonest(i0))), pair(Nonce((absNB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NB0)), Agent(honest(a2))))))) + | (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0)), Agent(honest(a1))))) + | (m = Iknows(pair(Agent(honest(a0)), SymKey((absK(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_K0))))) + | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(honest(a1)), SymKey((absK(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_K0)))))) + | (m = Iknows(pair(f(Nonce((ni Abs_NI0))), pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(honest(a1)), SymKey((absK(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_K0))))))) + | (m = Iknows(pair(f(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)), pair(Agent(honest(a2)), SymKey((absK(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_K0))))))) + | (m = Iknows(pair(f(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA1)), pair(Agent(honest(a2)), SymKey((absK(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_K0))))))) + | (m = State(rA, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(dishonest(i0))), pk(Agent(honest(a2))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NB0)), crypt(pk(Agent(honest(a4))), pair(Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i3)))) Abs_NB1)), Agent(dishonest(i4)))), pair(Agent(dishonest(i5)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNB(pair(Agent(honest(a7)), Agent(dishonest(i6)))) Abs_NB2)), Agent(dishonest(i7))))), Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i8)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a9)), Agent(dishonest(i9)))) Abs_K0)), crypt(pk(Agent(dishonest(i10))), pair(f(Nonce((absNB(pair(Agent(honest(a10)), Agent(dishonest(i11)))) Abs_NB3))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i12)))) Abs_NA1)), pair(Agent(honest(a12)), SymKey((absK(pair(Agent(honest(a13)), Agent(dishonest(i13)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a14)), Agent(dishonest(i14)))) Abs_K2)), f(Nonce((absNA(pair(Agent(honest(a15)), Agent(dishonest(i15)))) Abs_NA2)))), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(dishonest(i0))), pk(Agent(honest(a2))), Agent(dishonest(i1)), Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NA0)), crypt(pk(Agent(honest(a4))), pair(Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i3)))) Abs_NA1)), Agent(dishonest(i4)))), pair(Agent(dishonest(i5)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i6)))) Abs_NA2)), Agent(dishonest(i7))))), Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i8)))) Abs_NA3)), SymKey((absK(pair(Agent(honest(a9)), Agent(dishonest(i9)))) Abs_K0)), crypt(pk(Agent(dishonest(i10))), pair(f(Nonce((absNA(pair(Agent(honest(a10)), Agent(dishonest(i11)))) Abs_NA4))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i12)))) Abs_NA5)), pair(Agent(honest(a12)), SymKey((absK(pair(Agent(honest(a13)), Agent(dishonest(i13)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a14)), Agent(dishonest(i14)))) Abs_K2)), f(Nonce((absNA(pair(Agent(honest(a15)), Agent(dishonest(i15)))) Abs_NA6)))), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i0)))) Abs_NB0)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNB(pair(Agent(honest(a7)), Agent(dishonest(i1)))) Abs_NB1)), Agent(honest(a8)))), pair(Agent(honest(a9)), crypt(pk(Agent(honest(a10))), pair(Nonce((absNB(pair(Agent(honest(a11)), Agent(dishonest(i2)))) Abs_NB2)), Agent(honest(a12))))), Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_K0)), crypt(pk(Agent(honest(a17))), pair(f(Nonce((absNB(pair(Agent(honest(a18)), Agent(dishonest(i3)))) Abs_NB3))), pair(Nonce((absNA(pair(Agent(honest(a19)), Agent(honest(a20)))) Abs_NA1)), pair(Agent(honest(a21)), SymKey((absK(pair(Agent(honest(a22)), Agent(honest(a23)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a24)), Agent(honest(a25)))) Abs_K2)), f(Nonce((absNA(pair(Agent(honest(a26)), Agent(honest(a27)))) Abs_NA2)))), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i0)))) Abs_NA0)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i1)))) Abs_NA1)), Agent(honest(a8)))), pair(Agent(honest(a9)), crypt(pk(Agent(honest(a10))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i2)))) Abs_NA2)), Agent(honest(a12))))), Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA3)), SymKey((absK(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_K0)), crypt(pk(Agent(honest(a17))), pair(f(Nonce((absNA(pair(Agent(honest(a18)), Agent(dishonest(i3)))) Abs_NA4))), pair(Nonce((absNA(pair(Agent(honest(a19)), Agent(honest(a20)))) Abs_NA5)), pair(Agent(honest(a21)), SymKey((absK(pair(Agent(honest(a22)), Agent(honest(a23)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a24)), Agent(honest(a25)))) Abs_K2)), f(Nonce((absNA(pair(Agent(honest(a26)), Agent(honest(a27)))) Abs_NA6)))), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((absNB(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_NB0)), crypt(pk(Agent(honest(a7))), pair(Nonce((absNB(pair(Agent(honest(a8)), Agent(honest(a9)))) Abs_NB1)), Agent(honest(a10)))), pair(Agent(honest(a11)), crypt(pk(Agent(honest(a12))), pair(Nonce((absNB(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NB2)), Agent(honest(a15))))), Nonce((absNA(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a18)), Agent(honest(a19)))) Abs_K0)), crypt(pk(Agent(honest(a20))), pair(f(Nonce((absNB(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_NB3))), pair(Nonce((absNA(pair(Agent(honest(a23)), Agent(honest(a24)))) Abs_NA1)), pair(Agent(honest(a25)), SymKey((absK(pair(Agent(honest(a26)), Agent(honest(a27)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a28)), Agent(honest(a29)))) Abs_K2)), f(Nonce((absNA(pair(Agent(honest(a30)), Agent(honest(a31)))) Abs_NA2)))), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a5))), pair(Nonce((ni Abs_NI1)), Agent(honest(a6)))), pair(Agent(honest(a7)), crypt(pk(Agent(honest(a8))), pair(Nonce((ni Abs_NI2)), Agent(honest(a9))))), Nonce((absNA(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a12)), Agent(honest(a13)))) Abs_K0)), crypt(pk(Agent(honest(a14))), pair(f(Nonce((ni Abs_NI3))), pair(Nonce((absNA(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_NA1)), pair(Agent(honest(a17)), SymKey((absK(pair(Agent(honest(a18)), Agent(honest(a19)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a20)), Agent(honest(a21)))) Abs_K2)), f(Nonce((absNA(pair(Agent(honest(a22)), Agent(honest(a23)))) Abs_NA2)))), SID(sid0)] )) + | (m = Iknows(f(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0))))) + | (m = Iknows(f(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0))))) + | (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(honest(a1))), pair(Nonce((absNB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NB0)), Agent(honest(a4))))))) + | (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(dishonest(i0))), pair(Nonce((absNB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NB0)), Agent(honest(a2))))))) + | (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0)), Agent(honest(a1))))) + | (m = Iknows(pair(Agent(honest(a0)), SymKey((absK(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_K0))))) + | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(honest(a1)), SymKey((absK(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_K0)))))) + | (m = Iknows(pair(f(Nonce((ni Abs_NI0))), pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(honest(a1)), SymKey((absK(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_K0))))))) + | (m = Iknows(pair(f(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)), pair(Agent(honest(a2)), SymKey((absK(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_K0))))))) + | (m = Iknows(pair(f(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA1)), pair(Agent(honest(a2)), SymKey((absK(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_K0))))))) +)}" + + +section {* Checking Fixed-point (BilateralKeyExchange) *} +lemma fp_attack_free: "~ (Attack m : BilateralKeyExchange_fp)" + by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_0: "Iknows(Nonce((ni Abs_NI))) : BilateralKeyExchange_fp" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_1: "Iknows(Agent(dishonest(i))) : BilateralKeyExchange_fp" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_2: "State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(dishonest(i))), pk(Agent(honest(a))), Agent(dishonest(i)), SID(sid)] ) : BilateralKeyExchange_fp" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_3: "State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), pk(Agent(honest(a))), Agent(honest(a)), SID(sid)] ) : BilateralKeyExchange_fp" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_4: "Iknows(Step(0)) : BilateralKeyExchange_fp" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_5: "Iknows(inv(pk(Agent(dishonest(i))))) : BilateralKeyExchange_fp" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_6: "Iknows(pk(Agent(dishonest(i)))) : BilateralKeyExchange_fp" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_7: "Iknows(SID(sid)) : BilateralKeyExchange_fp" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_8: "Iknows(pk(Agent(honest(a)))) : BilateralKeyExchange_fp" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_9: "Iknows(Agent(honest(a))) : BilateralKeyExchange_fp" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_10: "State(rB, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), pk(Agent(dishonest(i))), Agent(dishonest(i)), SID(sid)] ) : BilateralKeyExchange_fp" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_11: "State(rB, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), pk(Agent(honest(a))), Agent(honest(a)), SID(sid)] ) : BilateralKeyExchange_fp" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_0: "[| + Iknows(crypt(K, M)) : BilateralKeyExchange_fp; + Iknows(inv(K)) : BilateralKeyExchange_fp|] + ==> + (Iknows(M) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_1: "[| + Iknows(crypt(inv(K), M)) : BilateralKeyExchange_fp; + Iknows(K) : BilateralKeyExchange_fp|] + ==> + (Iknows(M) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_2: "[| + Iknows(scrypt(K, M)) : BilateralKeyExchange_fp; + Iknows(K) : BilateralKeyExchange_fp|] + ==> + (Iknows(M) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_3: "[| + Iknows(pair(M1, M2)) : BilateralKeyExchange_fp|] + ==> + (Iknows(M1) : BilateralKeyExchange_fp) & + (Iknows(M2) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_4: "[| + Secret(M, Agent(honest(a))) : BilateralKeyExchange_fp; + Iknows(M) : BilateralKeyExchange_fp|] + ==> + (Attack(pair(secrecy, M)) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_5: "[| + Request(A, B, Purpose(purposeNB), M, SID(sid)) : BilateralKeyExchange_fp; + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_NB . + M = Nonce((absNB(pair(B, A)) Abs_NB)))|] + ==> + (Attack(pair(authentication, pair(A, pair(B, M)))) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_6: "[| + Request(A, B, Purpose(purposeNA), M, SID(sid)) : BilateralKeyExchange_fp; + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_NA . + M = Nonce((absNA(pair(B, A)) Abs_NA)))|] + ==> + (Attack(pair(authentication, pair(A, pair(B, M)))) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_7: "[| + Request(A, B, Purpose(purposeK), M, SID(sid)) : BilateralKeyExchange_fp; + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_K . + M = SymKey((absK(pair(B, A)) Abs_K)))|] + ==> + (Attack(pair(authentication, pair(A, pair(B, M)))) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_8: "[| + State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), SID(sid)] ) : BilateralKeyExchange_fp|] + ==> + (State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB)), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB)), Agent(B)))), SID(sid)] ) : BilateralKeyExchange_fp) & + (Iknows(pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB)), Agent(B))))) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_9: "[| + State(rA, [Agent(A), Step(0), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), SID(sid)] ) : BilateralKeyExchange_fp; + Iknows(Agent(B)) : BilateralKeyExchange_fp; + Iknows(crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))) : BilateralKeyExchange_fp|] + ==> + (Secret(SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), Agent(B)) : BilateralKeyExchange_fp) & + (Witness(Agent(A), Agent(B), Purpose(purposeK), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K))) : BilateralKeyExchange_fp) & + (State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)))))), SID(sid)] ) : BilateralKeyExchange_fp) & + (Iknows(crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K))))))) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_10: "[| + State(rA, [Agent(A), Step(0), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), SID(sid)] ) : BilateralKeyExchange_fp; + Iknows(Agent(B)) : BilateralKeyExchange_fp; + Iknows(pk(Agent(A))) : BilateralKeyExchange_fp; + Iknows(Nonce(NB)) : BilateralKeyExchange_fp|] + ==> + (Secret(SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), Agent(B)) : BilateralKeyExchange_fp) & + (Witness(Agent(A), Agent(B), Purpose(purposeK), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K))) : BilateralKeyExchange_fp) & + (State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)))))), SID(sid)] ) : BilateralKeyExchange_fp) & + (Iknows(crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K))))))) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_11: "[| + State(rA, [Agent(A), Step(0), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), SID(sid)] ) : BilateralKeyExchange_fp; + Iknows(Agent(B)) : BilateralKeyExchange_fp; + Iknows(Agent(A)) : BilateralKeyExchange_fp; + Iknows(Nonce(NB)) : BilateralKeyExchange_fp|] + ==> + (Secret(SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), Agent(B)) : BilateralKeyExchange_fp) & + (Witness(Agent(A), Agent(B), Purpose(purposeK), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K))) : BilateralKeyExchange_fp) & + (State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)))))), SID(sid)] ) : BilateralKeyExchange_fp) & + (Iknows(crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K))))))) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_12: "[| + State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : BilateralKeyExchange_fp; + Iknows(crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K)))))) : BilateralKeyExchange_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid)) : BilateralKeyExchange_fp) & + (State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ) : BilateralKeyExchange_fp) & + (Iknows(scrypt(SymKey(K), f(Nonce(NA)))) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_13: "[| + State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : BilateralKeyExchange_fp; + Iknows(pk(Agent(B))) : BilateralKeyExchange_fp; + Iknows(f(Nonce(NB))) : BilateralKeyExchange_fp; + Iknows(Nonce(NA)) : BilateralKeyExchange_fp; + Iknows(Agent(A)) : BilateralKeyExchange_fp; + Iknows(SymKey(K)) : BilateralKeyExchange_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid)) : BilateralKeyExchange_fp) & + (State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ) : BilateralKeyExchange_fp) & + (Iknows(scrypt(SymKey(K), f(Nonce(NA)))) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_14: "[| + State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : BilateralKeyExchange_fp; + Iknows(pk(Agent(B))) : BilateralKeyExchange_fp; + Iknows(Nonce(NB)) : BilateralKeyExchange_fp; + Iknows(Nonce(NA)) : BilateralKeyExchange_fp; + Iknows(Agent(A)) : BilateralKeyExchange_fp; + Iknows(SymKey(K)) : BilateralKeyExchange_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid)) : BilateralKeyExchange_fp) & + (State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ) : BilateralKeyExchange_fp) & + (Iknows(scrypt(SymKey(K), f(Nonce(NA)))) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_15: "[| + State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : BilateralKeyExchange_fp; + Iknows(Agent(B)) : BilateralKeyExchange_fp; + Iknows(f(Nonce(NB))) : BilateralKeyExchange_fp; + Iknows(Nonce(NA)) : BilateralKeyExchange_fp; + Iknows(Agent(A)) : BilateralKeyExchange_fp; + Iknows(SymKey(K)) : BilateralKeyExchange_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid)) : BilateralKeyExchange_fp) & + (State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ) : BilateralKeyExchange_fp) & + (Iknows(scrypt(SymKey(K), f(Nonce(NA)))) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_16: "[| + State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : BilateralKeyExchange_fp; + Iknows(Agent(B)) : BilateralKeyExchange_fp; + Iknows(Nonce(NB)) : BilateralKeyExchange_fp; + Iknows(Nonce(NA)) : BilateralKeyExchange_fp; + Iknows(Agent(A)) : BilateralKeyExchange_fp; + Iknows(SymKey(K)) : BilateralKeyExchange_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid)) : BilateralKeyExchange_fp) & + (State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ) : BilateralKeyExchange_fp) & + (Iknows(scrypt(SymKey(K), f(Nonce(NA)))) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_17: "[| + State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), SID(sid)] ) : BilateralKeyExchange_fp; + Iknows(scrypt(SymKey(K), f(Nonce(NA)))) : BilateralKeyExchange_fp|] + ==> + (State(rA, [Agent(A), Step(2), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_18: "[| + State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), SID(sid)] ) : BilateralKeyExchange_fp; + Iknows(SymKey(K)) : BilateralKeyExchange_fp; + Iknows(f(Nonce(NA))) : BilateralKeyExchange_fp|] + ==> + (State(rA, [Agent(A), Step(2), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_19: "[| + State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), SID(sid)] ) : BilateralKeyExchange_fp; + Iknows(SymKey(K)) : BilateralKeyExchange_fp; + Iknows(Nonce(NA)) : BilateralKeyExchange_fp|] + ==> + (State(rA, [Agent(A), Step(2), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ) : BilateralKeyExchange_fp)" +by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+ + + + +section {* Security Proof(s) (BilateralKeyExchange) *} +lemma over_approx: "t : BilateralKeyExchange ==> (set t) <= BilateralKeyExchange_fp" + apply(rule BilateralKeyExchange.induct, simp_all) + apply(propagate_fp, cut_tac init_0, (assumption | simp)+) + apply(propagate_fp, cut_tac init_1, (assumption | simp)+) + apply(propagate_fp, cut_tac init_2, (assumption | simp)+) + apply(propagate_fp, cut_tac init_3, (assumption | simp)+) + apply(propagate_fp, cut_tac init_4, (assumption | simp)+) + apply(propagate_fp, cut_tac init_5, (assumption | simp)+) + apply(propagate_fp, cut_tac init_6, (assumption | simp)+) + apply(propagate_fp, cut_tac init_7, (assumption | simp)+) + apply(propagate_fp, cut_tac init_8, (assumption | simp)+) + apply(propagate_fp, cut_tac init_9, (assumption | simp)+) + apply(propagate_fp, cut_tac init_10, (assumption | simp)+) + apply(propagate_fp, cut_tac init_11, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_0, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_1, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_2, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_3, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_4, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_5, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_6, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_7, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_8, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_9, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_10, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_11, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_12, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_13, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_14, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_15, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_16, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_17, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_18, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_19, (assumption | simp)+) +done + + + +end (* theory *) diff --git a/examples/Denning-Sacco.thy b/examples/Denning-Sacco.thy new file mode 100644 index 0000000..8d34458 --- /dev/null +++ b/examples/Denning-Sacco.thy @@ -0,0 +1,488 @@ +header {* Analysing DenningSacco *} +(* *********************************** + This file is automatically generated from the AnB file "AnB/Denning-Sacco.AnB". + Backend: Open Source Fixedpoint Model Checker version 2009c +************************************ *) + +theory + "Denning-Sacco" + imports + ofmc +begin + + + +section {* Protocol Model (DenningSacco) *} +datatype Role = rA | rB | rs + +datatype Purpose = purposeNI | purposeT | purposetimestamp | purposePayload +datatype Agent = honest nat + | dishonest nat + +datatype Nonce = "ni" "nat" + | "timestamp" "nat" + | "payload" "Msg" "nat" + | "NI" + | "T" + | "Payload" + and Msg = Nonce "Nonce" + | Agent "Agent" + | Purpose "Purpose" + | pair "Msg*Msg" + | scrypt "Msg*Msg" + | crypt "Msg*Msg" + | inv "Msg" + | SID "nat" + | Step "nat" + | authentication + | secrecy +(* SymKeys *) + | SymKey "Msg" + | "sk" "Msg" "nat" +(* Functions *) + + datatype Fact = Iknows Msg + | State "Role * (Msg list)" + | Secret "Msg * Msg" + | Attack "Msg" + | Witness "Msg * Msg * Msg * Msg" + | Request "Msg * Msg * Msg * Msg * Msg" + + + + +section {* Inductive Protocol Definition (DenningSacco) *} +inductive_set + DenningSacco::"Fact list set" +where + init_0: "[ Iknows(Nonce((ni Abs_NI)))] : DenningSacco" + | init_1: "[ Iknows(Agent(dishonest(i)))] : DenningSacco" + | init_2: "[ State(rA, [Agent(honest(a)), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(dishonest(i)), SID(sid)] )] : DenningSacco" + | init_3: "[ State(rA, [Agent(honest(a)), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(honest(a)), SID(sid)] )] : DenningSacco" + | init_4: "[ Iknows(Step(0))] : DenningSacco" + | init_5: "[ Iknows(Nonce((timestamp Abs_T)))] : DenningSacco" + | init_6: "[ Iknows(SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB)))] : DenningSacco" + | init_7: "[ Iknows(SID(sid))] : DenningSacco" + | init_8: "[ Iknows(Agent(honest(a)))] : DenningSacco" + | init_9: "[ State(rB, [Agent(honest(a)), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(dishonest(i)), SID(sid)] )] : DenningSacco" + | init_10: "[ State(rB, [Agent(honest(a)), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(honest(a)), SID(sid)] )] : DenningSacco" + | init_11: "[ State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB)), Agent(dishonest(i)), Agent(dishonest(i)), SID(sid)] )] : DenningSacco" + | init_12: "[ State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(dishonest(i)), Agent(honest(a)), SID(sid)] )] : DenningSacco" + | init_13: "[ State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB)), Agent(honest(a)), Agent(dishonest(i)), SID(sid)] )] : DenningSacco" + | init_14: "[ State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(honest(a)), Agent(honest(a)), SID(sid)] )] : DenningSacco" + | rule_0: "[| t :DenningSacco; + Iknows(crypt(K, M)) : (set t); + Iknows(inv(K)) : (set t)|] + ==> +((Iknows(M)) + #t) : DenningSacco" + | rule_1: "[| t :DenningSacco; + Iknows(crypt(inv(K), M)) : (set t); + Iknows(K) : (set t)|] + ==> +((Iknows(M)) + #t) : DenningSacco" + | rule_2: "[| t :DenningSacco; + Iknows(scrypt(K, M)) : (set t); + Iknows(K) : (set t)|] + ==> +((Iknows(M)) + #t) : DenningSacco" + | rule_3: "[| t :DenningSacco; + Iknows(pair(M1, M2)) : (set t)|] + ==> +((Iknows(M1)) + #(Iknows(M2)) + #t) : DenningSacco" + | rule_4: "[| t :DenningSacco; + Secret(M, Agent(honest(a))) : (set t); + Iknows(M) : (set t)|] + ==> +((Attack(pair(secrecy, M))) + #t) : DenningSacco" + | rule_5: "[| t :DenningSacco; + Request(A, B, Purpose(purposePayload), M, SID(sid)) : (set t); + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_Payload . + M = Nonce((payload(pair(B, A)) Abs_Payload)))|] + ==> +((Attack(pair(authentication, pair(A, pair(B, M))))) + #t) : DenningSacco" + | rule_6: "[| t :DenningSacco; + Request(A, B, Purpose(purposeKAB), M, SID(sid)) : (set t); + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_KAB . + M = SymKey((sk(pair(B, A)) Abs_KAB)))|] + ==> +((Attack(pair(authentication, pair(A, pair(B, M))))) + #t) : DenningSacco" + | rule_7: "[| t :DenningSacco; + State(rA, [Agent(A), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), SID(sid)] ) : (set t)|] + ==> +((State(rA, [Agent(A), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), SID(sid)] )) + #(Iknows(pair(Agent(A), Agent(B)))) + #t) : DenningSacco" + | rule_8: "[| t :DenningSacco; + State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), Agent(A), SID(sid)] ) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(Agent(B)) : (set t)|] + ==> +((State(rs, [Agent(honest(a)), Step(1), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), Agent(A), pair(Agent(A), Agent(B)), SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), Nonce((timestamp Abs_T)), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), pair(Nonce((timestamp Abs_T)), scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), Nonce((timestamp Abs_T))))))))), SID(sid)] )) + #(Iknows(scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), pair(Nonce((timestamp Abs_T)), scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), Nonce((timestamp Abs_T))))))))))) + #t) : DenningSacco" + | rule_9: "[| t :DenningSacco; + State(rA, [Agent(A), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), SID(sid)] ) : (set t); + Iknows(scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i))))))) : (set t)|] + ==> +((State(rA, [Agent(A), Step(2), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), SID(sid)] )) + #(Iknows(Agent(dishonest(i)))) + #t) : DenningSacco" + | rule_10: "[| t :DenningSacco; + State(rA, [Agent(A), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), SID(sid)] ) : (set t); + Iknows(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB))) : (set t); + Iknows(Agent(B)) : (set t); + Iknows(SymKey(KAB)) : (set t); + Iknows(Nonce(T)) : (set t); + Iknows(Agent(dishonest(i))) : (set t)|] + ==> +((State(rA, [Agent(A), Step(2), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), SID(sid)] )) + #(Iknows(Agent(dishonest(i)))) + #t) : DenningSacco" + | rule_11: "[| t :DenningSacco; + State(rB, [Agent(B), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), Agent(A), SID(sid)] ) : (set t); + Iknows(scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey(KAB), Nonce(T))))) : (set t)|] + ==> +((Secret(Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)), Agent(A))) + #(Witness(Agent(B), Agent(A), Purpose(purposePayload), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)))) + #(State(rB, [Agent(B), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), Agent(A), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey(KAB), Nonce(T)))), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)), scrypt(SymKey(KAB), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload))), SID(sid)] )) + #(Iknows(scrypt(SymKey(KAB), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload))))) + #t) : DenningSacco" + | rule_12: "[| t :DenningSacco; + State(rB, [Agent(B), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), Agent(A), SID(sid)] ) : (set t); + Iknows(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB))) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(SymKey(KAB)) : (set t); + Iknows(Nonce(T)) : (set t)|] + ==> +((Secret(Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)), Agent(A))) + #(Witness(Agent(B), Agent(A), Purpose(purposePayload), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)))) + #(State(rB, [Agent(B), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), Agent(A), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey(KAB), Nonce(T)))), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)), scrypt(SymKey(KAB), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload))), SID(sid)] )) + #(Iknows(scrypt(SymKey(KAB), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload))))) + #t) : DenningSacco" + | rule_13: "[| t :DenningSacco; + State(rA, [Agent(A), Step(2), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), SID(sid)] ) : (set t); + Iknows(scrypt(SymKey(KAB), Nonce(Payload))) : (set t)|] + ==> +((Request(Agent(A), Agent(B), Purpose(purposePayload), Nonce(Payload), SID(sid))) + #(State(rA, [Agent(A), Step(3), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), Nonce(Payload), scrypt(SymKey(KAB), Nonce(Payload)), SID(sid)] )) + #t) : DenningSacco" + | rule_14: "[| t :DenningSacco; + State(rA, [Agent(A), Step(2), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), SID(sid)] ) : (set t); + Iknows(SymKey(KAB)) : (set t); + Iknows(Nonce(Payload)) : (set t)|] + ==> +((Request(Agent(A), Agent(B), Purpose(purposePayload), Nonce(Payload), SID(sid))) + #(State(rA, [Agent(A), Step(3), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), Nonce(Payload), scrypt(SymKey(KAB), Nonce(Payload)), SID(sid)] )) + #t) : DenningSacco" + + +section {* Fixed-point Definition (DenningSacco) *} +constdefs DenningSacco_fp::"Fact set""DenningSacco_fp == {m. ( ? Abs_NI0 i8 i9 i10 i11 i12 i13 i14 i15 a10 a11 a12 a13 a14 a15 a16 a17 Abs_KAB5 a18 a19 a20 Abs_KAB6 i7 a5 a6 Abs_KAB3 Abs_T2 a7 a8 Abs_KAB4 a9 Abs_Payload1 sid0 Abs_Payload0 i3 i4 i5 i6 a0 a1 a2 a3 Abs_KAB1 a4 Abs_KAB2 Abs_T1 i0 i1 i2 Abs_KAB0 Abs_T0 . + (m = Iknows(Nonce((ni Abs_NI0)))) + | (m = Iknows(Agent(dishonest(i0)))) + | (m = State(rA, [Agent(honest(a0)), Step(0), Nonce((timestamp Abs_T0)), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), Agent(dishonest(i0)), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(0), Nonce((timestamp Abs_T0)), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), Agent(honest(a3)), SID(sid0)] )) + | (m = Iknows(Step(0))) + | (m = Iknows(Nonce((timestamp Abs_T0)))) + | (m = Iknows(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)))) + | (m = Iknows(SID(sid0))) + | (m = Iknows(Agent(honest(a0)))) + | (m = State(rB, [Agent(honest(a0)), Step(0), Nonce((timestamp Abs_T0)), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), Agent(dishonest(i0)), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(0), Nonce((timestamp Abs_T0)), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), Agent(honest(a3)), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(0), SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))) Abs_KAB0)), SymKey((sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))) Abs_KAB1)), Agent(dishonest(i2)), Agent(dishonest(i3)), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(0), SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))) Abs_KAB0)), SymKey((sk(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_KAB1)), Agent(dishonest(i1)), Agent(honest(a4)), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(0), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a3)))) Abs_KAB1)), Agent(honest(a4)), Agent(dishonest(i1)), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(0), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), SymKey((sk(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_KAB1)), Agent(honest(a5)), Agent(honest(a6)), SID(sid0)] )) + | (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0))))) + | (m = State(rA, [Agent(honest(a0)), Step(1), Nonce((timestamp Abs_T0)), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), Agent(dishonest(i0)), pair(Agent(honest(a3)), Agent(dishonest(i1))), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(1), Nonce((timestamp Abs_T0)), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), Agent(honest(a3)), pair(Agent(honest(a4)), Agent(honest(a5))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))) Abs_KAB0)), SymKey((sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))) Abs_KAB1)), Agent(dishonest(i2)), Agent(dishonest(i3)), pair(Agent(dishonest(i4)), Agent(dishonest(i5))), SymKey((sk(pair(Agent(dishonest(i6)), Agent(dishonest(i7)))) Abs_KAB2)), Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i8)), Agent(honest(a3)))) Abs_KAB3)), pair(Agent(dishonest(i9)), pair(SymKey((sk(pair(Agent(dishonest(i10)), Agent(dishonest(i11)))) Abs_KAB4)), pair(Nonce((timestamp Abs_T1)), scrypt(SymKey((sk(pair(Agent(dishonest(i12)), Agent(honest(a4)))) Abs_KAB5)), pair(Agent(dishonest(i13)), pair(SymKey((sk(pair(Agent(dishonest(i14)), Agent(dishonest(i15)))) Abs_KAB6)), Nonce((timestamp Abs_T2))))))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))) Abs_KAB0)), SymKey((sk(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_KAB1)), Agent(dishonest(i1)), Agent(honest(a4)), pair(Agent(honest(a5)), Agent(dishonest(i2))), SymKey((sk(pair(Agent(honest(a6)), Agent(dishonest(i3)))) Abs_KAB2)), Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_KAB3)), pair(Agent(dishonest(i4)), pair(SymKey((sk(pair(Agent(honest(a9)), Agent(dishonest(i5)))) Abs_KAB4)), pair(Nonce((timestamp Abs_T1)), scrypt(SymKey((sk(pair(Agent(dishonest(i6)), Agent(honest(a10)))) Abs_KAB5)), pair(Agent(honest(a11)), pair(SymKey((sk(pair(Agent(honest(a12)), Agent(dishonest(i7)))) Abs_KAB6)), Nonce((timestamp Abs_T2))))))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a3)))) Abs_KAB1)), Agent(honest(a4)), Agent(dishonest(i1)), pair(Agent(dishonest(i2)), Agent(honest(a5))), SymKey((sk(pair(Agent(dishonest(i3)), Agent(honest(a6)))) Abs_KAB2)), Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i4)), Agent(honest(a7)))) Abs_KAB3)), pair(Agent(honest(a8)), pair(SymKey((sk(pair(Agent(dishonest(i5)), Agent(honest(a9)))) Abs_KAB4)), pair(Nonce((timestamp Abs_T1)), scrypt(SymKey((sk(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_KAB5)), pair(Agent(dishonest(i6)), pair(SymKey((sk(pair(Agent(dishonest(i7)), Agent(honest(a12)))) Abs_KAB6)), Nonce((timestamp Abs_T2))))))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), SymKey((sk(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_KAB1)), Agent(honest(a5)), Agent(honest(a6)), pair(Agent(honest(a7)), Agent(honest(a8))), SymKey((sk(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_KAB2)), Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_KAB3)), pair(Agent(honest(a13)), pair(SymKey((sk(pair(Agent(honest(a14)), Agent(honest(a15)))) Abs_KAB4)), pair(Nonce((timestamp Abs_T1)), scrypt(SymKey((sk(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_KAB5)), pair(Agent(honest(a18)), pair(SymKey((sk(pair(Agent(honest(a19)), Agent(honest(a20)))) Abs_KAB6)), Nonce((timestamp Abs_T2))))))))), SID(sid0)] )) + | (m = Iknows(scrypt(SymKey((sk(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_KAB0)), pair(Agent(honest(a2)), pair(SymKey((sk(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_KAB1)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_KAB2)), pair(Agent(honest(a7)), pair(SymKey((sk(pair(Agent(honest(a8)), Agent(honest(a9)))) Abs_KAB3)), Nonce((timestamp Abs_T1))))))))))) + | (m = Iknows(scrypt(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Agent(honest(a1)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))) Abs_KAB1)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_KAB2)), pair(Agent(dishonest(i2)), pair(SymKey((sk(pair(Agent(dishonest(i3)), Agent(honest(a5)))) Abs_KAB3)), Nonce((timestamp Abs_T1))))))))))) + | (m = Iknows(scrypt(SymKey((sk(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_KAB0)), pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_KAB1)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a3)))) Abs_KAB2)), pair(Agent(honest(a4)), pair(SymKey((sk(pair(Agent(honest(a5)), Agent(dishonest(i3)))) Abs_KAB3)), Nonce((timestamp Abs_T1))))))))))) + | (m = Iknows(scrypt(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(dishonest(i3)))) Abs_KAB1)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i4)), Agent(honest(a1)))) Abs_KAB2)), pair(Agent(dishonest(i5)), pair(SymKey((sk(pair(Agent(dishonest(i6)), Agent(dishonest(i7)))) Abs_KAB3)), Nonce((timestamp Abs_T1))))))))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0))))) + | (m = Iknows(pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(dishonest(i3)))) Abs_KAB1)), Nonce((timestamp Abs_T1)))))))) + | (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a0)))) Abs_KAB1)), pair(Agent(dishonest(i3)), pair(SymKey((sk(pair(Agent(dishonest(i4)), Agent(dishonest(i5)))) Abs_KAB2)), Nonce((timestamp Abs_T1))))))))) + | (m = Iknows(pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i3)), Agent(honest(a0)))) Abs_KAB1)), pair(Agent(dishonest(i4)), pair(SymKey((sk(pair(Agent(dishonest(i5)), Agent(dishonest(i6)))) Abs_KAB2)), Nonce((timestamp Abs_T1)))))))))) + | (m = Iknows(pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_KAB0)), pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))) Abs_KAB1)), Nonce((timestamp Abs_T1)))))))) + | (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB1)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a3)))) Abs_KAB2)), Nonce((timestamp Abs_T1))))))))) + | (m = Iknows(pair(Agent(honest(a0)), pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_KAB1)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a4)))) Abs_KAB2)), Nonce((timestamp Abs_T1)))))))))) + | (m = Iknows(scrypt(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(dishonest(i3)))) Abs_KAB1)), Nonce((timestamp Abs_T0))))))) + | (m = Iknows(SymKey((sk(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_KAB0)))) + | (m = Iknows(scrypt(SymKey((sk(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_KAB0)), pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))) Abs_KAB1)), Nonce((timestamp Abs_T0))))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0))))) + | (m = Iknows(pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(dishonest(i3)))) Abs_KAB1)), Nonce((timestamp Abs_T1)))))))) + | (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a0)))) Abs_KAB1)), pair(Agent(dishonest(i3)), pair(SymKey((sk(pair(Agent(dishonest(i4)), Agent(dishonest(i5)))) Abs_KAB2)), Nonce((timestamp Abs_T1))))))))) + | (m = Iknows(pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i3)), Agent(honest(a0)))) Abs_KAB1)), pair(Agent(dishonest(i4)), pair(SymKey((sk(pair(Agent(dishonest(i5)), Agent(dishonest(i6)))) Abs_KAB2)), Nonce((timestamp Abs_T1)))))))))) + | (m = Iknows(pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_KAB0)), pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))) Abs_KAB1)), Nonce((timestamp Abs_T1)))))))) + | (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB1)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a3)))) Abs_KAB2)), Nonce((timestamp Abs_T1))))))))) + | (m = Iknows(pair(Agent(honest(a0)), pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_KAB1)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a4)))) Abs_KAB2)), Nonce((timestamp Abs_T1)))))))))) + | (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_KAB0)), Nonce((timestamp Abs_T0))))) + | (m = Iknows(pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((timestamp Abs_T0)))))) + | (m = Secret(Nonce((payload(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_Payload0)), Agent(dishonest(i1)))) + | (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposePayload), Nonce((payload(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_Payload0)))) + | (m = State(rB, [Agent(honest(a0)), Step(1), Nonce((timestamp Abs_T0)), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), Agent(dishonest(i0)), Nonce((timestamp Abs_T1)), SymKey((sk(pair(Agent(dishonest(i1)), Agent(honest(a3)))) Abs_KAB1)), scrypt(SymKey((sk(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_KAB2)), pair(Agent(dishonest(i2)), pair(SymKey((sk(pair(Agent(dishonest(i3)), Agent(honest(a6)))) Abs_KAB3)), Nonce((timestamp Abs_T2))))), Nonce((payload(pair(Agent(honest(a7)), Agent(dishonest(i4)))) Abs_Payload0)), scrypt(SymKey((sk(pair(Agent(dishonest(i5)), Agent(honest(a8)))) Abs_KAB4)), Nonce((payload(pair(Agent(honest(a9)), Agent(dishonest(i6)))) Abs_Payload1))), SID(sid0)] )) + | (m = Iknows(scrypt(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), Nonce((payload(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_Payload0))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0))))) + | (m = Iknows(pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(dishonest(i3)))) Abs_KAB1)), Nonce((timestamp Abs_T1)))))))) + | (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a0)))) Abs_KAB1)), pair(Agent(dishonest(i3)), pair(SymKey((sk(pair(Agent(dishonest(i4)), Agent(dishonest(i5)))) Abs_KAB2)), Nonce((timestamp Abs_T1))))))))) + | (m = Iknows(pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i3)), Agent(honest(a0)))) Abs_KAB1)), pair(Agent(dishonest(i4)), pair(SymKey((sk(pair(Agent(dishonest(i5)), Agent(dishonest(i6)))) Abs_KAB2)), Nonce((timestamp Abs_T1)))))))))) + | (m = Iknows(pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_KAB0)), pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))) Abs_KAB1)), Nonce((timestamp Abs_T1)))))))) + | (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB1)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a3)))) Abs_KAB2)), Nonce((timestamp Abs_T1))))))))) + | (m = Iknows(pair(Agent(honest(a0)), pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_KAB1)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a4)))) Abs_KAB2)), Nonce((timestamp Abs_T1)))))))))) + | (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_KAB0)), Nonce((timestamp Abs_T0))))) + | (m = Iknows(pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((timestamp Abs_T0)))))) + | (m = Iknows(Nonce((payload(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_Payload0)))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0))))) + | (m = Iknows(pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(dishonest(i3)))) Abs_KAB1)), Nonce((timestamp Abs_T1)))))))) + | (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a0)))) Abs_KAB1)), pair(Agent(dishonest(i3)), pair(SymKey((sk(pair(Agent(dishonest(i4)), Agent(dishonest(i5)))) Abs_KAB2)), Nonce((timestamp Abs_T1))))))))) + | (m = Iknows(pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i3)), Agent(honest(a0)))) Abs_KAB1)), pair(Agent(dishonest(i4)), pair(SymKey((sk(pair(Agent(dishonest(i5)), Agent(dishonest(i6)))) Abs_KAB2)), Nonce((timestamp Abs_T1)))))))))) + | (m = Iknows(pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_KAB0)), pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))) Abs_KAB1)), Nonce((timestamp Abs_T1)))))))) + | (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB1)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a3)))) Abs_KAB2)), Nonce((timestamp Abs_T1))))))))) + | (m = Iknows(pair(Agent(honest(a0)), pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_KAB1)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a4)))) Abs_KAB2)), Nonce((timestamp Abs_T1)))))))))) + | (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_KAB0)), Nonce((timestamp Abs_T0))))) + | (m = Iknows(pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((timestamp Abs_T0)))))) +)}" + + +section {* Checking Fixed-point (DenningSacco) *} +lemma fp_attack_free: "~ (Attack m : DenningSacco_fp)" + by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_0: "Iknows(Nonce((ni Abs_NI))) : DenningSacco_fp" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_1: "Iknows(Agent(dishonest(i))) : DenningSacco_fp" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_2: "State(rA, [Agent(honest(a)), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(dishonest(i)), SID(sid)] ) : DenningSacco_fp" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_3: "State(rA, [Agent(honest(a)), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(honest(a)), SID(sid)] ) : DenningSacco_fp" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_4: "Iknows(Step(0)) : DenningSacco_fp" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_5: "Iknows(Nonce((timestamp Abs_T))) : DenningSacco_fp" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_6: "Iknows(SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB))) : DenningSacco_fp" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_7: "Iknows(SID(sid)) : DenningSacco_fp" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_8: "Iknows(Agent(honest(a))) : DenningSacco_fp" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_9: "State(rB, [Agent(honest(a)), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(dishonest(i)), SID(sid)] ) : DenningSacco_fp" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_10: "State(rB, [Agent(honest(a)), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(honest(a)), SID(sid)] ) : DenningSacco_fp" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_11: "State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB)), Agent(dishonest(i)), Agent(dishonest(i)), SID(sid)] ) : DenningSacco_fp" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_12: "State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(dishonest(i)), Agent(honest(a)), SID(sid)] ) : DenningSacco_fp" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_13: "State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB)), Agent(honest(a)), Agent(dishonest(i)), SID(sid)] ) : DenningSacco_fp" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_14: "State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(honest(a)), Agent(honest(a)), SID(sid)] ) : DenningSacco_fp" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_0: "[| + Iknows(crypt(K, M)) : DenningSacco_fp; + Iknows(inv(K)) : DenningSacco_fp|] + ==> + (Iknows(M) : DenningSacco_fp)" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_1: "[| + Iknows(crypt(inv(K), M)) : DenningSacco_fp; + Iknows(K) : DenningSacco_fp|] + ==> + (Iknows(M) : DenningSacco_fp)" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_2: "[| + Iknows(scrypt(K, M)) : DenningSacco_fp; + Iknows(K) : DenningSacco_fp|] + ==> + (Iknows(M) : DenningSacco_fp)" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_3: "[| + Iknows(pair(M1, M2)) : DenningSacco_fp|] + ==> + (Iknows(M1) : DenningSacco_fp) & + (Iknows(M2) : DenningSacco_fp)" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_4: "[| + Secret(M, Agent(honest(a))) : DenningSacco_fp; + Iknows(M) : DenningSacco_fp|] + ==> + (Attack(pair(secrecy, M)) : DenningSacco_fp)" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_5: "[| + Request(A, B, Purpose(purposePayload), M, SID(sid)) : DenningSacco_fp; + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_Payload . + M = Nonce((payload(pair(B, A)) Abs_Payload)))|] + ==> + (Attack(pair(authentication, pair(A, pair(B, M)))) : DenningSacco_fp)" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_6: "[| + Request(A, B, Purpose(purposeKAB), M, SID(sid)) : DenningSacco_fp; + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_KAB . + M = SymKey((sk(pair(B, A)) Abs_KAB)))|] + ==> + (Attack(pair(authentication, pair(A, pair(B, M)))) : DenningSacco_fp)" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_7: "[| + State(rA, [Agent(A), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), SID(sid)] ) : DenningSacco_fp|] + ==> + (State(rA, [Agent(A), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), SID(sid)] ) : DenningSacco_fp) & + (Iknows(pair(Agent(A), Agent(B))) : DenningSacco_fp)" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_8: "[| + State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), Agent(A), SID(sid)] ) : DenningSacco_fp; + Iknows(Agent(A)) : DenningSacco_fp; + Iknows(Agent(B)) : DenningSacco_fp|] + ==> + (State(rs, [Agent(honest(a)), Step(1), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), Agent(A), pair(Agent(A), Agent(B)), SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), Nonce((timestamp Abs_T)), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), pair(Nonce((timestamp Abs_T)), scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), Nonce((timestamp Abs_T))))))))), SID(sid)] ) : DenningSacco_fp) & + (Iknows(scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), pair(Nonce((timestamp Abs_T)), scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), Nonce((timestamp Abs_T)))))))))) : DenningSacco_fp)" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_9: "[| + State(rA, [Agent(A), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), SID(sid)] ) : DenningSacco_fp; + Iknows(scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i))))))) : DenningSacco_fp|] + ==> + (State(rA, [Agent(A), Step(2), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), SID(sid)] ) : DenningSacco_fp) & + (Iknows(Agent(dishonest(i))) : DenningSacco_fp)" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_10: "[| + State(rA, [Agent(A), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), SID(sid)] ) : DenningSacco_fp; + Iknows(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB))) : DenningSacco_fp; + Iknows(Agent(B)) : DenningSacco_fp; + Iknows(SymKey(KAB)) : DenningSacco_fp; + Iknows(Nonce(T)) : DenningSacco_fp; + Iknows(Agent(dishonest(i))) : DenningSacco_fp|] + ==> + (State(rA, [Agent(A), Step(2), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), SID(sid)] ) : DenningSacco_fp) & + (Iknows(Agent(dishonest(i))) : DenningSacco_fp)" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_11: "[| + State(rB, [Agent(B), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), Agent(A), SID(sid)] ) : DenningSacco_fp; + Iknows(scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey(KAB), Nonce(T))))) : DenningSacco_fp|] + ==> + (Secret(Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)), Agent(A)) : DenningSacco_fp) & + (Witness(Agent(B), Agent(A), Purpose(purposePayload), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload))) : DenningSacco_fp) & + (State(rB, [Agent(B), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), Agent(A), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey(KAB), Nonce(T)))), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)), scrypt(SymKey(KAB), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload))), SID(sid)] ) : DenningSacco_fp) & + (Iknows(scrypt(SymKey(KAB), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)))) : DenningSacco_fp)" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_12: "[| + State(rB, [Agent(B), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), Agent(A), SID(sid)] ) : DenningSacco_fp; + Iknows(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB))) : DenningSacco_fp; + Iknows(Agent(A)) : DenningSacco_fp; + Iknows(SymKey(KAB)) : DenningSacco_fp; + Iknows(Nonce(T)) : DenningSacco_fp|] + ==> + (Secret(Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)), Agent(A)) : DenningSacco_fp) & + (Witness(Agent(B), Agent(A), Purpose(purposePayload), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload))) : DenningSacco_fp) & + (State(rB, [Agent(B), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), Agent(A), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey(KAB), Nonce(T)))), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)), scrypt(SymKey(KAB), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload))), SID(sid)] ) : DenningSacco_fp) & + (Iknows(scrypt(SymKey(KAB), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)))) : DenningSacco_fp)" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_13: "[| + State(rA, [Agent(A), Step(2), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), SID(sid)] ) : DenningSacco_fp; + Iknows(scrypt(SymKey(KAB), Nonce(Payload))) : DenningSacco_fp|] + ==> + (Request(Agent(A), Agent(B), Purpose(purposePayload), Nonce(Payload), SID(sid)) : DenningSacco_fp) & + (State(rA, [Agent(A), Step(3), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), Nonce(Payload), scrypt(SymKey(KAB), Nonce(Payload)), SID(sid)] ) : DenningSacco_fp)" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_14: "[| + State(rA, [Agent(A), Step(2), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), SID(sid)] ) : DenningSacco_fp; + Iknows(SymKey(KAB)) : DenningSacco_fp; + Iknows(Nonce(Payload)) : DenningSacco_fp|] + ==> + (Request(Agent(A), Agent(B), Purpose(purposePayload), Nonce(Payload), SID(sid)) : DenningSacco_fp) & + (State(rA, [Agent(A), Step(3), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), Nonce(Payload), scrypt(SymKey(KAB), Nonce(Payload)), SID(sid)] ) : DenningSacco_fp)" +by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+ + + + +section {* Security Proof(s) (DenningSacco) *} +lemma over_approx: "t : DenningSacco ==> (set t) <= DenningSacco_fp" + apply(rule DenningSacco.induct, simp_all) + apply(propagate_fp, cut_tac init_0, (assumption | simp)+) + apply(propagate_fp, cut_tac init_1, (assumption | simp)+) + apply(propagate_fp, cut_tac init_2, (assumption | simp)+) + apply(propagate_fp, cut_tac init_3, (assumption | simp)+) + apply(propagate_fp, cut_tac init_4, (assumption | simp)+) + apply(propagate_fp, cut_tac init_5, (assumption | simp)+) + apply(propagate_fp, cut_tac init_6, (assumption | simp)+) + apply(propagate_fp, cut_tac init_7, (assumption | simp)+) + apply(propagate_fp, cut_tac init_8, (assumption | simp)+) + apply(propagate_fp, cut_tac init_9, (assumption | simp)+) + apply(propagate_fp, cut_tac init_10, (assumption | simp)+) + apply(propagate_fp, cut_tac init_11, (assumption | simp)+) + apply(propagate_fp, cut_tac init_12, (assumption | simp)+) + apply(propagate_fp, cut_tac init_13, (assumption | simp)+) + apply(propagate_fp, cut_tac init_14, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_0, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_1, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_2, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_3, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_4, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_5, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_6, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_7, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_8, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_9, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_10, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_11, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_12, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_13, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_14, (assumption | simp)+) +done + + + +end (* theory *) diff --git a/examples/ISOpubKeyOnePassUnilateralAuthProt.thy b/examples/ISOpubKeyOnePassUnilateralAuthProt.thy new file mode 100644 index 0000000..d9b67f1 --- /dev/null +++ b/examples/ISOpubKeyOnePassUnilateralAuthProt.thy @@ -0,0 +1,484 @@ +header {* Analysing ISO_onepass_pk *} +(* *********************************** + This file is automatically generated from the AnB file "AnB/ISOpubKeyOnePassUnilateralAuthProt.AnB". + Backend: Open Source Fixedpoint Model Checker version 2009c +************************************ *) + +theory + "ISOpubKeyOnePassUnilateralAuthProt" + imports + ofmc +begin + + + +section {* Protocol Model (ISO_onepass_pk) *} +datatype Role = rA | rB | rs + +datatype Purpose = purposeNI | purposeNA | purposeText1 +datatype Agent = honest nat + | dishonest nat + +datatype Nonce = "ni" "nat" + | "absNA" "Msg" "nat" + | "absText1" "Msg" "nat" + | "NI" + | "NA" + | "Text1" + and Msg = Nonce "Nonce" + | Agent "Agent" + | Purpose "Purpose" + | pair "Msg*Msg" + | scrypt "Msg*Msg" + | crypt "Msg*Msg" + | inv "Msg" + | SID "nat" + | Step "nat" + | authentication + | secrecy +(* SymKeys *) + | SymKey "Msg" +(* Functions *) + | "pk" "Msg" + + datatype Fact = Iknows Msg + | State "Role * (Msg list)" + | Secret "Msg * Msg" + | Attack "Msg" + | Witness "Msg * Msg * Msg * Msg" + | Request "Msg * Msg * Msg * Msg * Msg" + + + + +section {* Inductive Protocol Definition (ISO_onepass_pk) *} +inductive_set + ISO_onepass_pk::"Fact list set" +where + init_0: "[ Iknows(Nonce((ni Abs_NI)))] : ISO_onepass_pk" + | init_1: "[ Iknows(Agent(dishonest(i)))] : ISO_onepass_pk" + | init_2: "[ State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), crypt(inv(pk(Agent(honest(a)))), pair(Agent(honest(a)), pk(Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] )] : ISO_onepass_pk" + | init_3: "[ State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), crypt(inv(pk(Agent(honest(a)))), pair(Agent(honest(a)), pk(Agent(honest(a))))), Agent(honest(a)), SID(sid)] )] : ISO_onepass_pk" + | init_4: "[ Iknows(Step(0))] : ISO_onepass_pk" + | init_5: "[ Iknows(inv(pk(Agent(dishonest(i)))))] : ISO_onepass_pk" + | init_6: "[ Iknows(pk(Agent(dishonest(i))))] : ISO_onepass_pk" + | init_7: "[ Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(dishonest(i)), pk(Agent(dishonest(i))))))] : ISO_onepass_pk" + | init_8: "[ Iknows(SID(sid))] : ISO_onepass_pk" + | init_9: "[ Iknows(Agent(honest(a)))] : ISO_onepass_pk" + | init_10: "[ State(rB, [Agent(honest(a)), Step(0), pk(Agent(honest(a))), SID(sid)] )] : ISO_onepass_pk" + | init_11: "[ Iknows(pk(Agent(honest(a))))] : ISO_onepass_pk" + | rule_0: "[| t :ISO_onepass_pk; + Iknows(crypt(K, M)) : (set t); + Iknows(inv(K)) : (set t)|] + ==> +((Iknows(M)) + #t) : ISO_onepass_pk" + | rule_1: "[| t :ISO_onepass_pk; + Iknows(crypt(inv(K), M)) : (set t); + Iknows(K) : (set t)|] + ==> +((Iknows(M)) + #t) : ISO_onepass_pk" + | rule_2: "[| t :ISO_onepass_pk; + Iknows(scrypt(K, M)) : (set t); + Iknows(K) : (set t)|] + ==> +((Iknows(M)) + #t) : ISO_onepass_pk" + | rule_3: "[| t :ISO_onepass_pk; + Iknows(pair(M1, M2)) : (set t)|] + ==> +((Iknows(M1)) + #(Iknows(M2)) + #t) : ISO_onepass_pk" + | rule_4: "[| t :ISO_onepass_pk; + Secret(M, Agent(honest(a))) : (set t); + Iknows(M) : (set t)|] + ==> +((Attack(pair(secrecy, M))) + #t) : ISO_onepass_pk" + | rule_5: "[| t :ISO_onepass_pk; + Request(A, B, Purpose(purposeNA), M, SID(sid)) : (set t); + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_NA . + M = Nonce((absNA(pair(B, A)) Abs_NA)))|] + ==> +((Attack(pair(authentication, pair(A, pair(B, M))))) + #t) : ISO_onepass_pk" + | rule_6: "[| t :ISO_onepass_pk; + Request(A, B, Purpose(purposeText1), M, SID(sid)) : (set t); + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_Text1 . + M = Nonce((absText1(pair(B, A)) Abs_Text1)))|] + ==> +((Attack(pair(authentication, pair(A, pair(B, M))))) + #t) : ISO_onepass_pk" + | rule_7: "[| t :ISO_onepass_pk; + State(rA, [Agent(A), Step(0), inv(pk(Agent(A))), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Agent(B), SID(sid)] ) : (set t)|] + ==> +((Witness(Agent(A), Agent(B), Purpose(purposeText1), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1)))) + #(State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Agent(B), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1)), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(B), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1)))))), SID(sid)] )) + #(Iknows(pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(B), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1)))))))) + #t) : ISO_onepass_pk" + | rule_8: "[| t :ISO_onepass_pk; + State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : (set t); + Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : (set t); + Iknows(crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid))) + #(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] )) + #t) : ISO_onepass_pk" + | rule_9: "[| t :ISO_onepass_pk; + State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : (set t); + Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : (set t); + Iknows(inv(pk(Agent(A)))) : (set t); + Iknows(Nonce(NA)) : (set t); + Iknows(Agent(B)) : (set t); + Iknows(Nonce(Text1)) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid))) + #(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] )) + #t) : ISO_onepass_pk" + | rule_10: "[| t :ISO_onepass_pk; + State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : (set t); + Iknows(inv(pk(Agent(honest(a))))) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(pk(Agent(A))) : (set t); + Iknows(crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid))) + #(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] )) + #t) : ISO_onepass_pk" + | rule_11: "[| t :ISO_onepass_pk; + State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : (set t); + Iknows(inv(pk(Agent(honest(a))))) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(pk(Agent(A))) : (set t); + Iknows(inv(pk(Agent(A)))) : (set t); + Iknows(Nonce(NA)) : (set t); + Iknows(Agent(B)) : (set t); + Iknows(Nonce(Text1)) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid))) + #(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] )) + #t) : ISO_onepass_pk" + | rule_12: "[| t :ISO_onepass_pk; + State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : (set t); + Iknows(inv(pk(Agent(honest(a))))) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid))) + #(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] )) + #t) : ISO_onepass_pk" + | rule_13: "[| t :ISO_onepass_pk; + State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : (set t); + Iknows(inv(pk(Agent(honest(a))))) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(inv(pk(Agent(A)))) : (set t); + Iknows(Nonce(NA)) : (set t); + Iknows(Agent(B)) : (set t); + Iknows(Nonce(Text1)) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid))) + #(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] )) + #t) : ISO_onepass_pk" + + +section {* Fixed-point Definition (ISO_onepass_pk) *} +constdefs ISO_onepass_pk_fp::"Fact set""ISO_onepass_pk_fp == {m. ( ? Abs_NI3 Abs_NI4 Abs_NI5 a18 a19 a20 a21 a22 a23 a24 a25 i11 i12 i13 Abs_Text13 Abs_Text14 Abs_Text15 Abs_NA3 a12 a13 a14 Abs_NA4 a15 a16 a17 Abs_NA5 i8 i9 i10 Abs_Text11 Abs_Text12 Abs_NI0 Abs_NI1 Abs_NA1 i3 i4 i5 i6 i7 Abs_NI2 a9 a10 a11 Abs_NA2 sid0 a6 a7 a8 a5 i0 i1 i2 a0 a1 Abs_NA0 a2 a3 a4 Abs_Text10 . + (m = Iknows(Nonce((ni Abs_NI0)))) + | (m = Iknows(Agent(dishonest(i0)))) + | (m = State(rA, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), crypt(inv(pk(Agent(honest(a3)))), pair(Agent(honest(a4)), pk(Agent(honest(a5))))), Agent(dishonest(i0)), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), crypt(inv(pk(Agent(honest(a3)))), pair(Agent(honest(a4)), pk(Agent(honest(a5))))), Agent(honest(a6)), SID(sid0)] )) + | (m = Iknows(Step(0))) + | (m = Iknows(inv(pk(Agent(dishonest(i0)))))) + | (m = Iknows(pk(Agent(dishonest(i0))))) + | (m = Iknows(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))) + | (m = Iknows(SID(sid0))) + | (m = Iknows(Agent(honest(a0)))) + | (m = State(rB, [Agent(honest(a0)), Step(0), pk(Agent(honest(a1))), SID(sid0)] )) + | (m = Iknows(pk(Agent(honest(a0))))) + | (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA0)), pair(Agent(honest(a6)), Nonce((absText1(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_Text10)))))))) + | (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_Text10)))))))) + | (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1)))))) + | (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText1), Nonce((absText1(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_Text10)))) + | (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), crypt(inv(pk(Agent(honest(a3)))), pair(Agent(honest(a4)), pk(Agent(honest(a5))))), Agent(dishonest(i0)), Nonce((absNA(pair(Agent(honest(a6)), Agent(dishonest(i1)))) Abs_NA0)), Nonce((absText1(pair(Agent(honest(a7)), Agent(dishonest(i2)))) Abs_Text10)), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(honest(a9)), pk(Agent(honest(a10))))), crypt(inv(pk(Agent(honest(a11)))), pair(Nonce((absNA(pair(Agent(honest(a12)), Agent(dishonest(i3)))) Abs_NA1)), pair(Agent(dishonest(i4)), Nonce((absText1(pair(Agent(honest(a13)), Agent(dishonest(i5)))) Abs_Text11)))))), SID(sid0)] )) + | (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeText1), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)))) + | (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), crypt(inv(pk(Agent(honest(a3)))), pair(Agent(honest(a4)), pk(Agent(honest(a5))))), Agent(honest(a6)), Nonce((absNA(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_NA0)), Nonce((absText1(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_Text10)), pair(crypt(inv(pk(Agent(honest(a11)))), pair(Agent(honest(a12)), pk(Agent(honest(a13))))), crypt(inv(pk(Agent(honest(a14)))), pair(Nonce((absNA(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_NA1)), pair(Agent(honest(a17)), Nonce((absText1(pair(Agent(honest(a18)), Agent(honest(a19)))) Abs_Text11)))))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText1), Nonce((ni Abs_NI0)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((ni Abs_NI0)), Nonce((ni Abs_NI1)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a2)), Nonce((ni Abs_NI3))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a3)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a4)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((ni Abs_NI4)), pair(Agent(honest(a5)), Nonce((ni Abs_NI5)))))), SID(sid0)] )) + | (m = Iknows(crypt(inv(pk(Agent(honest(a0)))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NA0)), pair(Agent(honest(a3)), Nonce((absText1(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_Text10))))))) + | (m = Iknows(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))))) + | (m = Iknows(crypt(inv(pk(Agent(honest(a0)))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_Text10))))))) + | (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA0)), pair(Agent(honest(a6)), Nonce((absText1(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_Text10)))))))) + | (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_Text10)))))))) + | (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1)))))) + | (m = Iknows(pair(Agent(dishonest(i0)), Nonce((absText1(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text10))))) + | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_Text10)))))) + | (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1)))))) + | (m = Iknows(pair(Agent(honest(a0)), Nonce((absText1(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_Text10))))) + | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NA0)), pair(Agent(honest(a2)), Nonce((absText1(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_Text10)))))) + | (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeText1), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA0)), crypt(inv(pk(Agent(honest(a6)))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_NA1)), pair(Agent(honest(a9)), Nonce((absText1(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_Text11))))), pk(Agent(honest(a12))), Agent(honest(a13)), crypt(inv(pk(Agent(honest(a14)))), pair(Agent(honest(a15)), pk(Agent(honest(a16))))), pair(crypt(inv(pk(Agent(honest(a17)))), pair(Agent(honest(a18)), pk(Agent(honest(a19))))), crypt(inv(pk(Agent(honest(a20)))), pair(Nonce((absNA(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_NA2)), pair(Agent(honest(a23)), Nonce((absText1(pair(Agent(honest(a24)), Agent(honest(a25)))) Abs_Text12)))))), SID(sid0)] )) + | (m = Iknows(Nonce((absText1(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_Text10)))) + | (m = Iknows(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)))) + | (m = Iknows(Nonce((absText1(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_Text10)))) + | (m = Iknows(Nonce((absNA(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NA0)))) + | (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA0)), pair(Agent(honest(a6)), Nonce((absText1(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_Text10)))))))) + | (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_Text10)))))))) + | (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1)))))) + | (m = Iknows(pair(Agent(dishonest(i0)), Nonce((absText1(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text10))))) + | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_Text10)))))) + | (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1)))))) + | (m = Iknows(pair(Agent(honest(a0)), Nonce((absText1(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_Text10))))) + | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NA0)), pair(Agent(honest(a2)), Nonce((absText1(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_Text10)))))) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText1), Nonce((absText1(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_Text10)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text10)), Nonce((absText1(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_Text11)), crypt(inv(pk(Agent(dishonest(i2)))), pair(Nonce((absText1(pair(Agent(honest(a4)), Agent(dishonest(i3)))) Abs_Text12)), pair(Agent(honest(a5)), Nonce((absText1(pair(Agent(honest(a6)), Agent(dishonest(i4)))) Abs_Text13))))), pk(Agent(dishonest(i5))), Agent(dishonest(i6)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i9)), pk(Agent(dishonest(i10))))), crypt(inv(pk(Agent(dishonest(i11)))), pair(Nonce((absText1(pair(Agent(honest(a9)), Agent(dishonest(i12)))) Abs_Text14)), pair(Agent(honest(a10)), Nonce((absText1(pair(Agent(honest(a11)), Agent(dishonest(i13)))) Abs_Text15)))))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText1), Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NA0)), Nonce((absText1(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_Text10)), crypt(inv(pk(Agent(dishonest(i2)))), pair(Nonce((absText1(pair(Agent(honest(a4)), Agent(dishonest(i3)))) Abs_Text11)), pair(Agent(honest(a5)), Nonce((absNA(pair(Agent(honest(a6)), Agent(dishonest(i4)))) Abs_NA1))))), pk(Agent(dishonest(i5))), Agent(dishonest(i6)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i9)), pk(Agent(dishonest(i10))))), crypt(inv(pk(Agent(dishonest(i11)))), pair(Nonce((absText1(pair(Agent(honest(a9)), Agent(dishonest(i12)))) Abs_Text12)), pair(Agent(honest(a10)), Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i13)))) Abs_NA2)))))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText1), Nonce((absText1(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_Text10)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), Nonce((absText1(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_Text11)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absText1(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_Text12)), pair(Agent(honest(a6)), Nonce((absText1(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_Text13))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absText1(pair(Agent(honest(a11)), Agent(dishonest(i10)))) Abs_Text14)), pair(Agent(honest(a12)), Nonce((absText1(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_Text15)))))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText1), Nonce((absNA(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NA0)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), Nonce((absText1(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_Text10)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absText1(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_Text11)), pair(Agent(honest(a6)), Nonce((absNA(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_NA1))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absText1(pair(Agent(honest(a11)), Agent(dishonest(i10)))) Abs_Text12)), pair(Agent(honest(a12)), Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA2)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((ni Abs_NI0)), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text10)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absText1(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_Text11)), pair(Agent(honest(a4)), Nonce((ni Abs_NI1))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a5)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absText1(pair(Agent(honest(a7)), Agent(dishonest(i10)))) Abs_Text12)), pair(Agent(honest(a8)), Nonce((ni Abs_NI2)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text10)), Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_NA0)), crypt(inv(pk(Agent(dishonest(i2)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i3)))) Abs_NA1)), pair(Agent(honest(a5)), Nonce((absText1(pair(Agent(honest(a6)), Agent(dishonest(i4)))) Abs_Text11))))), pk(Agent(dishonest(i5))), Agent(dishonest(i6)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i9)), pk(Agent(dishonest(i10))))), crypt(inv(pk(Agent(dishonest(i11)))), pair(Nonce((absNA(pair(Agent(honest(a9)), Agent(dishonest(i12)))) Abs_NA2)), pair(Agent(honest(a10)), Nonce((absText1(pair(Agent(honest(a11)), Agent(dishonest(i13)))) Abs_Text12)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NA0)), Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_NA1)), crypt(inv(pk(Agent(dishonest(i2)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i3)))) Abs_NA2)), pair(Agent(honest(a5)), Nonce((absNA(pair(Agent(honest(a6)), Agent(dishonest(i4)))) Abs_NA3))))), pk(Agent(dishonest(i5))), Agent(dishonest(i6)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i9)), pk(Agent(dishonest(i10))))), crypt(inv(pk(Agent(dishonest(i11)))), pair(Nonce((absNA(pair(Agent(honest(a9)), Agent(dishonest(i12)))) Abs_NA4)), pair(Agent(honest(a10)), Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i13)))) Abs_NA5)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NA0)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_NA1)), pair(Agent(honest(a6)), Nonce((absText1(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_Text11))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i10)))) Abs_NA2)), pair(Agent(honest(a12)), Nonce((absText1(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_Text12)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NA1)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_NA2)), pair(Agent(honest(a6)), Nonce((absNA(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_NA3))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i10)))) Abs_NA4)), pair(Agent(honest(a12)), Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA5)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((ni Abs_NI0)), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NA0)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NA1)), pair(Agent(honest(a4)), Nonce((ni Abs_NI1))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a5)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i10)))) Abs_NA2)), pair(Agent(honest(a8)), Nonce((ni Abs_NI2)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text10)), Nonce((absText1(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_Text11)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absText1(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_Text12)), pair(Agent(honest(a7)), Nonce((absText1(pair(Agent(honest(a8)), Agent(dishonest(i2)))) Abs_Text13))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absText1(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_Text14)), pair(Agent(honest(a13)), Nonce((absText1(pair(Agent(honest(a14)), Agent(dishonest(i10)))) Abs_Text15)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NA0)), Nonce((absText1(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_Text10)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absText1(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_Text11)), pair(Agent(honest(a7)), Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i2)))) Abs_NA1))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absText1(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_Text12)), pair(Agent(honest(a13)), Nonce((absNA(pair(Agent(honest(a14)), Agent(dishonest(i10)))) Abs_NA2)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), Nonce((absText1(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_Text11)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((absText1(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_Text12)), pair(Agent(honest(a8)), Nonce((absText1(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_Text13))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a11)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a12)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((absText1(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_Text14)), pair(Agent(honest(a15)), Nonce((absText1(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_Text15)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), Nonce((absText1(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_Text10)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((absText1(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_Text11)), pair(Agent(honest(a8)), Nonce((absNA(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NA1))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a11)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a12)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((absText1(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_Text12)), pair(Agent(honest(a15)), Nonce((absNA(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_NA2)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((ni Abs_NI0)), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((absText1(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_Text11)), pair(Agent(honest(a6)), Nonce((ni Abs_NI1))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((absText1(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_Text12)), pair(Agent(honest(a11)), Nonce((ni Abs_NI2)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text10)), Nonce((absNA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_NA0)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absNA(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_NA1)), pair(Agent(honest(a7)), Nonce((absText1(pair(Agent(honest(a8)), Agent(dishonest(i2)))) Abs_Text11))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_NA2)), pair(Agent(honest(a13)), Nonce((absText1(pair(Agent(honest(a14)), Agent(dishonest(i10)))) Abs_Text12)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NA0)), Nonce((absNA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_NA1)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absNA(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_NA2)), pair(Agent(honest(a7)), Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i2)))) Abs_NA3))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_NA4)), pair(Agent(honest(a13)), Nonce((absNA(pair(Agent(honest(a14)), Agent(dishonest(i10)))) Abs_NA5)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA0)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA1)), pair(Agent(honest(a8)), Nonce((absText1(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_Text11))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a11)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a12)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA2)), pair(Agent(honest(a15)), Nonce((absText1(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_Text12)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA1)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA2)), pair(Agent(honest(a8)), Nonce((absNA(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NA3))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a11)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a12)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA4)), pair(Agent(honest(a15)), Nonce((absNA(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_NA5)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((ni Abs_NI0)), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA1)), pair(Agent(honest(a6)), Nonce((ni Abs_NI1))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((absNA(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NA2)), pair(Agent(honest(a11)), Nonce((ni Abs_NI2)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text10)), Nonce((ni Abs_NI0)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a3)), Nonce((absText1(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_Text11))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a5)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a7)), Nonce((absText1(pair(Agent(honest(a8)), Agent(dishonest(i10)))) Abs_Text12)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NA0)), Nonce((ni Abs_NI0)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a3)), Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_NA1))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a5)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a7)), Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i10)))) Abs_NA2)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), Nonce((ni Abs_NI0)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a4)), Nonce((absText1(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_Text11))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a9)), Nonce((absText1(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_Text12)))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), Nonce((ni Abs_NI0)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a4)), Nonce((absNA(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_NA1))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a9)), Nonce((absNA(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_NA2)))))), SID(sid0)] )) + | (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA0)), pair(Agent(honest(a6)), Nonce((absText1(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_Text10)))))))) + | (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_Text10)))))))) + | (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1)))))) + | (m = Iknows(pair(Agent(dishonest(i0)), Nonce((absText1(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text10))))) + | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_Text10)))))) + | (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1)))))) + | (m = Iknows(pair(Agent(honest(a0)), Nonce((absText1(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_Text10))))) + | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NA0)), pair(Agent(honest(a2)), Nonce((absText1(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_Text10)))))) +)}" + + +section {* Checking Fixed-point (ISO_onepass_pk) *} +lemma fp_attack_free: "~ (Attack m : ISO_onepass_pk_fp)" + by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_0: "Iknows(Nonce((ni Abs_NI))) : ISO_onepass_pk_fp" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_1: "Iknows(Agent(dishonest(i))) : ISO_onepass_pk_fp" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_2: "State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), crypt(inv(pk(Agent(honest(a)))), pair(Agent(honest(a)), pk(Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] ) : ISO_onepass_pk_fp" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_3: "State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), crypt(inv(pk(Agent(honest(a)))), pair(Agent(honest(a)), pk(Agent(honest(a))))), Agent(honest(a)), SID(sid)] ) : ISO_onepass_pk_fp" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_4: "Iknows(Step(0)) : ISO_onepass_pk_fp" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_5: "Iknows(inv(pk(Agent(dishonest(i))))) : ISO_onepass_pk_fp" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_6: "Iknows(pk(Agent(dishonest(i)))) : ISO_onepass_pk_fp" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_7: "Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(dishonest(i)), pk(Agent(dishonest(i)))))) : ISO_onepass_pk_fp" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_8: "Iknows(SID(sid)) : ISO_onepass_pk_fp" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_9: "Iknows(Agent(honest(a))) : ISO_onepass_pk_fp" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_10: "State(rB, [Agent(honest(a)), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_11: "Iknows(pk(Agent(honest(a)))) : ISO_onepass_pk_fp" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_0: "[| + Iknows(crypt(K, M)) : ISO_onepass_pk_fp; + Iknows(inv(K)) : ISO_onepass_pk_fp|] + ==> + (Iknows(M) : ISO_onepass_pk_fp)" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_1: "[| + Iknows(crypt(inv(K), M)) : ISO_onepass_pk_fp; + Iknows(K) : ISO_onepass_pk_fp|] + ==> + (Iknows(M) : ISO_onepass_pk_fp)" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_2: "[| + Iknows(scrypt(K, M)) : ISO_onepass_pk_fp; + Iknows(K) : ISO_onepass_pk_fp|] + ==> + (Iknows(M) : ISO_onepass_pk_fp)" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_3: "[| + Iknows(pair(M1, M2)) : ISO_onepass_pk_fp|] + ==> + (Iknows(M1) : ISO_onepass_pk_fp) & + (Iknows(M2) : ISO_onepass_pk_fp)" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_4: "[| + Secret(M, Agent(honest(a))) : ISO_onepass_pk_fp; + Iknows(M) : ISO_onepass_pk_fp|] + ==> + (Attack(pair(secrecy, M)) : ISO_onepass_pk_fp)" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_5: "[| + Request(A, B, Purpose(purposeNA), M, SID(sid)) : ISO_onepass_pk_fp; + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_NA . + M = Nonce((absNA(pair(B, A)) Abs_NA)))|] + ==> + (Attack(pair(authentication, pair(A, pair(B, M)))) : ISO_onepass_pk_fp)" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_6: "[| + Request(A, B, Purpose(purposeText1), M, SID(sid)) : ISO_onepass_pk_fp; + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_Text1 . + M = Nonce((absText1(pair(B, A)) Abs_Text1)))|] + ==> + (Attack(pair(authentication, pair(A, pair(B, M)))) : ISO_onepass_pk_fp)" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_7: "[| + State(rA, [Agent(A), Step(0), inv(pk(Agent(A))), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Agent(B), SID(sid)] ) : ISO_onepass_pk_fp|] + ==> + (Witness(Agent(A), Agent(B), Purpose(purposeText1), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1))) : ISO_onepass_pk_fp) & + (State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Agent(B), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1)), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(B), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1)))))), SID(sid)] ) : ISO_onepass_pk_fp) & + (Iknows(pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(B), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1))))))) : ISO_onepass_pk_fp)" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_8: "[| + State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp; + Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : ISO_onepass_pk_fp; + Iknows(crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))) : ISO_onepass_pk_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)) : ISO_onepass_pk_fp) & + (State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ) : ISO_onepass_pk_fp)" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_9: "[| + State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp; + Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : ISO_onepass_pk_fp; + Iknows(inv(pk(Agent(A)))) : ISO_onepass_pk_fp; + Iknows(Nonce(NA)) : ISO_onepass_pk_fp; + Iknows(Agent(B)) : ISO_onepass_pk_fp; + Iknows(Nonce(Text1)) : ISO_onepass_pk_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)) : ISO_onepass_pk_fp) & + (State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ) : ISO_onepass_pk_fp)" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_10: "[| + State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp; + Iknows(inv(pk(Agent(honest(a))))) : ISO_onepass_pk_fp; + Iknows(Agent(A)) : ISO_onepass_pk_fp; + Iknows(pk(Agent(A))) : ISO_onepass_pk_fp; + Iknows(crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))) : ISO_onepass_pk_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)) : ISO_onepass_pk_fp) & + (State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ) : ISO_onepass_pk_fp)" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_11: "[| + State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp; + Iknows(inv(pk(Agent(honest(a))))) : ISO_onepass_pk_fp; + Iknows(Agent(A)) : ISO_onepass_pk_fp; + Iknows(pk(Agent(A))) : ISO_onepass_pk_fp; + Iknows(inv(pk(Agent(A)))) : ISO_onepass_pk_fp; + Iknows(Nonce(NA)) : ISO_onepass_pk_fp; + Iknows(Agent(B)) : ISO_onepass_pk_fp; + Iknows(Nonce(Text1)) : ISO_onepass_pk_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)) : ISO_onepass_pk_fp) & + (State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ) : ISO_onepass_pk_fp)" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_12: "[| + State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp; + Iknows(inv(pk(Agent(honest(a))))) : ISO_onepass_pk_fp; + Iknows(Agent(A)) : ISO_onepass_pk_fp; + Iknows(crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))) : ISO_onepass_pk_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)) : ISO_onepass_pk_fp) & + (State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ) : ISO_onepass_pk_fp)" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_13: "[| + State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp; + Iknows(inv(pk(Agent(honest(a))))) : ISO_onepass_pk_fp; + Iknows(Agent(A)) : ISO_onepass_pk_fp; + Iknows(inv(pk(Agent(A)))) : ISO_onepass_pk_fp; + Iknows(Nonce(NA)) : ISO_onepass_pk_fp; + Iknows(Agent(B)) : ISO_onepass_pk_fp; + Iknows(Nonce(Text1)) : ISO_onepass_pk_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)) : ISO_onepass_pk_fp) & + (State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ) : ISO_onepass_pk_fp)" +by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+ + + + +section {* Security Proof(s) (ISO_onepass_pk) *} +lemma over_approx: "t : ISO_onepass_pk ==> (set t) <= ISO_onepass_pk_fp" + apply(rule ISO_onepass_pk.induct, simp_all) + apply(propagate_fp, cut_tac init_0, (assumption | simp)+) + apply(propagate_fp, cut_tac init_1, (assumption | simp)+) + apply(propagate_fp, cut_tac init_2, (assumption | simp)+) + apply(propagate_fp, cut_tac init_3, (assumption | simp)+) + apply(propagate_fp, cut_tac init_4, (assumption | simp)+) + apply(propagate_fp, cut_tac init_5, (assumption | simp)+) + apply(propagate_fp, cut_tac init_6, (assumption | simp)+) + apply(propagate_fp, cut_tac init_7, (assumption | simp)+) + apply(propagate_fp, cut_tac init_8, (assumption | simp)+) + apply(propagate_fp, cut_tac init_9, (assumption | simp)+) + apply(propagate_fp, cut_tac init_10, (assumption | simp)+) + apply(propagate_fp, cut_tac init_11, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_0, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_1, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_2, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_3, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_4, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_5, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_6, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_7, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_8, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_9, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_10, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_11, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_12, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_13, (assumption | simp)+) +done + + + +end (* theory *) diff --git a/examples/ISOsymKeyTwoPassUnilateralAuthProt.thy b/examples/ISOsymKeyTwoPassUnilateralAuthProt.thy new file mode 100644 index 0000000..bf5df43 --- /dev/null +++ b/examples/ISOsymKeyTwoPassUnilateralAuthProt.thy @@ -0,0 +1,376 @@ +header {* Analysing ISO_twopass_symm *} +(* *********************************** + This file is automatically generated from the AnB file "AnB/ISOsymKeyTwoPassUnilateralAuthProt.AnB". + Backend: Open Source Fixedpoint Model Checker version 2009c +************************************ *) + +theory + "ISOsymKeyTwoPassUnilateralAuthProt" + imports + ofmc +begin + + + +section {* Protocol Model (ISO_twopass_symm) *} +datatype Role = rA | rB + +datatype Purpose = purposeNI | purposeNB | purposeText1 | purposeText2 | purposeText3 +datatype Agent = honest nat + | dishonest nat + +datatype Nonce = "ni" "nat" + | "absNB" "Msg" "nat" + | "absText2" "Msg" "nat" + | "NI" + | "NB" + | "Text1" + | "Text2" + | "Text3" + and Msg = Nonce "Nonce" + | Agent "Agent" + | Purpose "Purpose" + | pair "Msg*Msg" + | scrypt "Msg*Msg" + | crypt "Msg*Msg" + | inv "Msg" + | SID "nat" + | Step "nat" + | authentication + | secrecy +(* SymKeys *) + | SymKey "Msg" +(* Functions *) + | "sk" "Msg" + + datatype Fact = Iknows Msg + | State "Role * (Msg list)" + | Secret "Msg * Msg" + | Attack "Msg" + | Witness "Msg * Msg * Msg * Msg" + | Request "Msg * Msg * Msg * Msg * Msg" + + + + +section {* Inductive Protocol Definition (ISO_twopass_symm) *} +inductive_set + ISO_twopass_symm::"Fact list set" +where + init_0: "[ Iknows(Nonce((ni Abs_NI)))] : ISO_twopass_symm" + | init_1: "[ Iknows(Agent(dishonest(i)))] : ISO_twopass_symm" + | init_2: "[ State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(dishonest(i))))), Agent(dishonest(i)), SID(sid)] )] : ISO_twopass_symm" + | init_3: "[ State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] )] : ISO_twopass_symm" + | init_4: "[ Iknows(Step(0))] : ISO_twopass_symm" + | init_5: "[ Iknows(SymKey(sk(pair(Agent(dishonest(i)), Agent(dishonest(i))))))] : ISO_twopass_symm" + | init_6: "[ Iknows(SID(sid))] : ISO_twopass_symm" + | init_7: "[ Iknows(SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))))] : ISO_twopass_symm" + | init_8: "[ Iknows(Agent(honest(a)))] : ISO_twopass_symm" + | init_9: "[ State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] )] : ISO_twopass_symm" + | init_10: "[ State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] )] : ISO_twopass_symm" + | init_11: "[ Iknows(SymKey(sk(pair(Agent(honest(a)), Agent(dishonest(i))))))] : ISO_twopass_symm" + | rule_0: "[| t :ISO_twopass_symm; + Iknows(crypt(K, M)) : (set t); + Iknows(inv(K)) : (set t)|] + ==> +((Iknows(M)) + #t) : ISO_twopass_symm" + | rule_1: "[| t :ISO_twopass_symm; + Iknows(crypt(inv(K), M)) : (set t); + Iknows(K) : (set t)|] + ==> +((Iknows(M)) + #t) : ISO_twopass_symm" + | rule_2: "[| t :ISO_twopass_symm; + Iknows(scrypt(K, M)) : (set t); + Iknows(K) : (set t)|] + ==> +((Iknows(M)) + #t) : ISO_twopass_symm" + | rule_3: "[| t :ISO_twopass_symm; + Iknows(pair(M1, M2)) : (set t)|] + ==> +((Iknows(M1)) + #(Iknows(M2)) + #t) : ISO_twopass_symm" + | rule_4: "[| t :ISO_twopass_symm; + Secret(M, Agent(honest(a))) : (set t); + Iknows(M) : (set t)|] + ==> +((Attack(pair(secrecy, M))) + #t) : ISO_twopass_symm" + | rule_5: "[| t :ISO_twopass_symm; + Request(A, B, Purpose(purposeNB), M, SID(sid)) : (set t); + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_NB . + M = Nonce((absNB(pair(B, A)) Abs_NB)))|] + ==> +((Attack(pair(authentication, pair(A, pair(B, M))))) + #t) : ISO_twopass_symm" + | rule_6: "[| t :ISO_twopass_symm; + Request(A, B, Purpose(purposeText2), M, SID(sid)) : (set t); + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_Text2 . + M = Nonce((absText2(pair(B, A)) Abs_Text2)))|] + ==> +((Attack(pair(authentication, pair(A, pair(B, M))))) + #t) : ISO_twopass_symm" + | rule_7: "[| t :ISO_twopass_symm; + State(rB, [Agent(B), Step(0), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), SID(sid)] ) : (set t)|] + ==> +((State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB)), SID(sid)] )) + #(Iknows(Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB)))) + #t) : ISO_twopass_symm" + | rule_8: "[| t :ISO_twopass_symm; + State(rA, [Agent(A), Step(0), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(B), SID(sid)] ) : (set t); + Iknows(Nonce(NB)) : (set t)|] + ==> +((Witness(Agent(A), Agent(B), Purpose(purposeText2), Nonce((absText2(pair(Agent(A), Agent(B))) Abs_Text2)))) + #(State(rA, [Agent(A), Step(1), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(B), Nonce(NB), Nonce((absText2(pair(Agent(A), Agent(B))) Abs_Text2)), scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce((absText2(pair(Agent(A), Agent(B))) Abs_Text2))))), SID(sid)] )) + #(Iknows(scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce((absText2(pair(Agent(A), Agent(B))) Abs_Text2))))))) + #t) : ISO_twopass_symm" + | rule_9: "[| t :ISO_twopass_symm; + State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce(NB), SID(sid)] ) : (set t); + Iknows(scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce(Text2))))) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeText2), Nonce(Text2), SID(sid))) + #(State(rB, [Agent(B), Step(2), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce(NB), Nonce(Text2), scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce(Text2)))), SID(sid)] )) + #t) : ISO_twopass_symm" + | rule_10: "[| t :ISO_twopass_symm; + State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce(NB), SID(sid)] ) : (set t); + Iknows(SymKey(sk(pair(Agent(A), Agent(B))))) : (set t); + Iknows(Nonce(NB)) : (set t); + Iknows(Agent(B)) : (set t); + Iknows(Nonce(Text2)) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeText2), Nonce(Text2), SID(sid))) + #(State(rB, [Agent(B), Step(2), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce(NB), Nonce(Text2), scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce(Text2)))), SID(sid)] )) + #t) : ISO_twopass_symm" + + +section {* Fixed-point Definition (ISO_twopass_symm) *} +constdefs ISO_twopass_symm_fp::"Fact set""ISO_twopass_symm_fp == {m. ( ? Abs_NB2 Abs_NB3 Abs_NI1 i7 Abs_Text22 Abs_Text23 a8 a9 a10 a11 a12 a13 a14 i4 i5 Abs_NB1 a6 a7 i6 sid0 a3 a4 a5 i3 Abs_NI0 Abs_NB0 a2 a0 i0 Abs_Text20 i1 a1 i2 Abs_Text21 . + (m = Iknows(Nonce((ni Abs_NI0)))) + | (m = Iknows(Agent(dishonest(i0)))) + | (m = State(rA, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(dishonest(i0))))), Agent(dishonest(i1)), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), SID(sid0)] )) + | (m = Iknows(Step(0))) + | (m = Iknows(SymKey(sk(pair(Agent(dishonest(i0)), Agent(dishonest(i1))))))) + | (m = Iknows(SID(sid0))) + | (m = Iknows(SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a0))))))) + | (m = Iknows(Agent(honest(a0)))) + | (m = State(rB, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), Agent(dishonest(i1)), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), SID(sid0)] )) + | (m = Iknows(SymKey(sk(pair(Agent(honest(a0)), Agent(dishonest(i0))))))) + | (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), Nonce((absNB(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NB0)), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_NB0)), SID(sid0)] )) + | (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText2), Nonce((absText2(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_Text20)))) + | (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(dishonest(i0))))), Agent(dishonest(i1)), Nonce((ni Abs_NI0)), Nonce((absText2(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_Text20)), scrypt(SymKey(sk(pair(Agent(honest(a3)), Agent(dishonest(i3))))), pair(Nonce((ni Abs_NI1)), pair(Agent(dishonest(i4)), Nonce((absText2(pair(Agent(honest(a4)), Agent(dishonest(i5)))) Abs_Text21))))), SID(sid0)] )) + | (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeText2), Nonce((absText2(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text20)))) + | (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), Nonce((ni Abs_NI0)), Nonce((absText2(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_Text20)), scrypt(SymKey(sk(pair(Agent(honest(a6)), Agent(honest(a7))))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a8)), Nonce((absText2(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_Text21))))), SID(sid0)] )) + | (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((ni Abs_NI0)), pair(Agent(honest(a2)), Nonce((absText2(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_Text20))))))) + | (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(dishonest(i0))))), pair(Nonce((ni Abs_NI0)), pair(Agent(dishonest(i1)), Nonce((absText2(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_Text20))))))) + | (m = Iknows(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0)))) + | (m = Iknows(Nonce((absNB(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NB0)))) + | (m = Iknows(pair(Agent(dishonest(i0)), Nonce((absText2(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text20))))) + | (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Agent(dishonest(i0)), Nonce((absText2(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text20)))))) + | (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(dishonest(i0))))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_NB0)), Nonce((absText2(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_Text20)), scrypt(SymKey(sk(pair(Agent(honest(a4)), Agent(dishonest(i4))))), pair(Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i5)))) Abs_NB1)), pair(Agent(dishonest(i6)), Nonce((absText2(pair(Agent(honest(a6)), Agent(dishonest(i7)))) Abs_Text21))))), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(dishonest(i0))))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NB0)), Nonce((absText2(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_Text20)), scrypt(SymKey(sk(pair(Agent(honest(a5)), Agent(dishonest(i3))))), pair(Nonce((absNB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NB1)), pair(Agent(dishonest(i4)), Nonce((absText2(pair(Agent(honest(a8)), Agent(dishonest(i5)))) Abs_Text21))))), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), Nonce((absNB(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NB0)), Nonce((absText2(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_Text20)), scrypt(SymKey(sk(pair(Agent(honest(a7)), Agent(honest(a8))))), pair(Nonce((absNB(pair(Agent(honest(a9)), Agent(dishonest(i1)))) Abs_NB1)), pair(Agent(honest(a10)), Nonce((absText2(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_Text21))))), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), Nonce((absNB(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NB0)), Nonce((absText2(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_Text20)), scrypt(SymKey(sk(pair(Agent(honest(a8)), Agent(honest(a9))))), pair(Nonce((absNB(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_NB1)), pair(Agent(honest(a12)), Nonce((absText2(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_Text21))))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText2), Nonce((absNB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NB0)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(2), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_NB0)), Nonce((absNB(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_NB1)), scrypt(SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a4))))), pair(Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i5)))) Abs_NB2)), pair(Agent(honest(a6)), Nonce((absNB(pair(Agent(honest(a7)), Agent(dishonest(i6)))) Abs_NB3))))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText2), Nonce((absNB(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NB0)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(2), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_NB0)), Nonce((absNB(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_NB1)), scrypt(SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a5))))), pair(Nonce((absNB(pair(Agent(honest(a6)), Agent(dishonest(i4)))) Abs_NB2)), pair(Agent(honest(a7)), Nonce((absNB(pair(Agent(honest(a8)), Agent(honest(a9)))) Abs_NB3))))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText2), Nonce((ni Abs_NI0)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(2), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_NB0)), Nonce((ni Abs_NI0)), scrypt(SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a3))))), pair(Nonce((absNB(pair(Agent(honest(a4)), Agent(dishonest(i4)))) Abs_NB1)), pair(Agent(honest(a5)), Nonce((ni Abs_NI1))))), SID(sid0)] )) + | (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absNB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NB0)), pair(Agent(honest(a4)), Nonce((absText2(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_Text20))))))) + | (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absNB(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NB0)), pair(Agent(honest(a3)), Nonce((absText2(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_Text20))))))) + | (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(dishonest(i0))))), pair(Nonce((absNB(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NB0)), pair(Agent(dishonest(i1)), Nonce((absText2(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_Text20))))))) + | (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(dishonest(i0))))), pair(Nonce((absNB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NB0)), pair(Agent(dishonest(i2)), Nonce((absText2(pair(Agent(honest(a2)), Agent(dishonest(i3)))) Abs_Text20))))))) + | (m = Iknows(Nonce((absText2(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_Text20)))) + | (m = Iknows(pair(Agent(dishonest(i0)), Nonce((absText2(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text20))))) + | (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Agent(dishonest(i0)), Nonce((absText2(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text20)))))) + | (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0)), pair(Agent(dishonest(i1)), Nonce((absText2(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_Text20)))))) + | (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NB0)), pair(Agent(dishonest(i0)), Nonce((absText2(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_Text20)))))) + | (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(dishonest(i0))))), Agent(dishonest(i1)), Nonce((absText2(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_Text20)), Nonce((absText2(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_Text21)), scrypt(SymKey(sk(pair(Agent(honest(a4)), Agent(dishonest(i4))))), pair(Nonce((absText2(pair(Agent(honest(a5)), Agent(dishonest(i5)))) Abs_Text22)), pair(Agent(dishonest(i6)), Nonce((absText2(pair(Agent(honest(a6)), Agent(dishonest(i7)))) Abs_Text23))))), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), Nonce((absText2(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_Text20)), Nonce((absText2(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_Text21)), scrypt(SymKey(sk(pair(Agent(honest(a7)), Agent(honest(a8))))), pair(Nonce((absText2(pair(Agent(honest(a9)), Agent(dishonest(i1)))) Abs_Text22)), pair(Agent(honest(a10)), Nonce((absText2(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_Text23))))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeText2), Nonce((absText2(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text20)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(2), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), Nonce((absNB(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NB0)), Nonce((absText2(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_Text20)), scrypt(SymKey(sk(pair(Agent(honest(a8)), Agent(honest(a9))))), pair(Nonce((absNB(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_NB1)), pair(Agent(honest(a12)), Nonce((absText2(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_Text21))))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText2), Nonce((absText2(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_Text20)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(2), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_NB0)), Nonce((absText2(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_Text20)), scrypt(SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a4))))), pair(Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i5)))) Abs_NB1)), pair(Agent(honest(a6)), Nonce((absText2(pair(Agent(honest(a7)), Agent(dishonest(i6)))) Abs_Text21))))), SID(sid0)] )) + | (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absText2(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text20)), pair(Agent(honest(a3)), Nonce((absText2(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_Text21))))))) + | (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(dishonest(i0))))), pair(Nonce((absText2(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_Text20)), pair(Agent(dishonest(i2)), Nonce((absText2(pair(Agent(honest(a2)), Agent(dishonest(i3)))) Abs_Text21))))))) + | (m = Iknows(pair(Agent(dishonest(i0)), Nonce((absText2(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text20))))) + | (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Agent(dishonest(i0)), Nonce((absText2(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text20)))))) + | (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0)), pair(Agent(dishonest(i1)), Nonce((absText2(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_Text20)))))) + | (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NB0)), pair(Agent(dishonest(i0)), Nonce((absText2(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_Text20)))))) + | (m = Iknows(pair(Nonce((absText2(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_Text20)), pair(Agent(dishonest(i1)), Nonce((absText2(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_Text21)))))) +)}" + + +section {* Checking Fixed-point (ISO_twopass_symm) *} +lemma fp_attack_free: "~ (Attack m : ISO_twopass_symm_fp)" + by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_0: "Iknows(Nonce((ni Abs_NI))) : ISO_twopass_symm_fp" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_1: "Iknows(Agent(dishonest(i))) : ISO_twopass_symm_fp" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_2: "State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(dishonest(i))))), Agent(dishonest(i)), SID(sid)] ) : ISO_twopass_symm_fp" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_3: "State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] ) : ISO_twopass_symm_fp" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_4: "Iknows(Step(0)) : ISO_twopass_symm_fp" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_5: "Iknows(SymKey(sk(pair(Agent(dishonest(i)), Agent(dishonest(i)))))) : ISO_twopass_symm_fp" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_6: "Iknows(SID(sid)) : ISO_twopass_symm_fp" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_7: "Iknows(SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a)))))) : ISO_twopass_symm_fp" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_8: "Iknows(Agent(honest(a))) : ISO_twopass_symm_fp" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_9: "State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] ) : ISO_twopass_symm_fp" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_10: "State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] ) : ISO_twopass_symm_fp" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_11: "Iknows(SymKey(sk(pair(Agent(honest(a)), Agent(dishonest(i)))))) : ISO_twopass_symm_fp" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_0: "[| + Iknows(crypt(K, M)) : ISO_twopass_symm_fp; + Iknows(inv(K)) : ISO_twopass_symm_fp|] + ==> + (Iknows(M) : ISO_twopass_symm_fp)" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_1: "[| + Iknows(crypt(inv(K), M)) : ISO_twopass_symm_fp; + Iknows(K) : ISO_twopass_symm_fp|] + ==> + (Iknows(M) : ISO_twopass_symm_fp)" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_2: "[| + Iknows(scrypt(K, M)) : ISO_twopass_symm_fp; + Iknows(K) : ISO_twopass_symm_fp|] + ==> + (Iknows(M) : ISO_twopass_symm_fp)" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_3: "[| + Iknows(pair(M1, M2)) : ISO_twopass_symm_fp|] + ==> + (Iknows(M1) : ISO_twopass_symm_fp) & + (Iknows(M2) : ISO_twopass_symm_fp)" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_4: "[| + Secret(M, Agent(honest(a))) : ISO_twopass_symm_fp; + Iknows(M) : ISO_twopass_symm_fp|] + ==> + (Attack(pair(secrecy, M)) : ISO_twopass_symm_fp)" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_5: "[| + Request(A, B, Purpose(purposeNB), M, SID(sid)) : ISO_twopass_symm_fp; + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_NB . + M = Nonce((absNB(pair(B, A)) Abs_NB)))|] + ==> + (Attack(pair(authentication, pair(A, pair(B, M)))) : ISO_twopass_symm_fp)" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_6: "[| + Request(A, B, Purpose(purposeText2), M, SID(sid)) : ISO_twopass_symm_fp; + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_Text2 . + M = Nonce((absText2(pair(B, A)) Abs_Text2)))|] + ==> + (Attack(pair(authentication, pair(A, pair(B, M)))) : ISO_twopass_symm_fp)" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_7: "[| + State(rB, [Agent(B), Step(0), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), SID(sid)] ) : ISO_twopass_symm_fp|] + ==> + (State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB)), SID(sid)] ) : ISO_twopass_symm_fp) & + (Iknows(Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB))) : ISO_twopass_symm_fp)" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_8: "[| + State(rA, [Agent(A), Step(0), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(B), SID(sid)] ) : ISO_twopass_symm_fp; + Iknows(Nonce(NB)) : ISO_twopass_symm_fp|] + ==> + (Witness(Agent(A), Agent(B), Purpose(purposeText2), Nonce((absText2(pair(Agent(A), Agent(B))) Abs_Text2))) : ISO_twopass_symm_fp) & + (State(rA, [Agent(A), Step(1), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(B), Nonce(NB), Nonce((absText2(pair(Agent(A), Agent(B))) Abs_Text2)), scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce((absText2(pair(Agent(A), Agent(B))) Abs_Text2))))), SID(sid)] ) : ISO_twopass_symm_fp) & + (Iknows(scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce((absText2(pair(Agent(A), Agent(B))) Abs_Text2)))))) : ISO_twopass_symm_fp)" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_9: "[| + State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce(NB), SID(sid)] ) : ISO_twopass_symm_fp; + Iknows(scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce(Text2))))) : ISO_twopass_symm_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeText2), Nonce(Text2), SID(sid)) : ISO_twopass_symm_fp) & + (State(rB, [Agent(B), Step(2), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce(NB), Nonce(Text2), scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce(Text2)))), SID(sid)] ) : ISO_twopass_symm_fp)" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_10: "[| + State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce(NB), SID(sid)] ) : ISO_twopass_symm_fp; + Iknows(SymKey(sk(pair(Agent(A), Agent(B))))) : ISO_twopass_symm_fp; + Iknows(Nonce(NB)) : ISO_twopass_symm_fp; + Iknows(Agent(B)) : ISO_twopass_symm_fp; + Iknows(Nonce(Text2)) : ISO_twopass_symm_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeText2), Nonce(Text2), SID(sid)) : ISO_twopass_symm_fp) & + (State(rB, [Agent(B), Step(2), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce(NB), Nonce(Text2), scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce(Text2)))), SID(sid)] ) : ISO_twopass_symm_fp)" +by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+ + + + +section {* Security Proof(s) (ISO_twopass_symm) *} +lemma over_approx: "t : ISO_twopass_symm ==> (set t) <= ISO_twopass_symm_fp" + apply(rule ISO_twopass_symm.induct, simp_all) + apply(propagate_fp, cut_tac init_0, (assumption | simp)+) + apply(propagate_fp, cut_tac init_1, (assumption | simp)+) + apply(propagate_fp, cut_tac init_2, (assumption | simp)+) + apply(propagate_fp, cut_tac init_3, (assumption | simp)+) + apply(propagate_fp, cut_tac init_4, (assumption | simp)+) + apply(propagate_fp, cut_tac init_5, (assumption | simp)+) + apply(propagate_fp, cut_tac init_6, (assumption | simp)+) + apply(propagate_fp, cut_tac init_7, (assumption | simp)+) + apply(propagate_fp, cut_tac init_8, (assumption | simp)+) + apply(propagate_fp, cut_tac init_9, (assumption | simp)+) + apply(propagate_fp, cut_tac init_10, (assumption | simp)+) + apply(propagate_fp, cut_tac init_11, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_0, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_1, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_2, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_3, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_4, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_5, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_6, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_7, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_8, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_9, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_10, (assumption | simp)+) +done + + + +end (* theory *) diff --git a/examples/IsaMakefile b/examples/IsaMakefile new file mode 100644 index 0000000..2349ffe --- /dev/null +++ b/examples/IsaMakefile @@ -0,0 +1,83 @@ +############################################################################# +# Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL +# +# IsaMakefile --- +# This file is part of Isabelle-OFMC. +# +# Copyright (c) 2009 Achim D. Brucker, Germany +# +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# +# * Neither the name of the copyright holders nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +############################################################################## +# $Id: IsaMakefile 927 2009-11-01 22:36:10Z brucker $ + +default: ofmc-anb +images: +test: ofmc-anb + +all: images test + +## global settings + +SRC = $(ISABELLE_HOME)/src +OUT = $(ISABELLE_OUTPUT) +LOG = $(OUT)/log +HEAP = ofmc-anb + +MV = mv +CP = cp + +USEDIR = $(ISATOOL) usedir -b -g true -v true -i true -d pdf ## -D generated +USEDIR = $(ISATOOL) usedir -b + +HOSTNAME = $(shell,$(ISATOOL) getenv HOSTNAME) +export HOSTNAME + +## ofmc-isabelle + +$(HEAP): $(LOG)/HOL-$(HEAP).gz + +$(LOG)/HOL-$(HEAP).gz: ROOT.ML document/root.tex *.thy + @$(RM) -rf $(ISABELLE_BROWSER_INFO)/HOL/$(HEAP)/document + @$(USEDIR) ofmc $(HEAP) + @$(CP) $(ISABELLE_BROWSER_INFO)/HOL/ofmc/$(HEAP)/document.pdf $(HEAP).pdf + +thygen: + for i in AnB/*.AnB; do echo -e $$i; anb2thy $$i > `basename $$i .AnB`.thy; done +thygen-noproof: + for i in AnB/*.AnB; do echo -e $$i; anb2thy --noproof $$i > `basename $$i .AnB`.thy; done + +fpgen: + for i in AnB/*.AnB; do echo -e $$i; ofmc $$i -ot Isa > AnB/`basename $$i .AnB`.fp; done + +## clean + +clean: + @$(RM) -f $(LOG)/HOL-$(HEAP).gz diff --git a/examples/ROOT.ML b/examples/ROOT.ML new file mode 100644 index 0000000..8143930 --- /dev/null +++ b/examples/ROOT.ML @@ -0,0 +1,76 @@ +(***************************************************************************** + * HOL-OCL --- connecting OFMC and Isabelle/HOL + * + * ROOT.ML --- + * This file is part of Isabelle-OFMC. + * + * Copyright (c) 2009 Achim D. Brucker, Germany + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * * Neither the name of the copyright holders nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************) +(* $Id: ROOT.ML 931 2009-11-01 22:44:01Z brucker $ *) + + +val today = (Date.toString(Date.fromTimeUniv (Time.now())))^" (UTC)" +val hostname = getOpt (OS.Process.getEnv "HOSTNAME", "hostname not set") +val timer = Timer.startRealTimer () +val log_file = "document/report.tex" + +val _ = File.write (Path.explode (log_file)) + ( "% This file was generated automatically \n" + ^"\\section{Runtime Report}\n" + ^"All reported runtime are measured on host ``"^hostname^"'' on "^today^".\n\n" + ^"\\begin{tabular}{lr}\n" + ) + +fun log_thy thy = + let + val start = Timer.checkRealTimer timer + val _ = use_thy thy + val stop = Timer.checkRealTimer timer + val duration = Time.-(stop,start) + val _ = File.append (Path.explode(log_file)) (" "^thy^" & "^(Time.toString duration)^"\\\\\n") + in () end + + + +val _ = map log_thy [ + "ISOsymKeyTwoPassUnilateralAuthProt", + "Denning-Sacco", + "nsl", + "ISOpubKeyOnePassUnilateralAuthProt", + "WideMouthFrog", + "Bilateral-Key_Exchange", + "nsl-ks" + ] + +val _ = File.append (Path.explode (log_file)) ("\\end{tabular}") + diff --git a/examples/WideMouthFrog.thy b/examples/WideMouthFrog.thy new file mode 100644 index 0000000..7d92df2 --- /dev/null +++ b/examples/WideMouthFrog.thy @@ -0,0 +1,466 @@ +header {* Analysing WideMouthFrog *} +(* *********************************** + This file is automatically generated from the AnB file "AnB/WideMouthFrog.AnB". + Backend: Open Source Fixedpoint Model Checker version 2009c +************************************ *) + +theory + "WideMouthFrog" + imports + ofmc +begin + + + +section {* Protocol Model (WideMouthFrog) *} +datatype Role = rA | rB | rs + +datatype Purpose = purposeKAB | purposeNI | purposeTA | purposeTS +datatype Agent = honest nat + | dishonest nat + +datatype Nonce = "ni" "nat" + | "absTA" "Msg" "nat" + | "absTS" "Msg" "nat" + | "NI" + | "TA" + | "TS" + and Msg = Nonce "Nonce" + | Agent "Agent" + | Purpose "Purpose" + | pair "Msg*Msg" + | scrypt "Msg*Msg" + | crypt "Msg*Msg" + | inv "Msg" + | SID "nat" + | Step "nat" + | authentication + | secrecy +(* SymKeys *) + | SymKey "Msg" + | "absKAB" "Msg" "nat" +(* Functions *) + | "sk" "Msg" + + datatype Fact = Iknows Msg + | State "Role * (Msg list)" + | Secret "Msg * Msg" + | Attack "Msg" + | Witness "Msg * Msg * Msg * Msg" + | Request "Msg * Msg * Msg * Msg * Msg" + + + + +section {* Inductive Protocol Definition (WideMouthFrog) *} +inductive_set + WideMouthFrog::"Fact list set" +where + init_0: "[ Iknows(Nonce((ni Abs_NI)))] : WideMouthFrog" + | init_1: "[ Iknows(Agent(dishonest(i)))] : WideMouthFrog" + | init_2: "[ State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] )] : WideMouthFrog" + | init_3: "[ State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] )] : WideMouthFrog" + | init_4: "[ Iknows(Step(0))] : WideMouthFrog" + | init_5: "[ Iknows(SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))))] : WideMouthFrog" + | init_6: "[ Iknows(SID(sid))] : WideMouthFrog" + | init_7: "[ Iknows(Agent(honest(a)))] : WideMouthFrog" + | init_8: "[ State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] )] : WideMouthFrog" + | init_9: "[ State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] )] : WideMouthFrog" + | init_10: "[ State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), Agent(dishonest(i)), Agent(dishonest(i)), SID(sid)] )] : WideMouthFrog" + | init_11: "[ State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(dishonest(i)), Agent(honest(a)), SID(sid)] )] : WideMouthFrog" + | init_12: "[ State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), Agent(honest(a)), Agent(dishonest(i)), SID(sid)] )] : WideMouthFrog" + | init_13: "[ State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), Agent(honest(a)), SID(sid)] )] : WideMouthFrog" + | rule_0: "[| t :WideMouthFrog; + Iknows(crypt(K, M)) : (set t); + Iknows(inv(K)) : (set t)|] + ==> +((Iknows(M)) + #t) : WideMouthFrog" + | rule_1: "[| t :WideMouthFrog; + Iknows(crypt(inv(K), M)) : (set t); + Iknows(K) : (set t)|] + ==> +((Iknows(M)) + #t) : WideMouthFrog" + | rule_2: "[| t :WideMouthFrog; + Iknows(scrypt(K, M)) : (set t); + Iknows(K) : (set t)|] + ==> +((Iknows(M)) + #t) : WideMouthFrog" + | rule_3: "[| t :WideMouthFrog; + Iknows(pair(M1, M2)) : (set t)|] + ==> +((Iknows(M1)) + #(Iknows(M2)) + #t) : WideMouthFrog" + | rule_4: "[| t :WideMouthFrog; + Secret(M, Agent(honest(a))) : (set t); + Iknows(M) : (set t)|] + ==> +((Attack(pair(secrecy, M))) + #t) : WideMouthFrog" + | rule_5: "[| t :WideMouthFrog; + Request(A, B, Purpose(purposeTA), M, SID(sid)) : (set t); + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_TA . + M = Nonce((absTA(pair(B, A)) Abs_TA)))|] + ==> +((Attack(pair(authentication, pair(A, pair(B, M))))) + #t) : WideMouthFrog" + | rule_6: "[| t :WideMouthFrog; + Request(A, B, Purpose(purposeKAB), M, SID(sid)) : (set t); + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_KAB . + M = SymKey((absKAB(pair(B, A)) Abs_KAB)))|] + ==> +((Attack(pair(authentication, pair(A, pair(B, M))))) + #t) : WideMouthFrog" + | rule_7: "[| t :WideMouthFrog; + Request(A, B, Purpose(purposeTS), M, SID(sid)) : (set t); + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_TS . + M = Nonce((absTS(pair(B, A)) Abs_TS)))|] + ==> +((Attack(pair(authentication, pair(A, pair(B, M))))) + #t) : WideMouthFrog" + | rule_8: "[| t :WideMouthFrog; + State(rA, [Agent(A), Step(0), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), SID(sid)] ) : (set t)|] + ==> +((Secret(SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)), Agent(B))) + #(Witness(Agent(A), Agent(B), Purpose(purposeKAB), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)))) + #(State(rA, [Agent(A), Step(1), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Nonce((absTA(pair(Agent(A), Agent(B))) Abs_TA)), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)), pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce((absTA(pair(Agent(A), Agent(B))) Abs_TA)), pair(Agent(B), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)))))), SID(sid)] )) + #(Iknows(pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce((absTA(pair(Agent(A), Agent(B))) Abs_TA)), pair(Agent(B), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)))))))) + #t) : WideMouthFrog" + | rule_9: "[| t :WideMouthFrog; + State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SID(sid)] ) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB))))) : (set t)|] + ==> +((State(rs, [Agent(honest(a)), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SymKey(KAB), Nonce(TA), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB)))), pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB))))), Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB)))), SID(sid)] )) + #(Iknows(scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB)))))) + #t) : WideMouthFrog" + | rule_10: "[| t :WideMouthFrog; + State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SID(sid)] ) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(SymKey(sk(pair(Agent(A), Agent(honest(a)))))) : (set t); + Iknows(Nonce(TA)) : (set t); + Iknows(Agent(B)) : (set t); + Iknows(SymKey(KAB)) : (set t)|] + ==> +((State(rs, [Agent(honest(a)), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SymKey(KAB), Nonce(TA), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB)))), pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB))))), Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB)))), SID(sid)] )) + #(Iknows(scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB)))))) + #t) : WideMouthFrog" + | rule_11: "[| t :WideMouthFrog; + State(rB, [Agent(B), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SID(sid)] ) : (set t); + Iknows(scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce(TS), pair(Agent(A), SymKey(KAB))))) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeKAB), SymKey(KAB), SID(sid))) + #(State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SymKey(KAB), Nonce(TS), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce(TS), pair(Agent(A), SymKey(KAB)))), SID(sid)] )) + #t) : WideMouthFrog" + | rule_12: "[| t :WideMouthFrog; + State(rB, [Agent(B), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SID(sid)] ) : (set t); + Iknows(SymKey(sk(pair(Agent(B), Agent(honest(a)))))) : (set t); + Iknows(Nonce(TS)) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(SymKey(KAB)) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeKAB), SymKey(KAB), SID(sid))) + #(State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SymKey(KAB), Nonce(TS), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce(TS), pair(Agent(A), SymKey(KAB)))), SID(sid)] )) + #t) : WideMouthFrog" + + +section {* Fixed-point Definition (WideMouthFrog) *} +constdefs WideMouthFrog_fp::"Fact set""WideMouthFrog_fp == {m. ( ? Abs_TA2 Abs_TA1 a21 a22 a23 a24 a25 a26 a27 a28 a29 a30 a31 a32 a33 a34 a17 a18 a19 a20 i19 i20 i21 i22 i23 i24 i18 i12 Abs_TS2 i13 i14 Abs_TS3 i15 Abs_TS4 i16 i17 Abs_NI0 Abs_NI1 i6 a9 Abs_NI2 a10 a11 i7 Abs_KAB2 a12 i8 a13 a14 a15 i9 i10 a16 i11 Abs_KAB3 Abs_TS1 a8 i5 Abs_KAB1 sid0 i4 a5 a6 a7 a3 Abs_TA0 a4 a1 a2 i0 i1 Abs_TS0 i2 a0 i3 Abs_KAB0 . + (m = Iknows(Nonce((ni Abs_NI0)))) + | (m = Iknows(Agent(dishonest(i0)))) + | (m = State(rA, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(dishonest(i0)), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), SID(sid0)] )) + | (m = Iknows(Step(0))) + | (m = Iknows(SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a0))))))) + | (m = Iknows(SID(sid0))) + | (m = Iknows(Agent(honest(a0)))) + | (m = State(rB, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(dishonest(i0)), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(honest(a2)), Agent(honest(a3))))), Agent(dishonest(i1)), Agent(honest(a4)), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(honest(a3)), Agent(honest(a4))))), Agent(honest(a5)), Agent(honest(a6)), SID(sid0)] )) + | (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_TA0)), pair(Agent(honest(a5)), SymKey((absKAB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_KAB0)))))))) + | (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(dishonest(i0)))) Abs_TA0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_KAB0)))))))) + | (m = Secret(SymKey((absKAB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_KAB0)), Agent(dishonest(i1)))) + | (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeKAB), SymKey((absKAB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_KAB0)))) + | (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(dishonest(i0)), Nonce((absTA(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_TA0)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_KAB0)), pair(Agent(honest(a5)), scrypt(SymKey(sk(pair(Agent(honest(a6)), Agent(honest(a7))))), pair(Nonce((absTA(pair(Agent(honest(a8)), Agent(dishonest(i3)))) Abs_TA1)), pair(Agent(dishonest(i4)), SymKey((absKAB(pair(Agent(honest(a9)), Agent(dishonest(i5)))) Abs_KAB1)))))), SID(sid0)] )) + | (m = Secret(SymKey((absKAB(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_KAB0)), Agent(honest(a2)))) + | (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeKAB), SymKey((absKAB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_KAB0)))) + | (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), Nonce((absTA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_TA0)), SymKey((absKAB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_KAB0)), pair(Agent(honest(a8)), scrypt(SymKey(sk(pair(Agent(honest(a9)), Agent(honest(a10))))), pair(Nonce((absTA(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_TA1)), pair(Agent(honest(a13)), SymKey((absKAB(pair(Agent(honest(a14)), Agent(honest(a15)))) Abs_KAB1)))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a3))))), Nonce((ni Abs_NI0)), scrypt(SymKey(sk(pair(Agent(dishonest(i5)), Agent(honest(a4))))), pair(Nonce((ni Abs_NI1)), pair(Agent(dishonest(i6)), SymKey(sk(pair(Agent(dishonest(i7)), Agent(honest(a5)))))))), pair(Agent(dishonest(i8)), scrypt(SymKey(sk(pair(Agent(dishonest(i9)), Agent(honest(a6))))), pair(Nonce((ni Abs_NI2)), pair(Agent(dishonest(i10)), SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a7))))))))), Nonce((absTS(pair(Agent(dishonest(i12)), Agent(dishonest(i13)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i14)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(dishonest(i15)), Agent(dishonest(i16)))) Abs_TS1)), pair(Agent(dishonest(i17)), SymKey(sk(pair(Agent(dishonest(i18)), Agent(honest(a9)))))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SymKey(sk(pair(Agent(dishonest(i2)), Agent(honest(a5))))), Nonce((ni Abs_NI0)), scrypt(SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a6))))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a7)), SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a8)))))))), pair(Agent(dishonest(i5)), scrypt(SymKey(sk(pair(Agent(dishonest(i6)), Agent(honest(a9))))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a10)), SymKey(sk(pair(Agent(dishonest(i7)), Agent(honest(a11))))))))), Nonce((absTS(pair(Agent(honest(a12)), Agent(dishonest(i8)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a13)), Agent(honest(a14))))), pair(Nonce((absTS(pair(Agent(honest(a15)), Agent(dishonest(i9)))) Abs_TS1)), pair(Agent(dishonest(i10)), SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a16)))))))), SID(sid0)] )) + | (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absTS(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_TS0)), pair(Agent(dishonest(i1)), SymKey(sk(pair(Agent(dishonest(i2)), Agent(honest(a3)))))))))) + | (m = Iknows(scrypt(SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a0))))), pair(Nonce((absTS(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_TS0)), pair(Agent(dishonest(i3)), SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a1)))))))))) + | (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absTA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_TA0)), pair(Agent(honest(a4)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_KAB0))))))) + | (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absTA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_TA0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_KAB0))))))) + | (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_TA0)), pair(Agent(honest(a5)), SymKey((absKAB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_KAB0)))))))) + | (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(dishonest(i0)))) Abs_TA0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_KAB0)))))))) + | (m = Iknows(pair(Agent(dishonest(i0)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a0)))))))) + | (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_TS0)), pair(Agent(dishonest(i2)), SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a0))))))))) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a3))))), Nonce((absTS(pair(Agent(dishonest(i5)), Agent(dishonest(i6)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i7)), Agent(honest(a4))))), pair(Nonce((absTS(pair(Agent(dishonest(i8)), Agent(dishonest(i9)))) Abs_TS1)), pair(Agent(dishonest(i10)), SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a5)))))))), pair(Agent(dishonest(i12)), scrypt(SymKey(sk(pair(Agent(dishonest(i13)), Agent(honest(a6))))), pair(Nonce((absTS(pair(Agent(dishonest(i14)), Agent(dishonest(i15)))) Abs_TS2)), pair(Agent(dishonest(i16)), SymKey(sk(pair(Agent(dishonest(i17)), Agent(honest(a7))))))))), Nonce((absTS(pair(Agent(dishonest(i18)), Agent(dishonest(i19)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(dishonest(i20)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(dishonest(i21)), Agent(dishonest(i22)))) Abs_TS4)), pair(Agent(dishonest(i23)), SymKey(sk(pair(Agent(dishonest(i24)), Agent(honest(a9)))))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(honest(a2)), Agent(honest(a3))))), Agent(dishonest(i1)), Agent(honest(a4)), SymKey(sk(pair(Agent(dishonest(i2)), Agent(honest(a5))))), Nonce((absTS(pair(Agent(honest(a6)), Agent(dishonest(i3)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a7)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(honest(a9)), Agent(dishonest(i4)))) Abs_TS1)), pair(Agent(dishonest(i5)), SymKey(sk(pair(Agent(dishonest(i6)), Agent(honest(a10)))))))), pair(Agent(honest(a11)), scrypt(SymKey(sk(pair(Agent(honest(a12)), Agent(honest(a13))))), pair(Nonce((absTS(pair(Agent(honest(a14)), Agent(dishonest(i7)))) Abs_TS2)), pair(Agent(dishonest(i8)), SymKey(sk(pair(Agent(dishonest(i9)), Agent(honest(a15))))))))), Nonce((absTS(pair(Agent(dishonest(i10)), Agent(honest(a16)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a17))))), pair(Nonce((absTS(pair(Agent(dishonest(i12)), Agent(honest(a18)))) Abs_TS4)), pair(Agent(honest(a19)), SymKey(sk(pair(Agent(dishonest(i13)), Agent(honest(a20)))))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(honest(a2)), Agent(honest(a3))))), Agent(dishonest(i1)), Agent(honest(a4)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((absTA(pair(Agent(honest(a6)), Agent(dishonest(i3)))) Abs_TA0)), scrypt(SymKey(sk(pair(Agent(honest(a7)), Agent(honest(a8))))), pair(Nonce((absTA(pair(Agent(honest(a9)), Agent(dishonest(i4)))) Abs_TA1)), pair(Agent(dishonest(i5)), SymKey((absKAB(pair(Agent(honest(a10)), Agent(dishonest(i6)))) Abs_KAB1))))), pair(Agent(honest(a11)), scrypt(SymKey(sk(pair(Agent(honest(a12)), Agent(honest(a13))))), pair(Nonce((absTA(pair(Agent(honest(a14)), Agent(dishonest(i7)))) Abs_TA2)), pair(Agent(dishonest(i8)), SymKey((absKAB(pair(Agent(honest(a15)), Agent(dishonest(i9)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(dishonest(i10)), Agent(honest(a16)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a17))))), pair(Nonce((absTS(pair(Agent(dishonest(i12)), Agent(honest(a18)))) Abs_TS1)), pair(Agent(honest(a19)), SymKey((absKAB(pair(Agent(honest(a20)), Agent(dishonest(i13)))) Abs_KAB3))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(honest(a3)), Agent(honest(a4))))), Agent(honest(a5)), Agent(honest(a6)), SymKey((absKAB(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_KAB0)), Nonce((absTA(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_TA0)), scrypt(SymKey(sk(pair(Agent(honest(a11)), Agent(honest(a12))))), pair(Nonce((absTA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_TA1)), pair(Agent(honest(a15)), SymKey((absKAB(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_KAB1))))), pair(Agent(honest(a18)), scrypt(SymKey(sk(pair(Agent(honest(a19)), Agent(honest(a20))))), pair(Nonce((absTA(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_TA2)), pair(Agent(honest(a23)), SymKey((absKAB(pair(Agent(honest(a24)), Agent(honest(a25)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(honest(a26)), Agent(honest(a27)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a28)), Agent(honest(a29))))), pair(Nonce((absTS(pair(Agent(honest(a30)), Agent(honest(a31)))) Abs_TS1)), pair(Agent(honest(a32)), SymKey((absKAB(pair(Agent(honest(a33)), Agent(honest(a34)))) Abs_KAB3))))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeKAB), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a1))))), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(dishonest(i0)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a3))))), Nonce((absTS(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a5)), Agent(honest(a6))))), pair(Nonce((absTS(pair(Agent(honest(a7)), Agent(dishonest(i3)))) Abs_TS1)), pair(Agent(dishonest(i4)), SymKey(sk(pair(Agent(dishonest(i5)), Agent(honest(a8)))))))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeKAB), SymKey((absKAB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_KAB0)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(dishonest(i0)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_KAB0)), Nonce((absTA(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_TA0)), scrypt(SymKey(sk(pair(Agent(honest(a5)), Agent(honest(a6))))), pair(Nonce((absTA(pair(Agent(honest(a7)), Agent(dishonest(i3)))) Abs_TA1)), pair(Agent(dishonest(i4)), SymKey((absKAB(pair(Agent(honest(a8)), Agent(dishonest(i5)))) Abs_KAB1))))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeKAB), SymKey((absKAB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_KAB0)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_KAB0)), Nonce((absTA(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_TA0)), scrypt(SymKey(sk(pair(Agent(honest(a8)), Agent(honest(a9))))), pair(Nonce((absTA(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_TA1)), pair(Agent(honest(a12)), SymKey((absKAB(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_KAB1))))), SID(sid0)] )) + | (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absTS(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_TS0)), pair(Agent(honest(a4)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_KAB0))))))) + | (m = Iknows(scrypt(SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a0))))), pair(Nonce((absTS(pair(Agent(dishonest(i1)), Agent(honest(a1)))) Abs_TS0)), pair(Agent(honest(a2)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_KAB0))))))) + | (m = Iknows(scrypt(SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a0))))), pair(Nonce((absTS(pair(Agent(dishonest(i1)), Agent(honest(a1)))) Abs_TS0)), pair(Agent(honest(a2)), SymKey(sk(pair(Agent(dishonest(i2)), Agent(honest(a3)))))))))) + | (m = Iknows(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_TS0)))) + | (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_TA0)), pair(Agent(honest(a5)), SymKey((absKAB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_KAB0)))))))) + | (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(dishonest(i0)))) Abs_TA0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_KAB0)))))))) + | (m = Iknows(pair(Agent(dishonest(i0)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a0)))))))) + | (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_TS0)), pair(Agent(dishonest(i2)), SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a0))))))))) + | (m = Iknows(pair(Agent(honest(a0)), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))))))) + | (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)), pair(Agent(honest(a1)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))))))) + | (m = Iknows(pair(Agent(honest(a0)), SymKey((absKAB(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_KAB0))))) + | (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)), pair(Agent(honest(a1)), SymKey((absKAB(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_KAB0)))))) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((absTS(pair(Agent(dishonest(i3)), Agent(honest(a6)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a7))))), pair(Nonce((absTS(pair(Agent(dishonest(i5)), Agent(honest(a8)))) Abs_TS1)), pair(Agent(honest(a9)), SymKey((absKAB(pair(Agent(honest(a10)), Agent(dishonest(i6)))) Abs_KAB1))))), pair(Agent(dishonest(i7)), scrypt(SymKey(sk(pair(Agent(dishonest(i8)), Agent(honest(a11))))), pair(Nonce((absTS(pair(Agent(dishonest(i9)), Agent(honest(a12)))) Abs_TS2)), pair(Agent(honest(a13)), SymKey((absKAB(pair(Agent(honest(a14)), Agent(dishonest(i10)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(honest(a15)), Agent(dishonest(i11)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(honest(a16)), Agent(honest(a17))))), pair(Nonce((absTS(pair(Agent(honest(a18)), Agent(dishonest(i12)))) Abs_TS4)), pair(Agent(dishonest(i13)), SymKey((absKAB(pair(Agent(honest(a19)), Agent(dishonest(i14)))) Abs_KAB3))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SymKey(sk(pair(Agent(dishonest(i2)), Agent(honest(a5))))), Nonce((absTS(pair(Agent(dishonest(i3)), Agent(honest(a6)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a7))))), pair(Nonce((absTS(pair(Agent(dishonest(i5)), Agent(honest(a8)))) Abs_TS1)), pair(Agent(honest(a9)), SymKey(sk(pair(Agent(dishonest(i6)), Agent(honest(a10)))))))), pair(Agent(dishonest(i7)), scrypt(SymKey(sk(pair(Agent(dishonest(i8)), Agent(honest(a11))))), pair(Nonce((absTS(pair(Agent(dishonest(i9)), Agent(honest(a12)))) Abs_TS2)), pair(Agent(honest(a13)), SymKey(sk(pair(Agent(dishonest(i10)), Agent(honest(a14))))))))), Nonce((absTS(pair(Agent(honest(a15)), Agent(dishonest(i11)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(honest(a16)), Agent(honest(a17))))), pair(Nonce((absTS(pair(Agent(honest(a18)), Agent(dishonest(i12)))) Abs_TS4)), pair(Agent(dishonest(i13)), SymKey(sk(pair(Agent(dishonest(i14)), Agent(honest(a19)))))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(honest(a3)), Agent(honest(a4))))), Agent(honest(a5)), Agent(honest(a6)), SymKey((absKAB(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_KAB0)), Nonce((absTS(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a11)), Agent(honest(a12))))), pair(Nonce((absTS(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_TS1)), pair(Agent(honest(a15)), SymKey((absKAB(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_KAB1))))), pair(Agent(honest(a18)), scrypt(SymKey(sk(pair(Agent(honest(a19)), Agent(honest(a20))))), pair(Nonce((absTS(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_TS2)), pair(Agent(honest(a23)), SymKey((absKAB(pair(Agent(honest(a24)), Agent(honest(a25)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(honest(a26)), Agent(honest(a27)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(honest(a28)), Agent(honest(a29))))), pair(Nonce((absTS(pair(Agent(honest(a30)), Agent(honest(a31)))) Abs_TS4)), pair(Agent(honest(a32)), SymKey((absKAB(pair(Agent(honest(a33)), Agent(honest(a34)))) Abs_KAB3))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SymKey(sk(pair(Agent(dishonest(i2)), Agent(honest(a5))))), Nonce((absTS(pair(Agent(dishonest(i3)), Agent(dishonest(i4)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i5)), Agent(honest(a6))))), pair(Nonce((absTS(pair(Agent(dishonest(i6)), Agent(dishonest(i7)))) Abs_TS1)), pair(Agent(honest(a7)), SymKey(sk(pair(Agent(dishonest(i8)), Agent(honest(a8)))))))), pair(Agent(dishonest(i9)), scrypt(SymKey(sk(pair(Agent(dishonest(i10)), Agent(honest(a9))))), pair(Nonce((absTS(pair(Agent(dishonest(i11)), Agent(dishonest(i12)))) Abs_TS2)), pair(Agent(honest(a10)), SymKey(sk(pair(Agent(dishonest(i13)), Agent(honest(a11))))))))), Nonce((absTS(pair(Agent(honest(a12)), Agent(dishonest(i14)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(honest(a13)), Agent(honest(a14))))), pair(Nonce((absTS(pair(Agent(honest(a15)), Agent(dishonest(i15)))) Abs_TS4)), pair(Agent(dishonest(i16)), SymKey(sk(pair(Agent(dishonest(i17)), Agent(honest(a16)))))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_KAB0)), Nonce((absTS(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a8)), Agent(honest(a9))))), pair(Nonce((absTS(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_TS1)), pair(Agent(honest(a12)), SymKey((absKAB(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_KAB1))))), SID(sid0)] )) + | (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absTS(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_TS0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_KAB0))))))) + | (m = Iknows(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)))) + | (m = Iknows(SymKey((absKAB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_KAB0)))) + | (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_TA0)), pair(Agent(honest(a5)), SymKey((absKAB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_KAB0)))))))) + | (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(dishonest(i0)))) Abs_TA0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_KAB0)))))))) + | (m = Iknows(pair(Agent(dishonest(i0)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a0)))))))) + | (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_TS0)), pair(Agent(dishonest(i2)), SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a0))))))))) + | (m = Iknows(pair(Agent(honest(a0)), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))))))) + | (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)), pair(Agent(honest(a1)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))))))) + | (m = Iknows(pair(Agent(honest(a0)), SymKey((absKAB(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_KAB0))))) + | (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)), pair(Agent(honest(a1)), SymKey((absKAB(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_KAB0)))))) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(honest(a2)), Agent(honest(a3))))), Agent(dishonest(i1)), Agent(honest(a4)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((absTS(pair(Agent(honest(a6)), Agent(dishonest(i3)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a7)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(honest(a9)), Agent(dishonest(i4)))) Abs_TS1)), pair(Agent(dishonest(i5)), SymKey((absKAB(pair(Agent(honest(a10)), Agent(dishonest(i6)))) Abs_KAB1))))), pair(Agent(honest(a11)), scrypt(SymKey(sk(pair(Agent(honest(a12)), Agent(honest(a13))))), pair(Nonce((absTS(pair(Agent(honest(a14)), Agent(dishonest(i7)))) Abs_TS2)), pair(Agent(dishonest(i8)), SymKey((absKAB(pair(Agent(honest(a15)), Agent(dishonest(i9)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(dishonest(i10)), Agent(honest(a16)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a17))))), pair(Nonce((absTS(pair(Agent(dishonest(i12)), Agent(honest(a18)))) Abs_TS4)), pair(Agent(honest(a19)), SymKey((absKAB(pair(Agent(honest(a20)), Agent(dishonest(i13)))) Abs_KAB3))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i4)))) Abs_KAB0)), Nonce((absTS(pair(Agent(dishonest(i5)), Agent(honest(a4)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i6)), Agent(honest(a5))))), pair(Nonce((absTS(pair(Agent(dishonest(i7)), Agent(honest(a6)))) Abs_TS1)), pair(Agent(dishonest(i8)), SymKey((absKAB(pair(Agent(honest(a7)), Agent(dishonest(i9)))) Abs_KAB1))))), pair(Agent(dishonest(i10)), scrypt(SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(dishonest(i12)), Agent(honest(a9)))) Abs_TS2)), pair(Agent(dishonest(i13)), SymKey((absKAB(pair(Agent(honest(a10)), Agent(dishonest(i14)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(dishonest(i15)), Agent(dishonest(i16)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(dishonest(i17)), Agent(honest(a11))))), pair(Nonce((absTS(pair(Agent(dishonest(i18)), Agent(dishonest(i19)))) Abs_TS4)), pair(Agent(dishonest(i20)), SymKey((absKAB(pair(Agent(honest(a12)), Agent(dishonest(i21)))) Abs_KAB3))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a3))))), Nonce((absTS(pair(Agent(dishonest(i5)), Agent(honest(a4)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i6)), Agent(honest(a5))))), pair(Nonce((absTS(pair(Agent(dishonest(i7)), Agent(honest(a6)))) Abs_TS1)), pair(Agent(dishonest(i8)), SymKey(sk(pair(Agent(dishonest(i9)), Agent(honest(a7)))))))), pair(Agent(dishonest(i10)), scrypt(SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(dishonest(i12)), Agent(honest(a9)))) Abs_TS2)), pair(Agent(dishonest(i13)), SymKey(sk(pair(Agent(dishonest(i14)), Agent(honest(a10))))))))), Nonce((absTS(pair(Agent(dishonest(i15)), Agent(dishonest(i16)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(dishonest(i17)), Agent(honest(a11))))), pair(Nonce((absTS(pair(Agent(dishonest(i18)), Agent(dishonest(i19)))) Abs_TS4)), pair(Agent(dishonest(i20)), SymKey(sk(pair(Agent(dishonest(i21)), Agent(honest(a12)))))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i4)))) Abs_KAB0)), Nonce((absTS(pair(Agent(dishonest(i5)), Agent(dishonest(i6)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i7)), Agent(honest(a4))))), pair(Nonce((absTS(pair(Agent(dishonest(i8)), Agent(dishonest(i9)))) Abs_TS1)), pair(Agent(dishonest(i10)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i11)))) Abs_KAB1))))), pair(Agent(dishonest(i12)), scrypt(SymKey(sk(pair(Agent(dishonest(i13)), Agent(honest(a6))))), pair(Nonce((absTS(pair(Agent(dishonest(i14)), Agent(dishonest(i15)))) Abs_TS2)), pair(Agent(dishonest(i16)), SymKey((absKAB(pair(Agent(honest(a7)), Agent(dishonest(i17)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(dishonest(i18)), Agent(dishonest(i19)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(dishonest(i20)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(dishonest(i21)), Agent(dishonest(i22)))) Abs_TS4)), pair(Agent(dishonest(i23)), SymKey((absKAB(pair(Agent(honest(a9)), Agent(dishonest(i24)))) Abs_KAB3))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i4)))) Abs_KAB0)), Nonce((ni Abs_NI0)), scrypt(SymKey(sk(pair(Agent(dishonest(i5)), Agent(honest(a4))))), pair(Nonce((ni Abs_NI1)), pair(Agent(dishonest(i6)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i7)))) Abs_KAB1))))), pair(Agent(dishonest(i8)), scrypt(SymKey(sk(pair(Agent(dishonest(i9)), Agent(honest(a6))))), pair(Nonce((ni Abs_NI2)), pair(Agent(dishonest(i10)), SymKey((absKAB(pair(Agent(honest(a7)), Agent(dishonest(i11)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(dishonest(i12)), Agent(dishonest(i13)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i14)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(dishonest(i15)), Agent(dishonest(i16)))) Abs_TS1)), pair(Agent(dishonest(i17)), SymKey((absKAB(pair(Agent(honest(a9)), Agent(dishonest(i18)))) Abs_KAB3))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((absTS(pair(Agent(dishonest(i3)), Agent(dishonest(i4)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i5)), Agent(honest(a6))))), pair(Nonce((absTS(pair(Agent(dishonest(i6)), Agent(dishonest(i7)))) Abs_TS1)), pair(Agent(honest(a7)), SymKey((absKAB(pair(Agent(honest(a8)), Agent(dishonest(i8)))) Abs_KAB1))))), pair(Agent(dishonest(i9)), scrypt(SymKey(sk(pair(Agent(dishonest(i10)), Agent(honest(a9))))), pair(Nonce((absTS(pair(Agent(dishonest(i11)), Agent(dishonest(i12)))) Abs_TS2)), pair(Agent(honest(a10)), SymKey((absKAB(pair(Agent(honest(a11)), Agent(dishonest(i13)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(honest(a12)), Agent(dishonest(i14)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(honest(a13)), Agent(honest(a14))))), pair(Nonce((absTS(pair(Agent(honest(a15)), Agent(dishonest(i15)))) Abs_TS4)), pair(Agent(dishonest(i16)), SymKey((absKAB(pair(Agent(honest(a16)), Agent(dishonest(i17)))) Abs_KAB3))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((ni Abs_NI0)), scrypt(SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a6))))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a7)), SymKey((absKAB(pair(Agent(honest(a8)), Agent(dishonest(i4)))) Abs_KAB1))))), pair(Agent(dishonest(i5)), scrypt(SymKey(sk(pair(Agent(dishonest(i6)), Agent(honest(a9))))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a10)), SymKey((absKAB(pair(Agent(honest(a11)), Agent(dishonest(i7)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(honest(a12)), Agent(dishonest(i8)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a13)), Agent(honest(a14))))), pair(Nonce((absTS(pair(Agent(honest(a15)), Agent(dishonest(i9)))) Abs_TS1)), pair(Agent(dishonest(i10)), SymKey((absKAB(pair(Agent(honest(a16)), Agent(dishonest(i11)))) Abs_KAB3))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(dishonest(i0)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_KAB0)), Nonce((absTS(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a5)), Agent(honest(a6))))), pair(Nonce((absTS(pair(Agent(honest(a7)), Agent(dishonest(i3)))) Abs_TS1)), pair(Agent(dishonest(i4)), SymKey((absKAB(pair(Agent(honest(a8)), Agent(dishonest(i5)))) Abs_KAB1))))), SID(sid0)] )) + | (m = Iknows(scrypt(SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a0))))), pair(Nonce((absTS(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_TS0)), pair(Agent(dishonest(i3)), SymKey((absKAB(pair(Agent(honest(a1)), Agent(dishonest(i4)))) Abs_KAB0))))))) + | (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_TA0)), pair(Agent(honest(a5)), SymKey((absKAB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_KAB0)))))))) + | (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(dishonest(i0)))) Abs_TA0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_KAB0)))))))) + | (m = Iknows(pair(Agent(dishonest(i0)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a0)))))))) + | (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_TS0)), pair(Agent(dishonest(i2)), SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a0))))))))) + | (m = Iknows(pair(Agent(honest(a0)), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))))))) + | (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)), pair(Agent(honest(a1)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))))))) + | (m = Iknows(pair(Agent(honest(a0)), SymKey((absKAB(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_KAB0))))) + | (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)), pair(Agent(honest(a1)), SymKey((absKAB(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_KAB0)))))) + | (m = Iknows(pair(Agent(dishonest(i0)), SymKey((absKAB(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_KAB0))))) + | (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_TS0)), pair(Agent(dishonest(i2)), SymKey((absKAB(pair(Agent(honest(a0)), Agent(dishonest(i3)))) Abs_KAB0)))))) +)}" + + +section {* Checking Fixed-point (WideMouthFrog) *} +lemma fp_attack_free: "~ (Attack m : WideMouthFrog_fp)" + by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_0: "Iknows(Nonce((ni Abs_NI))) : WideMouthFrog_fp" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_1: "Iknows(Agent(dishonest(i))) : WideMouthFrog_fp" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_2: "State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] ) : WideMouthFrog_fp" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_3: "State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] ) : WideMouthFrog_fp" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_4: "Iknows(Step(0)) : WideMouthFrog_fp" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_5: "Iknows(SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a)))))) : WideMouthFrog_fp" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_6: "Iknows(SID(sid)) : WideMouthFrog_fp" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_7: "Iknows(Agent(honest(a))) : WideMouthFrog_fp" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_8: "State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] ) : WideMouthFrog_fp" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_9: "State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] ) : WideMouthFrog_fp" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_10: "State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), Agent(dishonest(i)), Agent(dishonest(i)), SID(sid)] ) : WideMouthFrog_fp" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_11: "State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(dishonest(i)), Agent(honest(a)), SID(sid)] ) : WideMouthFrog_fp" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_12: "State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), Agent(honest(a)), Agent(dishonest(i)), SID(sid)] ) : WideMouthFrog_fp" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_13: "State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), Agent(honest(a)), SID(sid)] ) : WideMouthFrog_fp" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_0: "[| + Iknows(crypt(K, M)) : WideMouthFrog_fp; + Iknows(inv(K)) : WideMouthFrog_fp|] + ==> + (Iknows(M) : WideMouthFrog_fp)" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_1: "[| + Iknows(crypt(inv(K), M)) : WideMouthFrog_fp; + Iknows(K) : WideMouthFrog_fp|] + ==> + (Iknows(M) : WideMouthFrog_fp)" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_2: "[| + Iknows(scrypt(K, M)) : WideMouthFrog_fp; + Iknows(K) : WideMouthFrog_fp|] + ==> + (Iknows(M) : WideMouthFrog_fp)" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_3: "[| + Iknows(pair(M1, M2)) : WideMouthFrog_fp|] + ==> + (Iknows(M1) : WideMouthFrog_fp) & + (Iknows(M2) : WideMouthFrog_fp)" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_4: "[| + Secret(M, Agent(honest(a))) : WideMouthFrog_fp; + Iknows(M) : WideMouthFrog_fp|] + ==> + (Attack(pair(secrecy, M)) : WideMouthFrog_fp)" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_5: "[| + Request(A, B, Purpose(purposeTA), M, SID(sid)) : WideMouthFrog_fp; + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_TA . + M = Nonce((absTA(pair(B, A)) Abs_TA)))|] + ==> + (Attack(pair(authentication, pair(A, pair(B, M)))) : WideMouthFrog_fp)" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_6: "[| + Request(A, B, Purpose(purposeKAB), M, SID(sid)) : WideMouthFrog_fp; + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_KAB . + M = SymKey((absKAB(pair(B, A)) Abs_KAB)))|] + ==> + (Attack(pair(authentication, pair(A, pair(B, M)))) : WideMouthFrog_fp)" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_7: "[| + Request(A, B, Purpose(purposeTS), M, SID(sid)) : WideMouthFrog_fp; + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_TS . + M = Nonce((absTS(pair(B, A)) Abs_TS)))|] + ==> + (Attack(pair(authentication, pair(A, pair(B, M)))) : WideMouthFrog_fp)" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_8: "[| + State(rA, [Agent(A), Step(0), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), SID(sid)] ) : WideMouthFrog_fp|] + ==> + (Secret(SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)), Agent(B)) : WideMouthFrog_fp) & + (Witness(Agent(A), Agent(B), Purpose(purposeKAB), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB))) : WideMouthFrog_fp) & + (State(rA, [Agent(A), Step(1), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Nonce((absTA(pair(Agent(A), Agent(B))) Abs_TA)), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)), pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce((absTA(pair(Agent(A), Agent(B))) Abs_TA)), pair(Agent(B), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)))))), SID(sid)] ) : WideMouthFrog_fp) & + (Iknows(pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce((absTA(pair(Agent(A), Agent(B))) Abs_TA)), pair(Agent(B), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB))))))) : WideMouthFrog_fp)" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_9: "[| + State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SID(sid)] ) : WideMouthFrog_fp; + Iknows(Agent(A)) : WideMouthFrog_fp; + Iknows(scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB))))) : WideMouthFrog_fp|] + ==> + (State(rs, [Agent(honest(a)), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SymKey(KAB), Nonce(TA), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB)))), pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB))))), Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB)))), SID(sid)] ) : WideMouthFrog_fp) & + (Iknows(scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB))))) : WideMouthFrog_fp)" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_10: "[| + State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SID(sid)] ) : WideMouthFrog_fp; + Iknows(Agent(A)) : WideMouthFrog_fp; + Iknows(SymKey(sk(pair(Agent(A), Agent(honest(a)))))) : WideMouthFrog_fp; + Iknows(Nonce(TA)) : WideMouthFrog_fp; + Iknows(Agent(B)) : WideMouthFrog_fp; + Iknows(SymKey(KAB)) : WideMouthFrog_fp|] + ==> + (State(rs, [Agent(honest(a)), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SymKey(KAB), Nonce(TA), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB)))), pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB))))), Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB)))), SID(sid)] ) : WideMouthFrog_fp) & + (Iknows(scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB))))) : WideMouthFrog_fp)" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_11: "[| + State(rB, [Agent(B), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SID(sid)] ) : WideMouthFrog_fp; + Iknows(scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce(TS), pair(Agent(A), SymKey(KAB))))) : WideMouthFrog_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeKAB), SymKey(KAB), SID(sid)) : WideMouthFrog_fp) & + (State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SymKey(KAB), Nonce(TS), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce(TS), pair(Agent(A), SymKey(KAB)))), SID(sid)] ) : WideMouthFrog_fp)" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_12: "[| + State(rB, [Agent(B), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SID(sid)] ) : WideMouthFrog_fp; + Iknows(SymKey(sk(pair(Agent(B), Agent(honest(a)))))) : WideMouthFrog_fp; + Iknows(Nonce(TS)) : WideMouthFrog_fp; + Iknows(Agent(A)) : WideMouthFrog_fp; + Iknows(SymKey(KAB)) : WideMouthFrog_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeKAB), SymKey(KAB), SID(sid)) : WideMouthFrog_fp) & + (State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SymKey(KAB), Nonce(TS), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce(TS), pair(Agent(A), SymKey(KAB)))), SID(sid)] ) : WideMouthFrog_fp)" +by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+ + + + +section {* Security Proof(s) (WideMouthFrog) *} +lemma over_approx: "t : WideMouthFrog ==> (set t) <= WideMouthFrog_fp" + apply(rule WideMouthFrog.induct, simp_all) + apply(propagate_fp, cut_tac init_0, (assumption | simp)+) + apply(propagate_fp, cut_tac init_1, (assumption | simp)+) + apply(propagate_fp, cut_tac init_2, (assumption | simp)+) + apply(propagate_fp, cut_tac init_3, (assumption | simp)+) + apply(propagate_fp, cut_tac init_4, (assumption | simp)+) + apply(propagate_fp, cut_tac init_5, (assumption | simp)+) + apply(propagate_fp, cut_tac init_6, (assumption | simp)+) + apply(propagate_fp, cut_tac init_7, (assumption | simp)+) + apply(propagate_fp, cut_tac init_8, (assumption | simp)+) + apply(propagate_fp, cut_tac init_9, (assumption | simp)+) + apply(propagate_fp, cut_tac init_10, (assumption | simp)+) + apply(propagate_fp, cut_tac init_11, (assumption | simp)+) + apply(propagate_fp, cut_tac init_12, (assumption | simp)+) + apply(propagate_fp, cut_tac init_13, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_0, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_1, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_2, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_3, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_4, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_5, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_6, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_7, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_8, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_9, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_10, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_11, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_12, (assumption | simp)+) +done + + + +end (* theory *) diff --git a/examples/document/root.tex b/examples/document/root.tex new file mode 100644 index 0000000..63a6116 --- /dev/null +++ b/examples/document/root.tex @@ -0,0 +1,38 @@ +\documentclass[11pt,a4paper,DIVcalc,twoside]{scrartcl} +\usepackage{amsmath} +\usepackage{graphicx} +\usepackage[T1]{fontenc} +\usepackage{amsmath,amsfonts,amssymb} +\usepackage{isabelle} +\usepackage{isabellesym} +\isabellestyle{it} +%\usepackage{fixisa} +% +\renewcommand{\isamarkupheader}[1]{\section{#1}} +\renewcommand{\isamarkupchapter}[1]{\subsection{#1}} +\renewcommand{\isamarkupsection}[1]{\subsection{#1}} +\renewcommand{\isamarkupsubsection}[1]{\subsubsection{#1}} + +\usepackage[hyperref,dvipsnames,table]{xcolor} +% urls in roman style, theory text in math-similar italics +\isabellestyle{it} +\newcommand{\includeIfExists}[1]{\IfFileExists{#1}{\include{#1}}{}} + +\title{Testsuite} +\author{} + +\begin{document} + +\maketitle +\tableofcontents + +\input{session.tex} +\includeIfExists{report.tex} + + +\end{document} + +%%% Local Variables: +%%% mode: latex +%%% TeX-master: t +%%% End: diff --git a/examples/nsl-ks.thy b/examples/nsl-ks.thy new file mode 100644 index 0000000..23928df --- /dev/null +++ b/examples/nsl-ks.thy @@ -0,0 +1,814 @@ +header {* Analysing NSL *} +(* *********************************** + This file is automatically generated from the AnB file "AnB/nsl-ks.AnB". + Backend: Open Source Fixedpoint Model Checker version 2009c +************************************ *) + +theory + "nsl-ks" + imports + ofmc +begin + + + +section {* Protocol Model (NSL) *} +datatype Role = rA | rB | rs + +datatype Purpose = purposeNI | purposeNA | purposeNB +datatype Agent = honest nat + | dishonest nat + +datatype Nonce = "ni" "nat" + | "na" "Msg" "nat" + | "nb" "Msg" "nat" + | "NI" + | "NA" + | "NB" + and Msg = Nonce "Nonce" + | Agent "Agent" + | Purpose "Purpose" + | pair "Msg*Msg" + | scrypt "Msg*Msg" + | crypt "Msg*Msg" + | inv "Msg" + | SID "nat" + | Step "nat" + | authentication + | secrecy +(* SymKeys *) + | SymKey "Msg" +(* Functions *) + | "pk" "Msg" + + datatype Fact = Iknows Msg + | State "Role * (Msg list)" + | Secret "Msg * Msg" + | Attack "Msg" + | Witness "Msg * Msg * Msg * Msg" + | Request "Msg * Msg * Msg * Msg * Msg" + + + + +section {* Inductive Protocol Definition (NSL) *} +inductive_set + NSL::"Fact list set" +where + init_0: "[ Iknows(Nonce((ni Abs_NI)))] : NSL" + | init_1: "[ Iknows(Agent(dishonest(i)))] : NSL" + | init_2: "[ State(rA, [Agent(honest(a)), Step(0), Agent(dishonest(i)), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), SID(sid)] )] : NSL" + | init_3: "[ State(rA, [Agent(honest(a)), Step(0), Agent(honest(a)), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), SID(sid)] )] : NSL" + | init_4: "[ Iknows(Step(0))] : NSL" + | init_5: "[ Iknows(pk(Agent(honest(a))))] : NSL" + | init_6: "[ Iknows(Agent(honest(a)))] : NSL" + | init_7: "[ Iknows(inv(pk(Agent(dishonest(i)))))] : NSL" + | init_8: "[ Iknows(pk(Agent(dishonest(i))))] : NSL" + | init_9: "[ Iknows(SID(sid))] : NSL" + | init_10: "[ Iknows(Agent(honest(a)))] : NSL" + | init_11: "[ State(rB, [Agent(honest(a)), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), SID(sid)] )] : NSL" + | init_12: "[ State(rs, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), SID(sid)] )] : NSL" + | rule_0: "[| t :NSL; + Iknows(crypt(K, M)) : (set t); + Iknows(inv(K)) : (set t)|] + ==> +((Iknows(M)) + #t) : NSL" + | rule_1: "[| t :NSL; + Iknows(crypt(inv(K), M)) : (set t); + Iknows(K) : (set t)|] + ==> +((Iknows(M)) + #t) : NSL" + | rule_2: "[| t :NSL; + Iknows(scrypt(K, M)) : (set t); + Iknows(K) : (set t)|] + ==> +((Iknows(M)) + #t) : NSL" + | rule_3: "[| t :NSL; + Iknows(pair(M1, M2)) : (set t)|] + ==> +((Iknows(M1)) + #(Iknows(M2)) + #t) : NSL" + | rule_4: "[| t :NSL; + Secret(M, Agent(honest(a))) : (set t); + Iknows(M) : (set t)|] + ==> +((Attack(pair(secrecy, M))) + #t) : NSL" + | rule_5: "[| t :NSL; + Request(A, B, Purpose(purposeNA), M, SID(sid)) : (set t); + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_NA . + M = Nonce((na(pair(B, A)) Abs_NA)))|] + ==> +((Attack(pair(authentication, pair(A, pair(B, M))))) + #t) : NSL" + | rule_6: "[| t :NSL; + Request(A, B, Purpose(purposeNB), M, SID(sid)) : (set t); + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Arg1 Abs_NB . + M = Nonce((nb(pair(B, pair(A, Arg1))) Abs_NB)))|] + ==> +((Attack(pair(authentication, pair(A, pair(B, M))))) + #t) : NSL" + | rule_7: "[| t :NSL; + State(rA, [Agent(A), Step(0), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), SID(sid)] ) : (set t)|] + ==> +((State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] )) + #(Iknows(pair(Agent(A), Agent(B)))) + #t) : NSL" + | rule_8: "[| t :NSL; + State(rs, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), SID(sid)] ) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(Agent(B)) : (set t)|] + ==> +((State(rs, [Agent(honest(a)), Step(1), inv(pk(Agent(honest(a)))), Agent(B), Agent(A), pair(Agent(A), Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), SID(sid)] )) + #(Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))))) + #t) : NSL" + | rule_9: "[| t :NSL; + State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : (set t); + Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B))))) : (set t)|] + ==> +((Secret(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B))) + #(Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))) + #(State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))))) + #t) : NSL" + | rule_10: "[| t :NSL; + State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : (set t); + Iknows(inv(pk(Agent(honest(a))))) : (set t); + Iknows(Agent(B)) : (set t); + Iknows(pk(Agent(B))) : (set t)|] + ==> +((Secret(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B))) + #(Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))) + #(State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))))) + #t) : NSL" + | rule_11: "[| t :NSL; + State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : (set t); + Iknows(inv(pk(Agent(honest(a))))) : (set t); + Iknows(Agent(B)) : (set t)|] + ==> +((Secret(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B))) + #(Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))) + #(State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))))) + #t) : NSL" + | rule_12: "[| t :NSL; + State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), SID(sid)] ) : (set t); + Iknows(crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A)))) : (set t)|] + ==> +((State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] )) + #(Iknows(pair(Agent(B), Agent(A)))) + #t) : NSL" + | rule_13: "[| t :NSL; + State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), SID(sid)] ) : (set t); + Iknows(pk(Agent(B))) : (set t); + Iknows(Nonce(NA)) : (set t); + Iknows(Agent(A)) : (set t)|] + ==> +((State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] )) + #(Iknows(pair(Agent(B), Agent(A)))) + #t) : NSL" + | rule_14: "[| t :NSL; + State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), SID(sid)] ) : (set t); + Iknows(Agent(B)) : (set t); + Iknows(Nonce(NA)) : (set t); + Iknows(Agent(A)) : (set t)|] + ==> +((State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] )) + #(Iknows(pair(Agent(B), Agent(A)))) + #t) : NSL" + | rule_15: "[| t :NSL; + State(rs, [Agent(honest(a)), Step(1), inv(pk(Agent(honest(a)))), Agent(B), Agent(A), pair(Agent(A), Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), SID(sid)] ) : (set t); + Iknows(Agent(B)) : (set t); + Iknows(Agent(A)) : (set t)|] + ==> +((State(rs, [Agent(honest(a)), Step(2), inv(pk(Agent(honest(a)))), Agent(B), Agent(A), pair(Agent(A), Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), pair(Agent(B), Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), SID(sid)] )) + #(Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))))) + #t) : NSL" + | rule_16: "[| t :NSL; + State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : (set t); + Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : (set t)|] + ==> +((Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A))) + #(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)))) + #(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))))) + #t) : NSL" + | rule_17: "[| t :NSL; + State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : (set t); + Iknows(inv(pk(Agent(honest(a))))) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(pk(Agent(A))) : (set t)|] + ==> +((Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A))) + #(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)))) + #(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))))) + #t) : NSL" + | rule_18: "[| t :NSL; + State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : (set t); + Iknows(inv(pk(Agent(honest(a))))) : (set t); + Iknows(Agent(A)) : (set t)|] + ==> +((Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A))) + #(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)))) + #(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))))) + #t) : NSL" + | rule_19: "[| t :NSL; + State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : (set t); + Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : (set t); + ~ ( ? A B Abs_NA . + Nonce(NA) = Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))|] + ==> +((Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A))) + #(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)))) + #(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))))) + #t) : NSL" + | rule_20: "[| t :NSL; + State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : (set t); + Iknows(inv(pk(Agent(honest(a))))) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(pk(Agent(A))) : (set t); + ~ ( ? A B Abs_NA . + Nonce(NA) = Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))|] + ==> +((Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A))) + #(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)))) + #(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))))) + #t) : NSL" + | rule_21: "[| t :NSL; + State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : (set t); + Iknows(inv(pk(Agent(honest(a))))) : (set t); + Iknows(Agent(A)) : (set t); + ~ ( ? A B Abs_NA . + Nonce(NA) = Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))|] + ==> +((Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A))) + #(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)))) + #(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))))) + #t) : NSL" + | rule_22: "[| t :NSL; + State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : (set t); + Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B))))) : (set t)|] + ==> +((Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid))) + #(State(rA, [Agent(A), Step(3), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] )) + #(Iknows(crypt(pk(Agent(B)), Nonce(NB)))) + #t) : NSL" + | rule_23: "[| t :NSL; + State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : (set t); + Iknows(pk(Agent(A))) : (set t); + Iknows(Nonce(NA)) : (set t); + Iknows(Nonce(NB)) : (set t); + Iknows(Agent(B)) : (set t)|] + ==> +((Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid))) + #(State(rA, [Agent(A), Step(3), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] )) + #(Iknows(crypt(pk(Agent(B)), Nonce(NB)))) + #t) : NSL" + | rule_24: "[| t :NSL; + State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(Nonce(NA)) : (set t); + Iknows(Nonce(NB)) : (set t); + Iknows(Agent(B)) : (set t)|] + ==> +((Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid))) + #(State(rA, [Agent(A), Step(3), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] )) + #(Iknows(crypt(pk(Agent(B)), Nonce(NB)))) + #t) : NSL" + | rule_25: "[| t :NSL; + State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t); + Iknows(crypt(pk(Agent(B)), Nonce(NB))) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid))) + #(State(rB, [Agent(B), Step(3), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] )) + #t) : NSL" + | rule_26: "[| t :NSL; + State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t); + Iknows(pk(Agent(B))) : (set t); + Iknows(Nonce(NB)) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid))) + #(State(rB, [Agent(B), Step(3), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] )) + #t) : NSL" + | rule_27: "[| t :NSL; + State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t); + Iknows(Agent(B)) : (set t); + Iknows(Nonce(NB)) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid))) + #(State(rB, [Agent(B), Step(3), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] )) + #t) : NSL" + + +section {* Fixed-point Definition (NSL) *} +constdefs NSL_fp::"Fact set""NSL_fp == {m. ( ? Abs_NA3 Abs_NA4 Abs_NA5 i13 Abs_NI1 Abs_NI2 a16 a17 a18 a19 a20 a21 a22 a23 a24 a25 a26 a27 a28 Abs_NA1 Abs_NA2 a3 a4 a5 a6 a7 i2 i3 a8 i4 i5 a9 i6 i7 a10 i8 Abs_NB2 i9 a11 i10 Abs_NB3 a12 i11 Abs_NB4 a13 a14 a15 i12 Abs_NB5 sid0 Abs_NI0 Abs_NA0 a0 i0 Abs_NB0 a1 i1 Abs_NB1 a2 . + (m = Iknows(Nonce((ni Abs_NI0)))) + | (m = Iknows(Agent(dishonest(i0)))) + | (m = State(rA, [Agent(honest(a0)), Step(0), Agent(dishonest(i0)), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(0), Agent(honest(a1)), pk(Agent(honest(a2))), Agent(honest(a3)), inv(pk(Agent(honest(a4)))), pk(Agent(honest(a5))), SID(sid0)] )) + | (m = Iknows(Step(0))) + | (m = Iknows(pk(Agent(honest(a0))))) + | (m = Iknows(Agent(honest(a0)))) + | (m = Iknows(inv(pk(Agent(dishonest(i0)))))) + | (m = Iknows(pk(Agent(dishonest(i0))))) + | (m = Iknows(SID(sid0))) + | (m = Iknows(Agent(honest(a0)))) + | (m = State(rB, [Agent(honest(a0)), Step(0), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), SID(sid0)] )) + | (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0))))) + | (m = State(rA, [Agent(honest(a0)), Step(1), Agent(dishonest(i0)), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), pair(Agent(honest(a5)), Agent(dishonest(i1))), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(1), Agent(honest(a1)), pk(Agent(honest(a2))), Agent(honest(a3)), inv(pk(Agent(honest(a4)))), pk(Agent(honest(a5))), pair(Agent(honest(a6)), Agent(honest(a7))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Agent(dishonest(i1)), pair(Agent(dishonest(i2)), Agent(dishonest(i3))), crypt(inv(pk(Agent(honest(a2)))), pair(Agent(dishonest(i4)), pk(Agent(dishonest(i5))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Agent(dishonest(i0)), pair(Agent(dishonest(i1)), Agent(honest(a3))), crypt(inv(pk(Agent(honest(a4)))), pair(Agent(honest(a5)), pk(Agent(honest(a6))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Agent(honest(a2)), pair(Agent(honest(a3)), Agent(dishonest(i1))), crypt(inv(pk(Agent(honest(a4)))), pair(Agent(dishonest(i2)), pk(Agent(dishonest(i3))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Agent(honest(a3)), pair(Agent(honest(a4)), Agent(honest(a5))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(honest(a7)), pk(Agent(honest(a8))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a5))), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i1)))), pair(Agent(honest(a6)), Agent(dishonest(i2))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a6))), pair(Nonce((ni Abs_NI1)), Agent(honest(a7)))), pair(Agent(honest(a8)), Agent(honest(a9))), SID(sid0)] )) + | (m = Iknows(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))))) + | (m = Iknows(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0))))) + | (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1)))))) + | (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1)))))) + | (m = Secret(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(dishonest(i1)))) + | (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((na(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)))) + | (m = State(rA, [Agent(honest(a0)), Step(2), Agent(dishonest(i0)), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), pair(Agent(honest(a5)), Agent(dishonest(i1))), pk(Agent(dishonest(i2))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i5)))) Abs_NA0)), crypt(pk(Agent(dishonest(i6))), pair(Nonce((na(pair(Agent(honest(a8)), Agent(dishonest(i7)))) Abs_NA1)), Agent(honest(a9)))), SID(sid0)] )) + | (m = Secret(Nonce((na(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NA0)), Agent(honest(a2)))) + | (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNA), Nonce((na(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)))) + | (m = State(rA, [Agent(honest(a0)), Step(2), Agent(honest(a1)), pk(Agent(honest(a2))), Agent(honest(a3)), inv(pk(Agent(honest(a4)))), pk(Agent(honest(a5))), pair(Agent(honest(a6)), Agent(honest(a7))), pk(Agent(honest(a8))), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(honest(a10)), pk(Agent(honest(a11))))), Nonce((na(pair(Agent(honest(a12)), Agent(honest(a13)))) Abs_NA0)), crypt(pk(Agent(honest(a14))), pair(Nonce((na(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_NA1)), Agent(honest(a17)))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Agent(dishonest(i1)), pair(Agent(dishonest(i2)), Agent(dishonest(i3))), crypt(inv(pk(Agent(honest(a2)))), pair(Agent(dishonest(i4)), pk(Agent(dishonest(i5))))), pair(Agent(dishonest(i6)), Agent(dishonest(i7))), crypt(inv(pk(Agent(honest(a3)))), pair(Agent(dishonest(i8)), pk(Agent(dishonest(i9))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Agent(dishonest(i0)), pair(Agent(dishonest(i1)), Agent(honest(a3))), crypt(inv(pk(Agent(honest(a4)))), pair(Agent(honest(a5)), pk(Agent(honest(a6))))), pair(Agent(honest(a7)), Agent(dishonest(i2))), crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Agent(honest(a2)), pair(Agent(honest(a3)), Agent(dishonest(i1))), crypt(inv(pk(Agent(honest(a4)))), pair(Agent(dishonest(i2)), pk(Agent(dishonest(i3))))), pair(Agent(dishonest(i4)), Agent(honest(a5))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(honest(a7)), pk(Agent(honest(a8))))), SID(sid0)] )) + | (m = State(rs, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Agent(honest(a3)), pair(Agent(honest(a4)), Agent(honest(a5))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(honest(a7)), pk(Agent(honest(a8))))), pair(Agent(honest(a9)), Agent(honest(a10))), crypt(inv(pk(Agent(honest(a11)))), pair(Agent(honest(a12)), pk(Agent(honest(a13))))), SID(sid0)] )) + | (m = Secret(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(dishonest(i1)))) + | (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)))) + | (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a5))), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i1)))), pair(Agent(honest(a6)), Agent(dishonest(i2))), pk(Agent(dishonest(i3))), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i4)), pk(Agent(dishonest(i5))))), Nonce((nb(pair(Agent(honest(a8)), pair(Agent(dishonest(i6)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i7))), pair(Nonce((ni Abs_NI2)), pair(Nonce((nb(pair(Agent(honest(a9)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB1)), Agent(honest(a10))))), SID(sid0)] )) + | (m = Secret(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(honest(a1)), Step(0)))) Abs_NB0)), Agent(honest(a2)))) + | (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNB), Nonce((nb(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(0)))) Abs_NB0)))) + | (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a6))), pair(Nonce((ni Abs_NI1)), Agent(honest(a7)))), pair(Agent(honest(a8)), Agent(honest(a9))), pk(Agent(honest(a10))), crypt(inv(pk(Agent(honest(a11)))), pair(Agent(honest(a12)), pk(Agent(honest(a13))))), Nonce((nb(pair(Agent(honest(a14)), pair(Agent(honest(a15)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a16))), pair(Nonce((ni Abs_NI2)), pair(Nonce((nb(pair(Agent(honest(a17)), pair(Agent(honest(a18)), Step(0)))) Abs_NB1)), Agent(honest(a19))))), SID(sid0)] )) + | (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(honest(a2)), Step(0)))) Abs_NB0)), Agent(honest(a3))))))) + | (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), Agent(honest(a1))))))) + | (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((na(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NA0)), Agent(honest(a3)))))) + | (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0)), Agent(honest(a1)))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0))))) + | (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1)))))) + | (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1)))))) + | (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1))))) + | (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))) + | (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((na(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA0)), crypt(pk(Agent(honest(a8))), pair(Nonce((na(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NA1)), Agent(honest(a11)))), pair(Agent(honest(a12)), Agent(honest(a13))), SID(sid0)] )) + | (m = Iknows(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)))) + | (m = Iknows(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0))))) + | (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1)))))) + | (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1)))))) + | (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1))))) + | (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))) + | (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((na(pair(Agent(honest(a5)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(honest(a6))), pair(Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i2)))) Abs_NA1)), Agent(dishonest(i3)))), pair(Agent(honest(a8)), Agent(dishonest(i4))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((na(pair(Agent(honest(a6)), Agent(dishonest(i0)))) Abs_NA0)), crypt(pk(Agent(honest(a7))), pair(Nonce((na(pair(Agent(honest(a8)), Agent(dishonest(i1)))) Abs_NA1)), Agent(honest(a9)))), pair(Agent(honest(a10)), Agent(honest(a11))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((nb(pair(Agent(honest(a5)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a6))), pair(Nonce((nb(pair(Agent(honest(a7)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB1)), Agent(dishonest(i3)))), pair(Agent(honest(a8)), Agent(dishonest(i4))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((nb(pair(Agent(honest(a6)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a7))), pair(Nonce((nb(pair(Agent(honest(a8)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB1)), Agent(honest(a9)))), pair(Agent(honest(a10)), Agent(honest(a11))), SID(sid0)] )) + | (m = Secret(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(honest(a1)), Step(1)))) Abs_NB0)), Agent(honest(a2)))) + | (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNB), Nonce((nb(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(1)))) Abs_NB0)))) + | (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((na(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA0)), crypt(pk(Agent(honest(a8))), pair(Nonce((na(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NA1)), Agent(honest(a11)))), pair(Agent(honest(a12)), Agent(honest(a13))), pk(Agent(honest(a14))), crypt(inv(pk(Agent(honest(a15)))), pair(Agent(honest(a16)), pk(Agent(honest(a17))))), Nonce((nb(pair(Agent(honest(a18)), pair(Agent(honest(a19)), Step(1)))) Abs_NB0)), crypt(pk(Agent(honest(a20))), pair(Nonce((na(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a23)), pair(Agent(honest(a24)), Step(1)))) Abs_NB1)), Agent(honest(a25))))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((na(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)), SID(sid0))) + | (m = State(rA, [Agent(honest(a0)), Step(3), Agent(dishonest(i0)), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), pair(Agent(honest(a5)), Agent(dishonest(i1))), pk(Agent(dishonest(i2))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i5)))) Abs_NA0)), crypt(pk(Agent(dishonest(i6))), pair(Nonce((na(pair(Agent(honest(a8)), Agent(dishonest(i7)))) Abs_NA1)), Agent(honest(a9)))), Nonce((na(pair(Agent(honest(a10)), Agent(dishonest(i8)))) Abs_NA2)), crypt(pk(Agent(honest(a11))), pair(Nonce((na(pair(Agent(honest(a12)), Agent(dishonest(i9)))) Abs_NA3)), pair(Nonce((na(pair(Agent(honest(a13)), Agent(dishonest(i10)))) Abs_NA4)), Agent(dishonest(i11))))), crypt(pk(Agent(dishonest(i12))), Nonce((na(pair(Agent(honest(a14)), Agent(dishonest(i13)))) Abs_NA5))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), SID(sid0))) + | (m = State(rA, [Agent(honest(a0)), Step(3), Agent(dishonest(i0)), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), pair(Agent(honest(a5)), Agent(dishonest(i1))), pk(Agent(dishonest(i2))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i5)))) Abs_NA0)), crypt(pk(Agent(dishonest(i6))), pair(Nonce((na(pair(Agent(honest(a8)), Agent(dishonest(i7)))) Abs_NA1)), Agent(honest(a9)))), Nonce((nb(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a11))), pair(Nonce((na(pair(Agent(honest(a12)), Agent(dishonest(i9)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a13)), pair(Agent(dishonest(i10)), Step(0)))) Abs_NB1)), Agent(dishonest(i11))))), crypt(pk(Agent(dishonest(i12))), Nonce((nb(pair(Agent(honest(a14)), pair(Agent(dishonest(i13)), Step(0)))) Abs_NB2))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((ni Abs_NI0)), SID(sid0))) + | (m = State(rA, [Agent(honest(a0)), Step(3), Agent(dishonest(i0)), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), pair(Agent(honest(a5)), Agent(dishonest(i1))), pk(Agent(dishonest(i2))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i5)))) Abs_NA0)), crypt(pk(Agent(dishonest(i6))), pair(Nonce((na(pair(Agent(honest(a8)), Agent(dishonest(i7)))) Abs_NA1)), Agent(honest(a9)))), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a10))), pair(Nonce((na(pair(Agent(honest(a11)), Agent(dishonest(i8)))) Abs_NA2)), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i9))))), crypt(pk(Agent(dishonest(i10))), Nonce((ni Abs_NI2))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((ni Abs_NI0)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(3), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a5))), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i1)))), pair(Agent(honest(a6)), Agent(dishonest(i2))), pk(Agent(dishonest(i3))), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i4)), pk(Agent(dishonest(i5))))), Nonce((nb(pair(Agent(honest(a8)), pair(Agent(dishonest(i6)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i7))), pair(Nonce((ni Abs_NI2)), pair(Nonce((nb(pair(Agent(honest(a9)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB1)), Agent(honest(a10))))), crypt(pk(Agent(honest(a11))), Nonce((nb(pair(Agent(honest(a12)), pair(Agent(dishonest(i9)), Step(0)))) Abs_NB2))), SID(sid0)] )) + | (m = Iknows(crypt(pk(Agent(dishonest(i0))), Nonce((ni Abs_NI0))))) + | (m = Iknows(crypt(pk(Agent(dishonest(i0))), Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0))))) + | (m = Iknows(crypt(pk(Agent(dishonest(i0))), Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0))))) + | (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((na(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NA0)), pair(Nonce((nb(pair(Agent(honest(a3)), pair(Agent(honest(a4)), Step(1)))) Abs_NB0)), Agent(honest(a5))))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0))))) + | (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1)))))) + | (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1)))))) + | (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1))))) + | (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))) + | (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))) + | (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((na(pair(Agent(honest(a5)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(honest(a6))), pair(Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i2)))) Abs_NA1)), Agent(dishonest(i3)))), pair(Agent(honest(a8)), Agent(dishonest(i4))), pk(Agent(dishonest(i5))), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i6)), pk(Agent(dishonest(i7))))), Nonce((nb(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i9))), pair(Nonce((na(pair(Agent(honest(a11)), Agent(dishonest(i10)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a12)), pair(Agent(dishonest(i11)), Step(0)))) Abs_NB1)), Agent(honest(a13))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((na(pair(Agent(honest(a6)), Agent(dishonest(i0)))) Abs_NA0)), crypt(pk(Agent(honest(a7))), pair(Nonce((na(pair(Agent(honest(a8)), Agent(dishonest(i1)))) Abs_NA1)), Agent(honest(a9)))), pair(Agent(honest(a10)), Agent(honest(a11))), pk(Agent(honest(a12))), crypt(inv(pk(Agent(honest(a13)))), pair(Agent(honest(a14)), pk(Agent(honest(a15))))), Nonce((nb(pair(Agent(honest(a16)), pair(Agent(honest(a17)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a18))), pair(Nonce((na(pair(Agent(honest(a19)), Agent(dishonest(i2)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a20)), pair(Agent(honest(a21)), Step(0)))) Abs_NB1)), Agent(honest(a22))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((nb(pair(Agent(honest(a5)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a6))), pair(Nonce((nb(pair(Agent(honest(a7)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB1)), Agent(dishonest(i3)))), pair(Agent(honest(a8)), Agent(dishonest(i4))), pk(Agent(dishonest(i5))), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i6)), pk(Agent(dishonest(i7))))), Nonce((nb(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB2)), crypt(pk(Agent(dishonest(i9))), pair(Nonce((nb(pair(Agent(honest(a11)), pair(Agent(dishonest(i10)), Step(0)))) Abs_NB3)), pair(Nonce((nb(pair(Agent(honest(a12)), pair(Agent(dishonest(i11)), Step(0)))) Abs_NB4)), Agent(honest(a13))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((nb(pair(Agent(honest(a6)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a7))), pair(Nonce((nb(pair(Agent(honest(a8)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB1)), Agent(honest(a9)))), pair(Agent(honest(a10)), Agent(honest(a11))), pk(Agent(honest(a12))), crypt(inv(pk(Agent(honest(a13)))), pair(Agent(honest(a14)), pk(Agent(honest(a15))))), Nonce((nb(pair(Agent(honest(a16)), pair(Agent(honest(a17)), Step(0)))) Abs_NB2)), crypt(pk(Agent(honest(a18))), pair(Nonce((nb(pair(Agent(honest(a19)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB3)), pair(Nonce((nb(pair(Agent(honest(a20)), pair(Agent(honest(a21)), Step(0)))) Abs_NB4)), Agent(honest(a22))))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNB), Nonce((nb(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(1)))) Abs_NB0)), SID(sid0))) + | (m = State(rA, [Agent(honest(a0)), Step(3), Agent(honest(a1)), pk(Agent(honest(a2))), Agent(honest(a3)), inv(pk(Agent(honest(a4)))), pk(Agent(honest(a5))), pair(Agent(honest(a6)), Agent(honest(a7))), pk(Agent(honest(a8))), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(honest(a10)), pk(Agent(honest(a11))))), Nonce((na(pair(Agent(honest(a12)), Agent(honest(a13)))) Abs_NA0)), crypt(pk(Agent(honest(a14))), pair(Nonce((na(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_NA1)), Agent(honest(a17)))), Nonce((nb(pair(Agent(honest(a18)), pair(Agent(honest(a19)), Step(1)))) Abs_NB0)), crypt(pk(Agent(honest(a20))), pair(Nonce((na(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a23)), pair(Agent(honest(a24)), Step(1)))) Abs_NB1)), Agent(honest(a25))))), crypt(pk(Agent(honest(a26))), Nonce((nb(pair(Agent(honest(a27)), pair(Agent(honest(a28)), Step(1)))) Abs_NB2))), SID(sid0)] )) + | (m = Iknows(crypt(pk(Agent(honest(a0))), Nonce((nb(pair(Agent(honest(a1)), pair(Agent(honest(a2)), Step(1)))) Abs_NB0))))) + | (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), pair(Nonce((nb(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(0)))) Abs_NB1)), Agent(honest(a4))))))) + | (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB1)), Agent(honest(a2))))))) + | (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((na(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_NA0)), pair(Nonce((nb(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(0)))) Abs_NB0)), Agent(honest(a4))))))) + | (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB0)), Agent(honest(a2))))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0))))) + | (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1)))))) + | (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1)))))) + | (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1))))) + | (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))) + | (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))) + | (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), Agent(honest(a2)))))) + | (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB1)), Agent(honest(a2)))))) + | (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNA), Nonce((na(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(3), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((na(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA0)), crypt(pk(Agent(honest(a8))), pair(Nonce((na(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NA1)), Agent(honest(a11)))), pair(Agent(honest(a12)), Agent(honest(a13))), pk(Agent(honest(a14))), crypt(inv(pk(Agent(honest(a15)))), pair(Agent(honest(a16)), pk(Agent(honest(a17))))), Nonce((nb(pair(Agent(honest(a18)), pair(Agent(honest(a19)), Step(1)))) Abs_NB0)), crypt(pk(Agent(honest(a20))), pair(Nonce((na(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a23)), pair(Agent(honest(a24)), Step(1)))) Abs_NB1)), Agent(honest(a25))))), crypt(pk(Agent(honest(a26))), Nonce((nb(pair(Agent(honest(a27)), pair(Agent(honest(a28)), Step(1)))) Abs_NB2))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((na(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(3), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((na(pair(Agent(honest(a5)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(honest(a6))), pair(Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i2)))) Abs_NA1)), Agent(dishonest(i3)))), pair(Agent(honest(a8)), Agent(dishonest(i4))), pk(Agent(dishonest(i5))), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i6)), pk(Agent(dishonest(i7))))), Nonce((nb(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i9))), pair(Nonce((na(pair(Agent(honest(a11)), Agent(dishonest(i10)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a12)), pair(Agent(dishonest(i11)), Step(0)))) Abs_NB1)), Agent(honest(a13))))), crypt(pk(Agent(honest(a14))), Nonce((nb(pair(Agent(honest(a15)), pair(Agent(dishonest(i12)), Step(0)))) Abs_NB2))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(3), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((nb(pair(Agent(honest(a5)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a6))), pair(Nonce((nb(pair(Agent(honest(a7)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB1)), Agent(dishonest(i3)))), pair(Agent(honest(a8)), Agent(dishonest(i4))), pk(Agent(dishonest(i5))), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i6)), pk(Agent(dishonest(i7))))), Nonce((nb(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB2)), crypt(pk(Agent(dishonest(i9))), pair(Nonce((nb(pair(Agent(honest(a11)), pair(Agent(dishonest(i10)), Step(0)))) Abs_NB3)), pair(Nonce((nb(pair(Agent(honest(a12)), pair(Agent(dishonest(i11)), Step(0)))) Abs_NB4)), Agent(honest(a13))))), crypt(pk(Agent(honest(a14))), Nonce((nb(pair(Agent(honest(a15)), pair(Agent(dishonest(i12)), Step(0)))) Abs_NB5))), SID(sid0)] )) + | (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1))))) + | (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0))))) + | (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1)))))) + | (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1)))))) + | (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1))))) + | (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))) + | (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))) + | (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), Agent(honest(a2)))))) + | (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB1)), Agent(honest(a2)))))) +)}" + + +section {* Checking Fixed-point (NSL) *} +lemma fp_attack_free: "~ (Attack m : NSL_fp)" + by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_0: "Iknows(Nonce((ni Abs_NI))) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_1: "Iknows(Agent(dishonest(i))) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_2: "State(rA, [Agent(honest(a)), Step(0), Agent(dishonest(i)), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), SID(sid)] ) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_3: "State(rA, [Agent(honest(a)), Step(0), Agent(honest(a)), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), SID(sid)] ) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_4: "Iknows(Step(0)) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_5: "Iknows(pk(Agent(honest(a)))) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_6: "Iknows(Agent(honest(a))) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_7: "Iknows(inv(pk(Agent(dishonest(i))))) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_8: "Iknows(pk(Agent(dishonest(i)))) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_9: "Iknows(SID(sid)) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_10: "Iknows(Agent(honest(a))) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_11: "State(rB, [Agent(honest(a)), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), SID(sid)] ) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_12: "State(rs, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), SID(sid)] ) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_0: "[| + Iknows(crypt(K, M)) : NSL_fp; + Iknows(inv(K)) : NSL_fp|] + ==> + (Iknows(M) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_1: "[| + Iknows(crypt(inv(K), M)) : NSL_fp; + Iknows(K) : NSL_fp|] + ==> + (Iknows(M) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_2: "[| + Iknows(scrypt(K, M)) : NSL_fp; + Iknows(K) : NSL_fp|] + ==> + (Iknows(M) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_3: "[| + Iknows(pair(M1, M2)) : NSL_fp|] + ==> + (Iknows(M1) : NSL_fp) & + (Iknows(M2) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_4: "[| + Secret(M, Agent(honest(a))) : NSL_fp; + Iknows(M) : NSL_fp|] + ==> + (Attack(pair(secrecy, M)) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_5: "[| + Request(A, B, Purpose(purposeNA), M, SID(sid)) : NSL_fp; + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_NA . + M = Nonce((na(pair(B, A)) Abs_NA)))|] + ==> + (Attack(pair(authentication, pair(A, pair(B, M)))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_6: "[| + Request(A, B, Purpose(purposeNB), M, SID(sid)) : NSL_fp; + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Arg1 Abs_NB . + M = Nonce((nb(pair(B, pair(A, Arg1))) Abs_NB)))|] + ==> + (Attack(pair(authentication, pair(A, pair(B, M)))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_7: "[| + State(rA, [Agent(A), Step(0), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), SID(sid)] ) : NSL_fp|] + ==> + (State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : NSL_fp) & + (Iknows(pair(Agent(A), Agent(B))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_8: "[| + State(rs, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), SID(sid)] ) : NSL_fp; + Iknows(Agent(A)) : NSL_fp; + Iknows(Agent(B)) : NSL_fp|] + ==> + (State(rs, [Agent(honest(a)), Step(1), inv(pk(Agent(honest(a)))), Agent(B), Agent(A), pair(Agent(A), Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B))))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_9: "[| + State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : NSL_fp; + Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B))))) : NSL_fp|] + ==> + (Secret(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B)) : NSL_fp) & + (Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA))) : NSL_fp) & + (State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_10: "[| + State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : NSL_fp; + Iknows(inv(pk(Agent(honest(a))))) : NSL_fp; + Iknows(Agent(B)) : NSL_fp; + Iknows(pk(Agent(B))) : NSL_fp|] + ==> + (Secret(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B)) : NSL_fp) & + (Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA))) : NSL_fp) & + (State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_11: "[| + State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : NSL_fp; + Iknows(inv(pk(Agent(honest(a))))) : NSL_fp; + Iknows(Agent(B)) : NSL_fp|] + ==> + (Secret(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B)) : NSL_fp) & + (Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA))) : NSL_fp) & + (State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_12: "[| + State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), SID(sid)] ) : NSL_fp; + Iknows(crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A)))) : NSL_fp|] + ==> + (State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp) & + (Iknows(pair(Agent(B), Agent(A))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_13: "[| + State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), SID(sid)] ) : NSL_fp; + Iknows(pk(Agent(B))) : NSL_fp; + Iknows(Nonce(NA)) : NSL_fp; + Iknows(Agent(A)) : NSL_fp|] + ==> + (State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp) & + (Iknows(pair(Agent(B), Agent(A))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_14: "[| + State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), SID(sid)] ) : NSL_fp; + Iknows(Agent(B)) : NSL_fp; + Iknows(Nonce(NA)) : NSL_fp; + Iknows(Agent(A)) : NSL_fp|] + ==> + (State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp) & + (Iknows(pair(Agent(B), Agent(A))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_15: "[| + State(rs, [Agent(honest(a)), Step(1), inv(pk(Agent(honest(a)))), Agent(B), Agent(A), pair(Agent(A), Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), SID(sid)] ) : NSL_fp; + Iknows(Agent(B)) : NSL_fp; + Iknows(Agent(A)) : NSL_fp|] + ==> + (State(rs, [Agent(honest(a)), Step(2), inv(pk(Agent(honest(a)))), Agent(B), Agent(A), pair(Agent(A), Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), pair(Agent(B), Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_16: "[| + State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp; + Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : NSL_fp|] + ==> + (Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)) : NSL_fp) & + (Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))) : NSL_fp) & + (State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_17: "[| + State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp; + Iknows(inv(pk(Agent(honest(a))))) : NSL_fp; + Iknows(Agent(A)) : NSL_fp; + Iknows(pk(Agent(A))) : NSL_fp|] + ==> + (Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)) : NSL_fp) & + (Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))) : NSL_fp) & + (State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_18: "[| + State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp; + Iknows(inv(pk(Agent(honest(a))))) : NSL_fp; + Iknows(Agent(A)) : NSL_fp|] + ==> + (Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)) : NSL_fp) & + (Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))) : NSL_fp) & + (State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_19: "[| + State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp; + Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : NSL_fp; + ~ ( ? A B Abs_NA . + Nonce(NA) = Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))|] + ==> + (Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)) : NSL_fp) & + (Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))) : NSL_fp) & + (State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_20: "[| + State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp; + Iknows(inv(pk(Agent(honest(a))))) : NSL_fp; + Iknows(Agent(A)) : NSL_fp; + Iknows(pk(Agent(A))) : NSL_fp; + ~ ( ? A B Abs_NA . + Nonce(NA) = Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))|] + ==> + (Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)) : NSL_fp) & + (Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))) : NSL_fp) & + (State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_21: "[| + State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp; + Iknows(inv(pk(Agent(honest(a))))) : NSL_fp; + Iknows(Agent(A)) : NSL_fp; + ~ ( ? A B Abs_NA . + Nonce(NA) = Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))|] + ==> + (Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)) : NSL_fp) & + (Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))) : NSL_fp) & + (State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_22: "[| + State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : NSL_fp; + Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B))))) : NSL_fp|] + ==> + (Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)) : NSL_fp) & + (State(rA, [Agent(A), Step(3), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_23: "[| + State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : NSL_fp; + Iknows(pk(Agent(A))) : NSL_fp; + Iknows(Nonce(NA)) : NSL_fp; + Iknows(Nonce(NB)) : NSL_fp; + Iknows(Agent(B)) : NSL_fp|] + ==> + (Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)) : NSL_fp) & + (State(rA, [Agent(A), Step(3), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_24: "[| + State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : NSL_fp; + Iknows(Agent(A)) : NSL_fp; + Iknows(Nonce(NA)) : NSL_fp; + Iknows(Nonce(NB)) : NSL_fp; + Iknows(Agent(B)) : NSL_fp|] + ==> + (Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)) : NSL_fp) & + (State(rA, [Agent(A), Step(3), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_25: "[| + State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : NSL_fp; + Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)) : NSL_fp) & + (State(rB, [Agent(B), Step(3), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_26: "[| + State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : NSL_fp; + Iknows(pk(Agent(B))) : NSL_fp; + Iknows(Nonce(NB)) : NSL_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)) : NSL_fp) & + (State(rB, [Agent(B), Step(3), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_27: "[| + State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : NSL_fp; + Iknows(Agent(B)) : NSL_fp; + Iknows(Nonce(NB)) : NSL_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)) : NSL_fp) & + (State(rB, [Agent(B), Step(3), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + + + +section {* Security Proof(s) (NSL) *} +lemma over_approx: "t : NSL ==> (set t) <= NSL_fp" + apply(rule NSL.induct, simp_all) + apply(propagate_fp, cut_tac init_0, (assumption | simp)+) + apply(propagate_fp, cut_tac init_1, (assumption | simp)+) + apply(propagate_fp, cut_tac init_2, (assumption | simp)+) + apply(propagate_fp, cut_tac init_3, (assumption | simp)+) + apply(propagate_fp, cut_tac init_4, (assumption | simp)+) + apply(propagate_fp, cut_tac init_5, (assumption | simp)+) + apply(propagate_fp, cut_tac init_6, (assumption | simp)+) + apply(propagate_fp, cut_tac init_7, (assumption | simp)+) + apply(propagate_fp, cut_tac init_8, (assumption | simp)+) + apply(propagate_fp, cut_tac init_9, (assumption | simp)+) + apply(propagate_fp, cut_tac init_10, (assumption | simp)+) + apply(propagate_fp, cut_tac init_11, (assumption | simp)+) + apply(propagate_fp, cut_tac init_12, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_0, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_1, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_2, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_3, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_4, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_5, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_6, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_7, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_8, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_9, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_10, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_11, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_12, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_13, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_14, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_15, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_16, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_17, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_18, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_19, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_20, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_21, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_22, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_23, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_24, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_25, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_26, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_27, (assumption | simp)+) +done + + + +end (* theory *) diff --git a/examples/nsl.thy b/examples/nsl.thy new file mode 100644 index 0000000..09f0873 --- /dev/null +++ b/examples/nsl.thy @@ -0,0 +1,592 @@ +header {* Analysing NSL *} +(* *********************************** + This file is automatically generated from the AnB file "AnB/nsl.AnB". + Backend: Open Source Fixedpoint Model Checker version 2009c +************************************ *) + +theory + "nsl" + imports + ofmc +begin + + + +section {* Protocol Model (NSL) *} +datatype Role = rA | rB + +datatype Purpose = purposeNA | purposeNB +datatype Agent = honest nat + | dishonest nat + +datatype Nonce = "ni" "nat" + | "absNA" "Msg" "nat" + | "absNB" "Msg" "nat" + | "NI" + | "NA" + | "NB" + and Msg = Nonce "Nonce" + | Agent "Agent" + | Purpose "Purpose" + | pair "Msg*Msg" + | scrypt "Msg*Msg" + | crypt "Msg*Msg" + | inv "Msg" + | SID "nat" + | Step "nat" + | authentication + | secrecy +(* SymKeys *) + | SymKey "Msg" +(* Functions *) + | "pk" "Msg" + + datatype Fact = Iknows Msg + | State "Role * (Msg list)" + | Secret "Msg * Msg" + | Attack "Msg" + | Witness "Msg * Msg * Msg * Msg" + | Request "Msg * Msg * Msg * Msg * Msg" + + + + +section {* Inductive Protocol Definition (NSL) *} +inductive_set + NSL::"Fact list set" +where + init_0: "[ Iknows(Nonce((ni Abs_NI)))] : NSL" + | init_1: "[ Iknows(Agent(dishonest(i)))] : NSL" + | init_2: "[ State(rA, [Agent(honest(a)), Step(0), Agent(dishonest(i)), inv(pk(Agent(honest(a)))), SID(sid)] )] : NSL" + | init_3: "[ State(rA, [Agent(honest(a)), Step(0), Agent(honest(a)), inv(pk(Agent(honest(a)))), SID(sid)] )] : NSL" + | init_4: "[ Iknows(Step(0))] : NSL" + | init_5: "[ Iknows(inv(pk(Agent(dishonest(i)))))] : NSL" + | init_6: "[ Iknows(SID(sid))] : NSL" + | init_7: "[ Iknows(Agent(honest(a)))] : NSL" + | init_8: "[ State(rB, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), SID(sid)] )] : NSL" + | rule_0: "[| t :NSL; + Iknows(crypt(K, M)) : (set t); + Iknows(inv(K)) : (set t)|] + ==> +((Iknows(M)) + #t) : NSL" + | rule_1: "[| t :NSL; + Iknows(crypt(inv(K), M)) : (set t); + Iknows(K) : (set t)|] + ==> +((Iknows(M)) + #t) : NSL" + | rule_2: "[| t :NSL; + Iknows(scrypt(K, M)) : (set t); + Iknows(K) : (set t)|] + ==> +((Iknows(M)) + #t) : NSL" + | rule_3: "[| t :NSL; + Iknows(pair(M1, M2)) : (set t)|] + ==> +((Iknows(M1)) + #(Iknows(M2)) + #t) : NSL" + | rule_4: "[| t :NSL; + Secret(M, Agent(honest(a))) : (set t); + Iknows(M) : (set t)|] + ==> +((Attack(pair(secrecy, M))) + #t) : NSL" + | rule_5: "[| t :NSL; + Request(A, B, Purpose(purposeNA), M, SID(sid)) : (set t); + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_NA . + M = Nonce((absNA(pair(B, A)) Abs_NA)))|] + ==> +((Attack(pair(authentication, pair(A, pair(B, M))))) + #t) : NSL" + | rule_6: "[| t :NSL; + Request(A, B, Purpose(purposeNB), M, SID(sid)) : (set t); + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Arg1 Abs_NB . + M = Nonce((absNB(pair(B, pair(A, Arg1))) Abs_NB)))|] + ==> +((Attack(pair(authentication, pair(A, pair(B, M))))) + #t) : NSL" + | rule_7: "[| t :NSL; + State(rA, [Agent(A), Step(0), Agent(B), inv(pk(Agent(A))), SID(sid)] ) : (set t)|] + ==> +((Secret(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B))) + #(Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)))) + #(State(rA, [Agent(A), Step(1), Agent(B), inv(pk(Agent(A))), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))))) + #t) : NSL" + | rule_8: "[| t :NSL; + State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : (set t); + Iknows(crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))) : (set t)|] + ==> +((Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A))) + #(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)))) + #(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))))) + #t) : NSL" + | rule_9: "[| t :NSL; + State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : (set t); + Iknows(pk(Agent(B))) : (set t); + Iknows(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA))) : (set t); + Iknows(Agent(A)) : (set t)|] + ==> +((Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A))) + #(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)))) + #(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))))) + #t) : NSL" + | rule_10: "[| t :NSL; + State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : (set t); + Iknows(Agent(B)) : (set t); + Iknows(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA))) : (set t); + Iknows(Agent(A)) : (set t)|] + ==> +((Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A))) + #(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)))) + #(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))))) + #t) : NSL" + | rule_11: "[| t :NSL; + State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : (set t); + Iknows(crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A)))) : (set t); + ~ ( ? A B Abs_NA . + Nonce(NA) = Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)))|] + ==> +((Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A))) + #(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)))) + #(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))))) + #t) : NSL" + | rule_12: "[| t :NSL; + State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : (set t); + Iknows(pk(Agent(B))) : (set t); + Iknows(Nonce(NA)) : (set t); + Iknows(Agent(A)) : (set t); + ~ ( ? A B Abs_NA . + Nonce(NA) = Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)))|] + ==> +((Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A))) + #(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)))) + #(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))))) + #t) : NSL" + | rule_13: "[| t :NSL; + State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : (set t); + Iknows(Agent(B)) : (set t); + Iknows(Nonce(NA)) : (set t); + Iknows(Agent(A)) : (set t); + ~ ( ? A B Abs_NA . + Nonce(NA) = Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)))|] + ==> +((Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A))) + #(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)))) + #(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] )) + #(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))))) + #t) : NSL" + | rule_14: "[| t :NSL; + State(rA, [Agent(A), Step(1), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : (set t); + Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B))))) : (set t)|] + ==> +((Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid))) + #(State(rA, [Agent(A), Step(2), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] )) + #(Iknows(crypt(pk(Agent(B)), Nonce(NB)))) + #t) : NSL" + | rule_15: "[| t :NSL; + State(rA, [Agent(A), Step(1), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : (set t); + Iknows(pk(Agent(A))) : (set t); + Iknows(Nonce(NA)) : (set t); + Iknows(Nonce(NB)) : (set t); + Iknows(Agent(B)) : (set t)|] + ==> +((Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid))) + #(State(rA, [Agent(A), Step(2), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] )) + #(Iknows(crypt(pk(Agent(B)), Nonce(NB)))) + #t) : NSL" + | rule_16: "[| t :NSL; + State(rA, [Agent(A), Step(1), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : (set t); + Iknows(Agent(A)) : (set t); + Iknows(Nonce(NA)) : (set t); + Iknows(Nonce(NB)) : (set t); + Iknows(Agent(B)) : (set t)|] + ==> +((Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid))) + #(State(rA, [Agent(A), Step(2), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] )) + #(Iknows(crypt(pk(Agent(B)), Nonce(NB)))) + #t) : NSL" + | rule_17: "[| t :NSL; + State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t); + Iknows(crypt(pk(Agent(B)), Nonce(NB))) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid))) + #(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] )) + #t) : NSL" + | rule_18: "[| t :NSL; + State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t); + Iknows(pk(Agent(B))) : (set t); + Iknows(Nonce(NB)) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid))) + #(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] )) + #t) : NSL" + | rule_19: "[| t :NSL; + State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t); + Iknows(Agent(B)) : (set t); + Iknows(Nonce(NB)) : (set t)|] + ==> +((Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid))) + #(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] )) + #t) : NSL" + + +section {* Fixed-point Definition (NSL) *} +constdefs NSL_fp::"Fact set""NSL_fp == {m. ( ? Abs_NA3 Abs_NA4 Abs_NA5 i9 Abs_NI1 Abs_NI2 a11 a12 a13 a14 a15 a16 a17 a18 a19 Abs_NA1 Abs_NA2 a3 a4 i2 i3 a5 i4 Abs_NB2 i5 a6 i6 Abs_NB3 a7 i7 Abs_NB4 a8 a9 a10 i8 Abs_NB5 sid0 Abs_NI0 Abs_NA0 a0 i0 Abs_NB0 a1 i1 Abs_NB1 a2 . + (m = Iknows(Nonce((ni Abs_NI0)))) + | (m = Iknows(Agent(dishonest(i0)))) + | (m = State(rA, [Agent(honest(a0)), Step(0), Agent(dishonest(i0)), inv(pk(Agent(honest(a1)))), SID(sid0)] )) + | (m = State(rA, [Agent(honest(a0)), Step(0), Agent(honest(a1)), inv(pk(Agent(honest(a2)))), SID(sid0)] )) + | (m = Iknows(Step(0))) + | (m = Iknows(inv(pk(Agent(dishonest(i0)))))) + | (m = Iknows(SID(sid0))) + | (m = Iknows(Agent(honest(a0)))) + | (m = State(rB, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), SID(sid0)] )) + | (m = Secret(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(dishonest(i1)))) + | (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)))) + | (m = State(rA, [Agent(honest(a0)), Step(1), Agent(dishonest(i0)), inv(pk(Agent(honest(a1)))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(dishonest(i2))), pair(Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_NA1)), Agent(honest(a4)))), SID(sid0)] )) + | (m = Secret(Nonce((absNA(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NA0)), Agent(honest(a2)))) + | (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNA), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)))) + | (m = State(rA, [Agent(honest(a0)), Step(1), Agent(honest(a1)), inv(pk(Agent(honest(a2)))), Nonce((absNA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_NA0)), crypt(pk(Agent(honest(a5))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA1)), Agent(honest(a8)))), SID(sid0)] )) + | (m = Secret(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(dishonest(i1)))) + | (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)))) + | (m = State(rB, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a2))), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i1)))), Nonce((absNB(pair(Agent(honest(a3)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i3))), pair(Nonce((ni Abs_NI2)), pair(Nonce((absNB(pair(Agent(honest(a4)), pair(Agent(dishonest(i4)), Step(0)))) Abs_NB1)), Agent(honest(a5))))), SID(sid0)] )) + | (m = Secret(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(honest(a1)), Step(0)))) Abs_NB0)), Agent(honest(a2)))) + | (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNB), Nonce((absNB(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(0)))) Abs_NB0)))) + | (m = State(rB, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a3))), pair(Nonce((ni Abs_NI1)), Agent(honest(a4)))), Nonce((absNB(pair(Agent(honest(a5)), pair(Agent(honest(a6)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a7))), pair(Nonce((ni Abs_NI2)), pair(Nonce((absNB(pair(Agent(honest(a8)), pair(Agent(honest(a9)), Step(0)))) Abs_NB1)), Agent(honest(a10))))), SID(sid0)] )) + | (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((ni Abs_NI0)), pair(Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(honest(a2)), Step(0)))) Abs_NB0)), Agent(honest(a3))))))) + | (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((ni Abs_NI0)), pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), Agent(honest(a1))))))) + | (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NA0)), Agent(honest(a3)))))) + | (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0)), Agent(honest(a1)))))) + | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1))))) + | (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))) + | (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))) + | (m = Secret(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(honest(a1)), Step(1)))) Abs_NB0)), Agent(honest(a2)))) + | (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNB), Nonce((absNB(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(1)))) Abs_NB0)))) + | (m = State(rB, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Nonce((absNA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_NA0)), crypt(pk(Agent(honest(a5))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA1)), Agent(honest(a8)))), Nonce((absNB(pair(Agent(honest(a9)), pair(Agent(honest(a10)), Step(1)))) Abs_NB0)), crypt(pk(Agent(honest(a11))), pair(Nonce((absNA(pair(Agent(honest(a12)), Agent(honest(a13)))) Abs_NA2)), pair(Nonce((absNB(pair(Agent(honest(a14)), pair(Agent(honest(a15)), Step(1)))) Abs_NB1)), Agent(honest(a16))))), SID(sid0)] )) + | (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NA0)), pair(Nonce((absNB(pair(Agent(honest(a3)), pair(Agent(honest(a4)), Step(1)))) Abs_NB0)), Agent(honest(a5))))))) + | (m = Iknows(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)))) + | (m = Iknows(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)))) + | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1))))) + | (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))) + | (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))) + | (m = State(rB, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(honest(a3))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_NA1)), Agent(dishonest(i3)))), Nonce((absNB(pair(Agent(honest(a5)), pair(Agent(dishonest(i4)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i5))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(dishonest(i6)))) Abs_NA2)), pair(Nonce((absNB(pair(Agent(honest(a7)), pair(Agent(dishonest(i7)), Step(0)))) Abs_NB1)), Agent(honest(a8))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i0)))) Abs_NA0)), crypt(pk(Agent(honest(a4))), pair(Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i1)))) Abs_NA1)), Agent(honest(a6)))), Nonce((absNB(pair(Agent(honest(a7)), pair(Agent(honest(a8)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a9))), pair(Nonce((absNA(pair(Agent(honest(a10)), Agent(dishonest(i2)))) Abs_NA2)), pair(Nonce((absNB(pair(Agent(honest(a11)), pair(Agent(honest(a12)), Step(0)))) Abs_NB1)), Agent(honest(a13))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Nonce((absNB(pair(Agent(honest(a2)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a3))), pair(Nonce((absNB(pair(Agent(honest(a4)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB1)), Agent(dishonest(i3)))), Nonce((absNB(pair(Agent(honest(a5)), pair(Agent(dishonest(i4)), Step(0)))) Abs_NB2)), crypt(pk(Agent(dishonest(i5))), pair(Nonce((absNB(pair(Agent(honest(a6)), pair(Agent(dishonest(i6)), Step(0)))) Abs_NB3)), pair(Nonce((absNB(pair(Agent(honest(a7)), pair(Agent(dishonest(i7)), Step(0)))) Abs_NB4)), Agent(honest(a8))))), SID(sid0)] )) + | (m = State(rB, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Nonce((absNB(pair(Agent(honest(a3)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a4))), pair(Nonce((absNB(pair(Agent(honest(a5)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB1)), Agent(honest(a6)))), Nonce((absNB(pair(Agent(honest(a7)), pair(Agent(honest(a8)), Step(0)))) Abs_NB2)), crypt(pk(Agent(honest(a9))), pair(Nonce((absNB(pair(Agent(honest(a10)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB3)), pair(Nonce((absNB(pair(Agent(honest(a11)), pair(Agent(honest(a12)), Step(0)))) Abs_NB4)), Agent(honest(a13))))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNB), Nonce((absNB(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(1)))) Abs_NB0)), SID(sid0))) + | (m = State(rA, [Agent(honest(a0)), Step(2), Agent(honest(a1)), inv(pk(Agent(honest(a2)))), Nonce((absNA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_NA0)), crypt(pk(Agent(honest(a5))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA1)), Agent(honest(a8)))), Nonce((absNB(pair(Agent(honest(a9)), pair(Agent(honest(a10)), Step(1)))) Abs_NB0)), crypt(pk(Agent(honest(a11))), pair(Nonce((absNA(pair(Agent(honest(a12)), Agent(honest(a13)))) Abs_NA2)), pair(Nonce((absNB(pair(Agent(honest(a14)), pair(Agent(honest(a15)), Step(1)))) Abs_NB1)), Agent(honest(a16))))), crypt(pk(Agent(honest(a17))), Nonce((absNB(pair(Agent(honest(a18)), pair(Agent(honest(a19)), Step(1)))) Abs_NB2))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)), SID(sid0))) + | (m = State(rA, [Agent(honest(a0)), Step(2), Agent(dishonest(i0)), inv(pk(Agent(honest(a1)))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(dishonest(i2))), pair(Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_NA1)), Agent(honest(a4)))), Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i4)))) Abs_NA2)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i5)))) Abs_NA3)), pair(Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i6)))) Abs_NA4)), Agent(dishonest(i7))))), crypt(pk(Agent(dishonest(i8))), Nonce((absNA(pair(Agent(honest(a9)), Agent(dishonest(i9)))) Abs_NA5))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), SID(sid0))) + | (m = State(rA, [Agent(honest(a0)), Step(2), Agent(dishonest(i0)), inv(pk(Agent(honest(a1)))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(dishonest(i2))), pair(Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_NA1)), Agent(honest(a4)))), Nonce((absNB(pair(Agent(honest(a5)), pair(Agent(dishonest(i4)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i5)))) Abs_NA2)), pair(Nonce((absNB(pair(Agent(honest(a8)), pair(Agent(dishonest(i6)), Step(0)))) Abs_NB1)), Agent(dishonest(i7))))), crypt(pk(Agent(dishonest(i8))), Nonce((absNB(pair(Agent(honest(a9)), pair(Agent(dishonest(i9)), Step(0)))) Abs_NB2))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((ni Abs_NI0)), SID(sid0))) + | (m = State(rA, [Agent(honest(a0)), Step(2), Agent(dishonest(i0)), inv(pk(Agent(honest(a1)))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(dishonest(i2))), pair(Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_NA1)), Agent(honest(a4)))), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a5))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(dishonest(i4)))) Abs_NA2)), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i5))))), crypt(pk(Agent(dishonest(i6))), Nonce((ni Abs_NI2))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((ni Abs_NI0)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a2))), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i1)))), Nonce((absNB(pair(Agent(honest(a3)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i3))), pair(Nonce((ni Abs_NI2)), pair(Nonce((absNB(pair(Agent(honest(a4)), pair(Agent(dishonest(i4)), Step(0)))) Abs_NB1)), Agent(honest(a5))))), crypt(pk(Agent(honest(a6))), Nonce((absNB(pair(Agent(honest(a7)), pair(Agent(dishonest(i5)), Step(0)))) Abs_NB2))), SID(sid0)] )) + | (m = Iknows(crypt(pk(Agent(dishonest(i0))), Nonce((ni Abs_NI0))))) + | (m = Iknows(crypt(pk(Agent(dishonest(i0))), Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0))))) + | (m = Iknows(crypt(pk(Agent(dishonest(i0))), Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0))))) + | (m = Iknows(crypt(pk(Agent(honest(a0))), Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(honest(a2)), Step(1)))) Abs_NB0))))) + | (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), pair(Nonce((absNB(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(0)))) Abs_NB1)), Agent(honest(a4))))))) + | (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), pair(Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB1)), Agent(honest(a2))))))) + | (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_NA0)), pair(Nonce((absNB(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(0)))) Abs_NB0)), Agent(honest(a4))))))) + | (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0)), pair(Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB0)), Agent(honest(a2))))))) + | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1))))) + | (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))) + | (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))) + | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), Agent(honest(a2)))))) + | (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), pair(Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB1)), Agent(honest(a2)))))) + | (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNA), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Nonce((absNA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_NA0)), crypt(pk(Agent(honest(a5))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA1)), Agent(honest(a8)))), Nonce((absNB(pair(Agent(honest(a9)), pair(Agent(honest(a10)), Step(1)))) Abs_NB0)), crypt(pk(Agent(honest(a11))), pair(Nonce((absNA(pair(Agent(honest(a12)), Agent(honest(a13)))) Abs_NA2)), pair(Nonce((absNB(pair(Agent(honest(a14)), pair(Agent(honest(a15)), Step(1)))) Abs_NB1)), Agent(honest(a16))))), crypt(pk(Agent(honest(a17))), Nonce((absNB(pair(Agent(honest(a18)), pair(Agent(honest(a19)), Step(1)))) Abs_NB2))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(honest(a3))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_NA1)), Agent(dishonest(i3)))), Nonce((absNB(pair(Agent(honest(a5)), pair(Agent(dishonest(i4)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i5))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(dishonest(i6)))) Abs_NA2)), pair(Nonce((absNB(pair(Agent(honest(a7)), pair(Agent(dishonest(i7)), Step(0)))) Abs_NB1)), Agent(honest(a8))))), crypt(pk(Agent(honest(a9))), Nonce((absNB(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB2))), SID(sid0)] )) + | (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), SID(sid0))) + | (m = State(rB, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Nonce((absNB(pair(Agent(honest(a2)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a3))), pair(Nonce((absNB(pair(Agent(honest(a4)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB1)), Agent(dishonest(i3)))), Nonce((absNB(pair(Agent(honest(a5)), pair(Agent(dishonest(i4)), Step(0)))) Abs_NB2)), crypt(pk(Agent(dishonest(i5))), pair(Nonce((absNB(pair(Agent(honest(a6)), pair(Agent(dishonest(i6)), Step(0)))) Abs_NB3)), pair(Nonce((absNB(pair(Agent(honest(a7)), pair(Agent(dishonest(i7)), Step(0)))) Abs_NB4)), Agent(honest(a8))))), crypt(pk(Agent(honest(a9))), Nonce((absNB(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB5))), SID(sid0)] )) + | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1))))) + | (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))) + | (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))) + | (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), Agent(honest(a2)))))) + | (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), pair(Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB1)), Agent(honest(a2)))))) +)}" + + +section {* Checking Fixed-point (NSL) *} +lemma fp_attack_free: "~ (Attack m : NSL_fp)" + by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_0: "Iknows(Nonce((ni Abs_NI))) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_1: "Iknows(Agent(dishonest(i))) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_2: "State(rA, [Agent(honest(a)), Step(0), Agent(dishonest(i)), inv(pk(Agent(honest(a)))), SID(sid)] ) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_3: "State(rA, [Agent(honest(a)), Step(0), Agent(honest(a)), inv(pk(Agent(honest(a)))), SID(sid)] ) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_4: "Iknows(Step(0)) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_5: "Iknows(inv(pk(Agent(dishonest(i))))) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_6: "Iknows(SID(sid)) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_7: "Iknows(Agent(honest(a))) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma init_8: "State(rB, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), SID(sid)] ) : NSL_fp" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_0: "[| + Iknows(crypt(K, M)) : NSL_fp; + Iknows(inv(K)) : NSL_fp|] + ==> + (Iknows(M) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_1: "[| + Iknows(crypt(inv(K), M)) : NSL_fp; + Iknows(K) : NSL_fp|] + ==> + (Iknows(M) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_2: "[| + Iknows(scrypt(K, M)) : NSL_fp; + Iknows(K) : NSL_fp|] + ==> + (Iknows(M) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_3: "[| + Iknows(pair(M1, M2)) : NSL_fp|] + ==> + (Iknows(M1) : NSL_fp) & + (Iknows(M2) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_4: "[| + Secret(M, Agent(honest(a))) : NSL_fp; + Iknows(M) : NSL_fp|] + ==> + (Attack(pair(secrecy, M)) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_5: "[| + Request(A, B, Purpose(purposeNA), M, SID(sid)) : NSL_fp; + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Abs_NA . + M = Nonce((absNA(pair(B, A)) Abs_NA)))|] + ==> + (Attack(pair(authentication, pair(A, pair(B, M)))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_6: "[| + Request(A, B, Purpose(purposeNB), M, SID(sid)) : NSL_fp; + ~ ( ? i . + B = Agent(dishonest(i))); + ~ ( ? B A Arg1 Abs_NB . + M = Nonce((absNB(pair(B, pair(A, Arg1))) Abs_NB)))|] + ==> + (Attack(pair(authentication, pair(A, pair(B, M)))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_7: "[| + State(rA, [Agent(A), Step(0), Agent(B), inv(pk(Agent(A))), SID(sid)] ) : NSL_fp|] + ==> + (Secret(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B)) : NSL_fp) & + (Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA))) : NSL_fp) & + (State(rA, [Agent(A), Step(1), Agent(B), inv(pk(Agent(A))), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_8: "[| + State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : NSL_fp; + Iknows(crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))) : NSL_fp|] + ==> + (Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)) : NSL_fp) & + (Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))) : NSL_fp) & + (State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_9: "[| + State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : NSL_fp; + Iknows(pk(Agent(B))) : NSL_fp; + Iknows(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA))) : NSL_fp; + Iknows(Agent(A)) : NSL_fp|] + ==> + (Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)) : NSL_fp) & + (Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))) : NSL_fp) & + (State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_10: "[| + State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : NSL_fp; + Iknows(Agent(B)) : NSL_fp; + Iknows(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA))) : NSL_fp; + Iknows(Agent(A)) : NSL_fp|] + ==> + (Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)) : NSL_fp) & + (Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))) : NSL_fp) & + (State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_11: "[| + State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : NSL_fp; + Iknows(crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A)))) : NSL_fp; + ~ ( ? A B Abs_NA . + Nonce(NA) = Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)))|] + ==> + (Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)) : NSL_fp) & + (Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))) : NSL_fp) & + (State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_12: "[| + State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : NSL_fp; + Iknows(pk(Agent(B))) : NSL_fp; + Iknows(Nonce(NA)) : NSL_fp; + Iknows(Agent(A)) : NSL_fp; + ~ ( ? A B Abs_NA . + Nonce(NA) = Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)))|] + ==> + (Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)) : NSL_fp) & + (Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))) : NSL_fp) & + (State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_13: "[| + State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : NSL_fp; + Iknows(Agent(B)) : NSL_fp; + Iknows(Nonce(NA)) : NSL_fp; + Iknows(Agent(A)) : NSL_fp; + ~ ( ? A B Abs_NA . + Nonce(NA) = Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)))|] + ==> + (Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)) : NSL_fp) & + (Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))) : NSL_fp) & + (State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_14: "[| + State(rA, [Agent(A), Step(1), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : NSL_fp; + Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B))))) : NSL_fp|] + ==> + (Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)) : NSL_fp) & + (State(rA, [Agent(A), Step(2), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_15: "[| + State(rA, [Agent(A), Step(1), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : NSL_fp; + Iknows(pk(Agent(A))) : NSL_fp; + Iknows(Nonce(NA)) : NSL_fp; + Iknows(Nonce(NB)) : NSL_fp; + Iknows(Agent(B)) : NSL_fp|] + ==> + (Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)) : NSL_fp) & + (State(rA, [Agent(A), Step(2), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_16: "[| + State(rA, [Agent(A), Step(1), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : NSL_fp; + Iknows(Agent(A)) : NSL_fp; + Iknows(Nonce(NA)) : NSL_fp; + Iknows(Nonce(NB)) : NSL_fp; + Iknows(Agent(B)) : NSL_fp|] + ==> + (Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)) : NSL_fp) & + (State(rA, [Agent(A), Step(2), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp) & + (Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_17: "[| + State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : NSL_fp; + Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)) : NSL_fp) & + (State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_18: "[| + State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : NSL_fp; + Iknows(pk(Agent(B))) : NSL_fp; + Iknows(Nonce(NB)) : NSL_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)) : NSL_fp) & + (State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + +lemma rule_19: "[| + State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : NSL_fp; + Iknows(Agent(B)) : NSL_fp; + Iknows(Nonce(NB)) : NSL_fp|] + ==> + (Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)) : NSL_fp) & + (State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp)" +by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+ + + + +section {* Security Proof(s) (NSL) *} +lemma over_approx: "t : NSL ==> (set t) <= NSL_fp" + apply(rule NSL.induct, simp_all) + apply(propagate_fp, cut_tac init_0, (assumption | simp)+) + apply(propagate_fp, cut_tac init_1, (assumption | simp)+) + apply(propagate_fp, cut_tac init_2, (assumption | simp)+) + apply(propagate_fp, cut_tac init_3, (assumption | simp)+) + apply(propagate_fp, cut_tac init_4, (assumption | simp)+) + apply(propagate_fp, cut_tac init_5, (assumption | simp)+) + apply(propagate_fp, cut_tac init_6, (assumption | simp)+) + apply(propagate_fp, cut_tac init_7, (assumption | simp)+) + apply(propagate_fp, cut_tac init_8, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_0, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_1, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_2, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_3, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_4, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_5, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_6, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_7, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_8, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_9, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_10, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_11, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_12, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_13, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_14, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_15, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_16, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_17, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_18, (assumption | simp)+) + apply(propagate_fp, cut_tac rule_19, (assumption | simp)+) +done + + + +end (* theory *) diff --git a/src/IsaMakefile b/src/IsaMakefile new file mode 100644 index 0000000..e545032 --- /dev/null +++ b/src/IsaMakefile @@ -0,0 +1,95 @@ +############################################################################# +# Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL +# +# IsaMakefile --- main build setup for Isabelle-OFMC +# This file is part of Isabelle-OFMC. +# +# Copyright (c) 2009 Achim D. Brucker, Germany +# +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# +# * Neither the name of the copyright holders nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +############################################################################## +# $Id: IsaMakefile 935 2009-11-02 00:02:50Z brucker $ + +# determine current source version: +nullstring:= +space := $(nullstring) # +# +REVISION := $(shell svnversion .) +VER_MAIJOR=0 +VER_MINOR=0 +VER_MICRO=0 +VER_TAG=$(space)(dev build: $(REVISION)) + +CONFIG_SED_SCRIPT='s//$(COLLECTIONTYPE)/;\ + s//$(UNIVERSE)/;\ + s//$(VER_MAIJOR)/;s//$(VER_MINOR)/;\ + s//$(VER_MICRO)/;s//${VER_TAG}/;\ + s//$(XMI_SUPPORT)/;\ + s//$(REVISION)/' + +## global settings +# make internal configuration +.PHONY: config.sml + +ECHO=echo +RM=rm +MV=mv +SED=sed +MLTON=mlton + +## targets +HEAP=ofmc +SRC = $(ISABELLE_HOME)/src +OUT = $(ISABELLE_OUTPUT) +LOG = $(OUT)/log + +USEDIR = $(ISATOOL) usedir -b -g true -v true -i true -d pdf -D generated +USEDIR = $(ISATOOL) usedir -b + +$(LOG)/$(HEAP).gz: config.sml ROOT.ML *.thy *.ML ../bin/anb2thy + @(test -e generated && find generated -name .svn -type d -print0 | xargs -0 /bin/rm -fr || true) + @$(RM) -rf $(ISABELLE_BROWSER_INFO)/HOL/HOL/$(HEAP)/document + @($(USEDIR) HOL $(HEAP) \ + || \ + ($(ECHO) -e "\033[1;31;40m";\ + $(ECHO) -e "\a *************************************************" ;\ + $(ECHO) -e "\a ****************** BUILD FAILED ***************" ;\ + $(ECHO) -e "\a *************************************************" ;\ + $(ECHO) -e "\033[1;37;40m\033[0;37;0m")\ + || true) + +config.sml: + @$(RM) -rf config.sml + @$(SED) -e $(CONFIG_SED_SCRIPT) config.sml.in > config.sml + +../bin/anb2thy: encoder/*.sml + $(MLTON) encoder/anb2thy.cm + $(MV) encoder/anb2thy ../bin diff --git a/src/ROOT.ML b/src/ROOT.ML new file mode 100644 index 0000000..586e84d --- /dev/null +++ b/src/ROOT.ML @@ -0,0 +1,75 @@ +(***************************************************************************** + * Isabelle/OFMC --- connecting OFMC and Isabelle/HOL + * + * ROOT.ML --- main file for Isabelle-OFMC. + * This file is part of Isabelle-OFMC. + * + * Copyright (c) 2009 Achim D. Brucker, Germany + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * * Neither the name of the copyright holders nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************) +(* $Id: ROOT.ML 935 2009-11-02 00:02:50Z brucker $ *) + +use "config.sml"; + +OS.FileSys.chDir "encoder"; +use "root.sml"; +OS.FileSys.chDir ".."; + +use "config.sml"; + +val isabelle_version = Distribution.version +val ofmc_version = Int.toString(ofmc_ver_major)^"."^Int.toString(ofmc_ver_minor)^"." + ^Int.toString(ofmc_ver_micro)^ofmc_ver_tag +val version = "Isabelle/ofmc "^ofmc_version^", based on "^isabelle_version; + +fun infostr _ = ( + ("\n")^ + (" Isabelle/ofmc "^ofmc_version^" \n")^ + (" connecting OFMC and Isabelle/HOL \n")^ + (" Copyright (c) 2009 Achim D. Brucker \n")^ + (" \n")^ + (" Configuration: \n")^ + (" - ofmc binary: "^(ofmc_connector.ofmc_home()^ofmc_connector.ofmc)^"\n" )^ + (" - Isabelle: "^(isabelle_version)^"\n" )^ + (" - ML-system: "^(ml_system)^"\n" )); + +fun info () = writeln (infostr()); + +use_thy "ofmc"; + + + + +val welcome = Toplevel.imperative (info); +val welcomeP = + OuterSyntax.improper_command "welcome" "print welcome message" OuterKeyword.diag + (Scan.succeed (Toplevel.no_timing o welcome)); diff --git a/src/config.sml b/src/config.sml new file mode 100644 index 0000000..12ea764 --- /dev/null +++ b/src/config.sml @@ -0,0 +1,82 @@ +(***************************************************************************** + * Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL + * + * config.sml.in --- main configuration file for Isabelle-OFMC + * This file is part of Isabelle-OFMC. + * + * Copyright (c) 2009 Achim D. Brucker, Germany + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * * Neither the name of the copyright holders nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************) +(* $Id: config.sml.in 349 2009-01-16 19:17:39Z brucker $ *) + + + +structure config = +struct + val ofmc_id = "$Id: config.sml.in 349 2009-01-16 19:17:39Z brucker $" +end; + + + +(** Major version number. + * + * Modify when incompatible changes are made to published interfaces. + *) +val ofmc_ver_major = 0 + +(* Minor version number. + * + * Modify when new functionality is added or new interfaces are + * defined, but all changes are backward compatible. + *) +val ofmc_ver_minor = 0 + +(** Patch number. + * + * Modify for every released patch. + *) +val ofmc_ver_micro= 0 + + +(** Version tag: a string describing the version. + * + * This tag remains " (dev build)" in the repository so that we can + * always see from "version()" that the software has been built + * from the repository rather than a "blessed" distribution. + * + * When rolling a tarball, we automatically replace this text with "" + * for final releases; in prereleases, it becomes " (Alpha)", + * " (Beta 1)", etc., as appropriate. + * + *) +val ofmc_ver_tag = " (dev build: 929:933M)" + diff --git a/src/config.sml.in b/src/config.sml.in new file mode 100644 index 0000000..0705196 --- /dev/null +++ b/src/config.sml.in @@ -0,0 +1,82 @@ +(***************************************************************************** + * Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL + * + * config.sml.in --- main configuration file for Isabelle-OFMC + * This file is part of Isabelle-OFMC. + * + * Copyright (c) 2009 Achim D. Brucker, Germany + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * * Neither the name of the copyright holders nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************) +(* $Id: config.sml.in 349 2009-01-16 19:17:39Z brucker $ *) + + + +structure config = +struct + val ofmc_id = "$Id: config.sml.in 349 2009-01-16 19:17:39Z brucker $" +end; + + + +(** Major version number. + * + * Modify when incompatible changes are made to published interfaces. + *) +val ofmc_ver_major = + +(* Minor version number. + * + * Modify when new functionality is added or new interfaces are + * defined, but all changes are backward compatible. + *) +val ofmc_ver_minor = + +(** Patch number. + * + * Modify for every released patch. + *) +val ofmc_ver_micro= + + +(** Version tag: a string describing the version. + * + * This tag remains " (dev build)" in the repository so that we can + * always see from "version()" that the software has been built + * from the repository rather than a "blessed" distribution. + * + * When rolling a tarball, we automatically replace this text with "" + * for final releases; in prereleases, it becomes " (Alpha)", + * " (Beta 1)", etc., as appropriate. + * + *) +val ofmc_ver_tag = "" + diff --git a/src/encoder/anb2thy.cm b/src/encoder/anb2thy.cm new file mode 100644 index 0000000..83141bf --- /dev/null +++ b/src/encoder/anb2thy.cm @@ -0,0 +1,68 @@ +(***************************************************************************** + * Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL + * + * encoder.cm --- + * This file is part of Isabelle-OFMC. + * + * Copyright (c) 2009 Achim D. Brucker, Germany + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * * Neither the name of the copyright holders nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************) +(* $Id: anb2thy.cm 870 2009-10-30 11:05:03Z brucker $ *) + +Group is + +#if(defined(SMLNJ_VERSION) && (SMLNJ_MINOR_VERSION < 60)) + $/basis.cm + $/ml-yacc-lib.cm +#endif +#if(defined(SMLNJ_VERSION) && (SMLNJ_MINOR_VERSION >= 60)) + $smlnj/basis/basis.cm + $smlnj/ml-yacc/ml-yacc-lib.cm +#endif + + ofmcfp.sml +#if(defined(SMLNJ_VERSION)) + ofmc-fp.grm + ofmc-fp.lex +#else + "ml-yacc-lib/base.sig" + "ml-yacc-lib/join.sml" + "ml-yacc-lib/lrtable.sml" + "ml-yacc-lib/stream.sml" + "ml-yacc-lib/parser2.sml" + ofmc-fp.grm.sig + ofmc-fp.lex.sml + ofmc-fp.grm.sml +#endif + ofmc_connector.sml + ofmc_abstraction.sml + ofmc_thygen.sml diff --git a/src/encoder/ml-yacc-lib/base.sig b/src/encoder/ml-yacc-lib/base.sig new file mode 100644 index 0000000..f1911e0 --- /dev/null +++ b/src/encoder/ml-yacc-lib/base.sig @@ -0,0 +1,323 @@ +(****************************************************************************** + * STANDARD ML OF NEW JERSEY COPYRIGHT NOTICE, LICENSE AND DISCLAIMER. + * + * Copyright (c) 1989-2002 by Lucent Technologies + * + * Permission to use, copy, modify, and distribute this software and its + * documentation for any purpose and without fee is hereby granted, + * provided that the above copyright notice appear in all copies and that + * both the copyright notice and this permission notice and warranty + * disclaimer appear in supporting documentation, and that the name of + * Lucent Technologies, Bell Labs or any Lucent entity not be used in + * advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. + * + * Lucent disclaims all warranties with regard to this software, + * including all implied warranties of merchantability and fitness. In no + * event shall Lucent be liable for any special, indirect or + * consequential damages or any damages whatsoever resulting from loss of + * use, data or profits, whether in an action of contract, negligence or + * other tortious action, arising out of or in connection with the use + * or performance of this software. + ******************************************************************************) +(* $Id: base.sig 6662 2007-07-04 06:41:30Z brucker $ *) + +(* ML-Yacc Parser Generator (c) 1989 Andrew W. Appel, David R. Tarditi *) + +(* base.sig: Base signature file for SML-Yacc. This file contains signatures + that must be loaded before any of the files produced by ML-Yacc are loaded +*) + +(* STREAM: signature for a lazy stream.*) + +signature STREAM = + sig type 'xa stream + val streamify : (unit -> '_a) -> '_a stream + val cons : '_a * '_a stream -> '_a stream + val get : '_a stream -> '_a * '_a stream + end + +(* LR_TABLE: signature for an LR Table. + + The list of actions and gotos passed to mkLrTable must be ordered by state + number. The values for state 0 are the first in the list, the values for + state 1 are next, etc. +*) + +signature LR_TABLE = + sig + datatype ('a,'b) pairlist = EMPTY | PAIR of 'a * 'b * ('a,'b) pairlist + datatype state = STATE of int + datatype term = T of int + datatype nonterm = NT of int + datatype action = SHIFT of state + | REDUCE of int + | ACCEPT + | ERROR + type table + + val numStates : table -> int + val numRules : table -> int + val describeActions : table -> state -> + (term,action) pairlist * action + val describeGoto : table -> state -> (nonterm,state) pairlist + val action : table -> state * term -> action + val goto : table -> state * nonterm -> state + val initialState : table -> state + exception Goto of state * nonterm + + val mkLrTable : {actions : ((term,action) pairlist * action) array, + gotos : (nonterm,state) pairlist array, + numStates : int, numRules : int, + initialState : state} -> table + end + +(* TOKEN: signature revealing the internal structure of a token. This signature + TOKEN distinct from the signature {parser name}_TOKENS produced by ML-Yacc. + The {parser name}_TOKENS structures contain some types and functions to + construct tokens from values and positions. + + The representation of token was very carefully chosen here to allow the + polymorphic parser to work without knowing the types of semantic values + or line numbers. + + This has had an impact on the TOKENS structure produced by SML-Yacc, which + is a structure parameter to lexer functors. We would like to have some + type 'a token which functions to construct tokens would create. A + constructor function for a integer token might be + + INT: int * 'a * 'a -> 'a token. + + This is not possible because we need to have tokens with the representation + given below for the polymorphic parser. + + Thus our constructur functions for tokens have the form: + + INT: int * 'a * 'a -> (svalue,'a) token + + This in turn has had an impact on the signature that lexers for SML-Yacc + must match and the types that a user must declare in the user declarations + section of lexers. +*) + +signature TOKEN = + sig + structure LrTable : LR_TABLE + datatype ('a,'b) token = TOKEN of LrTable.term * ('a * 'b * 'b) + val sameToken : ('a,'b) token * ('a,'b) token -> bool + end + +(* LR_PARSER: signature for a polymorphic LR parser *) + +signature LR_PARSER = + sig + structure Stream: STREAM + structure LrTable : LR_TABLE + structure Token : TOKEN + + sharing LrTable = Token.LrTable + + exception ParseError + + val parse : {table : LrTable.table, + lexer : ('_b,'_c) Token.token Stream.stream, + arg: 'arg, + saction : int * + '_c * + (LrTable.state * ('_b * '_c * '_c)) list * + 'arg -> + LrTable.nonterm * + ('_b * '_c * '_c) * + ((LrTable.state *('_b * '_c * '_c)) list), + void : '_b, + ec : { is_keyword : LrTable.term -> bool, + noShift : LrTable.term -> bool, + preferred_change : (LrTable.term list * LrTable.term list) list, + errtermvalue : LrTable.term -> '_b, + showTerminal : LrTable.term -> string, + terms: LrTable.term list, + error : string * '_c * '_c -> unit + }, + lookahead : int (* max amount of lookahead used in *) + (* error correction *) + } -> '_b * + (('_b,'_c) Token.token Stream.stream) + end + +(* LEXER: a signature that most lexers produced for use with SML-Yacc's + output will match. The user is responsible for declaring type token, + type pos, and type svalue in the UserDeclarations section of a lexer. + + Note that type token is abstract in the lexer. This allows SML-Yacc to + create a TOKENS signature for use with lexers produced by ML-Lex that + treats the type token abstractly. Lexers that are functors parametrized by + a Tokens structure matching a TOKENS signature cannot examine the structure + of tokens. +*) + +signature LEXER = + sig + structure UserDeclarations : + sig + type ('a,'b) token + type pos + type svalue + end + val makeLexer : (int -> string) -> unit -> + (UserDeclarations.svalue,UserDeclarations.pos) UserDeclarations.token + end + +(* ARG_LEXER: the %arg option of ML-Lex allows users to produce lexers which + also take an argument before yielding a function from unit to a token +*) + +signature ARG_LEXER = + sig + structure UserDeclarations : + sig + type ('a,'b) token + type pos + type svalue + type arg + end + val makeLexer : (int -> string) -> UserDeclarations.arg -> unit -> + (UserDeclarations.svalue,UserDeclarations.pos) UserDeclarations.token + end + +(* PARSER_DATA: the signature of ParserData structures in {parser name}LrValsFun + produced by SML-Yacc. All such structures match this signature. + + The {parser name}LrValsFun produces a structure which contains all the values + except for the lexer needed to call the polymorphic parser mentioned + before. + +*) + +signature PARSER_DATA = + sig + (* the type of line numbers *) + + type pos + + (* the type of semantic values *) + + type svalue + + (* the type of the user-supplied argument to the parser *) + type arg + + (* the intended type of the result of the parser. This value is + produced by applying extract from the structure Actions to the + final semantic value resultiing from a parse. + *) + + type result + + structure LrTable : LR_TABLE + structure Token : TOKEN + sharing Token.LrTable = LrTable + + (* structure Actions contains the functions which mantain the + semantic values stack in the parser. Void is used to provide + a default value for the semantic stack. + *) + + structure Actions : + sig + val actions : int * pos * + (LrTable.state * (svalue * pos * pos)) list * arg-> + LrTable.nonterm * (svalue * pos * pos) * + ((LrTable.state *(svalue * pos * pos)) list) + val void : svalue + val extract : svalue -> result + end + + (* structure EC contains information used to improve error + recovery in an error-correcting parser *) + + structure EC : + sig + val is_keyword : LrTable.term -> bool + val noShift : LrTable.term -> bool + val preferred_change : (LrTable.term list * LrTable.term list) list + val errtermvalue : LrTable.term -> svalue + val showTerminal : LrTable.term -> string + val terms: LrTable.term list + end + + (* table is the LR table for the parser *) + + val table : LrTable.table + end + +(* signature PARSER is the signature that most user parsers created by + SML-Yacc will match. +*) + +signature PARSER = + sig + structure Token : TOKEN + structure Stream : STREAM + exception ParseError + + (* type pos is the type of line numbers *) + + type pos + + (* type result is the type of the result from the parser *) + + type result + + (* the type of the user-supplied argument to the parser *) + type arg + + (* type svalue is the type of semantic values for the semantic value + stack + *) + + type svalue + + (* val makeLexer is used to create a stream of tokens for the parser *) + + val makeLexer : (int -> string) -> + (svalue,pos) Token.token Stream.stream + + (* val parse takes a stream of tokens and a function to print + errors and returns a value of type result and a stream containing + the unused tokens + *) + + val parse : int * ((svalue,pos) Token.token Stream.stream) * + (string * pos * pos -> unit) * arg -> + result * (svalue,pos) Token.token Stream.stream + + val sameToken : (svalue,pos) Token.token * (svalue,pos) Token.token -> + bool + end + +(* signature ARG_PARSER is the signature that will be matched by parsers whose + lexer takes an additional argument. +*) + +signature ARG_PARSER = + sig + structure Token : TOKEN + structure Stream : STREAM + exception ParseError + + type arg + type lexarg + type pos + type result + type svalue + + val makeLexer : (int -> string) -> lexarg -> + (svalue,pos) Token.token Stream.stream + val parse : int * ((svalue,pos) Token.token Stream.stream) * + (string * pos * pos -> unit) * arg -> + result * (svalue,pos) Token.token Stream.stream + + val sameToken : (svalue,pos) Token.token * (svalue,pos) Token.token -> + bool + end + diff --git a/src/encoder/ml-yacc-lib/join.sml b/src/encoder/ml-yacc-lib/join.sml new file mode 100644 index 0000000..beb572a --- /dev/null +++ b/src/encoder/ml-yacc-lib/join.sml @@ -0,0 +1,118 @@ +(****************************************************************************** + * STANDARD ML OF NEW JERSEY COPYRIGHT NOTICE, LICENSE AND DISCLAIMER. + * + * Copyright (c) 1989-2002 by Lucent Technologies + * + * Permission to use, copy, modify, and distribute this software and its + * documentation for any purpose and without fee is hereby granted, + * provided that the above copyright notice appear in all copies and that + * both the copyright notice and this permission notice and warranty + * disclaimer appear in supporting documentation, and that the name of + * Lucent Technologies, Bell Labs or any Lucent entity not be used in + * advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. + * + * Lucent disclaims all warranties with regard to this software, + * including all implied warranties of merchantability and fitness. In no + * event shall Lucent be liable for any special, indirect or + * consequential damages or any damages whatsoever resulting from loss of + * use, data or profits, whether in an action of contract, negligence or + * other tortious action, arising out of or in connection with the use + * or performance of this software. + ******************************************************************************) +(* $Id: join.sml 6662 2007-07-04 06:41:30Z brucker $ *) + +(* ML-Yacc Parser Generator (c) 1989 Andrew W. Appel, David R. Tarditi *) + +(* functor Join creates a user parser by putting together a Lexer structure, + an LrValues structure, and a polymorphic parser structure. Note that + the Lexer and LrValues structure must share the type pos (i.e. the type + of line numbers), the type svalues for semantic values, and the type + of tokens. +*) + +functor Join(structure Lex : LEXER + structure ParserData: PARSER_DATA + structure LrParser : LR_PARSER + sharing ParserData.LrTable = LrParser.LrTable + sharing ParserData.Token = LrParser.Token + sharing type Lex.UserDeclarations.svalue = ParserData.svalue + sharing type Lex.UserDeclarations.pos = ParserData.pos + sharing type Lex.UserDeclarations.token = ParserData.Token.token) + : PARSER = +struct + structure Token = ParserData.Token + structure Stream = LrParser.Stream + + exception ParseError = LrParser.ParseError + + type arg = ParserData.arg + type pos = ParserData.pos + type result = ParserData.result + type svalue = ParserData.svalue + val makeLexer = LrParser.Stream.streamify o Lex.makeLexer + val parse = fn (lookahead,lexer,error,arg) => + (fn (a,b) => (ParserData.Actions.extract a,b)) + (LrParser.parse {table = ParserData.table, + lexer=lexer, + lookahead=lookahead, + saction = ParserData.Actions.actions, + arg=arg, + void= ParserData.Actions.void, + ec = {is_keyword = ParserData.EC.is_keyword, + noShift = ParserData.EC.noShift, + preferred_change = ParserData.EC.preferred_change, + errtermvalue = ParserData.EC.errtermvalue, + error=error, + showTerminal = ParserData.EC.showTerminal, + terms = ParserData.EC.terms}} + ) + val sameToken = Token.sameToken +end + +(* functor JoinWithArg creates a variant of the parser structure produced + above. In this case, the makeLexer take an additional argument before + yielding a value of type unit -> (svalue,pos) token + *) + +functor JoinWithArg(structure Lex : ARG_LEXER + structure ParserData: PARSER_DATA + structure LrParser : LR_PARSER + sharing ParserData.LrTable = LrParser.LrTable + sharing ParserData.Token = LrParser.Token + sharing type Lex.UserDeclarations.svalue = ParserData.svalue + sharing type Lex.UserDeclarations.pos = ParserData.pos + sharing type Lex.UserDeclarations.token = ParserData.Token.token) + : ARG_PARSER = +struct + structure Token = ParserData.Token + structure Stream = LrParser.Stream + + exception ParseError = LrParser.ParseError + + type arg = ParserData.arg + type lexarg = Lex.UserDeclarations.arg + type pos = ParserData.pos + type result = ParserData.result + type svalue = ParserData.svalue + + val makeLexer = fn s => fn arg => + LrParser.Stream.streamify (Lex.makeLexer s arg) + val parse = fn (lookahead,lexer,error,arg) => + (fn (a,b) => (ParserData.Actions.extract a,b)) + (LrParser.parse {table = ParserData.table, + lexer=lexer, + lookahead=lookahead, + saction = ParserData.Actions.actions, + arg=arg, + void= ParserData.Actions.void, + ec = {is_keyword = ParserData.EC.is_keyword, + noShift = ParserData.EC.noShift, + preferred_change = ParserData.EC.preferred_change, + errtermvalue = ParserData.EC.errtermvalue, + error=error, + showTerminal = ParserData.EC.showTerminal, + terms = ParserData.EC.terms}} + ) + val sameToken = Token.sameToken +end; diff --git a/src/encoder/ml-yacc-lib/lrtable.sml b/src/encoder/ml-yacc-lib/lrtable.sml new file mode 100644 index 0000000..024cf69 --- /dev/null +++ b/src/encoder/ml-yacc-lib/lrtable.sml @@ -0,0 +1,83 @@ +(****************************************************************************** + * STANDARD ML OF NEW JERSEY COPYRIGHT NOTICE, LICENSE AND DISCLAIMER. + * + * Copyright (c) 1989-2002 by Lucent Technologies + * + * Permission to use, copy, modify, and distribute this software and its + * documentation for any purpose and without fee is hereby granted, + * provided that the above copyright notice appear in all copies and that + * both the copyright notice and this permission notice and warranty + * disclaimer appear in supporting documentation, and that the name of + * Lucent Technologies, Bell Labs or any Lucent entity not be used in + * advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. + * + * Lucent disclaims all warranties with regard to this software, + * including all implied warranties of merchantability and fitness. In no + * event shall Lucent be liable for any special, indirect or + * consequential damages or any damages whatsoever resulting from loss of + * use, data or profits, whether in an action of contract, negligence or + * other tortious action, arising out of or in connection with the use + * or performance of this software. + ******************************************************************************) +(* $Id: lrtable.sml 6662 2007-07-04 06:41:30Z brucker $ *) + +(* ML-Yacc Parser Generator (c) 1989 Andrew W. Appel, David R. Tarditi *) +structure LrTable : LR_TABLE = + struct + open Array List + infix 9 sub + datatype ('a,'b) pairlist = EMPTY + | PAIR of 'a * 'b * ('a,'b) pairlist + datatype term = T of int + datatype nonterm = NT of int + datatype state = STATE of int + datatype action = SHIFT of state + | REDUCE of int (* rulenum from grammar *) + | ACCEPT + | ERROR + exception Goto of state * nonterm + type table = {states: int, rules : int,initialState: state, + action: ((term,action) pairlist * action) array, + goto : (nonterm,state) pairlist array} + val numStates = fn ({states,...} : table) => states + val numRules = fn ({rules,...} : table) => rules + val describeActions = + fn ({action,...} : table) => + fn (STATE s) => action sub s + val describeGoto = + fn ({goto,...} : table) => + fn (STATE s) => goto sub s + fun findTerm (T term,row,default) = + let fun find (PAIR (T key,data,r)) = + if key < term then find r + else if key=term then data + else default + | find EMPTY = default + in find row + end + fun findNonterm (NT nt,row) = + let fun find (PAIR (NT key,data,r)) = + if key < nt then find r + else if key=nt then SOME data + else NONE + | find EMPTY = NONE + in find row + end + val action = fn ({action,...} : table) => + fn (STATE state,term) => + let val (row,default) = action sub state + in findTerm(term,row,default) + end + val goto = fn ({goto,...} : table) => + fn (a as (STATE state,nonterm)) => + case findNonterm(nonterm,goto sub state) + of SOME state => state + | NONE => raise (Goto a) + val initialState = fn ({initialState,...} : table) => initialState + val mkLrTable = fn {actions,gotos,initialState,numStates,numRules} => + ({action=actions,goto=gotos, + states=numStates, + rules=numRules, + initialState=initialState} : table) +end; diff --git a/src/encoder/ml-yacc-lib/parser2.sml b/src/encoder/ml-yacc-lib/parser2.sml new file mode 100644 index 0000000..c6a4e2d --- /dev/null +++ b/src/encoder/ml-yacc-lib/parser2.sml @@ -0,0 +1,566 @@ +(****************************************************************************** + * STANDARD ML OF NEW JERSEY COPYRIGHT NOTICE, LICENSE AND DISCLAIMER. + * + * Copyright (c) 1989-2002 by Lucent Technologies + * + * Permission to use, copy, modify, and distribute this software and its + * documentation for any purpose and without fee is hereby granted, + * provided that the above copyright notice appear in all copies and that + * both the copyright notice and this permission notice and warranty + * disclaimer appear in supporting documentation, and that the name of + * Lucent Technologies, Bell Labs or any Lucent entity not be used in + * advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. + * + * Lucent disclaims all warranties with regard to this software, + * including all implied warranties of merchantability and fitness. In no + * event shall Lucent be liable for any special, indirect or + * consequential damages or any damages whatsoever resulting from loss of + * use, data or profits, whether in an action of contract, negligence or + * other tortious action, arising out of or in connection with the use + * or performance of this software. + ******************************************************************************) +(* $Id: parser2.sml 6662 2007-07-04 06:41:30Z brucker $ *) + +(* ML-Yacc Parser Generator (c) 1989 Andrew W. Appel, David R. Tarditi *) + +(* parser.sml: This is a parser driver for LR tables with an error-recovery + routine added to it. The routine used is described in detail in this + article: + + 'A Practical Method for LR and LL Syntactic Error Diagnosis and + Recovery', by M. Burke and G. Fisher, ACM Transactions on + Programming Langauges and Systems, Vol. 9, No. 2, April 1987, + pp. 164-197. + + This program is an implementation is the partial, deferred method discussed + in the article. The algorithm and data structures used in the program + are described below. + + This program assumes that all semantic actions are delayed. A semantic + action should produce a function from unit -> value instead of producing the + normal value. The parser returns the semantic value on the top of the + stack when accept is encountered. The user can deconstruct this value + and apply the unit -> value function in it to get the answer. + + It also assumes that the lexer is a lazy stream. + + Data Structures: + ---------------- + + * The parser: + + The state stack has the type + + (state * (semantic value * line # * line #)) list + + The parser keeps a queue of (state stack * lexer pair). A lexer pair + consists of a terminal * value pair and a lexer. This allows the + parser to reconstruct the states for terminals to the left of a + syntax error, and attempt to make error corrections there. + + The queue consists of a pair of lists (x,y). New additions to + the queue are cons'ed onto y. The first element of x is the top + of the queue. If x is nil, then y is reversed and used + in place of x. + + Algorithm: + ---------- + + * The steady-state parser: + + This parser keeps the length of the queue of state stacks at + a steady state by always removing an element from the front when + another element is placed on the end. + + It has these arguments: + + stack: current stack + queue: value of the queue + lexPair ((terminal,value),lex stream) + + When SHIFT is encountered, the state to shift to and the value are + are pushed onto the state stack. The state stack and lexPair are + placed on the queue. The front element of the queue is removed. + + When REDUCTION is encountered, the rule is applied to the current + stack to yield a triple (nonterm,value,new stack). A new + stack is formed by adding (goto(top state of stack,nonterm),value) + to the stack. + + When ACCEPT is encountered, the top value from the stack and the + lexer are returned. + + When an ERROR is encountered, fixError is called. FixError + takes the arguments to the parser, fixes the error if possible and + returns a new set of arguments. + + * The distance-parser: + + This parser includes an additional argument distance. It pushes + elements on the queue until it has parsed distance tokens, or an + ACCEPT or ERROR occurs. It returns a stack, lexer, the number of + tokens left unparsed, a queue, and an action option. +*) + +signature FIFO = + sig type 'a queue + val empty : 'a queue + exception Empty + val get : 'a queue -> 'a * 'a queue + val put : 'a * 'a queue -> 'a queue + end + +(* drt (12/15/89) -- the functor should be used in development work, but + it wastes space in the release version. + +functor ParserGen(structure LrTable : LR_TABLE + structure Stream : STREAM) : LR_PARSER = +*) + +structure LrParser :> LR_PARSER = + struct + structure LrTable = LrTable + structure Stream = Stream + + fun eqT (LrTable.T i, LrTable.T i') = i = i' + + structure Token : TOKEN = + struct + structure LrTable = LrTable + datatype ('a,'b) token = TOKEN of LrTable.term * ('a * 'b * 'b) + val sameToken = fn (TOKEN(t,_),TOKEN(t',_)) => eqT (t,t') + end + + open LrTable + open Token + + val DEBUG1 = false + val DEBUG2 = false + exception ParseError + exception ParseImpossible of int + + structure Fifo :> FIFO = + struct + type 'a queue = ('a list * 'a list) + val empty = (nil,nil) + exception Empty + fun get(a::x, y) = (a, (x,y)) + | get(nil, nil) = raise Empty + | get(nil, y) = get(rev y, nil) + fun put(a,(x,y)) = (x,a::y) + end + + type ('a,'b) elem = (state * ('a * 'b * 'b)) + type ('a,'b) stack = ('a,'b) elem list + type ('a,'b) lexv = ('a,'b) token + type ('a,'b) lexpair = ('a,'b) lexv * (('a,'b) lexv Stream.stream) + type ('a,'b) distanceParse = + ('a,'b) lexpair * + ('a,'b) stack * + (('a,'b) stack * ('a,'b) lexpair) Fifo.queue * + int -> + ('a,'b) lexpair * + ('a,'b) stack * + (('a,'b) stack * ('a,'b) lexpair) Fifo.queue * + int * + action option + + type ('a,'b) ecRecord = + {is_keyword : term -> bool, + preferred_change : (term list * term list) list, + error : string * 'b * 'b -> unit, + errtermvalue : term -> 'a, + terms : term list, + showTerminal : term -> string, + noShift : term -> bool} + + local + val print = fn s => TextIO.output(TextIO.stdOut,s) + val println = fn s => (print s; print "\n") + val showState = fn (STATE s) => "STATE " ^ (Int.toString s) + in + fun printStack(stack: ('a,'b) stack, n: int) = + case stack + of (state,_) :: rest => + (print("\t" ^ Int.toString n ^ ": "); + println(showState state); + printStack(rest, n+1)) + | nil => () + + fun prAction showTerminal + (stack as (state,_) :: _, next as (TOKEN (term,_),_), action) = + (println "Parse: state stack:"; + printStack(stack, 0); + print(" state=" + ^ showState state + ^ " next=" + ^ showTerminal term + ^ " action=" + ); + case action + of SHIFT state => println ("SHIFT " ^ (showState state)) + | REDUCE i => println ("REDUCE " ^ (Int.toString i)) + | ERROR => println "ERROR" + | ACCEPT => println "ACCEPT") + | prAction _ (_,_,action) = () + end + + (* ssParse: parser which maintains the queue of (state * lexvalues) in a + steady-state. It takes a table, showTerminal function, saction + function, and fixError function. It parses until an ACCEPT is + encountered, or an exception is raised. When an error is encountered, + fixError is called with the arguments of parseStep (lexv,stack,and + queue). It returns the lexv, and a new stack and queue adjusted so + that the lexv can be parsed *) + + val ssParse = + fn (table,showTerminal,saction,fixError,arg) => + let val prAction = prAction showTerminal + val action = LrTable.action table + val goto = LrTable.goto table + fun parseStep(args as + (lexPair as (TOKEN (terminal, value as (_,leftPos,_)), + lexer + ), + stack as (state,_) :: _, + queue)) = + let val nextAction = action (state,terminal) + val _ = if DEBUG1 then prAction(stack,lexPair,nextAction) + else () + in case nextAction + of SHIFT s => + let val newStack = (s,value) :: stack + val newLexPair = Stream.get lexer + val (_,newQueue) =Fifo.get(Fifo.put((newStack,newLexPair), + queue)) + in parseStep(newLexPair,(s,value)::stack,newQueue) + end + | REDUCE i => + (case saction(i,leftPos,stack,arg) + of (nonterm,value,stack as (state,_) :: _) => + parseStep(lexPair,(goto(state,nonterm),value)::stack, + queue) + | _ => raise (ParseImpossible 197)) + | ERROR => parseStep(fixError args) + | ACCEPT => + (case stack + of (_,(topvalue,_,_)) :: _ => + let val (token,restLexer) = lexPair + in (topvalue,Stream.cons(token,restLexer)) + end + | _ => raise (ParseImpossible 202)) + end + | parseStep _ = raise (ParseImpossible 204) + in parseStep + end + + (* distanceParse: parse until n tokens are shifted, or accept or + error are encountered. Takes a table, showTerminal function, and + semantic action function. Returns a parser which takes a lexPair + (lex result * lexer), a state stack, a queue, and a distance + (must be > 0) to parse. The parser returns a new lex-value, a stack + with the nth token shifted on top, a queue, a distance, and action + option. *) + + val distanceParse = + fn (table,showTerminal,saction,arg) => + let val prAction = prAction showTerminal + val action = LrTable.action table + val goto = LrTable.goto table + fun parseStep(lexPair,stack,queue,0) = (lexPair,stack,queue,0,NONE) + | parseStep(lexPair as (TOKEN (terminal, value as (_,leftPos,_)), + lexer + ), + stack as (state,_) :: _, + queue,distance) = + let val nextAction = action(state,terminal) + val _ = if DEBUG1 then prAction(stack,lexPair,nextAction) + else () + in case nextAction + of SHIFT s => + let val newStack = (s,value) :: stack + val newLexPair = Stream.get lexer + in parseStep(newLexPair,(s,value)::stack, + Fifo.put((newStack,newLexPair),queue),distance-1) + end + | REDUCE i => + (case saction(i,leftPos,stack,arg) + of (nonterm,value,stack as (state,_) :: _) => + parseStep(lexPair,(goto(state,nonterm),value)::stack, + queue,distance) + | _ => raise (ParseImpossible 240)) + | ERROR => (lexPair,stack,queue,distance,SOME nextAction) + | ACCEPT => (lexPair,stack,queue,distance,SOME nextAction) + end + | parseStep _ = raise (ParseImpossible 242) + in parseStep : ('_a,'_b) distanceParse + end + +(* mkFixError: function to create fixError function which adjusts parser state + so that parse may continue in the presence of an error *) + +fun mkFixError({is_keyword,terms,errtermvalue, + preferred_change,noShift, + showTerminal,error,...} : ('_a,'_b) ecRecord, + distanceParse : ('_a,'_b) distanceParse, + minAdvance,maxAdvance) + + (lexv as (TOKEN (term,value as (_,leftPos,_)),_),stack,queue) = + let val _ = if DEBUG2 then + error("syntax error found at " ^ (showTerminal term), + leftPos,leftPos) + else () + + fun tokAt(t,p) = TOKEN(t,(errtermvalue t,p,p)) + + val minDelta = 3 + + (* pull all the state * lexv elements from the queue *) + + val stateList = + let fun f q = let val (elem,newQueue) = Fifo.get q + in elem :: (f newQueue) + end handle Fifo.Empty => nil + in f queue + end + + (* now number elements of stateList, giving distance from + error token *) + + val (_, numStateList) = + List.foldr (fn (a,(num,r)) => (num+1,(a,num)::r)) (0, []) stateList + + (* Represent the set of potential changes as a linked list. + + Values of datatype Change hold information about a potential change. + + oper = oper to be applied + pos = the # of the element in stateList that would be altered. + distance = the number of tokens beyond the error token which the + change allows us to parse. + new = new terminal * value pair at that point + orig = original terminal * value pair at the point being changed. + *) + + datatype ('a,'b) change = CHANGE of + {pos : int, distance : int, leftPos: 'b, rightPos: 'b, + new : ('a,'b) lexv list, orig : ('a,'b) lexv list} + + + val showTerms = concat o map (fn TOKEN(t,_) => " " ^ showTerminal t) + + val printChange = fn c => + let val CHANGE {distance,new,orig,pos,...} = c + in (print ("{distance= " ^ (Int.toString distance)); + print (",orig ="); print(showTerms orig); + print (",new ="); print(showTerms new); + print (",pos= " ^ (Int.toString pos)); + print "}\n") + end + + val printChangeList = app printChange + +(* parse: given a lexPair, a stack, and the distance from the error + token, return the distance past the error token that we are able to parse.*) + + fun parse (lexPair,stack,queuePos : int) = + case distanceParse(lexPair,stack,Fifo.empty,queuePos+maxAdvance+1) + of (_,_,_,distance,SOME ACCEPT) => + if maxAdvance-distance-1 >= 0 + then maxAdvance + else maxAdvance-distance-1 + | (_,_,_,distance,_) => maxAdvance - distance - 1 + +(* catList: concatenate results of scanning list *) + + fun catList l f = List.foldr (fn(a,r)=> f a @ r) [] l + + fun keywordsDelta new = if List.exists (fn(TOKEN(t,_))=>is_keyword t) new + then minDelta else 0 + + fun tryChange{lex,stack,pos,leftPos,rightPos,orig,new} = + let val lex' = List.foldr (fn (t',p)=>(t',Stream.cons p)) lex new + val distance = parse(lex',stack,pos+length new-length orig) + in if distance >= minAdvance + keywordsDelta new + then [CHANGE{pos=pos,leftPos=leftPos,rightPos=rightPos, + distance=distance,orig=orig,new=new}] + else [] + end + + +(* tryDelete: Try to delete n terminals. + Return single-element [success] or nil. + Do not delete unshiftable terminals. *) + + + fun tryDelete n ((stack,lexPair as (TOKEN(term,(_,l,r)),_)),qPos) = + let fun del(0,accum,left,right,lexPair) = + tryChange{lex=lexPair,stack=stack, + pos=qPos,leftPos=left,rightPos=right, + orig=rev accum, new=[]} + | del(n,accum,left,right,(tok as TOKEN(term,(_,_,r)),lexer)) = + if noShift term then [] + else del(n-1,tok::accum,left,r,Stream.get lexer) + in del(n,[],l,r,lexPair) + end + +(* tryInsert: try to insert tokens before the current terminal; + return a list of the successes *) + + fun tryInsert((stack,lexPair as (TOKEN(_,(_,l,_)),_)),queuePos) = + catList terms (fn t => + tryChange{lex=lexPair,stack=stack, + pos=queuePos,orig=[],new=[tokAt(t,l)], + leftPos=l,rightPos=l}) + +(* trySubst: try to substitute tokens for the current terminal; + return a list of the successes *) + + fun trySubst ((stack,lexPair as (orig as TOKEN (term,(_,l,r)),lexer)), + queuePos) = + if noShift term then [] + else + catList terms (fn t => + tryChange{lex=Stream.get lexer,stack=stack, + pos=queuePos, + leftPos=l,rightPos=r,orig=[orig], + new=[tokAt(t,r)]}) + + (* do_delete(toks,lexPair) tries to delete tokens "toks" from "lexPair". + If it succeeds, returns SOME(toks',l,r,lp), where + toks' is the actual tokens (with positions and values) deleted, + (l,r) are the (leftmost,rightmost) position of toks', + lp is what remains of the stream after deletion + *) + fun do_delete(nil,lp as (TOKEN(_,(_,l,_)),_)) = SOME(nil,l,l,lp) + | do_delete([t],(tok as TOKEN(t',(_,l,r)),lp')) = + if eqT (t, t') + then SOME([tok],l,r,Stream.get lp') + else NONE + | do_delete(t::rest,(tok as TOKEN(t',(_,l,r)),lp')) = + if eqT (t,t') + then case do_delete(rest,Stream.get lp') + of SOME(deleted,l',r',lp'') => + SOME(tok::deleted,l,r',lp'') + | NONE => NONE + else NONE + + fun tryPreferred((stack,lexPair),queuePos) = + catList preferred_change (fn (delete,insert) => + if List.exists noShift delete then [] (* should give warning at + parser-generation time *) + else case do_delete(delete,lexPair) + of SOME(deleted,l,r,lp) => + tryChange{lex=lp,stack=stack,pos=queuePos, + leftPos=l,rightPos=r,orig=deleted, + new=map (fn t=>(tokAt(t,r))) insert} + | NONE => []) + + val changes = catList numStateList tryPreferred @ + catList numStateList tryInsert @ + catList numStateList trySubst @ + catList numStateList (tryDelete 1) @ + catList numStateList (tryDelete 2) @ + catList numStateList (tryDelete 3) + + val findMaxDist = fn l => + foldr (fn (CHANGE {distance,...},high) => Int.max(distance,high)) 0 l + +(* maxDist: max distance past error taken that we could parse *) + + val maxDist = findMaxDist changes + +(* remove changes which did not parse maxDist tokens past the error token *) + + val changes = catList changes + (fn(c as CHANGE{distance,...}) => + if distance=maxDist then [c] else []) + + in case changes + of (l as change :: _) => + let fun print_msg (CHANGE {new,orig,leftPos,rightPos,...}) = + let val s = + case (orig,new) + of (_::_,[]) => "deleting " ^ (showTerms orig) + | ([],_::_) => "inserting " ^ (showTerms new) + | _ => "replacing " ^ (showTerms orig) ^ + " with " ^ (showTerms new) + in error ("syntax error: " ^ s,leftPos,rightPos) + end + + val _ = + (if length l > 1 andalso DEBUG2 then + (print "multiple fixes possible; could fix it by:\n"; + app print_msg l; + print "chosen correction:\n") + else (); + print_msg change) + + (* findNth: find nth queue entry from the error + entry. Returns the Nth queue entry and the portion of + the queue from the beginning to the nth-1 entry. The + error entry is at the end of the queue. + + Examples: + + queue = a b c d e + findNth 0 = (e,a b c d) + findNth 1 = (d,a b c) + *) + + val findNth = fn n => + let fun f (h::t,0) = (h,rev t) + | f (h::t,n) = f(t,n-1) + | f (nil,_) = let exception FindNth + in raise FindNth + end + in f (rev stateList,n) + end + + val CHANGE {pos,orig,new,...} = change + val (last,queueFront) = findNth pos + val (stack,lexPair) = last + + val lp1 = foldl(fn (_,(_,r)) => Stream.get r) lexPair orig + val lp2 = foldr(fn(t,r)=>(t,Stream.cons r)) lp1 new + + val restQueue = + Fifo.put((stack,lp2), + foldl Fifo.put Fifo.empty queueFront) + + val (lexPair,stack,queue,_,_) = + distanceParse(lp2,stack,restQueue,pos) + + in (lexPair,stack,queue) + end + | nil => (error("syntax error found at " ^ (showTerminal term), + leftPos,leftPos); raise ParseError) + end + + val parse = fn {arg,table,lexer,saction,void,lookahead, + ec=ec as {showTerminal,...} : ('_a,'_b) ecRecord} => + let val distance = 15 (* defer distance tokens *) + val minAdvance = 1 (* must parse at least 1 token past error *) + val maxAdvance = Int.max(lookahead,0)(* max distance for parse check *) + val lexPair = Stream.get lexer + val (TOKEN (_,(_,leftPos,_)),_) = lexPair + val startStack = [(initialState table,(void,leftPos,leftPos))] + val startQueue = Fifo.put((startStack,lexPair),Fifo.empty) + val distanceParse = distanceParse(table,showTerminal,saction,arg) + val fixError = mkFixError(ec,distanceParse,minAdvance,maxAdvance) + val ssParse = ssParse(table,showTerminal,saction,fixError,arg) + fun loop (lexPair,stack,queue,_,SOME ACCEPT) = + ssParse(lexPair,stack,queue) + | loop (lexPair,stack,queue,0,_) = ssParse(lexPair,stack,queue) + | loop (lexPair,stack,queue,distance,SOME ERROR) = + let val (lexPair,stack,queue) = fixError(lexPair,stack,queue) + in loop (distanceParse(lexPair,stack,queue,distance)) + end + | loop _ = let exception ParseInternal + in raise ParseInternal + end + in loop (distanceParse(lexPair,startStack,startQueue,distance)) + end + end; + diff --git a/src/encoder/ml-yacc-lib/root.sml b/src/encoder/ml-yacc-lib/root.sml new file mode 100644 index 0000000..f8150ee --- /dev/null +++ b/src/encoder/ml-yacc-lib/root.sml @@ -0,0 +1,29 @@ +(****************************************************************************** + * STANDARD ML OF NEW JERSEY COPYRIGHT NOTICE, LICENSE AND DISCLAIMER. + * + * Copyright (c) 1989-2002 by Lucent Technologies + * + * Permission to use, copy, modify, and distribute this software and its + * documentation for any purpose and without fee is hereby granted, + * provided that the above copyright notice appear in all copies and that + * both the copyright notice and this permission notice and warranty + * disclaimer appear in supporting documentation, and that the name of + * Lucent Technologies, Bell Labs or any Lucent entity not be used in + * advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. + * + * Lucent disclaims all warranties with regard to this software, + * including all implied warranties of merchantability and fitness. In no + * event shall Lucent be liable for any special, indirect or + * consequential damages or any damages whatsoever resulting from loss of + * use, data or profits, whether in an action of contract, negligence or + * other tortious action, arising out of or in connection with the use + * or performance of this software. + ******************************************************************************) +(* $Id: root.sml 6662 2007-07-04 06:41:30Z brucker $ *) + +use "base.sig"; +use "join.sml"; +use "lrtable.sml"; +use "stream.sml"; +use "parser2.sml"; diff --git a/src/encoder/ml-yacc-lib/stream.sml b/src/encoder/ml-yacc-lib/stream.sml new file mode 100644 index 0000000..c469210 --- /dev/null +++ b/src/encoder/ml-yacc-lib/stream.sml @@ -0,0 +1,43 @@ +(****************************************************************************** + * STANDARD ML OF NEW JERSEY COPYRIGHT NOTICE, LICENSE AND DISCLAIMER. + * + * Copyright (c) 1989-2002 by Lucent Technologies + * + * Permission to use, copy, modify, and distribute this software and its + * documentation for any purpose and without fee is hereby granted, + * provided that the above copyright notice appear in all copies and that + * both the copyright notice and this permission notice and warranty + * disclaimer appear in supporting documentation, and that the name of + * Lucent Technologies, Bell Labs or any Lucent entity not be used in + * advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. + * + * Lucent disclaims all warranties with regard to this software, + * including all implied warranties of merchantability and fitness. In no + * event shall Lucent be liable for any special, indirect or + * consequential damages or any damages whatsoever resulting from loss of + * use, data or profits, whether in an action of contract, negligence or + * other tortious action, arising out of or in connection with the use + * or performance of this software. + ******************************************************************************) +(* $Id: stream.sml 6662 2007-07-04 06:41:30Z brucker $ *) + +(* ML-Yacc Parser Generator (c) 1989 Andrew W. Appel, David R. Tarditi *) + +(* Stream: a structure implementing a lazy stream. The signature STREAM + is found in base.sig *) + +structure Stream :> STREAM = +struct + datatype 'a str = EVAL of 'a * 'a str ref | UNEVAL of (unit->'a) + + type 'a stream = 'a str ref + + fun get(ref(EVAL t)) = t + | get(s as ref(UNEVAL f)) = + let val t = (f(), ref(UNEVAL f)) in s := EVAL t; t end + + fun streamify f = ref(UNEVAL f) + fun cons(a,s) = ref(EVAL(a,s)) + +end; diff --git a/src/encoder/ofmc-fp.grm b/src/encoder/ofmc-fp.grm new file mode 100644 index 0000000..9106ec8 --- /dev/null +++ b/src/encoder/ofmc-fp.grm @@ -0,0 +1,208 @@ +(***************************************************************************** + * Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL + * + * ofmc-fp.grm --- + * This file is part of Isabelle-OFMC. + * + * Copyright (c) 2009 Achim D. Brucker, Germany + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * * Neither the name of the copyright holders nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************) +(* $Id: ofmc-fp.grm 901 2009-11-01 17:12:18Z brucker $ *) + + +open OfmcFp + +fun rmOuterOp (Operator(_,[msg])) = msg + | rmOuterOp s = s + +%% + +%eop EOF + +%left TMETAIMPLIES + +%name OfmcFpParser + +%term EOF + | SIMPLE_NAME of string + | TABSTRACTION of string + | TATTACK of string + | TARROW of string + | TMINUS of string + | TCAT of string + | TCBRACKET of string + | TCOLON of string + | TWHITESPACE of string + | TEQ of string + | TNEQ of string + | TBAR of string + | TCOMMA of string + | TCPAREN of string + | TCRYPT of string + | TQUOTE of string + | TEXP of string + | TFACT of string + | TFIXEDPOINT of string + | TFPState of string + | TIKNOWS of string + | TINITIAL of string + | TINV of string + | TKNOWLEDGE of string + | TMETAIMPLIES of string + | TOBRACKET of string + | TOPAREN of string + | TPROTOCOL of string + | TBACKEND of string + | TREQUEST of string + | TRULES of string + | TSCRYPT of string + | TSECRET of string + | TSECSTATE of string + | TSECTION of string + | TSEMICOLON of string + | TSTATE of string + | TSTEP of string + | TTYPES of string + | TWITNESS of string + | TXOR of string + +%nonterm START of ofmc_fp + | ofmc_fp of ofmc_fp + | simple_name of string + | role of string + | factname of string + | msglist of Msg list + | msg of Msg + | knowledge of (string * Fact) list + | facts of Fact list + | fact of Fact + | nfacts of Fact list + | nfact of Fact + | rules of Rule list + | abstractions of (Msg * Msg) list + | typname of string + | typnames of string list + | simple_names of string + | typ of string * (string list) + | typlist of (string * (string list)) list + | types of (string * (string list)) list + +%pos (int * int * int) + +%noshift EOF + +%% + +START: ofmc_fp (ofmc_fp) + +ofmc_fp: TPROTOCOL TCOLON simple_name (update_protocol simple_name empty_ofmc_fp) + | TPROTOCOL TCOLON simple_name ofmc_fp (update_protocol simple_name ofmc_fp) + | TBACKEND TCOLON simple_names (update_backend simple_names empty_ofmc_fp) + | TBACKEND TCOLON simple_names ofmc_fp (update_backend simple_names ofmc_fp) + | TTYPES TCOLON types (update_types ((types_of empty_ofmc_fp)@types) empty_ofmc_fp) + | TTYPES TCOLON types ofmc_fp (update_types ((types_of ofmc_fp)@types) ofmc_fp) + | TSECTION TINITIAL TSECSTATE TCOLON knowledge (update_knowledge knowledge empty_ofmc_fp) + | TSECTION TINITIAL TSECSTATE TCOLON knowledge ofmc_fp (update_knowledge knowledge ofmc_fp) + | TSECTION TRULES TCOLON rules (update_rules rules empty_ofmc_fp) + | TSECTION TRULES TCOLON rules ofmc_fp (update_rules rules ofmc_fp) + | TSECTION TFIXEDPOINT TCOLON knowledge (update_fixedpoint knowledge empty_ofmc_fp) + | TSECTION TFIXEDPOINT TCOLON knowledge ofmc_fp (update_fixedpoint knowledge ofmc_fp) + | TSECTION TABSTRACTION TCOLON abstractions (update_abstractions ((abstractions_of empty_ofmc_fp )@abstractions) empty_ofmc_fp) + | TSECTION TABSTRACTION TCOLON (update_abstractions ((abstractions_of empty_ofmc_fp )@[]) empty_ofmc_fp) + | TSECTION TABSTRACTION TCOLON abstractions ofmc_fp (update_abstractions ((abstractions_of ofmc_fp)@abstractions) ofmc_fp) + +rules: TSTEP TCOLON facts TMETAIMPLIES facts ([(NONE, facts1, facts2)]) + | TSTEP TCOLON facts TMETAIMPLIES facts rules ((NONE, facts1, facts2)::rules) + | TSTEP TCOLON facts TBAR nfacts TMETAIMPLIES facts ([(NONE, facts1@nfacts, facts)]) + | TSTEP TCOLON facts TBAR nfacts TMETAIMPLIES facts rules ((NONE, facts1@nfacts, facts)::rules) + | TSTEP simple_name TCOLON facts TMETAIMPLIES facts ([(SOME simple_name, facts1, facts2)]) + | TSTEP simple_name TCOLON facts TMETAIMPLIES facts rules ((SOME simple_name, facts1, facts2)::rules) + | TSTEP simple_name TCOLON facts TBAR nfacts TMETAIMPLIES facts ([(SOME simple_name, facts1@nfacts, facts2)]) + | TSTEP simple_name TCOLON facts TBAR nfacts TMETAIMPLIES facts rules ((SOME simple_name, facts1@nfacts, facts2)::rules) + +knowledge: factname TCOLON fact TSEMICOLON ([(factname, fact)]) + | factname TCOLON fact TSEMICOLON knowledge ((factname, fact)::(knowledge)) + +facts: fact ([fact]) + | fact TSEMICOLON facts (fact::facts) + +fact: TSTATE TOPAREN role TCOMMA TOBRACKET msglist TCBRACKET TCPAREN (State(role, msglist)) + | TIKNOWS TOPAREN msg TCPAREN (Iknows(msg)) + | TATTACK TOPAREN msg TCPAREN (Attack(msg)) + | TSECRET TOPAREN msglist TCPAREN (Secret(msglist)) + | TWITNESS TOPAREN msglist TCPAREN (Witness(msglist)) + | TREQUEST TOPAREN msglist TCPAREN (Request(msglist)) + +nfacts: nfact ([nfact]) + | nfact TSEMICOLON nfacts (nfact::nfacts) + +nfact: msg TNEQ msg (NotEqual(msg1,msg2)) + + +msglist: msg ([msg]) + | msg TCOMMA msglist (msg::msglist) + +msg: SIMPLE_NAME (Atom SIMPLE_NAME) + | SIMPLE_NAME TOPAREN msglist TCPAREN (Operator(SIMPLE_NAME,msglist)) + | SIMPLE_NAME msg (Operator(SIMPLE_NAME,[msg])) + | TOPAREN msg TCPAREN (msg) + +role: SIMPLE_NAME (SIMPLE_NAME) + +factname: SIMPLE_NAME (SIMPLE_NAME) + +simple_name:SIMPLE_NAME (SIMPLE_NAME) + +abstractions: msg TARROW msg ([(rmOuterOp msg2,msg1)]) + | msg TARROW msg TSEMICOLON abstractions ((rmOuterOp msg2,msg1)::abstractions) + +types: TOBRACKET typlist TCBRACKET (typlist) + +typlist: typ ([typ]) + | typ TCOMMA typlist (typ::typlist) + +typ: TOPAREN SIMPLE_NAME TCOMMA TOBRACKET typnames TCBRACKET TCPAREN ((SIMPLE_NAME,typnames)) + | TOPAREN SIMPLE_NAME SIMPLE_NAME SIMPLE_NAME TCOMMA TOBRACKET typnames TCBRACKET TCPAREN ((SIMPLE_NAME,typnames)) + | TOPAREN SIMPLE_NAME TCOMMA TOBRACKET TCBRACKET TCPAREN ((SIMPLE_NAME,[])) + | TOPAREN SIMPLE_NAME SIMPLE_NAME SIMPLE_NAME TCOMMA TOBRACKET TCBRACKET TCPAREN ((SIMPLE_NAME,[])) + + + +typnames: typname ([typname]) + | typname TCOMMA typnames (typname::typnames) + +simple_names: simple_name (simple_name) + | simple_name simple_names (simple_name^" "^simple_names) + | simple_name TMINUS simple_names (simple_name^" "^simple_names) + +typname: TQUOTE SIMPLE_NAME TQUOTE (SIMPLE_NAME) + diff --git a/src/encoder/ofmc-fp.grm.sig b/src/encoder/ofmc-fp.grm.sig new file mode 100644 index 0000000..70f1c35 --- /dev/null +++ b/src/encoder/ofmc-fp.grm.sig @@ -0,0 +1,54 @@ +signature OfmcFpParser_TOKENS = +sig +type ('a,'b) token +type svalue +val TXOR: (string) * 'a * 'a -> (svalue,'a) token +val TWITNESS: (string) * 'a * 'a -> (svalue,'a) token +val TTYPES: (string) * 'a * 'a -> (svalue,'a) token +val TSTEP: (string) * 'a * 'a -> (svalue,'a) token +val TSTATE: (string) * 'a * 'a -> (svalue,'a) token +val TSEMICOLON: (string) * 'a * 'a -> (svalue,'a) token +val TSECTION: (string) * 'a * 'a -> (svalue,'a) token +val TSECSTATE: (string) * 'a * 'a -> (svalue,'a) token +val TSECRET: (string) * 'a * 'a -> (svalue,'a) token +val TSCRYPT: (string) * 'a * 'a -> (svalue,'a) token +val TRULES: (string) * 'a * 'a -> (svalue,'a) token +val TREQUEST: (string) * 'a * 'a -> (svalue,'a) token +val TBACKEND: (string) * 'a * 'a -> (svalue,'a) token +val TPROTOCOL: (string) * 'a * 'a -> (svalue,'a) token +val TOPAREN: (string) * 'a * 'a -> (svalue,'a) token +val TOBRACKET: (string) * 'a * 'a -> (svalue,'a) token +val TMETAIMPLIES: (string) * 'a * 'a -> (svalue,'a) token +val TKNOWLEDGE: (string) * 'a * 'a -> (svalue,'a) token +val TINV: (string) * 'a * 'a -> (svalue,'a) token +val TINITIAL: (string) * 'a * 'a -> (svalue,'a) token +val TIKNOWS: (string) * 'a * 'a -> (svalue,'a) token +val TFPState: (string) * 'a * 'a -> (svalue,'a) token +val TFIXEDPOINT: (string) * 'a * 'a -> (svalue,'a) token +val TFACT: (string) * 'a * 'a -> (svalue,'a) token +val TEXP: (string) * 'a * 'a -> (svalue,'a) token +val TQUOTE: (string) * 'a * 'a -> (svalue,'a) token +val TCRYPT: (string) * 'a * 'a -> (svalue,'a) token +val TCPAREN: (string) * 'a * 'a -> (svalue,'a) token +val TCOMMA: (string) * 'a * 'a -> (svalue,'a) token +val TBAR: (string) * 'a * 'a -> (svalue,'a) token +val TNEQ: (string) * 'a * 'a -> (svalue,'a) token +val TEQ: (string) * 'a * 'a -> (svalue,'a) token +val TWHITESPACE: (string) * 'a * 'a -> (svalue,'a) token +val TCOLON: (string) * 'a * 'a -> (svalue,'a) token +val TCBRACKET: (string) * 'a * 'a -> (svalue,'a) token +val TCAT: (string) * 'a * 'a -> (svalue,'a) token +val TMINUS: (string) * 'a * 'a -> (svalue,'a) token +val TARROW: (string) * 'a * 'a -> (svalue,'a) token +val TATTACK: (string) * 'a * 'a -> (svalue,'a) token +val TABSTRACTION: (string) * 'a * 'a -> (svalue,'a) token +val SIMPLE_NAME: (string) * 'a * 'a -> (svalue,'a) token +val EOF: 'a * 'a -> (svalue,'a) token +end +signature OfmcFpParser_LRVALS= +sig +structure Tokens : OfmcFpParser_TOKENS +structure ParserData:PARSER_DATA +sharing type ParserData.Token.token = Tokens.token +sharing type ParserData.svalue = Tokens.svalue +end diff --git a/src/encoder/ofmc-fp.grm.sml b/src/encoder/ofmc-fp.grm.sml new file mode 100644 index 0000000..c58471a --- /dev/null +++ b/src/encoder/ofmc-fp.grm.sml @@ -0,0 +1,1434 @@ +functor OfmcFpParserLrValsFun(structure Token : TOKEN) + : sig structure ParserData : PARSER_DATA + structure Tokens : OfmcFpParser_TOKENS + end + = +struct +structure ParserData= +struct +structure Header = +struct +(***************************************************************************** + * Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL + * + * ofmc-fp.grm --- + * This file is part of Isabelle-OFMC. + * + * Copyright (c) 2009 Achim D. Brucker, Germany + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * * Neither the name of the copyright holders nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************) +(* $Id: ofmc-fp.grm 880 2009-10-31 18:49:38Z brucker $ *) + + +open OfmcFp + +fun rmOuterOp (Operator(_,[msg])) = msg + | rmOuterOp s = s + + +end +structure LrTable = Token.LrTable +structure Token = Token +local open LrTable in +val table=let val actionRows = +"\ +\\001\000\001\000\000\000\000\000\ +\\001\000\002\000\023\000\000\000\ +\\001\000\002\000\023\000\009\000\048\000\000\000\ +\\001\000\002\000\034\000\000\000\ +\\001\000\002\000\038\000\028\000\037\000\000\000\ +\\001\000\002\000\045\000\000\000\ +\\001\000\002\000\060\000\014\000\059\000\000\000\ +\\001\000\002\000\077\000\000\000\ +\\001\000\002\000\107\000\000\000\ +\\001\000\002\000\117\000\000\000\ +\\001\000\003\000\012\000\020\000\011\000\023\000\010\000\032\000\009\000\000\000\ +\\001\000\004\000\069\000\022\000\068\000\031\000\067\000\034\000\066\000\ +\\038\000\065\000\041\000\064\000\000\000\ +\\001\000\005\000\053\000\000\000\ +\\001\000\008\000\043\000\000\000\ +\\001\000\008\000\095\000\017\000\094\000\000\000\ +\\001\000\008\000\115\000\000\000\ +\\001\000\008\000\136\000\017\000\094\000\000\000\ +\\001\000\008\000\143\000\000\000\ +\\001\000\008\000\150\000\000\000\ +\\001\000\009\000\008\000\000\000\ +\\001\000\009\000\013\000\000\000\ +\\001\000\009\000\014\000\000\000\ +\\001\000\009\000\017\000\000\000\ +\\001\000\009\000\019\000\000\000\ +\\001\000\009\000\020\000\000\000\ +\\001\000\009\000\031\000\000\000\ +\\001\000\009\000\051\000\000\000\ +\\001\000\009\000\061\000\000\000\ +\\001\000\012\000\125\000\000\000\ +\\001\000\013\000\081\000\026\000\080\000\000\000\ +\\001\000\013\000\098\000\026\000\097\000\000\000\ +\\001\000\014\000\090\000\015\000\073\000\000\000\ +\\001\000\014\000\096\000\000\000\ +\\001\000\014\000\127\000\000\000\ +\\001\000\015\000\073\000\000\000\ +\\001\000\015\000\091\000\000\000\ +\\001\000\015\000\118\000\000\000\ +\\001\000\015\000\126\000\000\000\ +\\001\000\015\000\128\000\000\000\ +\\001\000\015\000\129\000\000\000\ +\\001\000\015\000\130\000\000\000\ +\\001\000\015\000\131\000\000\000\ +\\001\000\015\000\132\000\000\000\ +\\001\000\015\000\144\000\000\000\ +\\001\000\015\000\148\000\000\000\ +\\001\000\015\000\151\000\000\000\ +\\001\000\017\000\094\000\000\000\ +\\001\000\017\000\134\000\000\000\ +\\001\000\026\000\124\000\000\000\ +\\001\000\026\000\138\000\000\000\ +\\001\000\027\000\016\000\000\000\ +\\001\000\027\000\076\000\000\000\ +\\001\000\027\000\119\000\000\000\ +\\001\000\027\000\142\000\000\000\ +\\001\000\028\000\028\000\000\000\ +\\001\000\028\000\082\000\000\000\ +\\001\000\028\000\083\000\000\000\ +\\001\000\028\000\084\000\000\000\ +\\001\000\028\000\085\000\000\000\ +\\001\000\028\000\086\000\000\000\ +\\001\000\028\000\087\000\000\000\ +\\001\000\029\000\007\000\030\000\006\000\036\000\005\000\040\000\004\000\000\000\ +\\001\000\035\000\018\000\000\000\ +\\001\000\037\000\088\000\000\000\ +\\001\000\039\000\030\000\000\000\ +\\153\000\000\000\ +\\154\000\029\000\007\000\030\000\006\000\036\000\005\000\040\000\004\000\000\000\ +\\155\000\000\000\ +\\156\000\029\000\007\000\030\000\006\000\036\000\005\000\040\000\004\000\000\000\ +\\157\000\000\000\ +\\158\000\029\000\007\000\030\000\006\000\036\000\005\000\040\000\004\000\000\000\ +\\159\000\000\000\ +\\160\000\029\000\007\000\030\000\006\000\036\000\005\000\040\000\004\000\000\000\ +\\161\000\000\000\ +\\162\000\029\000\007\000\030\000\006\000\036\000\005\000\040\000\004\000\000\000\ +\\163\000\000\000\ +\\164\000\029\000\007\000\030\000\006\000\036\000\005\000\040\000\004\000\000\000\ +\\165\000\000\000\ +\\166\000\029\000\007\000\030\000\006\000\036\000\005\000\040\000\004\000\000\000\ +\\167\000\002\000\038\000\028\000\037\000\000\000\ +\\168\000\000\000\ +\\169\000\039\000\030\000\000\000\ +\\170\000\000\000\ +\\171\000\039\000\030\000\000\000\ +\\172\000\000\000\ +\\173\000\039\000\030\000\000\000\ +\\174\000\000\000\ +\\175\000\039\000\030\000\000\000\ +\\176\000\000\000\ +\\177\000\002\000\034\000\000\000\ +\\178\000\000\000\ +\\179\000\037\000\079\000\000\000\ +\\180\000\000\000\ +\\181\000\000\000\ +\\182\000\000\000\ +\\183\000\000\000\ +\\184\000\000\000\ +\\185\000\000\000\ +\\186\000\000\000\ +\\187\000\037\000\123\000\000\000\ +\\188\000\000\000\ +\\189\000\000\000\ +\\190\000\014\000\090\000\000\000\ +\\191\000\000\000\ +\\192\000\002\000\038\000\028\000\056\000\000\000\ +\\193\000\000\000\ +\\194\000\000\000\ +\\195\000\000\000\ +\\196\000\000\000\ +\\197\000\000\000\ +\\198\000\000\000\ +\\199\000\037\000\089\000\000\000\ +\\200\000\000\000\ +\\201\000\000\000\ +\\202\000\014\000\044\000\000\000\ +\\203\000\000\000\ +\\204\000\000\000\ +\\205\000\000\000\ +\\206\000\000\000\ +\\207\000\000\000\ +\\208\000\014\000\116\000\000\000\ +\\209\000\000\000\ +\\210\000\002\000\023\000\006\000\041\000\000\000\ +\\211\000\000\000\ +\\212\000\000\000\ +\\213\000\000\000\ +\" +val actionRowNumbers = +"\061\000\065\000\019\000\010\000\ +\\020\000\021\000\050\000\022\000\ +\\062\000\023\000\024\000\001\000\ +\\001\000\070\000\054\000\064\000\ +\\025\000\003\000\079\000\068\000\ +\\122\000\110\000\066\000\071\000\ +\\013\000\114\000\005\000\074\000\ +\\002\000\003\000\076\000\026\000\ +\\109\000\078\000\012\000\004\000\ +\\104\000\069\000\123\000\001\000\ +\\067\000\113\000\054\000\006\000\ +\\075\000\027\000\011\000\072\000\ +\\077\000\011\000\080\000\004\000\ +\\034\000\106\000\004\000\124\000\ +\\115\000\051\000\007\000\011\000\ +\\091\000\029\000\055\000\056\000\ +\\057\000\058\000\059\000\060\000\ +\\073\000\063\000\111\000\107\000\ +\\031\000\035\000\014\000\032\000\ +\\030\000\011\000\011\000\004\000\ +\\004\000\008\000\004\000\004\000\ +\\004\000\004\000\089\000\004\000\ +\\004\000\105\000\015\000\120\000\ +\\009\000\036\000\052\000\011\000\ +\\004\000\092\000\081\000\099\000\ +\\048\000\028\000\102\000\037\000\ +\\033\000\108\000\038\000\039\000\ +\\040\000\041\000\090\000\112\000\ +\\103\000\042\000\046\000\047\000\ +\\118\000\016\000\085\000\049\000\ +\\082\000\004\000\011\000\004\000\ +\\097\000\053\000\096\000\098\000\ +\\094\000\095\000\116\000\121\000\ +\\125\000\017\000\043\000\086\000\ +\\011\000\100\000\083\000\101\000\ +\\004\000\044\000\119\000\087\000\ +\\084\000\018\000\117\000\088\000\ +\\045\000\093\000\000\000" +val gotoT = +"\ +\\001\000\150\000\002\000\001\000\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\020\000\013\000\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\003\000\020\000\017\000\019\000\000\000\ +\\003\000\022\000\000\000\ +\\002\000\023\000\000\000\ +\\018\000\025\000\019\000\024\000\000\000\ +\\013\000\027\000\000\000\ +\\000\000\ +\\005\000\031\000\008\000\030\000\000\000\ +\\007\000\034\000\014\000\033\000\000\000\ +\\002\000\037\000\000\000\ +\\003\000\020\000\017\000\038\000\000\000\ +\\000\000\ +\\002\000\040\000\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\002\000\044\000\000\000\ +\\003\000\045\000\000\000\ +\\005\000\031\000\008\000\047\000\000\000\ +\\002\000\048\000\000\000\ +\\000\000\ +\\000\000\ +\\002\000\050\000\000\000\ +\\000\000\ +\\007\000\052\000\000\000\ +\\007\000\053\000\000\000\ +\\000\000\ +\\000\000\ +\\003\000\020\000\017\000\055\000\000\000\ +\\000\000\ +\\000\000\ +\\018\000\025\000\019\000\056\000\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\009\000\061\000\010\000\060\000\000\000\ +\\002\000\068\000\000\000\ +\\000\000\ +\\010\000\069\000\000\000\ +\\000\000\ +\\007\000\070\000\000\000\ +\\000\000\ +\\000\000\ +\\006\000\073\000\007\000\072\000\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\009\000\076\000\010\000\060\000\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\015\000\091\000\016\000\090\000\000\000\ +\\000\000\ +\\000\000\ +\\009\000\097\000\010\000\060\000\000\000\ +\\009\000\098\000\010\000\060\000\000\000\ +\\007\000\101\000\011\000\100\000\012\000\099\000\000\000\ +\\006\000\103\000\007\000\102\000\000\000\ +\\004\000\104\000\000\000\ +\\006\000\106\000\007\000\102\000\000\000\ +\\006\000\107\000\007\000\102\000\000\000\ +\\007\000\108\000\000\000\ +\\007\000\109\000\000\000\ +\\005\000\031\000\008\000\110\000\000\000\ +\\007\000\034\000\014\000\111\000\000\000\ +\\006\000\112\000\007\000\102\000\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\009\000\118\000\010\000\060\000\000\000\ +\\007\000\101\000\011\000\119\000\012\000\099\000\000\000\ +\\000\000\ +\\013\000\120\000\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\015\000\091\000\016\000\131\000\000\000\ +\\000\000\ +\\000\000\ +\\015\000\091\000\016\000\133\000\000\000\ +\\013\000\135\000\000\000\ +\\000\000\ +\\000\000\ +\\007\000\101\000\011\000\137\000\012\000\099\000\000\000\ +\\009\000\138\000\010\000\060\000\000\000\ +\\007\000\139\000\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\009\000\143\000\010\000\060\000\000\000\ +\\000\000\ +\\013\000\144\000\000\000\ +\\000\000\ +\\006\000\145\000\007\000\102\000\000\000\ +\\000\000\ +\\000\000\ +\\013\000\147\000\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\\000\000\ +\" +val numstates = 151 +val numrules = 61 +val s = ref "" and index = ref 0 +val string_to_int = fn () => +let val i = !index +in index := i+2; Char.ord(String.sub(!s,i)) + Char.ord(String.sub(!s,i+1)) * 256 +end +val string_to_list = fn s' => + let val len = String.size s' + fun f () = + if !index < len then string_to_int() :: f() + else nil + in index := 0; s := s'; f () + end +val string_to_pairlist = fn (conv_key,conv_entry) => + let fun f () = + case string_to_int() + of 0 => EMPTY + | n => PAIR(conv_key (n-1),conv_entry (string_to_int()),f()) + in f + end +val string_to_pairlist_default = fn (conv_key,conv_entry) => + let val conv_row = string_to_pairlist(conv_key,conv_entry) + in fn () => + let val default = conv_entry(string_to_int()) + val row = conv_row() + in (row,default) + end + end +val string_to_table = fn (convert_row,s') => + let val len = String.size s' + fun f ()= + if !index < len then convert_row() :: f() + else nil + in (s := s'; index := 0; f ()) + end +local + val memo = Array.array(numstates+numrules,ERROR) + val _ =let fun g i=(Array.update(memo,i,REDUCE(i-numstates)); g(i+1)) + fun f i = + if i=numstates then g i + else (Array.update(memo,i,SHIFT (STATE i)); f (i+1)) + in f 0 handle Subscript => () + end +in +val entry_to_action = fn 0 => ACCEPT | 1 => ERROR | j => Array.sub(memo,(j-2)) +end +val gotoT=Array.fromList(string_to_table(string_to_pairlist(NT,STATE),gotoT)) +val actionRows=string_to_table(string_to_pairlist_default(T,entry_to_action),actionRows) +val actionRowNumbers = string_to_list actionRowNumbers +val actionT = let val actionRowLookUp= +let val a=Array.fromList(actionRows) in fn i=>Array.sub(a,i) end +in Array.fromList(map actionRowLookUp actionRowNumbers) +end +in LrTable.mkLrTable {actions=actionT,gotos=gotoT,numRules=numrules, +numStates=numstates,initialState=STATE 0} +end +end +local open Header in +type pos = ( int * int * int ) +type arg = unit +structure MlyValue = +struct +datatype svalue = VOID | ntVOID of unit -> unit + | TXOR of unit -> (string) | TWITNESS of unit -> (string) + | TTYPES of unit -> (string) | TSTEP of unit -> (string) + | TSTATE of unit -> (string) | TSEMICOLON of unit -> (string) + | TSECTION of unit -> (string) | TSECSTATE of unit -> (string) + | TSECRET of unit -> (string) | TSCRYPT of unit -> (string) + | TRULES of unit -> (string) | TREQUEST of unit -> (string) + | TBACKEND of unit -> (string) | TPROTOCOL of unit -> (string) + | TOPAREN of unit -> (string) | TOBRACKET of unit -> (string) + | TMETAIMPLIES of unit -> (string) | TKNOWLEDGE of unit -> (string) + | TINV of unit -> (string) | TINITIAL of unit -> (string) + | TIKNOWS of unit -> (string) | TFPState of unit -> (string) + | TFIXEDPOINT of unit -> (string) | TFACT of unit -> (string) + | TEXP of unit -> (string) | TQUOTE of unit -> (string) + | TCRYPT of unit -> (string) | TCPAREN of unit -> (string) + | TCOMMA of unit -> (string) | TBAR of unit -> (string) + | TNEQ of unit -> (string) | TEQ of unit -> (string) + | TWHITESPACE of unit -> (string) | TCOLON of unit -> (string) + | TCBRACKET of unit -> (string) | TCAT of unit -> (string) + | TMINUS of unit -> (string) | TARROW of unit -> (string) + | TATTACK of unit -> (string) | TABSTRACTION of unit -> (string) + | SIMPLE_NAME of unit -> (string) + | types of unit -> ( ( string * (string list) ) list) + | typlist of unit -> ( ( string * (string list) ) list) + | typ of unit -> (string* ( string list ) ) + | simple_names of unit -> (string) + | typnames of unit -> (string list) | typname of unit -> (string) + | abstractions of unit -> ( ( Msg * Msg ) list) + | rules of unit -> (Rule list) | nfact of unit -> (Fact) + | nfacts of unit -> (Fact list) | fact of unit -> (Fact) + | facts of unit -> (Fact list) + | knowledge of unit -> ( ( string * Fact ) list) + | msg of unit -> (Msg) | msglist of unit -> (Msg list) + | factname of unit -> (string) | role of unit -> (string) + | simple_name of unit -> (string) | ofmc_fp of unit -> (ofmc_fp) + | START of unit -> (ofmc_fp) +end +type svalue = MlyValue.svalue +type result = ofmc_fp +end +structure EC= +struct +open LrTable +infix 5 $$ +fun x $$ y = y::x +val is_keyword = +fn _ => false +val preferred_change : (term list * term list) list = +nil +val noShift = +fn (T 0) => true | _ => false +val showTerminal = +fn (T 0) => "EOF" + | (T 1) => "SIMPLE_NAME" + | (T 2) => "TABSTRACTION" + | (T 3) => "TATTACK" + | (T 4) => "TARROW" + | (T 5) => "TMINUS" + | (T 6) => "TCAT" + | (T 7) => "TCBRACKET" + | (T 8) => "TCOLON" + | (T 9) => "TWHITESPACE" + | (T 10) => "TEQ" + | (T 11) => "TNEQ" + | (T 12) => "TBAR" + | (T 13) => "TCOMMA" + | (T 14) => "TCPAREN" + | (T 15) => "TCRYPT" + | (T 16) => "TQUOTE" + | (T 17) => "TEXP" + | (T 18) => "TFACT" + | (T 19) => "TFIXEDPOINT" + | (T 20) => "TFPState" + | (T 21) => "TIKNOWS" + | (T 22) => "TINITIAL" + | (T 23) => "TINV" + | (T 24) => "TKNOWLEDGE" + | (T 25) => "TMETAIMPLIES" + | (T 26) => "TOBRACKET" + | (T 27) => "TOPAREN" + | (T 28) => "TPROTOCOL" + | (T 29) => "TBACKEND" + | (T 30) => "TREQUEST" + | (T 31) => "TRULES" + | (T 32) => "TSCRYPT" + | (T 33) => "TSECRET" + | (T 34) => "TSECSTATE" + | (T 35) => "TSECTION" + | (T 36) => "TSEMICOLON" + | (T 37) => "TSTATE" + | (T 38) => "TSTEP" + | (T 39) => "TTYPES" + | (T 40) => "TWITNESS" + | (T 41) => "TXOR" + | _ => "bogus-term" +local open Header in +val errtermvalue= +fn _ => MlyValue.VOID +end +val terms : term list = nil + $$ (T 0)end +structure Actions = +struct +exception mlyAction of int +local open Header in +val actions = +fn (i392,defaultPos,stack, + (()):arg) => +case (i392,stack) +of ( 0, ( ( _, ( MlyValue.ofmc_fp ofmc_fp1, ofmc_fp1left, +ofmc_fp1right)) :: rest671)) => let val result = MlyValue.START (fn _ + => let val (ofmc_fp as ofmc_fp1) = ofmc_fp1 () + in (ofmc_fp) +end) + in ( LrTable.NT 0, ( result, ofmc_fp1left, ofmc_fp1right), rest671) + +end +| ( 1, ( ( _, ( MlyValue.simple_name simple_name1, _, +simple_name1right)) :: ( _, ( MlyValue.TCOLON TCOLON1, _, _)) :: ( _, +( MlyValue.TPROTOCOL TPROTOCOL1, TPROTOCOL1left, _)) :: rest671)) => + let val result = MlyValue.ofmc_fp (fn _ => let val TPROTOCOL1 = +TPROTOCOL1 () + val TCOLON1 = TCOLON1 () + val (simple_name as simple_name1) = simple_name1 () + in (update_protocol simple_name empty_ofmc_fp) +end) + in ( LrTable.NT 1, ( result, TPROTOCOL1left, simple_name1right), +rest671) +end +| ( 2, ( ( _, ( MlyValue.ofmc_fp ofmc_fp1, _, ofmc_fp1right)) :: ( _, + ( MlyValue.simple_name simple_name1, _, _)) :: ( _, ( MlyValue.TCOLON + TCOLON1, _, _)) :: ( _, ( MlyValue.TPROTOCOL TPROTOCOL1, +TPROTOCOL1left, _)) :: rest671)) => let val result = MlyValue.ofmc_fp + (fn _ => let val TPROTOCOL1 = TPROTOCOL1 () + val TCOLON1 = TCOLON1 () + val (simple_name as simple_name1) = simple_name1 () + val (ofmc_fp as ofmc_fp1) = ofmc_fp1 () + in (update_protocol simple_name ofmc_fp) +end) + in ( LrTable.NT 1, ( result, TPROTOCOL1left, ofmc_fp1right), rest671) + +end +| ( 3, ( ( _, ( MlyValue.simple_names simple_names1, _, +simple_names1right)) :: ( _, ( MlyValue.TCOLON TCOLON1, _, _)) :: ( _, + ( MlyValue.TBACKEND TBACKEND1, TBACKEND1left, _)) :: rest671)) => let + val result = MlyValue.ofmc_fp (fn _ => let val TBACKEND1 = +TBACKEND1 () + val TCOLON1 = TCOLON1 () + val (simple_names as simple_names1) = simple_names1 () + in (update_backend simple_names empty_ofmc_fp) +end) + in ( LrTable.NT 1, ( result, TBACKEND1left, simple_names1right), +rest671) +end +| ( 4, ( ( _, ( MlyValue.ofmc_fp ofmc_fp1, _, ofmc_fp1right)) :: ( _, + ( MlyValue.simple_names simple_names1, _, _)) :: ( _, ( +MlyValue.TCOLON TCOLON1, _, _)) :: ( _, ( MlyValue.TBACKEND TBACKEND1, + TBACKEND1left, _)) :: rest671)) => let val result = MlyValue.ofmc_fp + (fn _ => let val TBACKEND1 = TBACKEND1 () + val TCOLON1 = TCOLON1 () + val (simple_names as simple_names1) = simple_names1 () + val (ofmc_fp as ofmc_fp1) = ofmc_fp1 () + in (update_backend simple_names ofmc_fp) +end) + in ( LrTable.NT 1, ( result, TBACKEND1left, ofmc_fp1right), rest671) + +end +| ( 5, ( ( _, ( MlyValue.types types1, _, types1right)) :: ( _, ( +MlyValue.TCOLON TCOLON1, _, _)) :: ( _, ( MlyValue.TTYPES TTYPES1, +TTYPES1left, _)) :: rest671)) => let val result = MlyValue.ofmc_fp + (fn _ => let val TTYPES1 = TTYPES1 () + val TCOLON1 = TCOLON1 () + val (types as types1) = types1 () + in (update_types ((types_of empty_ofmc_fp)@types) empty_ofmc_fp) +end) + in ( LrTable.NT 1, ( result, TTYPES1left, types1right), rest671) +end +| ( 6, ( ( _, ( MlyValue.ofmc_fp ofmc_fp1, _, ofmc_fp1right)) :: ( _, + ( MlyValue.types types1, _, _)) :: ( _, ( MlyValue.TCOLON TCOLON1, _, + _)) :: ( _, ( MlyValue.TTYPES TTYPES1, TTYPES1left, _)) :: rest671)) + => let val result = MlyValue.ofmc_fp (fn _ => let val TTYPES1 = +TTYPES1 () + val TCOLON1 = TCOLON1 () + val (types as types1) = types1 () + val (ofmc_fp as ofmc_fp1) = ofmc_fp1 () + in (update_types ((types_of ofmc_fp)@types) ofmc_fp) +end) + in ( LrTable.NT 1, ( result, TTYPES1left, ofmc_fp1right), rest671) + +end +| ( 7, ( ( _, ( MlyValue.knowledge knowledge1, _, knowledge1right)) + :: ( _, ( MlyValue.TCOLON TCOLON1, _, _)) :: ( _, ( +MlyValue.TSECSTATE TSECSTATE1, _, _)) :: ( _, ( MlyValue.TINITIAL +TINITIAL1, _, _)) :: ( _, ( MlyValue.TSECTION TSECTION1, TSECTION1left +, _)) :: rest671)) => let val result = MlyValue.ofmc_fp (fn _ => let + val TSECTION1 = TSECTION1 () + val TINITIAL1 = TINITIAL1 () + val TSECSTATE1 = TSECSTATE1 () + val TCOLON1 = TCOLON1 () + val (knowledge as knowledge1) = knowledge1 () + in (update_knowledge knowledge empty_ofmc_fp) +end) + in ( LrTable.NT 1, ( result, TSECTION1left, knowledge1right), rest671 +) +end +| ( 8, ( ( _, ( MlyValue.ofmc_fp ofmc_fp1, _, ofmc_fp1right)) :: ( _, + ( MlyValue.knowledge knowledge1, _, _)) :: ( _, ( MlyValue.TCOLON +TCOLON1, _, _)) :: ( _, ( MlyValue.TSECSTATE TSECSTATE1, _, _)) :: ( _ +, ( MlyValue.TINITIAL TINITIAL1, _, _)) :: ( _, ( MlyValue.TSECTION +TSECTION1, TSECTION1left, _)) :: rest671)) => let val result = +MlyValue.ofmc_fp (fn _ => let val TSECTION1 = TSECTION1 () + val TINITIAL1 = TINITIAL1 () + val TSECSTATE1 = TSECSTATE1 () + val TCOLON1 = TCOLON1 () + val (knowledge as knowledge1) = knowledge1 () + val (ofmc_fp as ofmc_fp1) = ofmc_fp1 () + in (update_knowledge knowledge ofmc_fp) +end) + in ( LrTable.NT 1, ( result, TSECTION1left, ofmc_fp1right), rest671) + +end +| ( 9, ( ( _, ( MlyValue.rules rules1, _, rules1right)) :: ( _, ( +MlyValue.TCOLON TCOLON1, _, _)) :: ( _, ( MlyValue.TRULES TRULES1, _, + _)) :: ( _, ( MlyValue.TSECTION TSECTION1, TSECTION1left, _)) :: +rest671)) => let val result = MlyValue.ofmc_fp (fn _ => let val +TSECTION1 = TSECTION1 () + val TRULES1 = TRULES1 () + val TCOLON1 = TCOLON1 () + val (rules as rules1) = rules1 () + in (update_rules rules empty_ofmc_fp) +end) + in ( LrTable.NT 1, ( result, TSECTION1left, rules1right), rest671) + +end +| ( 10, ( ( _, ( MlyValue.ofmc_fp ofmc_fp1, _, ofmc_fp1right)) :: ( _ +, ( MlyValue.rules rules1, _, _)) :: ( _, ( MlyValue.TCOLON TCOLON1, _ +, _)) :: ( _, ( MlyValue.TRULES TRULES1, _, _)) :: ( _, ( +MlyValue.TSECTION TSECTION1, TSECTION1left, _)) :: rest671)) => let + val result = MlyValue.ofmc_fp (fn _ => let val TSECTION1 = +TSECTION1 () + val TRULES1 = TRULES1 () + val TCOLON1 = TCOLON1 () + val (rules as rules1) = rules1 () + val (ofmc_fp as ofmc_fp1) = ofmc_fp1 () + in (update_rules rules ofmc_fp) +end) + in ( LrTable.NT 1, ( result, TSECTION1left, ofmc_fp1right), rest671) + +end +| ( 11, ( ( _, ( MlyValue.knowledge knowledge1, _, knowledge1right)) + :: ( _, ( MlyValue.TCOLON TCOLON1, _, _)) :: ( _, ( +MlyValue.TFIXEDPOINT TFIXEDPOINT1, _, _)) :: ( _, ( MlyValue.TSECTION +TSECTION1, TSECTION1left, _)) :: rest671)) => let val result = +MlyValue.ofmc_fp (fn _ => let val TSECTION1 = TSECTION1 () + val TFIXEDPOINT1 = TFIXEDPOINT1 () + val TCOLON1 = TCOLON1 () + val (knowledge as knowledge1) = knowledge1 () + in (update_fixedpoint knowledge empty_ofmc_fp) +end) + in ( LrTable.NT 1, ( result, TSECTION1left, knowledge1right), rest671 +) +end +| ( 12, ( ( _, ( MlyValue.ofmc_fp ofmc_fp1, _, ofmc_fp1right)) :: ( _ +, ( MlyValue.knowledge knowledge1, _, _)) :: ( _, ( MlyValue.TCOLON +TCOLON1, _, _)) :: ( _, ( MlyValue.TFIXEDPOINT TFIXEDPOINT1, _, _)) :: + ( _, ( MlyValue.TSECTION TSECTION1, TSECTION1left, _)) :: rest671)) + => let val result = MlyValue.ofmc_fp (fn _ => let val TSECTION1 = +TSECTION1 () + val TFIXEDPOINT1 = TFIXEDPOINT1 () + val TCOLON1 = TCOLON1 () + val (knowledge as knowledge1) = knowledge1 () + val (ofmc_fp as ofmc_fp1) = ofmc_fp1 () + in (update_fixedpoint knowledge ofmc_fp) +end) + in ( LrTable.NT 1, ( result, TSECTION1left, ofmc_fp1right), rest671) + +end +| ( 13, ( ( _, ( MlyValue.abstractions abstractions1, _, +abstractions1right)) :: ( _, ( MlyValue.TCOLON TCOLON1, _, _)) :: ( _, + ( MlyValue.TABSTRACTION TABSTRACTION1, _, _)) :: ( _, ( +MlyValue.TSECTION TSECTION1, TSECTION1left, _)) :: rest671)) => let + val result = MlyValue.ofmc_fp (fn _ => let val TSECTION1 = +TSECTION1 () + val TABSTRACTION1 = TABSTRACTION1 () + val TCOLON1 = TCOLON1 () + val (abstractions as abstractions1) = abstractions1 () + in ( +update_abstractions ((abstractions_of empty_ofmc_fp )@abstractions) empty_ofmc_fp +) +end) + in ( LrTable.NT 1, ( result, TSECTION1left, abstractions1right), +rest671) +end +| ( 14, ( ( _, ( MlyValue.TCOLON TCOLON1, _, TCOLON1right)) :: ( _, ( + MlyValue.TABSTRACTION TABSTRACTION1, _, _)) :: ( _, ( +MlyValue.TSECTION TSECTION1, TSECTION1left, _)) :: rest671)) => let + val result = MlyValue.ofmc_fp (fn _ => let val TSECTION1 = +TSECTION1 () + val TABSTRACTION1 = TABSTRACTION1 () + val TCOLON1 = TCOLON1 () + in ( +update_abstractions ((abstractions_of empty_ofmc_fp )@[]) empty_ofmc_fp +) +end) + in ( LrTable.NT 1, ( result, TSECTION1left, TCOLON1right), rest671) + +end +| ( 15, ( ( _, ( MlyValue.ofmc_fp ofmc_fp1, _, ofmc_fp1right)) :: ( _ +, ( MlyValue.abstractions abstractions1, _, _)) :: ( _, ( +MlyValue.TCOLON TCOLON1, _, _)) :: ( _, ( MlyValue.TABSTRACTION +TABSTRACTION1, _, _)) :: ( _, ( MlyValue.TSECTION TSECTION1, +TSECTION1left, _)) :: rest671)) => let val result = MlyValue.ofmc_fp + (fn _ => let val TSECTION1 = TSECTION1 () + val TABSTRACTION1 = TABSTRACTION1 () + val TCOLON1 = TCOLON1 () + val (abstractions as abstractions1) = abstractions1 () + val (ofmc_fp as ofmc_fp1) = ofmc_fp1 () + in ( +update_abstractions ((abstractions_of ofmc_fp)@abstractions) ofmc_fp) + +end) + in ( LrTable.NT 1, ( result, TSECTION1left, ofmc_fp1right), rest671) + +end +| ( 16, ( ( _, ( MlyValue.facts facts2, _, facts2right)) :: ( _, ( +MlyValue.TMETAIMPLIES TMETAIMPLIES1, _, _)) :: ( _, ( MlyValue.facts +facts1, _, _)) :: ( _, ( MlyValue.TCOLON TCOLON1, _, _)) :: ( _, ( +MlyValue.TSTEP TSTEP1, TSTEP1left, _)) :: rest671)) => let val result + = MlyValue.rules (fn _ => let val TSTEP1 = TSTEP1 () + val TCOLON1 = TCOLON1 () + val facts1 = facts1 () + val TMETAIMPLIES1 = TMETAIMPLIES1 () + val facts2 = facts2 () + in ([(NONE, facts1, facts2)]) +end) + in ( LrTable.NT 12, ( result, TSTEP1left, facts2right), rest671) +end +| ( 17, ( ( _, ( MlyValue.rules rules1, _, rules1right)) :: ( _, ( +MlyValue.facts facts2, _, _)) :: ( _, ( MlyValue.TMETAIMPLIES +TMETAIMPLIES1, _, _)) :: ( _, ( MlyValue.facts facts1, _, _)) :: ( _, +( MlyValue.TCOLON TCOLON1, _, _)) :: ( _, ( MlyValue.TSTEP TSTEP1, +TSTEP1left, _)) :: rest671)) => let val result = MlyValue.rules (fn _ + => let val TSTEP1 = TSTEP1 () + val TCOLON1 = TCOLON1 () + val facts1 = facts1 () + val TMETAIMPLIES1 = TMETAIMPLIES1 () + val facts2 = facts2 () + val (rules as rules1) = rules1 () + in ((NONE, facts1, facts2)::rules) +end) + in ( LrTable.NT 12, ( result, TSTEP1left, rules1right), rest671) +end +| ( 18, ( ( _, ( MlyValue.facts facts2, _, facts2right)) :: ( _, ( +MlyValue.TMETAIMPLIES TMETAIMPLIES1, _, _)) :: ( _, ( MlyValue.nfacts +nfacts1, _, _)) :: ( _, ( MlyValue.TBAR TBAR1, _, _)) :: ( _, ( +MlyValue.facts facts1, _, _)) :: ( _, ( MlyValue.TCOLON TCOLON1, _, _) +) :: ( _, ( MlyValue.TSTEP TSTEP1, TSTEP1left, _)) :: rest671)) => let + val result = MlyValue.rules (fn _ => let val TSTEP1 = TSTEP1 () + val TCOLON1 = TCOLON1 () + val (facts as facts1) = facts1 () + val TBAR1 = TBAR1 () + val (nfacts as nfacts1) = nfacts1 () + val TMETAIMPLIES1 = TMETAIMPLIES1 () + val facts2 = facts2 () + in ([(NONE, facts1@nfacts, facts)]) +end) + in ( LrTable.NT 12, ( result, TSTEP1left, facts2right), rest671) +end +| ( 19, ( ( _, ( MlyValue.rules rules1, _, rules1right)) :: ( _, ( +MlyValue.facts facts2, _, _)) :: ( _, ( MlyValue.TMETAIMPLIES +TMETAIMPLIES1, _, _)) :: ( _, ( MlyValue.nfacts nfacts1, _, _)) :: ( _ +, ( MlyValue.TBAR TBAR1, _, _)) :: ( _, ( MlyValue.facts facts1, _, _) +) :: ( _, ( MlyValue.TCOLON TCOLON1, _, _)) :: ( _, ( MlyValue.TSTEP +TSTEP1, TSTEP1left, _)) :: rest671)) => let val result = +MlyValue.rules (fn _ => let val TSTEP1 = TSTEP1 () + val TCOLON1 = TCOLON1 () + val (facts as facts1) = facts1 () + val TBAR1 = TBAR1 () + val (nfacts as nfacts1) = nfacts1 () + val TMETAIMPLIES1 = TMETAIMPLIES1 () + val facts2 = facts2 () + val (rules as rules1) = rules1 () + in ((NONE, facts1@nfacts, facts)::rules) +end) + in ( LrTable.NT 12, ( result, TSTEP1left, rules1right), rest671) +end +| ( 20, ( ( _, ( MlyValue.facts facts2, _, facts2right)) :: ( _, ( +MlyValue.TMETAIMPLIES TMETAIMPLIES1, _, _)) :: ( _, ( MlyValue.facts +facts1, _, _)) :: ( _, ( MlyValue.TCOLON TCOLON1, _, _)) :: ( _, ( +MlyValue.simple_name simple_name1, _, _)) :: ( _, ( MlyValue.TSTEP +TSTEP1, TSTEP1left, _)) :: rest671)) => let val result = +MlyValue.rules (fn _ => let val TSTEP1 = TSTEP1 () + val (simple_name as simple_name1) = simple_name1 () + val TCOLON1 = TCOLON1 () + val facts1 = facts1 () + val TMETAIMPLIES1 = TMETAIMPLIES1 () + val facts2 = facts2 () + in ([(SOME simple_name, facts1, facts2)]) +end) + in ( LrTable.NT 12, ( result, TSTEP1left, facts2right), rest671) +end +| ( 21, ( ( _, ( MlyValue.rules rules1, _, rules1right)) :: ( _, ( +MlyValue.facts facts2, _, _)) :: ( _, ( MlyValue.TMETAIMPLIES +TMETAIMPLIES1, _, _)) :: ( _, ( MlyValue.facts facts1, _, _)) :: ( _, +( MlyValue.TCOLON TCOLON1, _, _)) :: ( _, ( MlyValue.simple_name +simple_name1, _, _)) :: ( _, ( MlyValue.TSTEP TSTEP1, TSTEP1left, _)) + :: rest671)) => let val result = MlyValue.rules (fn _ => let val +TSTEP1 = TSTEP1 () + val (simple_name as simple_name1) = simple_name1 () + val TCOLON1 = TCOLON1 () + val facts1 = facts1 () + val TMETAIMPLIES1 = TMETAIMPLIES1 () + val facts2 = facts2 () + val (rules as rules1) = rules1 () + in ((SOME simple_name, facts1, facts2)::rules) +end) + in ( LrTable.NT 12, ( result, TSTEP1left, rules1right), rest671) +end +| ( 22, ( ( _, ( MlyValue.facts facts2, _, facts2right)) :: ( _, ( +MlyValue.TMETAIMPLIES TMETAIMPLIES1, _, _)) :: ( _, ( MlyValue.nfacts +nfacts1, _, _)) :: ( _, ( MlyValue.TBAR TBAR1, _, _)) :: ( _, ( +MlyValue.facts facts1, _, _)) :: ( _, ( MlyValue.TCOLON TCOLON1, _, _) +) :: ( _, ( MlyValue.simple_name simple_name1, _, _)) :: ( _, ( +MlyValue.TSTEP TSTEP1, TSTEP1left, _)) :: rest671)) => let val result + = MlyValue.rules (fn _ => let val TSTEP1 = TSTEP1 () + val (simple_name as simple_name1) = simple_name1 () + val TCOLON1 = TCOLON1 () + val facts1 = facts1 () + val TBAR1 = TBAR1 () + val (nfacts as nfacts1) = nfacts1 () + val TMETAIMPLIES1 = TMETAIMPLIES1 () + val facts2 = facts2 () + in ([(SOME simple_name, facts1@nfacts, facts2)]) +end) + in ( LrTable.NT 12, ( result, TSTEP1left, facts2right), rest671) +end +| ( 23, ( ( _, ( MlyValue.rules rules1, _, rules1right)) :: ( _, ( +MlyValue.facts facts2, _, _)) :: ( _, ( MlyValue.TMETAIMPLIES +TMETAIMPLIES1, _, _)) :: ( _, ( MlyValue.nfacts nfacts1, _, _)) :: ( _ +, ( MlyValue.TBAR TBAR1, _, _)) :: ( _, ( MlyValue.facts facts1, _, _) +) :: ( _, ( MlyValue.TCOLON TCOLON1, _, _)) :: ( _, ( +MlyValue.simple_name simple_name1, _, _)) :: ( _, ( MlyValue.TSTEP +TSTEP1, TSTEP1left, _)) :: rest671)) => let val result = +MlyValue.rules (fn _ => let val TSTEP1 = TSTEP1 () + val (simple_name as simple_name1) = simple_name1 () + val TCOLON1 = TCOLON1 () + val facts1 = facts1 () + val TBAR1 = TBAR1 () + val (nfacts as nfacts1) = nfacts1 () + val TMETAIMPLIES1 = TMETAIMPLIES1 () + val facts2 = facts2 () + val (rules as rules1) = rules1 () + in ((SOME simple_name, facts1@nfacts, facts2)::rules) +end) + in ( LrTable.NT 12, ( result, TSTEP1left, rules1right), rest671) +end +| ( 24, ( ( _, ( MlyValue.TSEMICOLON TSEMICOLON1, _, TSEMICOLON1right +)) :: ( _, ( MlyValue.fact fact1, _, _)) :: ( _, ( MlyValue.TCOLON +TCOLON1, _, _)) :: ( _, ( MlyValue.factname factname1, factname1left, + _)) :: rest671)) => let val result = MlyValue.knowledge (fn _ => let + val (factname as factname1) = factname1 () + val TCOLON1 = TCOLON1 () + val (fact as fact1) = fact1 () + val TSEMICOLON1 = TSEMICOLON1 () + in ([(factname, fact)]) +end) + in ( LrTable.NT 7, ( result, factname1left, TSEMICOLON1right), +rest671) +end +| ( 25, ( ( _, ( MlyValue.knowledge knowledge1, _, knowledge1right)) + :: ( _, ( MlyValue.TSEMICOLON TSEMICOLON1, _, _)) :: ( _, ( +MlyValue.fact fact1, _, _)) :: ( _, ( MlyValue.TCOLON TCOLON1, _, _)) + :: ( _, ( MlyValue.factname factname1, factname1left, _)) :: rest671) +) => let val result = MlyValue.knowledge (fn _ => let val (factname + as factname1) = factname1 () + val TCOLON1 = TCOLON1 () + val (fact as fact1) = fact1 () + val TSEMICOLON1 = TSEMICOLON1 () + val (knowledge as knowledge1) = knowledge1 () + in ((factname, fact)::(knowledge)) +end) + in ( LrTable.NT 7, ( result, factname1left, knowledge1right), rest671 +) +end +| ( 26, ( ( _, ( MlyValue.fact fact1, fact1left, fact1right)) :: +rest671)) => let val result = MlyValue.facts (fn _ => let val (fact + as fact1) = fact1 () + in ([fact]) +end) + in ( LrTable.NT 8, ( result, fact1left, fact1right), rest671) +end +| ( 27, ( ( _, ( MlyValue.facts facts1, _, facts1right)) :: ( _, ( +MlyValue.TSEMICOLON TSEMICOLON1, _, _)) :: ( _, ( MlyValue.fact fact1, + fact1left, _)) :: rest671)) => let val result = MlyValue.facts (fn _ + => let val (fact as fact1) = fact1 () + val TSEMICOLON1 = TSEMICOLON1 () + val (facts as facts1) = facts1 () + in (fact::facts) +end) + in ( LrTable.NT 8, ( result, fact1left, facts1right), rest671) +end +| ( 28, ( ( _, ( MlyValue.TCPAREN TCPAREN1, _, TCPAREN1right)) :: ( _ +, ( MlyValue.TCBRACKET TCBRACKET1, _, _)) :: ( _, ( MlyValue.msglist +msglist1, _, _)) :: ( _, ( MlyValue.TOBRACKET TOBRACKET1, _, _)) :: ( + _, ( MlyValue.TCOMMA TCOMMA1, _, _)) :: ( _, ( MlyValue.role role1, _ +, _)) :: ( _, ( MlyValue.TOPAREN TOPAREN1, _, _)) :: ( _, ( +MlyValue.TSTATE TSTATE1, TSTATE1left, _)) :: rest671)) => let val +result = MlyValue.fact (fn _ => let val TSTATE1 = TSTATE1 () + val TOPAREN1 = TOPAREN1 () + val (role as role1) = role1 () + val TCOMMA1 = TCOMMA1 () + val TOBRACKET1 = TOBRACKET1 () + val (msglist as msglist1) = msglist1 () + val TCBRACKET1 = TCBRACKET1 () + val TCPAREN1 = TCPAREN1 () + in (State(role, msglist)) +end) + in ( LrTable.NT 9, ( result, TSTATE1left, TCPAREN1right), rest671) + +end +| ( 29, ( ( _, ( MlyValue.TCPAREN TCPAREN1, _, TCPAREN1right)) :: ( _ +, ( MlyValue.msg msg1, _, _)) :: ( _, ( MlyValue.TOPAREN TOPAREN1, _, + _)) :: ( _, ( MlyValue.TIKNOWS TIKNOWS1, TIKNOWS1left, _)) :: rest671 +)) => let val result = MlyValue.fact (fn _ => let val TIKNOWS1 = +TIKNOWS1 () + val TOPAREN1 = TOPAREN1 () + val (msg as msg1) = msg1 () + val TCPAREN1 = TCPAREN1 () + in (Iknows(msg)) +end) + in ( LrTable.NT 9, ( result, TIKNOWS1left, TCPAREN1right), rest671) + +end +| ( 30, ( ( _, ( MlyValue.TCPAREN TCPAREN1, _, TCPAREN1right)) :: ( _ +, ( MlyValue.msg msg1, _, _)) :: ( _, ( MlyValue.TOPAREN TOPAREN1, _, + _)) :: ( _, ( MlyValue.TATTACK TATTACK1, TATTACK1left, _)) :: rest671 +)) => let val result = MlyValue.fact (fn _ => let val TATTACK1 = +TATTACK1 () + val TOPAREN1 = TOPAREN1 () + val (msg as msg1) = msg1 () + val TCPAREN1 = TCPAREN1 () + in (Attack(msg)) +end) + in ( LrTable.NT 9, ( result, TATTACK1left, TCPAREN1right), rest671) + +end +| ( 31, ( ( _, ( MlyValue.TCPAREN TCPAREN1, _, TCPAREN1right)) :: ( _ +, ( MlyValue.msglist msglist1, _, _)) :: ( _, ( MlyValue.TOPAREN +TOPAREN1, _, _)) :: ( _, ( MlyValue.TSECRET TSECRET1, TSECRET1left, _) +) :: rest671)) => let val result = MlyValue.fact (fn _ => let val +TSECRET1 = TSECRET1 () + val TOPAREN1 = TOPAREN1 () + val (msglist as msglist1) = msglist1 () + val TCPAREN1 = TCPAREN1 () + in (Secret(msglist)) +end) + in ( LrTable.NT 9, ( result, TSECRET1left, TCPAREN1right), rest671) + +end +| ( 32, ( ( _, ( MlyValue.TCPAREN TCPAREN1, _, TCPAREN1right)) :: ( _ +, ( MlyValue.msglist msglist1, _, _)) :: ( _, ( MlyValue.TOPAREN +TOPAREN1, _, _)) :: ( _, ( MlyValue.TWITNESS TWITNESS1, TWITNESS1left, + _)) :: rest671)) => let val result = MlyValue.fact (fn _ => let val + TWITNESS1 = TWITNESS1 () + val TOPAREN1 = TOPAREN1 () + val (msglist as msglist1) = msglist1 () + val TCPAREN1 = TCPAREN1 () + in (Witness(msglist)) +end) + in ( LrTable.NT 9, ( result, TWITNESS1left, TCPAREN1right), rest671) + +end +| ( 33, ( ( _, ( MlyValue.TCPAREN TCPAREN1, _, TCPAREN1right)) :: ( _ +, ( MlyValue.msglist msglist1, _, _)) :: ( _, ( MlyValue.TOPAREN +TOPAREN1, _, _)) :: ( _, ( MlyValue.TREQUEST TREQUEST1, TREQUEST1left, + _)) :: rest671)) => let val result = MlyValue.fact (fn _ => let val + TREQUEST1 = TREQUEST1 () + val TOPAREN1 = TOPAREN1 () + val (msglist as msglist1) = msglist1 () + val TCPAREN1 = TCPAREN1 () + in (Request(msglist)) +end) + in ( LrTable.NT 9, ( result, TREQUEST1left, TCPAREN1right), rest671) + +end +| ( 34, ( ( _, ( MlyValue.nfact nfact1, nfact1left, nfact1right)) :: +rest671)) => let val result = MlyValue.nfacts (fn _ => let val ( +nfact as nfact1) = nfact1 () + in ([nfact]) +end) + in ( LrTable.NT 10, ( result, nfact1left, nfact1right), rest671) +end +| ( 35, ( ( _, ( MlyValue.nfacts nfacts1, _, nfacts1right)) :: ( _, ( + MlyValue.TSEMICOLON TSEMICOLON1, _, _)) :: ( _, ( MlyValue.nfact +nfact1, nfact1left, _)) :: rest671)) => let val result = +MlyValue.nfacts (fn _ => let val (nfact as nfact1) = nfact1 () + val TSEMICOLON1 = TSEMICOLON1 () + val (nfacts as nfacts1) = nfacts1 () + in (nfact::nfacts) +end) + in ( LrTable.NT 10, ( result, nfact1left, nfacts1right), rest671) +end +| ( 36, ( ( _, ( MlyValue.msg msg2, _, msg2right)) :: ( _, ( +MlyValue.TNEQ TNEQ1, _, _)) :: ( _, ( MlyValue.msg msg1, msg1left, _)) + :: rest671)) => let val result = MlyValue.nfact (fn _ => let val +msg1 = msg1 () + val TNEQ1 = TNEQ1 () + val msg2 = msg2 () + in (NotEqual(msg1,msg2)) +end) + in ( LrTable.NT 11, ( result, msg1left, msg2right), rest671) +end +| ( 37, ( ( _, ( MlyValue.msg msg1, msg1left, msg1right)) :: rest671) +) => let val result = MlyValue.msglist (fn _ => let val (msg as msg1 +) = msg1 () + in ([msg]) +end) + in ( LrTable.NT 5, ( result, msg1left, msg1right), rest671) +end +| ( 38, ( ( _, ( MlyValue.msglist msglist1, _, msglist1right)) :: ( _ +, ( MlyValue.TCOMMA TCOMMA1, _, _)) :: ( _, ( MlyValue.msg msg1, +msg1left, _)) :: rest671)) => let val result = MlyValue.msglist (fn _ + => let val (msg as msg1) = msg1 () + val TCOMMA1 = TCOMMA1 () + val (msglist as msglist1) = msglist1 () + in (msg::msglist) +end) + in ( LrTable.NT 5, ( result, msg1left, msglist1right), rest671) +end +| ( 39, ( ( _, ( MlyValue.SIMPLE_NAME SIMPLE_NAME1, SIMPLE_NAME1left, + SIMPLE_NAME1right)) :: rest671)) => let val result = MlyValue.msg + (fn _ => let val (SIMPLE_NAME as SIMPLE_NAME1) = SIMPLE_NAME1 () + in (Atom SIMPLE_NAME) +end) + in ( LrTable.NT 6, ( result, SIMPLE_NAME1left, SIMPLE_NAME1right), +rest671) +end +| ( 40, ( ( _, ( MlyValue.TCPAREN TCPAREN1, _, TCPAREN1right)) :: ( _ +, ( MlyValue.msglist msglist1, _, _)) :: ( _, ( MlyValue.TOPAREN +TOPAREN1, _, _)) :: ( _, ( MlyValue.SIMPLE_NAME SIMPLE_NAME1, +SIMPLE_NAME1left, _)) :: rest671)) => let val result = MlyValue.msg + (fn _ => let val (SIMPLE_NAME as SIMPLE_NAME1) = SIMPLE_NAME1 () + val TOPAREN1 = TOPAREN1 () + val (msglist as msglist1) = msglist1 () + val TCPAREN1 = TCPAREN1 () + in (Operator(SIMPLE_NAME,msglist)) +end) + in ( LrTable.NT 6, ( result, SIMPLE_NAME1left, TCPAREN1right), +rest671) +end +| ( 41, ( ( _, ( MlyValue.msg msg1, _, msg1right)) :: ( _, ( +MlyValue.SIMPLE_NAME SIMPLE_NAME1, SIMPLE_NAME1left, _)) :: rest671)) + => let val result = MlyValue.msg (fn _ => let val (SIMPLE_NAME as +SIMPLE_NAME1) = SIMPLE_NAME1 () + val (msg as msg1) = msg1 () + in (Operator(SIMPLE_NAME,[msg])) +end) + in ( LrTable.NT 6, ( result, SIMPLE_NAME1left, msg1right), rest671) + +end +| ( 42, ( ( _, ( MlyValue.TCPAREN TCPAREN1, _, TCPAREN1right)) :: ( _ +, ( MlyValue.msg msg1, _, _)) :: ( _, ( MlyValue.TOPAREN TOPAREN1, +TOPAREN1left, _)) :: rest671)) => let val result = MlyValue.msg (fn _ + => let val TOPAREN1 = TOPAREN1 () + val (msg as msg1) = msg1 () + val TCPAREN1 = TCPAREN1 () + in (msg) +end) + in ( LrTable.NT 6, ( result, TOPAREN1left, TCPAREN1right), rest671) + +end +| ( 43, ( ( _, ( MlyValue.SIMPLE_NAME SIMPLE_NAME1, SIMPLE_NAME1left, + SIMPLE_NAME1right)) :: rest671)) => let val result = MlyValue.role + (fn _ => let val (SIMPLE_NAME as SIMPLE_NAME1) = SIMPLE_NAME1 () + in (SIMPLE_NAME) +end) + in ( LrTable.NT 3, ( result, SIMPLE_NAME1left, SIMPLE_NAME1right), +rest671) +end +| ( 44, ( ( _, ( MlyValue.SIMPLE_NAME SIMPLE_NAME1, SIMPLE_NAME1left, + SIMPLE_NAME1right)) :: rest671)) => let val result = +MlyValue.factname (fn _ => let val (SIMPLE_NAME as SIMPLE_NAME1) = +SIMPLE_NAME1 () + in (SIMPLE_NAME) +end) + in ( LrTable.NT 4, ( result, SIMPLE_NAME1left, SIMPLE_NAME1right), +rest671) +end +| ( 45, ( ( _, ( MlyValue.SIMPLE_NAME SIMPLE_NAME1, SIMPLE_NAME1left, + SIMPLE_NAME1right)) :: rest671)) => let val result = +MlyValue.simple_name (fn _ => let val (SIMPLE_NAME as SIMPLE_NAME1) = + SIMPLE_NAME1 () + in (SIMPLE_NAME) +end) + in ( LrTable.NT 2, ( result, SIMPLE_NAME1left, SIMPLE_NAME1right), +rest671) +end +| ( 46, ( ( _, ( MlyValue.msg msg2, _, msg2right)) :: ( _, ( +MlyValue.TARROW TARROW1, _, _)) :: ( _, ( MlyValue.msg msg1, msg1left, + _)) :: rest671)) => let val result = MlyValue.abstractions (fn _ => + let val msg1 = msg1 () + val TARROW1 = TARROW1 () + val msg2 = msg2 () + in ([(rmOuterOp msg2,msg1)]) +end) + in ( LrTable.NT 13, ( result, msg1left, msg2right), rest671) +end +| ( 47, ( ( _, ( MlyValue.abstractions abstractions1, _, +abstractions1right)) :: ( _, ( MlyValue.TSEMICOLON TSEMICOLON1, _, _)) + :: ( _, ( MlyValue.msg msg2, _, _)) :: ( _, ( MlyValue.TARROW TARROW1 +, _, _)) :: ( _, ( MlyValue.msg msg1, msg1left, _)) :: rest671)) => + let val result = MlyValue.abstractions (fn _ => let val msg1 = msg1 + () + val TARROW1 = TARROW1 () + val msg2 = msg2 () + val TSEMICOLON1 = TSEMICOLON1 () + val (abstractions as abstractions1) = abstractions1 () + in ((rmOuterOp msg2,msg1)::abstractions) +end) + in ( LrTable.NT 13, ( result, msg1left, abstractions1right), rest671) + +end +| ( 48, ( ( _, ( MlyValue.TCBRACKET TCBRACKET1, _, TCBRACKET1right)) + :: ( _, ( MlyValue.typlist typlist1, _, _)) :: ( _, ( +MlyValue.TOBRACKET TOBRACKET1, TOBRACKET1left, _)) :: rest671)) => let + val result = MlyValue.types (fn _ => let val TOBRACKET1 = +TOBRACKET1 () + val (typlist as typlist1) = typlist1 () + val TCBRACKET1 = TCBRACKET1 () + in (typlist) +end) + in ( LrTable.NT 19, ( result, TOBRACKET1left, TCBRACKET1right), +rest671) +end +| ( 49, ( ( _, ( MlyValue.typ typ1, typ1left, typ1right)) :: rest671) +) => let val result = MlyValue.typlist (fn _ => let val (typ as typ1 +) = typ1 () + in ([typ]) +end) + in ( LrTable.NT 18, ( result, typ1left, typ1right), rest671) +end +| ( 50, ( ( _, ( MlyValue.typlist typlist1, _, typlist1right)) :: ( _ +, ( MlyValue.TCOMMA TCOMMA1, _, _)) :: ( _, ( MlyValue.typ typ1, +typ1left, _)) :: rest671)) => let val result = MlyValue.typlist (fn _ + => let val (typ as typ1) = typ1 () + val TCOMMA1 = TCOMMA1 () + val (typlist as typlist1) = typlist1 () + in (typ::typlist) +end) + in ( LrTable.NT 18, ( result, typ1left, typlist1right), rest671) +end +| ( 51, ( ( _, ( MlyValue.TCPAREN TCPAREN1, _, TCPAREN1right)) :: ( _ +, ( MlyValue.TCBRACKET TCBRACKET1, _, _)) :: ( _, ( MlyValue.typnames +typnames1, _, _)) :: ( _, ( MlyValue.TOBRACKET TOBRACKET1, _, _)) :: ( + _, ( MlyValue.TCOMMA TCOMMA1, _, _)) :: ( _, ( MlyValue.SIMPLE_NAME +SIMPLE_NAME1, _, _)) :: ( _, ( MlyValue.TOPAREN TOPAREN1, TOPAREN1left +, _)) :: rest671)) => let val result = MlyValue.typ (fn _ => let val + TOPAREN1 = TOPAREN1 () + val (SIMPLE_NAME as SIMPLE_NAME1) = SIMPLE_NAME1 () + val TCOMMA1 = TCOMMA1 () + val TOBRACKET1 = TOBRACKET1 () + val (typnames as typnames1) = typnames1 () + val TCBRACKET1 = TCBRACKET1 () + val TCPAREN1 = TCPAREN1 () + in ((SIMPLE_NAME,typnames)) +end) + in ( LrTable.NT 17, ( result, TOPAREN1left, TCPAREN1right), rest671) + +end +| ( 52, ( ( _, ( MlyValue.TCPAREN TCPAREN1, _, TCPAREN1right)) :: ( _ +, ( MlyValue.TCBRACKET TCBRACKET1, _, _)) :: ( _, ( MlyValue.typnames +typnames1, _, _)) :: ( _, ( MlyValue.TOBRACKET TOBRACKET1, _, _)) :: ( + _, ( MlyValue.TCOMMA TCOMMA1, _, _)) :: ( _, ( MlyValue.SIMPLE_NAME +SIMPLE_NAME3, _, _)) :: ( _, ( MlyValue.SIMPLE_NAME SIMPLE_NAME2, _, _ +)) :: ( _, ( MlyValue.SIMPLE_NAME SIMPLE_NAME1, _, _)) :: ( _, ( +MlyValue.TOPAREN TOPAREN1, TOPAREN1left, _)) :: rest671)) => let val +result = MlyValue.typ (fn _ => let val TOPAREN1 = TOPAREN1 () + val (SIMPLE_NAME as SIMPLE_NAME1) = SIMPLE_NAME1 () + val SIMPLE_NAME2 = SIMPLE_NAME2 () + val SIMPLE_NAME3 = SIMPLE_NAME3 () + val TCOMMA1 = TCOMMA1 () + val TOBRACKET1 = TOBRACKET1 () + val (typnames as typnames1) = typnames1 () + val TCBRACKET1 = TCBRACKET1 () + val TCPAREN1 = TCPAREN1 () + in ((SIMPLE_NAME,typnames)) +end) + in ( LrTable.NT 17, ( result, TOPAREN1left, TCPAREN1right), rest671) + +end +| ( 53, ( ( _, ( MlyValue.TCPAREN TCPAREN1, _, TCPAREN1right)) :: ( _ +, ( MlyValue.TCBRACKET TCBRACKET1, _, _)) :: ( _, ( MlyValue.TOBRACKET + TOBRACKET1, _, _)) :: ( _, ( MlyValue.TCOMMA TCOMMA1, _, _)) :: ( _, +( MlyValue.SIMPLE_NAME SIMPLE_NAME1, _, _)) :: ( _, ( MlyValue.TOPAREN + TOPAREN1, TOPAREN1left, _)) :: rest671)) => let val result = +MlyValue.typ (fn _ => let val TOPAREN1 = TOPAREN1 () + val (SIMPLE_NAME as SIMPLE_NAME1) = SIMPLE_NAME1 () + val TCOMMA1 = TCOMMA1 () + val TOBRACKET1 = TOBRACKET1 () + val TCBRACKET1 = TCBRACKET1 () + val TCPAREN1 = TCPAREN1 () + in ((SIMPLE_NAME,[])) +end) + in ( LrTable.NT 17, ( result, TOPAREN1left, TCPAREN1right), rest671) + +end +| ( 54, ( ( _, ( MlyValue.TCPAREN TCPAREN1, _, TCPAREN1right)) :: ( _ +, ( MlyValue.TCBRACKET TCBRACKET1, _, _)) :: ( _, ( MlyValue.TOBRACKET + TOBRACKET1, _, _)) :: ( _, ( MlyValue.TCOMMA TCOMMA1, _, _)) :: ( _, +( MlyValue.SIMPLE_NAME SIMPLE_NAME3, _, _)) :: ( _, ( +MlyValue.SIMPLE_NAME SIMPLE_NAME2, _, _)) :: ( _, ( +MlyValue.SIMPLE_NAME SIMPLE_NAME1, _, _)) :: ( _, ( MlyValue.TOPAREN +TOPAREN1, TOPAREN1left, _)) :: rest671)) => let val result = +MlyValue.typ (fn _ => let val TOPAREN1 = TOPAREN1 () + val (SIMPLE_NAME as SIMPLE_NAME1) = SIMPLE_NAME1 () + val SIMPLE_NAME2 = SIMPLE_NAME2 () + val SIMPLE_NAME3 = SIMPLE_NAME3 () + val TCOMMA1 = TCOMMA1 () + val TOBRACKET1 = TOBRACKET1 () + val TCBRACKET1 = TCBRACKET1 () + val TCPAREN1 = TCPAREN1 () + in ((SIMPLE_NAME,[])) +end) + in ( LrTable.NT 17, ( result, TOPAREN1left, TCPAREN1right), rest671) + +end +| ( 55, ( ( _, ( MlyValue.typname typname1, typname1left, +typname1right)) :: rest671)) => let val result = MlyValue.typnames + (fn _ => let val (typname as typname1) = typname1 () + in ([typname]) +end) + in ( LrTable.NT 15, ( result, typname1left, typname1right), rest671) + +end +| ( 56, ( ( _, ( MlyValue.typnames typnames1, _, typnames1right)) :: +( _, ( MlyValue.TCOMMA TCOMMA1, _, _)) :: ( _, ( MlyValue.typname +typname1, typname1left, _)) :: rest671)) => let val result = +MlyValue.typnames (fn _ => let val (typname as typname1) = typname1 + () + val TCOMMA1 = TCOMMA1 () + val (typnames as typnames1) = typnames1 () + in (typname::typnames) +end) + in ( LrTable.NT 15, ( result, typname1left, typnames1right), rest671) + +end +| ( 57, ( ( _, ( MlyValue.simple_name simple_name1, simple_name1left, + simple_name1right)) :: rest671)) => let val result = +MlyValue.simple_names (fn _ => let val (simple_name as simple_name1) + = simple_name1 () + in (simple_name) +end) + in ( LrTable.NT 16, ( result, simple_name1left, simple_name1right), +rest671) +end +| ( 58, ( ( _, ( MlyValue.simple_names simple_names1, _, +simple_names1right)) :: ( _, ( MlyValue.simple_name simple_name1, +simple_name1left, _)) :: rest671)) => let val result = +MlyValue.simple_names (fn _ => let val (simple_name as simple_name1) + = simple_name1 () + val (simple_names as simple_names1) = simple_names1 () + in (simple_name^" "^simple_names) +end) + in ( LrTable.NT 16, ( result, simple_name1left, simple_names1right), +rest671) +end +| ( 59, ( ( _, ( MlyValue.simple_names simple_names1, _, +simple_names1right)) :: ( _, ( MlyValue.TMINUS TMINUS1, _, _)) :: ( _, + ( MlyValue.simple_name simple_name1, simple_name1left, _)) :: rest671 +)) => let val result = MlyValue.simple_names (fn _ => let val ( +simple_name as simple_name1) = simple_name1 () + val TMINUS1 = TMINUS1 () + val (simple_names as simple_names1) = simple_names1 () + in (simple_name^" "^simple_names) +end) + in ( LrTable.NT 16, ( result, simple_name1left, simple_names1right), +rest671) +end +| ( 60, ( ( _, ( MlyValue.TQUOTE TQUOTE2, _, TQUOTE2right)) :: ( _, ( + MlyValue.SIMPLE_NAME SIMPLE_NAME1, _, _)) :: ( _, ( MlyValue.TQUOTE +TQUOTE1, TQUOTE1left, _)) :: rest671)) => let val result = +MlyValue.typname (fn _ => let val TQUOTE1 = TQUOTE1 () + val (SIMPLE_NAME as SIMPLE_NAME1) = SIMPLE_NAME1 () + val TQUOTE2 = TQUOTE2 () + in (SIMPLE_NAME) +end) + in ( LrTable.NT 14, ( result, TQUOTE1left, TQUOTE2right), rest671) + +end +| _ => raise (mlyAction i392) +end +val void = MlyValue.VOID +val extract = fn a => (fn MlyValue.START x => x +| _ => let exception ParseInternal + in raise ParseInternal end) a () +end +end +structure Tokens : OfmcFpParser_TOKENS = +struct +type svalue = ParserData.svalue +type ('a,'b) token = ('a,'b) Token.token +fun EOF (p1,p2) = Token.TOKEN (ParserData.LrTable.T 0,( +ParserData.MlyValue.VOID,p1,p2)) +fun SIMPLE_NAME (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 1,( +ParserData.MlyValue.SIMPLE_NAME (fn () => i),p1,p2)) +fun TABSTRACTION (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 2,( +ParserData.MlyValue.TABSTRACTION (fn () => i),p1,p2)) +fun TATTACK (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 3,( +ParserData.MlyValue.TATTACK (fn () => i),p1,p2)) +fun TARROW (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 4,( +ParserData.MlyValue.TARROW (fn () => i),p1,p2)) +fun TMINUS (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 5,( +ParserData.MlyValue.TMINUS (fn () => i),p1,p2)) +fun TCAT (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 6,( +ParserData.MlyValue.TCAT (fn () => i),p1,p2)) +fun TCBRACKET (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 7,( +ParserData.MlyValue.TCBRACKET (fn () => i),p1,p2)) +fun TCOLON (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 8,( +ParserData.MlyValue.TCOLON (fn () => i),p1,p2)) +fun TWHITESPACE (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 9,( +ParserData.MlyValue.TWHITESPACE (fn () => i),p1,p2)) +fun TEQ (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 10,( +ParserData.MlyValue.TEQ (fn () => i),p1,p2)) +fun TNEQ (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 11,( +ParserData.MlyValue.TNEQ (fn () => i),p1,p2)) +fun TBAR (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 12,( +ParserData.MlyValue.TBAR (fn () => i),p1,p2)) +fun TCOMMA (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 13,( +ParserData.MlyValue.TCOMMA (fn () => i),p1,p2)) +fun TCPAREN (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 14,( +ParserData.MlyValue.TCPAREN (fn () => i),p1,p2)) +fun TCRYPT (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 15,( +ParserData.MlyValue.TCRYPT (fn () => i),p1,p2)) +fun TQUOTE (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 16,( +ParserData.MlyValue.TQUOTE (fn () => i),p1,p2)) +fun TEXP (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 17,( +ParserData.MlyValue.TEXP (fn () => i),p1,p2)) +fun TFACT (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 18,( +ParserData.MlyValue.TFACT (fn () => i),p1,p2)) +fun TFIXEDPOINT (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 19,( +ParserData.MlyValue.TFIXEDPOINT (fn () => i),p1,p2)) +fun TFPState (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 20,( +ParserData.MlyValue.TFPState (fn () => i),p1,p2)) +fun TIKNOWS (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 21,( +ParserData.MlyValue.TIKNOWS (fn () => i),p1,p2)) +fun TINITIAL (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 22,( +ParserData.MlyValue.TINITIAL (fn () => i),p1,p2)) +fun TINV (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 23,( +ParserData.MlyValue.TINV (fn () => i),p1,p2)) +fun TKNOWLEDGE (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 24,( +ParserData.MlyValue.TKNOWLEDGE (fn () => i),p1,p2)) +fun TMETAIMPLIES (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 25,( +ParserData.MlyValue.TMETAIMPLIES (fn () => i),p1,p2)) +fun TOBRACKET (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 26,( +ParserData.MlyValue.TOBRACKET (fn () => i),p1,p2)) +fun TOPAREN (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 27,( +ParserData.MlyValue.TOPAREN (fn () => i),p1,p2)) +fun TPROTOCOL (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 28,( +ParserData.MlyValue.TPROTOCOL (fn () => i),p1,p2)) +fun TBACKEND (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 29,( +ParserData.MlyValue.TBACKEND (fn () => i),p1,p2)) +fun TREQUEST (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 30,( +ParserData.MlyValue.TREQUEST (fn () => i),p1,p2)) +fun TRULES (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 31,( +ParserData.MlyValue.TRULES (fn () => i),p1,p2)) +fun TSCRYPT (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 32,( +ParserData.MlyValue.TSCRYPT (fn () => i),p1,p2)) +fun TSECRET (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 33,( +ParserData.MlyValue.TSECRET (fn () => i),p1,p2)) +fun TSECSTATE (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 34,( +ParserData.MlyValue.TSECSTATE (fn () => i),p1,p2)) +fun TSECTION (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 35,( +ParserData.MlyValue.TSECTION (fn () => i),p1,p2)) +fun TSEMICOLON (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 36,( +ParserData.MlyValue.TSEMICOLON (fn () => i),p1,p2)) +fun TSTATE (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 37,( +ParserData.MlyValue.TSTATE (fn () => i),p1,p2)) +fun TSTEP (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 38,( +ParserData.MlyValue.TSTEP (fn () => i),p1,p2)) +fun TTYPES (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 39,( +ParserData.MlyValue.TTYPES (fn () => i),p1,p2)) +fun TWITNESS (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 40,( +ParserData.MlyValue.TWITNESS (fn () => i),p1,p2)) +fun TXOR (i,p1,p2) = Token.TOKEN (ParserData.LrTable.T 41,( +ParserData.MlyValue.TXOR (fn () => i),p1,p2)) +end +end diff --git a/src/encoder/ofmc-fp.lex b/src/encoder/ofmc-fp.lex new file mode 100644 index 0000000..4c612b4 --- /dev/null +++ b/src/encoder/ofmc-fp.lex @@ -0,0 +1,131 @@ +(***************************************************************************** + * Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL + * + * ofmc-fp.lex --- + * This file is part of Isabelle-OFMC. + * + * Copyright (c) 2009 Achim D. Brucker, Germany + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * * Neither the name of the copyright holders nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************) +(* $Id: ofmc-fp.lex 869 2009-10-30 10:36:14Z brucker $ *) + +structure Tokens = Tokens + +type pos = int * int * int +type svalue = Tokens.svalue + +type ('a,'b) token = ('a,'b) Tokens.token +type lexresult= (svalue,pos) token + + +val pos = ref (0,0,0) + +fun eof () = Tokens.EOF((!pos,!pos)) +fun error (e,p : (int * int * int),_) = TextIO.output (TextIO.stdOut, + String.concat[ + "line ", (Int.toString ((#1 p)+1)), "/", + (Int.toString (#2 p - #3 p)),": ", e, "\n" + ]) + +fun inputPos yypos = ((#1 (!pos), yypos - (#3(!pos)), (#3 (!pos))), + (#1 (!pos), yypos - (#3(!pos)), (#3 (!pos)))) +fun inputPos_half yypos = (#1 (!pos), yypos - (#3(!pos)), (#3 (!pos))) + + +%% +%header (functor OfmcFpParserLexFun(structure Tokens: OfmcFpParser_TOKENS)); +alpha=[A-Za-z_]; +digit=[0-9]; +ws = [\ \t]; +%% + +\n => (pos := ((#1 (!pos)) + 1, yypos - (#3(!pos)),yypos ); lex()); + +"(%)[^\n]*\n" => (pos := ((#1 (!pos)) + 1, yypos - (#3(!pos)),yypos ); lex()); + +"/*""/"*([^*/]|[^*]"/"|"*"[^/])*"*"*"*/" => (lex()); + +"(*""("*([^*/]|[^*]"("|"*"[^/])*"*"*"*)" => (lex()); + +{ws}+ => (pos := (#1 (!pos), yypos - (#3(!pos)), (#3 (!pos))); lex()); + + +"-" => (Tokens.TMINUS(yytext,inputPos_half yypos,inputPos_half yypos)); +"->" => (Tokens.TARROW(yytext,inputPos_half yypos,inputPos_half yypos)); +":" => (Tokens.TCOLON(yytext,inputPos_half yypos,inputPos_half yypos)); +"=" => (Tokens.TEQ(yytext,inputPos_half yypos,inputPos_half yypos)); +"/=" => (Tokens.TNEQ(yytext,inputPos_half yypos,inputPos_half yypos)); +"|" => (Tokens.TBAR(yytext,inputPos_half yypos,inputPos_half yypos)); +"\"" => (Tokens.TQUOTE(yytext,inputPos_half yypos,inputPos_half yypos)); +"," => (Tokens.TCOMMA(yytext,inputPos_half yypos,inputPos_half yypos)); +";" => (Tokens.TSEMICOLON(yytext,inputPos_half yypos,inputPos_half yypos)); +"(" => (Tokens.TOPAREN(yytext,inputPos_half yypos,inputPos_half yypos)); +")" => (Tokens.TCPAREN(yytext,inputPos_half yypos,inputPos_half yypos)); +"[" => (Tokens.TOBRACKET(yytext,inputPos_half yypos,inputPos_half yypos)); +"]" => (Tokens.TCBRACKET(yytext,inputPos_half yypos,inputPos_half yypos)); +"=>" => (Tokens.TMETAIMPLIES(yytext,inputPos_half yypos,inputPos_half yypos)); +"section" => (Tokens.TSECTION(yytext,inputPos_half yypos,inputPos_half yypos)); +"rules" => (Tokens.TRULES(yytext,inputPos_half yypos,inputPos_half yypos)); +"initial" => (Tokens.TINITIAL(yytext,inputPos_half yypos,inputPos_half yypos)); +"state" => (Tokens.TSECSTATE(yytext,inputPos_half yypos,inputPos_half yypos)); +"fixedpoint" => (Tokens.TFIXEDPOINT(yytext,inputPos_half yypos,inputPos_half yypos)); +"abstraction" => (Tokens.TABSTRACTION(yytext,inputPos_half yypos,inputPos_half yypos)); +"Protocol" => (Tokens.TPROTOCOL(yytext,inputPos_half yypos,inputPos_half yypos)); +"Backend" => (Tokens.TBACKEND(yytext,inputPos_half yypos,inputPos_half yypos)); +"Types" => (Tokens.TTYPES(yytext,inputPos_half yypos,inputPos_half yypos)); +"Knowledge" => (Tokens.TKNOWLEDGE(yytext,inputPos_half yypos,inputPos_half yypos)); +"Fixed-point" => (Tokens.TFIXEDPOINT(yytext,inputPos_half yypos,inputPos_half yypos)); +"Abstraction" => (Tokens.TABSTRACTION(yytext,inputPos_half yypos,inputPos_half yypos)); +"State" => (Tokens.TSTATE(yytext,inputPos_half yypos,inputPos_half yypos)); +"FPState" => (Tokens.TFPState(yytext,inputPos_half yypos,inputPos_half yypos)); +"iknows" => (Tokens.TIKNOWS(yytext,inputPos_half yypos,inputPos_half yypos)); +"attack" => (Tokens.TATTACK(yytext,inputPos_half yypos,inputPos_half yypos)); +"witness" => (Tokens.TWITNESS(yytext,inputPos_half yypos,inputPos_half yypos)); +"request" => (Tokens.TREQUEST(yytext,inputPos_half yypos,inputPos_half yypos)); +"wrequest" => (Tokens.TREQUEST(yytext,inputPos_half yypos,inputPos_half yypos)); +"secret" => (Tokens.TSECRET(yytext,inputPos_half yypos,inputPos_half yypos)); +"Fact" => (Tokens.TFACT(yytext,inputPos_half yypos,inputPos_half yypos)); +"Crypt" => (Tokens.TCRYPT(yytext,inputPos_half yypos,inputPos_half yypos)); +"step" => (Tokens.TSTEP(yytext,inputPos_half yypos,inputPos_half yypos)); +"Scrypt" => (Tokens.TSCRYPT(yytext,inputPos_half yypos,inputPos_half yypos)); +"Cat" => (Tokens.TCAT(yytext,inputPos_half yypos,inputPos_half yypos)); +"Inv" => (Tokens.TINV(yytext,inputPos_half yypos,inputPos_half yypos)); +"Exp" => (Tokens.TEXP(yytext,inputPos_half yypos,inputPos_half yypos)); +"Xor" => (Tokens.TXOR(yytext,inputPos_half yypos,inputPos_half yypos)); + +(_|{alpha}|{digit})+ => (Tokens.SIMPLE_NAME(yytext,inputPos_half yypos,inputPos_half yypos)); + +. => (error ("ignoring bad character "^yytext, + ((#1 (!pos), yypos - (#3(!pos)), (#3 (!pos)))), + ((#1 (!pos), yypos - (#3(!pos)), (#3 (!pos))))); + lex()); + diff --git a/src/encoder/ofmc-fp.lex.sml b/src/encoder/ofmc-fp.lex.sml new file mode 100644 index 0000000..a69d0fb --- /dev/null +++ b/src/encoder/ofmc-fp.lex.sml @@ -0,0 +1,2223 @@ +functor OfmcFpParserLexFun(structure Tokens: OfmcFpParser_TOKENS)= + struct + structure UserDeclarations = + struct +(***************************************************************************** + * Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL + * + * ofmc-fp.lex --- + * This file is part of Isabelle-OFMC. + * + * Copyright (c) 2009 Achim D. Brucker, Germany + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * * Neither the name of the copyright holders nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************) +(* $Id: ofmc-fp.lex 869 2009-10-30 10:36:14Z brucker $ *) + +structure Tokens = Tokens + +type pos = int * int * int +type svalue = Tokens.svalue + +type ('a,'b) token = ('a,'b) Tokens.token +type lexresult= (svalue,pos) token + + +val pos = ref (0,0,0) + +fun eof () = Tokens.EOF((!pos,!pos)) +fun error (e,p : (int * int * int),_) = TextIO.output (TextIO.stdOut, + String.concat[ + "line ", (Int.toString ((#1 p)+1)), "/", + (Int.toString (#2 p - #3 p)),": ", e, "\n" + ]) + +fun inputPos yypos = ((#1 (!pos), yypos - (#3(!pos)), (#3 (!pos))), + (#1 (!pos), yypos - (#3(!pos)), (#3 (!pos)))) +fun inputPos_half yypos = (#1 (!pos), yypos - (#3(!pos)), (#3 (!pos))) + + +end (* end of user routines *) +exception LexError (* raised if illegal leaf action tried *) +structure Internal = + struct + +datatype yyfinstate = N of int +type statedata = {fin : yyfinstate list, trans: string} +(* transition & final state table *) +val tab = let +val s = [ + (0, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (1, +"\003\003\003\003\003\003\003\003\003\212\214\003\003\003\003\003\ +\\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\ +\\212\003\211\003\003\003\003\003\193\192\003\003\191\189\003\178\ +\\005\005\005\005\005\005\005\005\005\005\177\176\003\174\003\003\ +\\003\163\156\149\005\146\126\005\005\123\005\114\005\005\005\005\ +\\106\005\005\096\091\005\005\005\088\005\005\087\003\086\003\005\ +\\003\070\005\005\005\005\060\005\005\048\005\005\005\005\005\005\ +\\005\005\037\021\005\005\005\007\005\005\005\003\004\003\003\003\ +\\003" +), + (5, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (7, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\015\006\006\006\006\006\006\ +\\006\006\008\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (8, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\009\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (9, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\010\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (10, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\011\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (11, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\012\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (12, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\013\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (13, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\014\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (15, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\016\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (16, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\017\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (17, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\018\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (18, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\019\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (19, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\020\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (21, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\028\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\022\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (22, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\025\006\006\006\023\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (23, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\024\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (25, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\026\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (26, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\027\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (28, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\029\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (29, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\034\006\030\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (30, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\031\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (31, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\032\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (32, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\033\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (34, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\035\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (35, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\036\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (37, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\042\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\038\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (38, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\039\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (39, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\040\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (40, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\041\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (42, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\043\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (43, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\044\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (44, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\045\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (45, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\046\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (46, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\047\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (48, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\055\006\006\049\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (49, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\050\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (50, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\051\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (51, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\052\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (52, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\053\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (53, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\054\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (55, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\056\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (56, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\057\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (57, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\058\006\006\006\000\000\000\000\000\ +\\000" +), + (58, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\059\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (60, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\061\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (61, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\062\006\006\000\000\000\000\000\ +\\000" +), + (62, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\063\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (63, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\064\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (64, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\065\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (65, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\066\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (66, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\067\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (67, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\068\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (68, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\069\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (70, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\076\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\071\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (71, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\072\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (72, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\073\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (73, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\074\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (74, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\075\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (76, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\077\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (77, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\078\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (78, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\079\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (79, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\080\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (80, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\081\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (81, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\082\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (82, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\083\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (83, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\084\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (84, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\085\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (88, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\089\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (89, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\090\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (91, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\092\006\000\000\000\000\000\ +\\000" +), + (92, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\093\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (93, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\094\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (94, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\095\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (96, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\101\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\097\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (97, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\098\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (98, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\099\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (99, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\100\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (101, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\102\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (102, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\103\006\000\000\000\000\000\ +\\000" +), + (103, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\104\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (104, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\105\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (106, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\107\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (107, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\108\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (108, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\109\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (109, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\110\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (110, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\111\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (111, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\112\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (112, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\113\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (114, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\115\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (115, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\116\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (116, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\117\006\006\006\000\000\000\000\000\ +\\000" +), + (117, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\118\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (118, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\119\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (119, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\120\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (120, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\121\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (121, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\122\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (123, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\124\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (124, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\125\006\006\006\006\000\000\000\000\000\ +\\000" +), + (126, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\140\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\137\006\006\006\006\006\006\006\127\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (127, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\128\006\006\000\000\000\000\000\ +\\000" +), + (128, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\129\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (129, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\130\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (130, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\131\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (131, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\132\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (132, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\133\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (133, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\134\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (134, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\135\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (135, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\136\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (137, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\138\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (138, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\139\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (140, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\141\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (141, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\142\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (142, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\143\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (143, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\144\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (144, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\145\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (146, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\147\006\006\000\000\000\000\000\ +\\000" +), + (147, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\148\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (149, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\154\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\150\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (150, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\151\006\000\000\000\000\000\ +\\000" +), + (151, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\152\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (152, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\153\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (154, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\155\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (156, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\157\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (157, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\158\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (158, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\159\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (159, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\160\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (160, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\161\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (161, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\162\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (163, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\164\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (164, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\165\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (165, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\166\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (166, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\167\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (167, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\168\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (168, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\169\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (169, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\170\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (170, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\171\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (171, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\172\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (172, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\000\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\006\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\006\ +\\000\006\006\006\006\006\006\006\006\006\006\006\006\006\173\006\ +\\006\006\006\006\006\006\006\006\006\006\006\000\000\000\000\000\ +\\000" +), + (174, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\175\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (178, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\180\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\179\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (180, +"\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\182\181\181\181\181\188\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181" +), + (181, +"\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\182\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181" +), + (182, +"\183\183\183\183\183\183\183\183\183\183\183\183\183\183\183\183\ +\\183\183\183\183\183\183\183\183\183\183\183\183\183\183\183\183\ +\\183\183\183\183\183\183\183\183\183\183\186\183\183\183\183\185\ +\\183\183\183\183\183\183\183\183\183\183\183\183\183\183\183\183\ +\\183\183\183\183\183\183\183\183\183\183\183\183\183\183\183\183\ +\\183\183\183\183\183\183\183\183\183\183\183\183\183\183\183\183\ +\\183\183\183\183\183\183\183\183\183\183\183\183\183\183\183\183\ +\\183\183\183\183\183\183\183\183\183\183\183\183\183\183\183\183\ +\\183" +), + (183, +"\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\182\181\181\181\181\184\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181" +), + (184, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\183\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (186, +"\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\182\181\181\181\181\187\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\181\ +\\181" +), + (189, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\190\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (193, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\203\000\000\000\000\194\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (194, +"\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195\195\195\195\195\195\195\195\202\195\198\195\195\195\195\196\ +\\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195" +), + (195, +"\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195\195\195\195\195\195\195\195\195\195\198\195\195\195\195\196\ +\\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195" +), + (196, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\197\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (198, +"\197\197\197\197\197\197\197\197\197\197\197\197\197\197\197\197\ +\\197\197\197\197\197\197\197\197\197\197\197\197\197\197\197\197\ +\\197\197\197\197\197\197\197\197\197\201\199\197\197\197\197\000\ +\\197\197\197\197\197\197\197\197\197\197\197\197\197\197\197\197\ +\\197\197\197\197\197\197\197\197\197\197\197\197\197\197\197\197\ +\\197\197\197\197\197\197\197\197\197\197\197\197\197\197\197\197\ +\\197\197\197\197\197\197\197\197\197\197\197\197\197\197\197\197\ +\\197\197\197\197\197\197\197\197\197\197\197\197\197\197\197\197\ +\\197" +), + (199, +"\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195\195\195\195\195\195\195\195\195\200\198\195\195\195\195\196\ +\\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\195\ +\\195" +), + (203, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\204\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (204, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\205\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (205, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\206\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (206, +"\000\000\000\000\000\000\000\000\000\000\207\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (207, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\208\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (208, +"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\209\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (209, +"\000\000\000\000\000\000\000\000\000\000\210\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), + (212, +"\000\000\000\000\000\000\000\000\000\213\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\213\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\ +\\000" +), +(0, "")] +fun f x = x +val s = map f (rev (tl (rev s))) +exception LexHackingError +fun look ((j,x)::r, i: int) = if i = j then x else look(r, i) + | look ([], i) = raise LexHackingError +fun g {fin=x, trans=i} = {fin=x, trans=look(s,i)} +in Vector.fromList(map g +[{fin = [], trans = 0}, +{fin = [], trans = 1}, +{fin = [], trans = 1}, +{fin = [(N 285)], trans = 0}, +{fin = [(N 52),(N 285)], trans = 0}, +{fin = [(N 283),(N 285)], trans = 5}, +{fin = [(N 283)], trans = 5}, +{fin = [(N 283),(N 285)], trans = 7}, +{fin = [(N 283)], trans = 8}, +{fin = [(N 283)], trans = 9}, +{fin = [(N 283)], trans = 10}, +{fin = [(N 283)], trans = 11}, +{fin = [(N 283)], trans = 12}, +{fin = [(N 283)], trans = 13}, +{fin = [(N 230),(N 283)], trans = 5}, +{fin = [(N 283)], trans = 15}, +{fin = [(N 283)], trans = 16}, +{fin = [(N 283)], trans = 17}, +{fin = [(N 283)], trans = 18}, +{fin = [(N 283)], trans = 19}, +{fin = [(N 213),(N 283)], trans = 5}, +{fin = [(N 283),(N 285)], trans = 21}, +{fin = [(N 283)], trans = 22}, +{fin = [(N 283)], trans = 23}, +{fin = [(N 253),(N 283)], trans = 5}, +{fin = [(N 283)], trans = 25}, +{fin = [(N 283)], trans = 26}, +{fin = [(N 97),(N 283)], trans = 5}, +{fin = [(N 283)], trans = 28}, +{fin = [(N 283)], trans = 29}, +{fin = [(N 283)], trans = 30}, +{fin = [(N 283)], trans = 31}, +{fin = [(N 283)], trans = 32}, +{fin = [(N 77),(N 283)], trans = 5}, +{fin = [(N 283)], trans = 34}, +{fin = [(N 283)], trans = 35}, +{fin = [(N 237),(N 283)], trans = 5}, +{fin = [(N 283),(N 285)], trans = 37}, +{fin = [(N 283)], trans = 38}, +{fin = [(N 283)], trans = 39}, +{fin = [(N 283)], trans = 40}, +{fin = [(N 83),(N 283)], trans = 5}, +{fin = [(N 283)], trans = 42}, +{fin = [(N 283)], trans = 43}, +{fin = [(N 283)], trans = 44}, +{fin = [(N 283)], trans = 45}, +{fin = [(N 283)], trans = 46}, +{fin = [(N 221),(N 283)], trans = 5}, +{fin = [(N 283),(N 285)], trans = 48}, +{fin = [(N 283)], trans = 49}, +{fin = [(N 283)], trans = 50}, +{fin = [(N 283)], trans = 51}, +{fin = [(N 283)], trans = 52}, +{fin = [(N 283)], trans = 53}, +{fin = [(N 91),(N 283)], trans = 5}, +{fin = [(N 283)], trans = 55}, +{fin = [(N 283)], trans = 56}, +{fin = [(N 283)], trans = 57}, +{fin = [(N 283)], trans = 58}, +{fin = [(N 198),(N 283)], trans = 5}, +{fin = [(N 283),(N 285)], trans = 60}, +{fin = [(N 283)], trans = 61}, +{fin = [(N 283)], trans = 62}, +{fin = [(N 283)], trans = 63}, +{fin = [(N 283)], trans = 64}, +{fin = [(N 283)], trans = 65}, +{fin = [(N 283)], trans = 66}, +{fin = [(N 283)], trans = 67}, +{fin = [(N 283)], trans = 68}, +{fin = [(N 108),(N 283)], trans = 5}, +{fin = [(N 283),(N 285)], trans = 70}, +{fin = [(N 283)], trans = 71}, +{fin = [(N 283)], trans = 72}, +{fin = [(N 283)], trans = 73}, +{fin = [(N 283)], trans = 74}, +{fin = [(N 205),(N 283)], trans = 5}, +{fin = [(N 283)], trans = 76}, +{fin = [(N 283)], trans = 77}, +{fin = [(N 283)], trans = 78}, +{fin = [(N 283)], trans = 79}, +{fin = [(N 283)], trans = 80}, +{fin = [(N 283)], trans = 81}, +{fin = [(N 283)], trans = 82}, +{fin = [(N 283)], trans = 83}, +{fin = [(N 283)], trans = 84}, +{fin = [(N 120),(N 283)], trans = 5}, +{fin = [(N 66),(N 285)], trans = 0}, +{fin = [(N 64),(N 285)], trans = 0}, +{fin = [(N 283),(N 285)], trans = 88}, +{fin = [(N 283)], trans = 89}, +{fin = [(N 276),(N 283)], trans = 5}, +{fin = [(N 283),(N 285)], trans = 91}, +{fin = [(N 283)], trans = 92}, +{fin = [(N 283)], trans = 93}, +{fin = [(N 283)], trans = 94}, +{fin = [(N 143),(N 283)], trans = 5}, +{fin = [(N 283),(N 285)], trans = 96}, +{fin = [(N 283)], trans = 97}, +{fin = [(N 283)], trans = 98}, +{fin = [(N 283)], trans = 99}, +{fin = [(N 183),(N 283)], trans = 5}, +{fin = [(N 283)], trans = 101}, +{fin = [(N 283)], trans = 102}, +{fin = [(N 283)], trans = 103}, +{fin = [(N 283)], trans = 104}, +{fin = [(N 260),(N 283)], trans = 5}, +{fin = [(N 283),(N 285)], trans = 106}, +{fin = [(N 283)], trans = 107}, +{fin = [(N 283)], trans = 108}, +{fin = [(N 283)], trans = 109}, +{fin = [(N 283)], trans = 110}, +{fin = [(N 283)], trans = 111}, +{fin = [(N 283)], trans = 112}, +{fin = [(N 129),(N 283)], trans = 5}, +{fin = [(N 283),(N 285)], trans = 114}, +{fin = [(N 283)], trans = 115}, +{fin = [(N 283)], trans = 116}, +{fin = [(N 283)], trans = 117}, +{fin = [(N 283)], trans = 118}, +{fin = [(N 283)], trans = 119}, +{fin = [(N 283)], trans = 120}, +{fin = [(N 283)], trans = 121}, +{fin = [(N 153),(N 283)], trans = 5}, +{fin = [(N 283),(N 285)], trans = 123}, +{fin = [(N 283)], trans = 124}, +{fin = [(N 268),(N 283)], trans = 5}, +{fin = [(N 283),(N 285)], trans = 126}, +{fin = [(N 283)], trans = 127}, +{fin = [(N 283)], trans = 128}, +{fin = [(N 283)], trans = 129}, +{fin = [(N 283)], trans = 130}, +{fin = [], trans = 131}, +{fin = [], trans = 132}, +{fin = [], trans = 133}, +{fin = [], trans = 134}, +{fin = [], trans = 135}, +{fin = [(N 165)], trans = 0}, +{fin = [(N 283)], trans = 137}, +{fin = [(N 283)], trans = 138}, +{fin = [(N 242),(N 283)], trans = 5}, +{fin = [(N 283)], trans = 140}, +{fin = [(N 283)], trans = 141}, +{fin = [(N 283)], trans = 142}, +{fin = [(N 283)], trans = 143}, +{fin = [(N 283)], trans = 144}, +{fin = [(N 191),(N 283)], trans = 5}, +{fin = [(N 283),(N 285)], trans = 146}, +{fin = [(N 283)], trans = 147}, +{fin = [(N 272),(N 283)], trans = 5}, +{fin = [(N 283),(N 285)], trans = 149}, +{fin = [(N 283)], trans = 150}, +{fin = [(N 283)], trans = 151}, +{fin = [(N 283)], trans = 152}, +{fin = [(N 248),(N 283)], trans = 5}, +{fin = [(N 283)], trans = 154}, +{fin = [(N 264),(N 283)], trans = 5}, +{fin = [(N 283),(N 285)], trans = 156}, +{fin = [(N 283)], trans = 157}, +{fin = [(N 283)], trans = 158}, +{fin = [(N 283)], trans = 159}, +{fin = [(N 283)], trans = 160}, +{fin = [(N 283)], trans = 161}, +{fin = [(N 137),(N 283)], trans = 5}, +{fin = [(N 283),(N 285)], trans = 163}, +{fin = [(N 283)], trans = 164}, +{fin = [(N 283)], trans = 165}, +{fin = [(N 283)], trans = 166}, +{fin = [(N 283)], trans = 167}, +{fin = [(N 283)], trans = 168}, +{fin = [(N 283)], trans = 169}, +{fin = [(N 283)], trans = 170}, +{fin = [(N 283)], trans = 171}, +{fin = [(N 283)], trans = 172}, +{fin = [(N 177),(N 283)], trans = 5}, +{fin = [(N 47),(N 285)], trans = 174}, +{fin = [(N 69)], trans = 0}, +{fin = [(N 58),(N 285)], trans = 0}, +{fin = [(N 45),(N 285)], trans = 0}, +{fin = [(N 285)], trans = 178}, +{fin = [(N 50)], trans = 0}, +{fin = [], trans = 180}, +{fin = [], trans = 181}, +{fin = [], trans = 182}, +{fin = [], trans = 183}, +{fin = [], trans = 184}, +{fin = [(N 23)], trans = 0}, +{fin = [], trans = 186}, +{fin = [(N 23)], trans = 184}, +{fin = [], trans = 180}, +{fin = [(N 40),(N 285)], trans = 189}, +{fin = [(N 43)], trans = 0}, +{fin = [(N 56),(N 285)], trans = 0}, +{fin = [(N 62),(N 285)], trans = 0}, +{fin = [(N 60),(N 285)], trans = 193}, +{fin = [], trans = 194}, +{fin = [], trans = 195}, +{fin = [], trans = 196}, +{fin = [], trans = 195}, +{fin = [], trans = 198}, +{fin = [], trans = 199}, +{fin = [(N 35)], trans = 195}, +{fin = [(N 35)], trans = 195}, +{fin = [], trans = 194}, +{fin = [], trans = 203}, +{fin = [], trans = 204}, +{fin = [], trans = 205}, +{fin = [], trans = 206}, +{fin = [], trans = 207}, +{fin = [], trans = 208}, +{fin = [], trans = 209}, +{fin = [(N 11)], trans = 0}, +{fin = [(N 54),(N 285)], trans = 0}, +{fin = [(N 38),(N 285)], trans = 212}, +{fin = [(N 38)], trans = 212}, +{fin = [(N 1)], trans = 0}]) +end +structure StartStates = + struct + datatype yystartstate = STARTSTATE of int + +(* start state definitions *) + +val INITIAL = STARTSTATE 1; + +end +type result = UserDeclarations.lexresult + exception LexerError (* raised if illegal leaf action tried *) +end + +fun makeLexer yyinput = +let val yygone0=1 + val yyb = ref "\n" (* buffer *) + val yybl = ref 1 (*buffer length *) + val yybufpos = ref 1 (* location of next character to use *) + val yygone = ref yygone0 (* position in file of beginning of buffer *) + val yydone = ref false (* eof found yet? *) + val yybegin = ref 1 (*Current 'start state' for lexer *) + + val YYBEGIN = fn (Internal.StartStates.STARTSTATE x) => + yybegin := x + +fun lex () : Internal.result = +let fun continue() = lex() in + let fun scan (s,AcceptingLeaves : Internal.yyfinstate list list,l,i0) = + let fun action (i,nil) = raise LexError + | action (i,nil::l) = action (i-1,l) + | action (i,(node::acts)::l) = + case node of + Internal.N yyk => + (let fun yymktext() = substring(!yyb,i0,i-i0) + val yypos = i0+ !yygone + open UserDeclarations Internal.StartStates + in (yybufpos := i; case yyk of + + (* Application actions *) + + 1 => (pos := ((#1 (!pos)) + 1, yypos - (#3(!pos)),yypos ); lex()) +| 108 => let val yytext=yymktext() in Tokens.TFIXEDPOINT(yytext,inputPos_half yypos,inputPos_half yypos) end +| 11 => (pos := ((#1 (!pos)) + 1, yypos - (#3(!pos)),yypos ); lex()) +| 120 => let val yytext=yymktext() in Tokens.TABSTRACTION(yytext,inputPos_half yypos,inputPos_half yypos) end +| 129 => let val yytext=yymktext() in Tokens.TPROTOCOL(yytext,inputPos_half yypos,inputPos_half yypos) end +| 137 => let val yytext=yymktext() in Tokens.TBACKEND(yytext,inputPos_half yypos,inputPos_half yypos) end +| 143 => let val yytext=yymktext() in Tokens.TTYPES(yytext,inputPos_half yypos,inputPos_half yypos) end +| 153 => let val yytext=yymktext() in Tokens.TKNOWLEDGE(yytext,inputPos_half yypos,inputPos_half yypos) end +| 165 => let val yytext=yymktext() in Tokens.TFIXEDPOINT(yytext,inputPos_half yypos,inputPos_half yypos) end +| 177 => let val yytext=yymktext() in Tokens.TABSTRACTION(yytext,inputPos_half yypos,inputPos_half yypos) end +| 183 => let val yytext=yymktext() in Tokens.TSTATE(yytext,inputPos_half yypos,inputPos_half yypos) end +| 191 => let val yytext=yymktext() in Tokens.TFPState(yytext,inputPos_half yypos,inputPos_half yypos) end +| 198 => let val yytext=yymktext() in Tokens.TIKNOWS(yytext,inputPos_half yypos,inputPos_half yypos) end +| 205 => let val yytext=yymktext() in Tokens.TATTACK(yytext,inputPos_half yypos,inputPos_half yypos) end +| 213 => let val yytext=yymktext() in Tokens.TWITNESS(yytext,inputPos_half yypos,inputPos_half yypos) end +| 221 => let val yytext=yymktext() in Tokens.TREQUEST(yytext,inputPos_half yypos,inputPos_half yypos) end +| 23 => (lex()) +| 230 => let val yytext=yymktext() in Tokens.TREQUEST(yytext,inputPos_half yypos,inputPos_half yypos) end +| 237 => let val yytext=yymktext() in Tokens.TSECRET(yytext,inputPos_half yypos,inputPos_half yypos) end +| 242 => let val yytext=yymktext() in Tokens.TFACT(yytext,inputPos_half yypos,inputPos_half yypos) end +| 248 => let val yytext=yymktext() in Tokens.TCRYPT(yytext,inputPos_half yypos,inputPos_half yypos) end +| 253 => let val yytext=yymktext() in Tokens.TSTEP(yytext,inputPos_half yypos,inputPos_half yypos) end +| 260 => let val yytext=yymktext() in Tokens.TSCRYPT(yytext,inputPos_half yypos,inputPos_half yypos) end +| 264 => let val yytext=yymktext() in Tokens.TCAT(yytext,inputPos_half yypos,inputPos_half yypos) end +| 268 => let val yytext=yymktext() in Tokens.TINV(yytext,inputPos_half yypos,inputPos_half yypos) end +| 272 => let val yytext=yymktext() in Tokens.TEXP(yytext,inputPos_half yypos,inputPos_half yypos) end +| 276 => let val yytext=yymktext() in Tokens.TXOR(yytext,inputPos_half yypos,inputPos_half yypos) end +| 283 => let val yytext=yymktext() in Tokens.SIMPLE_NAME(yytext,inputPos_half yypos,inputPos_half yypos) end +| 285 => let val yytext=yymktext() in error ("ignoring bad character "^yytext, + ((#1 (!pos), yypos - (#3(!pos)), (#3 (!pos)))), + ((#1 (!pos), yypos - (#3(!pos)), (#3 (!pos))))); + lex() end +| 35 => (lex()) +| 38 => (pos := (#1 (!pos), yypos - (#3(!pos)), (#3 (!pos))); lex()) +| 40 => let val yytext=yymktext() in Tokens.TMINUS(yytext,inputPos_half yypos,inputPos_half yypos) end +| 43 => let val yytext=yymktext() in Tokens.TARROW(yytext,inputPos_half yypos,inputPos_half yypos) end +| 45 => let val yytext=yymktext() in Tokens.TCOLON(yytext,inputPos_half yypos,inputPos_half yypos) end +| 47 => let val yytext=yymktext() in Tokens.TEQ(yytext,inputPos_half yypos,inputPos_half yypos) end +| 50 => let val yytext=yymktext() in Tokens.TNEQ(yytext,inputPos_half yypos,inputPos_half yypos) end +| 52 => let val yytext=yymktext() in Tokens.TBAR(yytext,inputPos_half yypos,inputPos_half yypos) end +| 54 => let val yytext=yymktext() in Tokens.TQUOTE(yytext,inputPos_half yypos,inputPos_half yypos) end +| 56 => let val yytext=yymktext() in Tokens.TCOMMA(yytext,inputPos_half yypos,inputPos_half yypos) end +| 58 => let val yytext=yymktext() in Tokens.TSEMICOLON(yytext,inputPos_half yypos,inputPos_half yypos) end +| 60 => let val yytext=yymktext() in Tokens.TOPAREN(yytext,inputPos_half yypos,inputPos_half yypos) end +| 62 => let val yytext=yymktext() in Tokens.TCPAREN(yytext,inputPos_half yypos,inputPos_half yypos) end +| 64 => let val yytext=yymktext() in Tokens.TOBRACKET(yytext,inputPos_half yypos,inputPos_half yypos) end +| 66 => let val yytext=yymktext() in Tokens.TCBRACKET(yytext,inputPos_half yypos,inputPos_half yypos) end +| 69 => let val yytext=yymktext() in Tokens.TMETAIMPLIES(yytext,inputPos_half yypos,inputPos_half yypos) end +| 77 => let val yytext=yymktext() in Tokens.TSECTION(yytext,inputPos_half yypos,inputPos_half yypos) end +| 83 => let val yytext=yymktext() in Tokens.TRULES(yytext,inputPos_half yypos,inputPos_half yypos) end +| 91 => let val yytext=yymktext() in Tokens.TINITIAL(yytext,inputPos_half yypos,inputPos_half yypos) end +| 97 => let val yytext=yymktext() in Tokens.TSECSTATE(yytext,inputPos_half yypos,inputPos_half yypos) end +| _ => raise Internal.LexerError + + ) end ) + + val {fin,trans} = Vector.sub(Internal.tab, s) + val NewAcceptingLeaves = fin::AcceptingLeaves + in if l = !yybl then + if trans = #trans(Vector.sub(Internal.tab,0)) + then action(l,NewAcceptingLeaves +) else let val newchars= if !yydone then "" else yyinput 1024 + in if (size newchars)=0 + then (yydone := true; + if (l=i0) then UserDeclarations.eof () + else action(l,NewAcceptingLeaves)) + else (if i0=l then yyb := newchars + else yyb := substring(!yyb,i0,l-i0)^newchars; + yygone := !yygone+i0; + yybl := size (!yyb); + scan (s,AcceptingLeaves,l-i0,0)) + end + else let val NewChar = Char.ord(CharVector.sub(!yyb,l)) + val NewChar = if NewChar<128 then NewChar else 128 + val NewState = Char.ord(CharVector.sub(trans,NewChar)) + in if NewState=0 then action(l,NewAcceptingLeaves) + else scan(NewState,NewAcceptingLeaves,l+1,i0) + end + end +(* + val start= if substring(!yyb,!yybufpos-1,1)="\n" +then !yybegin+1 else !yybegin +*) + in scan(!yybegin (* start *),nil,!yybufpos,!yybufpos) + end +end + in lex + end +end diff --git a/src/encoder/ofmc_abstraction.sml b/src/encoder/ofmc_abstraction.sml new file mode 100644 index 0000000..f7b2e66 --- /dev/null +++ b/src/encoder/ofmc_abstraction.sml @@ -0,0 +1,137 @@ +(***************************************************************************** + * Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL + * + * ofmc_abstraction.sml --- + * This file is part of Isabelle-OFMC. + * + * Copyright (c) 2009 Achim D. Brucker, Germany + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * * Neither the name of the copyright holders nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************) +(* $Id: ofmc_abstraction.sml 929 2009-11-01 22:37:06Z brucker $ *) + +structure ofmc_abstraction = +struct + +open ofmc_connector +open OfmcFp + +datatype CMsg = CVariable of string * string + | COperator of string * string * CMsg list + | Abstraction of CMsg * CMsg + +datatype CFact = CState of string * CMsg list + | CIknows of CMsg + | CAttack of CMsg + | CWitness of CMsg list + | CRequest of CMsg list + | CSecret of CMsg list + | CFact of string * CMsg + | CNotEqual of CMsg * CMsg + +exception error of string + + + fun mk_unique [] = [] + | mk_unique (x::xs) = if (List.exists (fn e => e = x) xs) then (mk_unique xs) else (x::(mk_unique xs)) + + +fun type_abstraction ofmcfp t = + let + val abs = abstractions_of ofmcfp + val types = sel_types_of t ofmcfp + + fun decl_of (Atom a, Atom a') = "\""^a^"\" \"nat\"" + | decl_of (Operator (opname,_), Atom a) = "\""^opname^"\" \"Msg\" \"nat\"" + + fun is_t (_,Atom a) = if (List.exists (fn n => (n=a)) types) then true else false + | is_t (_,_) = false + + fun name_of (Atom n, _ ) = n + | name_of (Operator (n,_), _) = n + + fun is_not_abs s = if (List.exists (fn a => ((name_of a) =s)) abs) then false else true + + val abs_t = List.filter is_t abs + + fun is_not_t n = if (List.exists (fn a => (name_of a = n)) abs_t) + then false else true + + val abs_nott = List.filter is_not_t types + + in + case t of + "Function" => mk_unique (map (fn x => "\""^x^"\" \"Msg\"") (List.filter is_not_abs types)) + | "Number" => mk_unique ((map decl_of abs_t)@(map (fn a => "\""^(a)^"\"" ) abs_nott)) + | _ => mk_unique ((map decl_of abs_t)) + end + + + +fun check_abstraction ofmcfp s = + let + fun name_of (Operator(n,_)) = if (String.isPrefix "__" n) + then String.substring(n,2,(String.size n)-2) + else n + | name_of (Atom (n)) = if (String.isPrefix "__" n) + then String.substring(n,2,(String.size n)-2) + else n + val abstractions = List.filter (fn (a,b) => (name_of a) = s) (abstractions_of ofmcfp) + in + case abstractions of + [] => NONE + | ((a,b)::xs) => SOME ("Abs_"^(name_of b)) + end + + +fun deabstractMsg abstractions (Atom s) = (case check_abstraction abstractions s of + NONE => CVariable(s,"") + | SOME a => Abstraction(COperator(s,"",[]),CVariable(a,""))) + | deabstractMsg abstractions (Operator(s,ms)) = (case check_abstraction abstractions s of + NONE => COperator(s,"", map (deabstractMsg abstractions) ms) + | SOME a => Abstraction(COperator(s,"", map (deabstractMsg abstractions) ms), + CVariable(a,""))) + +fun deabstractFact abstractions (State (n,ms)) = (CState (n, map (deabstractMsg abstractions) ms)) + | deabstractFact abstractions (Iknows m) = (CIknows (deabstractMsg abstractions m)) + | deabstractFact abstractions (Attack m) = (CAttack (deabstractMsg abstractions m)) + | deabstractFact abstractions (Witness ms) = (CWitness (map (deabstractMsg abstractions) ms)) + | deabstractFact abstractions (Request ms) = (CRequest (map (deabstractMsg abstractions) ms)) + | deabstractFact abstractions (Secret ms) = (CSecret (map (deabstractMsg abstractions) ms)) + | deabstractFact abstractions (Fact (n,m)) = (CFact (n, deabstractMsg abstractions m)) + | deabstractFact abstractions (NotEqual (n,m)) = (CNotEqual (deabstractMsg abstractions n, deabstractMsg abstractions m)) + | deabstractFact _ _ = raise (error "unknown abstract in deabstractFAct") + +end + + + + diff --git a/src/encoder/ofmc_connector.sml b/src/encoder/ofmc_connector.sml new file mode 100644 index 0000000..a464cbb --- /dev/null +++ b/src/encoder/ofmc_connector.sml @@ -0,0 +1,138 @@ +(***************************************************************************** + * Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL + * + * ofmc_connector.sml --- + * This file is part of Isabelle-OFMC. + * + * Copyright (c) 2009 Achim D. Brucker, Germany + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * * Neither the name of the copyright holders nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************) +(* $Id: ofmc_connector.sml 903 2009-11-01 19:05:11Z brucker $ *) + +signature OFMC_CONNECTOR = +sig + val ofmc_home: unit -> string + val ofmc: string + val wauth: bool ref +(* val generate_fp : string -> theory -> theory *) + val parseOfmcFpOutput: string -> OfmcFp.ofmc_fp + val parseOfmcFpFile: string -> OfmcFp.ofmc_fp + val parseAnBFile: string -> OfmcFp.ofmc_fp +end + +structure ofmc_connector :> OFMC_CONNECTOR = +struct + + +structure OfmcFpParserLrVals = +OfmcFpParserLrValsFun(structure Token = LrParser.Token) + +structure OfmcFpParserLex = +OfmcFpParserLexFun(structure Tokens = OfmcFpParserLrVals.Tokens) + +structure OfmcFpParserParser = Join(structure LrParser = LrParser + structure ParserData = OfmcFpParserLrVals.ParserData + structure Lex = OfmcFpParserLex) + +val ofmc = "ofmc" +val wauth = ref false + +fun ofmc_home () = case OS.Process.getEnv "OFMC_HOME" of + SOME p => p^"/bin" + | NONE => "" + +fun invoke lexstream = + let fun print_error (s,i:(int * int * int),_) = + TextIO.output(TextIO.stdOut, + "Error, line .... " ^ (Int.toString (#1 i)) ^"." + ^(Int.toString (#2 i ))^ ", " ^ s ^ "\n") + in + OfmcFpParserParser.parse(0,lexstream,print_error,()) + end + +fun parseOfmcFpFile ofmc_output_file = + let + val infile = TextIO.openIn ofmc_output_file + val lexer = OfmcFpParserParser.makeLexer (fn _ => case ((TextIO.inputLine) infile) of + SOME s => s + | NONE => "") + val dummyEOF = OfmcFpParserLrVals.Tokens.EOF((0,0,0),(0,0,0)) + fun loop lexer = + let + val _ = (OfmcFpParserLex.UserDeclarations.pos := (0,0,0);()) + val (res,lexer) = invoke lexer + val (nextToken,lexer) = OfmcFpParserParser.Stream.get lexer + in + if OfmcFpParserParser.sameToken(nextToken,dummyEOF) + then ((),res) + else loop lexer + end + in + (#2(loop lexer)) + end + +fun parseOfmcFpOutput ofmc_output= + let + val line = ref ofmc_output + fun readString _ = let val f = !line val _ = (line := "") in f end + val lexer = OfmcFpParserParser.makeLexer (readString) + val dummyEOF = OfmcFpParserLrVals.Tokens.EOF((0,0,0),(0,0,0)) + fun loop lexer = + let + val _ = (OfmcFpParserLex.UserDeclarations.pos := (0,0,0);()) + val (res,lexer) = invoke lexer + val (nextToken,lexer) = OfmcFpParserParser.Stream.get lexer + in + if OfmcFpParserParser.sameToken(nextToken,dummyEOF) + then ((),res) + else loop lexer + end + in + (#2(loop lexer)) + end + +fun parseAnBFile filename = + let + val cmd = if !wauth + then (ofmc_home())^ofmc^" "^filename^" -wauth -ot Isa" + else (ofmc_home())^ofmc^" "^filename^" -ot Isa" + + val tmpFile = OS.FileSys.tmpName () + val ofmcStatus = OS.Process.system(cmd^" > "^tmpFile) + val ofmcOutput = parseOfmcFpFile tmpFile + handle e => (OS.FileSys.remove tmpFile; raise e) + val _ = OS.FileSys.remove tmpFile + in + OfmcFp.update_source filename ofmcOutput + end + +end diff --git a/src/encoder/ofmc_encoder.sml b/src/encoder/ofmc_encoder.sml new file mode 100644 index 0000000..8d89dfe --- /dev/null +++ b/src/encoder/ofmc_encoder.sml @@ -0,0 +1,70 @@ +(***************************************************************************** + * Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL + * + * ofmc_encoder.sml --- + * This file is part of Isabelle-OFMC. + * + * Copyright (c) 2009 Achim D. Brucker, Germany + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * * Neither the name of the copyright holders nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************) +(* $Id: ofmc_encoder.sml 450 2009-02-02 08:59:41Z brucker $ *) + +signature OFMC_ENCODER = +sig + val encode_ofmc : OfmcFp.ofmc_fp -> theory -> theory + val ofmcFpTerm_to_term: OfmcFp.ofmc_fp -> term +end + + +structure ofmc_encoder = +struct + +open ofmc_connector +open OfmcFp +open ofmc_abstraction + +fun encode_ofmc abstractions thy = + let + val _ = warning "Defining Protocol" + val _ = warning "Defining Fixpoint" + in + thy + end + + +fun ofmcFpTerm_to_term (CVariable (n,t)) = Free(n,dummyT) + | ofmcFpTerm_to_term (COperator(n,t,ms)) = (Const(n,dummyT)$(foldr1 (op $) (map ofmcFpTerm_to_term ms))) + + + +end + diff --git a/src/encoder/ofmc_thygen.sml b/src/encoder/ofmc_thygen.sml new file mode 100644 index 0000000..693b315 --- /dev/null +++ b/src/encoder/ofmc_thygen.sml @@ -0,0 +1,489 @@ +(***************************************************************************** + * Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL + * + * ofmc_thygen.sml --- + * This file is part of Isabelle-OFMC. + * + * Copyright (c) 2009 Achim D. Brucker, Germany + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * * Neither the name of the copyright holders nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************) +(* $Id: ofmc_thygen.sml 937 2009-11-02 05:21:07Z brucker $ *) +signature OFMC_ENCODER = +sig + val ofmc_thygen: OfmcFp.ofmc_fp -> unit + val ofmc_thygenAnB: string -> unit + val main: string * string list -> unit +end + +structure ofmc_thygen = +struct + +val varcnt = ref ~1 +val noproof = ref false +val version = "0.1" + +fun varcount () = ((varcnt := !varcnt + 1); Int.toString(!varcnt)) +fun reset_varcount () = ((varcnt := ~1);()) + + +open ofmc_abstraction + + +fun gen_header ofmcfp = + let + val protocol = protocol_of ofmcfp + fun filename f = let + val filename = (hd o List.rev o (String.tokens (fn c => ( c = #"/") orelse (c = #"\\")))) f + in + if (String.isSubstring ".AnB" filename) + then String.substring(filename,0,(String.size filename) -4) + else filename + end + in + "header {* Analysing "^(protocol)^" *}\n" + ^"(* *********************************** \n" + ^" This file is automatically generated from the AnB file \"" + ^(source_of ofmcfp)^"\".\n" + ^" Backend: "^(backend_of ofmcfp)^"\n" + ^"************************************ *)\n\n" + ^"theory"^"\n" + ^" \"" + ^(if source_of ofmcfp = "" + then protocol + else filename (source_of ofmcfp) ) + ^"\"\n" + ^" imports"^"\n" + ^" ofmc"^"\n" + ^"begin"^"\n\n" + end + + + + +fun gen_datatype ofmcfp = + let + fun mk_unique [] = [] + | mk_unique (x::xs) = if (List.exists (fn e => e = x) xs) then (mk_unique xs) else (x::(mk_unique xs)) + + val types = types_of ofmcfp + + val agents = sel_types_of "Agent" ofmcfp + val purposes = sel_types_of "Purpose" ofmcfp + + val numbers = sel_types_of "Number" ofmcfp + val functions = sel_types_of "Function" ofmcfp + val symkeys = sel_types_of "SymmetricKey" ofmcfp + + fun types2string conv [] = "\n" + | types2string conv [x] = (conv x) + | types2string conv (x::xs) = (conv x)^" | "^(types2string conv xs) + + val purposes = mk_unique (purposes@(map (fn x => "purpose"^x) numbers)) + in + "datatype Role = "^(types2string (fn r => "r"^r) agents)^"\n\n" + ^(if purposes = [] + then "datatype Purpose = purpose\n" + else "datatype Purpose = "^(types2string (fn x => x) purposes)^"\n") + ^"datatype Agent = honest nat\n" + ^" | dishonest nat\n\n" + + ^"datatype Nonce = "^(types2string (fn x => x^"\n") (type_abstraction ofmcfp "Number")) + ^" and Msg = Nonce \"Nonce\" \n" + ^" | Agent \"Agent\" \n" + ^" | Purpose \"Purpose\"\n" + ^" | pair \"Msg*Msg\" \n" + ^" | scrypt \"Msg*Msg\" \n" + ^" | crypt \"Msg*Msg\" \n" + ^" | inv \"Msg\" \n" + ^" | SID \"nat\" \n" + ^" | Step \"nat\" \n" + ^" | authentication \n" + ^" | secrecy \n" + ^"(* SymKeys *)\n" + ^" | SymKey \"Msg\"\n" + ^(if (type_abstraction ofmcfp "SymmetricKey") = [] then "" + else (" | "^(types2string (fn x => x) (type_abstraction ofmcfp "SymmetricKey"))^"\n")) + ^"(* Functions *)\n" + ^(if (type_abstraction ofmcfp "Function") = [] then "" + else " | "^(types2string (fn x => x) (type_abstraction ofmcfp "Function"))^"\n") +(* else " | "^(types2string (fn x => x^" \"Msg\"") functions)^"\n") *) + ^"\n" + ^" datatype Fact = Iknows Msg\n" + ^" | State \"Role * (Msg list)\"\n" + ^" | Secret \"Msg * Msg\"\n" + ^" | Attack \"Msg\"\n" + ^" | Witness \"Msg * Msg * Msg * Msg\"\n" + ^" | Request \"Msg * Msg * Msg * Msg * Msg\"\n\n\n" + end + + + fun is_literal ofmcfp (CVariable(n,t)) = let + val types = types_of ofmcfp + val wo_agents = (List.filter (fn (a,b) => a <> "Agent") types) + val constants = List.concat (map (fn t => #2 t) wo_agents) + in + if Int.fromString n = NONE + then if ((List.exists (fn n' => n = n') constants ) + orelse n="ni") + then true + else false + else true + end + + fun collect_msgvars ofmcfp (CVariable(n,t)) = if is_literal ofmcfp (CVariable(n,t)) + then [] + else [CVariable(n,t)] + | collect_msgvars ofmcfp (COperator(n,t,ms)) = List.concat (map (collect_msgvars ofmcfp) ms) + | collect_msgvars ofmcfp (Abstraction(m,a)) = (collect_msgvars ofmcfp m)@(collect_msgvars ofmcfp a) + + fun collect_vars ofmcfp (CState (s,ms)) = List.concat (map (collect_msgvars ofmcfp) ms) + | collect_vars ofmcfp (CIknows m) = collect_msgvars ofmcfp m + | collect_vars ofmcfp (CAttack m) = collect_msgvars ofmcfp m + | collect_vars ofmcfp (CWitness ms) = List.concat (map (collect_msgvars ofmcfp) ms) + | collect_vars ofmcfp (CRequest ms) = List.concat (map (collect_msgvars ofmcfp) ms) + | collect_vars ofmcfp (CSecret ms) = List.concat (map (collect_msgvars ofmcfp) ms) + | collect_vars ofmcfp (CFact (s,m)) = collect_msgvars ofmcfp m + + + +fun string_of_cmsg (CVariable (s,t)) = s + | string_of_cmsg (COperator (s,t,[])) = s + | string_of_cmsg (COperator (s,t,ms)) = s^"("^(string_of_cmsg_list ms)^")" + | string_of_cmsg (Abstraction (m,n)) = "("^(string_of_cmsg m)^" "^(string_of_cmsg n)^")" + +and string_of_cmsg_list [] = "" + | string_of_cmsg_list [m] = string_of_cmsg m + | string_of_cmsg_list (m::ms) = (string_of_cmsg m)^", "^(string_of_cmsg_list ms) + + fun gen_exists [] = "" + | gen_exists xs = "? "^(String.concat (map (fn f => string_of_cmsg f^" ") xs))^". \n " + + +fun string_of_cfact ofmcfp (CState (s,ms)) = "State("^s^", ["^(string_of_cmsg_list ms)^"] )" + | string_of_cfact ofmcfp (CIknows m) = "Iknows("^(string_of_cmsg m)^")" + | string_of_cfact ofmcfp (CAttack m) = "Attack("^(string_of_cmsg m)^")" + | string_of_cfact ofmcfp (CWitness ms) = "Witness("^(string_of_cmsg_list ms)^")" + | string_of_cfact ofmcfp (CRequest ms) = "Request("^(string_of_cmsg_list ms)^")" + | string_of_cfact ofmdfp (CSecret ms) = "Secret("^(string_of_cmsg_list ms)^")" + | string_of_cfact ofmdfp (CFact (s,m)) = "Fact("^s^", "^(string_of_cmsg m)^")" + | string_of_cfact ofmcfp (CNotEqual (n,m)) = "~ ( "^(gen_exists (collect_msgvars ofmcfp m)) + ^(string_of_cmsg n)^" = "^(string_of_cmsg m)^")" + + + +fun gen_inductive ofmcfp = + let + val protocol = protocol_of ofmcfp + fun gen_knowledge ((k:(string * Fact))::ks) = + let + val protocol = protocol_of ofmcfp + fun string_of_initrule (k:(string * Fact)) = ((#1 k)^": \"[ " + ^(string_of_cfact ofmcfp (deabstractFact ofmcfp (#2 k))) + ^"] : "^protocol^"\"\n") + in + " "^(string_of_initrule k) + ^(String.concat (map (fn k => " | "^(string_of_initrule k)) ks)) + end + + fun gen_rules rules = + let + val protocol = protocol_of ofmcfp + fun string_of_rule (r:Rule) = + let + val name = case (#1 r) of NONE => "" | SOME s => (s^": ") + fun to_string (CNotEqual (n,m)) = ";\n "^(string_of_cfact ofmcfp (CNotEqual (n,m))) + | to_string f = ";\n "^(string_of_cfact ofmcfp f)^" : (set t)" + in + name^" \"[| t :"^protocol + ^(String.concat (map (fn k => to_string (deabstractFact ofmcfp k)) ((#2 r)) ) ) + ^ "|] \n ==> \n(" + ^(String.concat (map (fn k => "("^(string_of_cfact ofmcfp (deabstractFact ofmcfp k))^")\n #") ((#3 r)))) + ^ "t) : "^protocol^"\"\n" + end + in + (String.concat (map (fn k => " | "^(string_of_rule k)) rules)) + end + in + "inductive_set\n" + ^" "^protocol^"::\"Fact list set\"\n" + ^"where\n" + ^(gen_knowledge (knowledge_of ofmcfp)) + ^(gen_rules (rules_of ofmcfp)) + end + + +fun gen_fp ofmcfp = + let + val protocol = protocol_of ofmcfp + val protocolFp = protocol^"_fp" + val inner_quantification = false + + + fun mk_msgvars_unique (CVariable(n,t)) = if is_literal ofmcfp (CVariable(n,t)) + then (CVariable(n,t)) + else (CVariable(n^(varcount()),t)) + | mk_msgvars_unique (COperator(n,t,ms)) = (COperator(n,t, map mk_msgvars_unique ms)) + | mk_msgvars_unique (Abstraction(m,a)) = (Abstraction(mk_msgvars_unique m, + mk_msgvars_unique a)) + + + fun mk_msgvars_unique' v (CVariable(n,t)) = if is_literal ofmcfp (CVariable(n,t)) + then (CVariable(n,t)) + else + if (v=(CVariable(n,t))) + then (CVariable(n^(varcount()),t)) + else (CVariable(n,t)) + + + + | mk_msgvars_unique' v (COperator(n,t,ms)) = (COperator(n,t, map (mk_msgvars_unique' v) ms)) + | mk_msgvars_unique' v (Abstraction(m,a)) = (Abstraction(mk_msgvars_unique' v m, + mk_msgvars_unique' v a)) + + + fun mk_vars_unique (CState (s,ms)) = (CState (s, map mk_msgvars_unique ms)) + | mk_vars_unique (CIknows m) = (CIknows (mk_msgvars_unique m) ) + | mk_vars_unique (CAttack m) = (CAttack (mk_msgvars_unique m)) + | mk_vars_unique (CWitness ms) = (CWitness (map mk_msgvars_unique ms)) + | mk_vars_unique (CRequest ms) = (CRequest (map mk_msgvars_unique ms)) + | mk_vars_unique (CSecret ms) = (CSecret (map mk_msgvars_unique ms)) + | mk_vars_unique (CFact (s,m)) = (CFact (s,mk_msgvars_unique m)) + + fun mk_vars_unique' v (CState (s,ms)) = (CState (s, map (mk_msgvars_unique' v) ms)) + | mk_vars_unique' v (CIknows m) = (CIknows (mk_msgvars_unique' v m) ) + | mk_vars_unique' v (CAttack m) = (CAttack (mk_msgvars_unique' v m)) + | mk_vars_unique' v (CWitness ms) = (CWitness (map (mk_msgvars_unique' v) ms)) + | mk_vars_unique' v (CRequest ms) = (CRequest (map (mk_msgvars_unique' v) ms)) + | mk_vars_unique' v (CSecret ms) = (CSecret (map (mk_msgvars_unique' v) ms)) + | mk_vars_unique' v (CFact (s,m)) = (CFact (s,mk_msgvars_unique' v m)) + + + + + val facts = (((knowledge_of ofmcfp)@(fixedpoint_of ofmcfp))) + + fun string_of_fp_fact ofmcfp (n,f) = + let + val _ = reset_varcount() + val cf = mk_vars_unique (deabstractFact ofmcfp f) + in + (gen_exists (collect_vars ofmcfp cf)) + ^ "m = " + ^(string_of_cfact ofmcfp cf) + end + + fun string_of_fp_fact' ofmcfp (n,f) = "m = "^(string_of_cfact ofmcfp f) + + + fun mk_outer_exists facts = + let + fun toSet [] = [] + | toSet (x::xs) = if List.exists (fn e => x = e) xs + then toSet xs + else x::(toSet xs) + fun vars_of facts = toSet (List.concat(map (fn (n,f) => collect_vars ofmcfp f) facts)) + val vars = vars_of facts + fun mk_v_unique [] (n,f) = (n,f) + | mk_v_unique (v::vs) (n,f) = let + val _ = reset_varcount() + in + mk_v_unique vs (n,mk_vars_unique' v f) + end + val ufacts = map (mk_v_unique vars) facts + val uvars = vars_of ufacts + in + (uvars, ufacts) + end + val cfacts = map (fn (n,f) => (n,deabstractFact ofmcfp f)) facts + + val outer_ex = mk_outer_exists cfacts + in + if inner_quantification + then + ( "constdefs" + ^" "^protocolFp^"::\"Fact set\"" + ^"\""^protocolFp^" == {m. (\n" + ^" ("^(string_of_fp_fact ofmcfp (hd facts)^")\n") + ^(String.concat (map (fn f => " | ("^(string_of_fp_fact ofmcfp f)^")\n") (tl facts) )) + ^")}\"\n") + else + ( "constdefs" + ^" "^protocolFp^"::\"Fact set\"" + ^"\""^protocolFp^" == {m. ( ? "^(String.concat (map (fn f => string_of_cmsg f^" ") (#1 outer_ex )))^".\n" + ^" ("^(string_of_fp_fact' ofmcfp (hd (#2 outer_ex ))^")\n") + ^(String.concat (map (fn f => " | ("^(string_of_fp_fact' ofmcfp f)^")\n") (tl (#2 outer_ex )) )) + ^")}\"\n") + end + + +fun gen_no_attack ofmcfp = + let + val protocol = (protocol_of ofmcfp) + in + "lemma fp_attack_free: \"~ (Attack m : "^protocol^"_fp)\"\n" + ^" by(simp only: "^protocol^"_fp_def, simp only: set2pred, simp, auto?)+\n\n" + end + +fun gen_over_approx_auto ofmcfp = + let + val protocol = protocol_of ofmcfp + in + "lemma over_approx: \"t : "^protocol^" ==> (set t) <= "^protocol^"_fp\"\n" + ^" apply(rule "^protocol^".induct, simp_all, safe)\n" + ^" apply(propagate_fp, simp add: "^protocol^"_fp_def, simp only: set2pred, simp, auto?)+\n" + ^"done\n\n" + end + +fun gen_over_approx ofmcfp = + let + val protocol = protocol_of ofmcfp + val rulenames = (map (#1) (knowledge_of ofmcfp))@(map (Option.valOf o #1) (rules_of ofmcfp)) + fun gen_cuts rn = " apply(propagate_fp, cut_tac "^rn^", (assumption | simp)+)\n" + in + "lemma over_approx: \"t : "^protocol^" ==> (set t) <= "^protocol^"_fp\"\n" + ^" apply(rule "^protocol^".induct, simp_all)\n" + ^(String.concat (map gen_cuts rulenames)) + ^"done\n\n" + end + + + +fun checkfp ofmcfp = + let + val protocol = protocol_of ofmcfp + fun check_knowledge (k:(string * Fact)) = + let + val protocol = protocol_of ofmcfp + fun string_of_initrule (k:(string * Fact)) = ((#1 k)^": \"" + ^(string_of_cfact ofmcfp (deabstractFact ofmcfp (#2 k))) + ^" : "^protocol^"_fp\"\n") + in + "lemma "^(string_of_initrule k) + ^"by(simp only: "^protocol^"_fp_def, simp only: set2pred, simp, auto?)+\n\n" + end + +(* + fun string_of_rule (r:Rule) = + let + val name = case (#1 r) of NONE => "" | SOME s => (s^": ") + fun to_string (CNotEqual (n,m)) = ";\n "^(string_of_cfact (CNotEqual (n,m))) + | to_string f = ";\n "^(string_of_cfact f)^" : (set t)" + in + name^" \"[| t :"^protocol + ^(String.concat (map (fn k => to_string (deabstractFact ofmcfp k)) ((#2 r)) ) ) + ^ "|] \n ==> \n(" + ^(String.concat (map (fn k => "("^(string_of_cfact (deabstractFact ofmcfp k))^")\n #") ((#3 r)))) + ^ "t) : "^protocol^"\"\n" + end +*) + + fun check_rules (r:Rule) = + let + val protocol = protocol_of ofmcfp + val name = case (#1 r) of NONE => ":" | SOME s => (s^": ") + fun to_string (CNotEqual (n,m)) = (string_of_cfact ofmcfp (CNotEqual (n,m))) + | to_string f = (string_of_cfact ofmcfp f)^" : "^protocol^"_fp" + + in + "lemma "^name^" \"[| " + ^(String.concat (map (fn k => "\n "^(to_string (deabstractFact ofmcfp k))) ([hd (#2 r)]) ) ) + ^(String.concat (map (fn k => ";\n "^(to_string (deabstractFact ofmcfp k))) (tl (#2 r)) ) ) + ^ "|] \n ==> " + ^(String.concat (map (fn k => "\n ("^(to_string (deabstractFact ofmcfp k))^")") ([hd (#3 r)]))) + ^(String.concat (map (fn k => " &\n ("^(to_string (deabstractFact ofmcfp k))^")") (tl (#3 r)))) + ^ "\"\n" + ^"by(simp only: "^protocol^"_fp_def, simp only: set2pred, simp, auto?)+\n\n" + end + in + (String.concat (map check_knowledge (knowledge_of ofmcfp))) + ^(String.concat (map check_rules (rules_of ofmcfp))) + end + + +fun ofmc_thygen ofmcfp = + let + val protocol = protocol_of ofmcfp + val _ = print (gen_header ofmcfp) + val _ = print ("\n\nsection {* Protocol Model ("^protocol^") *}\n") + val _ = print (gen_datatype ofmcfp) + val _ = print ("\n\nsection {* Inductive Protocol Definition ("^protocol^") *}\n") + val _ = print (gen_inductive ofmcfp) + val _ = print ("\n\nsection {* Fixed-point Definition ("^protocol^") *}\n") + val _ = print (gen_fp ofmcfp) + val _ = if !noproof then () + else (print ("\n\nsection {* Checking Fixed-point ("^protocol^") *}\n"); + print (gen_no_attack ofmcfp); + print (checkfp ofmcfp); + print ("\n\nsection {* Security Proof(s) ("^protocol^") *}\n"); + print (gen_over_approx ofmcfp)) +(* val _ = print ("(* Alternatively, the following script provides an non-modular\n") + val _ = print (" way for proving the over-approximation direclty:\n\n") + val _ = print (gen_over_approx_auto ofmcfp) + val _ = print ("*)\n") +*) + val _ = print ("\n\nend (* theory *)\n") + in () end + +val ofmc_thygenAnB = ofmc_thygen o ofmc_connector.parseAnBFile + +fun print_usage name = let + val _ = print("\n") + val _ = print("usage: "^name^" [args] \n") + val _ = print(name^", version "^version^"\n") + val _ = print("\n") + val _ = print(" --wauth\n") + val _ = print(" --noproofs\n") + val _ = print("\n") +in + () +end + +fun main (name:string,args:(string list)) = + let + val prgName = (hd o rev) (String.fields (fn s => s = #"/" orelse s = #"\\") name) + in + ( + case (prgName,args) of + (n, []) => print_usage name + | (n, "--noproof"::ar) => (noproof := true ; main(name, ar)) + | (n, "--wauth"::ar) => (ofmc_connector.wauth := true ; main(name, ar)) + | (n, [file]) => if String.isPrefix "-" file + then print_usage name + else ofmc_thygenAnB file + | (_,_) => print_usage name + ) + end + + +end + +val _ = ofmc_thygen.main(CommandLine.name(), CommandLine.arguments()) diff --git a/src/encoder/ofmcfp.sml b/src/encoder/ofmcfp.sml new file mode 100644 index 0000000..099c621 --- /dev/null +++ b/src/encoder/ofmcfp.sml @@ -0,0 +1,117 @@ +(***************************************************************************** + * Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL + * + * ofmcfp.sml --- + * This file is part of Isabelle-OFMC. + * + * Copyright (c) 2009 Achim D. Brucker, Germany + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * * Neither the name of the copyright holders nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************) +(* $Id: ofmcfp.sml 890 2009-10-31 21:34:17Z brucker $ *) + + +structure OfmcFp = struct + +(* +datatype Operator = Crypt | Scrypt | Cat | Inv +*) + +datatype Msg = Atom of string + | Operator of string * Msg list + +type MsgPat = (Msg * Msg) +type ProtocolState = MsgPat list + +datatype Fact = State of string * Msg list + | FPState of string * Msg + | Iknows of Msg + | Attack of Msg + | Witness of Msg list + | Request of Msg list + | Secret of Msg list + | Fact of string * Msg + | NotEqual of (Msg * Msg) + +type Rule = (string option * Fact list * Fact list) + + +type ofmc_fp = { + Protocol: string, + Backend: string, + Types: (string * (string list)) list, + Rules: Rule list, + Knowledge: (string * Fact) list, + FixedPoint: (string * Fact) list, + Abstractions : (Msg * Msg) list, + Source : string +} + + +val empty_ofmc_fp = {Backend="", Protocol="", Types = [("Number",["NI"])], Rules = [], Knowledge=[], FixedPoint=[], + Abstractions=[(Atom "ni",Atom "NI")], Source=""}:ofmc_fp +(* Abstractions=[(Atom "purpose",Atom "PURPOSE"),(Atom "ni",Atom "NI")], Source=""}:ofmc_fp *) + +fun update_protocol protocol ({Backend=backend, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source, ...}:ofmc_fp) + = ({Protocol=protocol, Backend=backend, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source}:ofmc_fp) +fun update_backend backend ({Protocol=protocol, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source, ...}:ofmc_fp) + = ({Protocol=protocol, Backend=backend, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source}:ofmc_fp) +fun update_types types ({Backend=backend, Protocol=protocol, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source, ...}:ofmc_fp) + = ({Protocol=protocol, Backend=backend, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source}:ofmc_fp) +fun update_rules rules ({Backend=backend, Protocol=protocol, Types=types, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source, ...}:ofmc_fp) + = ({Protocol=protocol, Backend=backend, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source}:ofmc_fp) +fun update_knowledge knowledge ({Backend=backend, Protocol=protocol, Types=types, Rules=rules, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source, ...}:ofmc_fp) + = ({Protocol=protocol, Backend=backend, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source}:ofmc_fp) +fun update_fixedpoint fixedpoint ({Backend=backend, Protocol=protocol, Types=types, Rules=rules, Knowledge = knowledge, Abstractions=abstractions,Source=source, ...}:ofmc_fp) + = ({Protocol=protocol, Backend=backend, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source}:ofmc_fp) +fun update_abstractions abstractions ({Backend=backend, Protocol=protocol, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint,Source=source, ...}:ofmc_fp) + = ({Protocol=protocol, Backend=backend, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source}:ofmc_fp) +fun update_source source ({Backend=backend, Protocol=protocol, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint,Abstractions=abstractions, ...}:ofmc_fp) + = ({Protocol=protocol, Backend=backend, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source}:ofmc_fp) + + +fun mk_unique [] = [] + | mk_unique (x::xs) = if (List.exists (fn e => e = x) xs) then (mk_unique xs) else (x::(mk_unique xs)) + + +fun backend_of (ofmcfp:ofmc_fp) = case #Backend ofmcfp of "" => "unknown" | s => s +fun protocol_of (ofmcfp:ofmc_fp) = case #Protocol ofmcfp of "" => "protocol" | s => s +fun knowledge_of (ofmcfp:ofmc_fp) = #Knowledge ofmcfp +fun rules_of (ofmcfp:ofmc_fp) = #Rules ofmcfp +fun types_of (ofmcfp:ofmc_fp) = #Types ofmcfp +fun sel_types_of t (ofmcfp:ofmc_fp) = mk_unique (List.concat (map #2 (List.filter (fn (a,b) => a = t) (#Types ofmcfp)))) + +fun fixedpoint_of (ofmcfp:ofmc_fp) = #FixedPoint ofmcfp +fun abstractions_of (ofmcfp:ofmc_fp) = #Abstractions ofmcfp +fun source_of (ofmcfp:ofmc_fp) = #Source ofmcfp + +end + diff --git a/src/encoder/root.sml b/src/encoder/root.sml new file mode 100644 index 0000000..d946357 --- /dev/null +++ b/src/encoder/root.sml @@ -0,0 +1,57 @@ +(***************************************************************************** + * Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL + * + * root.sml --- + * This file is part of Isabelle-OFMC. + * + * Copyright (c) 2009 Achim D. Brucker, Germany + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * * Neither the name of the copyright holders nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************) +(* $Id: root.sml 450 2009-02-02 08:59:41Z brucker $ *) + + +val ord = Char.ord; +val chr = Char.chr; +val print = TextIO.print ; + +OS.FileSys.chDir "ml-yacc-lib"; +use "root.sml"; +OS.FileSys.chDir ".."; + + +use "ofmcfp.sml"; +use "ofmc-fp.grm.sig"; +use "ofmc-fp.lex.sml"; +use "ofmc-fp.grm.sml"; +use "ofmc_connector.sml"; +use "ofmc_abstraction.sml"; +use "ofmc_encoder.sml"; diff --git a/src/ofmc.thy b/src/ofmc.thy new file mode 100644 index 0000000..8d80eb2 --- /dev/null +++ b/src/ofmc.thy @@ -0,0 +1,148 @@ +(***************************************************************************** + * Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL + * + * config.sml.in --- main configuration file for Isabelle-OFMC + * This file is part of Isabelle-OFMC. + * + * Copyright (c) 2009 Achim D. Brucker, Germany + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * * Neither the name of the copyright holders nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************) +(* $Id: ofmc.thy 935 2009-11-02 00:02:50Z brucker $ *) + + +theory + ofmc +imports + Main +(* uses + "kernel_ext/isabelle2009_kernel_patch.ML" +(* "kernel_ext/ProofObligationMgr2008.sml" *) +*) +begin + + +section {* Auxiliary Lemmata *} + +lemma set2pred: " x \ {m . P(m)} \ P(x)" + by(auto) + +section {* Proof Obligation Manager Configuration *} + + +section {* Isabelle/ofmc Specific Tactics *} + +(* + + +setup {* +Method.add_method ("propagate_fp_cterm", +let + fun propagate_fp_tac ctxt facts = + let + val thy = ProofContext.theory_of ctxt + fun m_tac thm = + let + fun collect_facts (((Const ("op :",_))$(t)$(Const("List.set",_)$_))) = [t] + | collect_facts (t1$t2) = ((collect_facts t1)@(collect_facts t2)) + | collect_facts (Abs (_,_,t)) = collect_facts t + | collect_facts _ = [] + val cand = collect_facts (hd(prems_of(thm))) + fun subst v t = let +val _ = warning ("substituting "^(Syntax.string_of_term ctxt t)) +in + (Thm.cterm_of thy (Var((v,0),type_of t)), + Thm.cterm_of thy t) +end + val _ = warning ("Candidates found:") + val _ = map (fn p => warning (" "^(Syntax.string_of_term ctxt p) + )) cand + + fun foo [f] = (forw_terminst_tac [] [subst "c" f] (instantiate' [SOME (ctyp_of thy (type_of f))] [] (PureThy.get_thm thy "subsetD")) 1) + THEN (simp_tac HOL_ss 1) + | foo (f::facts) = foo [f] THEN (foo facts) + | foo [] = all_tac + in + (foo cand) thm + end + in + m_tac + end +in + Method.ctxt_args (fn ctxt => Method.METHOD (fn facts => propagate_fp_tac ctxt facts)) +end, +"propagate fixed-point") +*}) + +*) + + +setup {* +Method.add_method("propagate_fp", +let + fun propagate_fp_tac_str ctxt facts = + let + val thy = ProofContext.theory_of ctxt + fun m_tac thm = + let + fun replace_bounded b (t1$t2) = (replace_bounded b t1)$(replace_bounded b t2) + | replace_bounded b (Bound c) = Free(List.nth (b,(List.length b) - c -1)) + | replace_bounded _ t = t + + fun collect_facts b (((Const ("op :",_))$(t)$(Const("List.set",_)$_))) = [replace_bounded b t] + | collect_facts b (t1$t2) = ((collect_facts b t1)@(collect_facts b t2)) + | collect_facts b (Abs (n,ty,t)) = collect_facts (b@[(n,ty)]) t + | collect_facts _ _ = [] + fun to_string f = (PrintMode.setmp [] Display.string_of_cterm (cterm_of thy f)) + val cand = case prems_of(thm) of + [] => [] + | (p::ps) => collect_facts [] p +(* val _ = warning "Candiates are" + val _ = map (fn s => warning (Syntax.string_of_term ctxt s)) cand *) +(* fun foo [f] = (forw_inst_tac ctxt [("c", to_string f )] (PureThy.get_thm thy "subsetD") 1) *) + fun foo [f] = (forw_inst_tac ctxt [(("c",0), to_string f )] (PureThy.get_thm thy "subsetD") 1) + THEN (simp_tac HOL_ss 1) + | foo (f::facts) = foo [f] THEN (foo facts) + | foo [] = all_tac + in + (foo cand) thm + end + in + m_tac + end +in + Method.ctxt_args (fn ctxt => Method.METHOD (fn facts => propagate_fp_tac_str ctxt facts)) +end +,"propagate fixed-point") +*} + + +end