Import of originally published version of isabelle-ofmc.
This commit is contained in:
commit
0407d94abd
|
@ -0,0 +1,35 @@
|
|||
Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL
|
||||
==================================================
|
||||
|
||||
Copyright (c) 2009 Achim D. Brucker, Germany
|
||||
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are
|
||||
met:
|
||||
|
||||
* Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
|
||||
* Redistributions in binary form must reproduce the above
|
||||
copyright notice, this list of conditions and the following
|
||||
disclaimer in the documentation and/or other materials provided
|
||||
with the distribution.
|
||||
|
||||
* Neither the name of the copyright holders nor the names of its
|
||||
contributors may be used to endorse or promote products derived
|
||||
from this software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
|
||||
2009-11-02 Achim D. Brucker <brucker@member.fsf.org>
|
||||
* Isabelle/OFMC: first public release (development version)
|
|
@ -0,0 +1,12 @@
|
|||
|
||||
Isabelle/OFMC - Linking OFMC and Isabelle/HOL
|
||||
=============================================
|
||||
|
||||
This is a developer release for Isabelle/OFMC, i.e., while it may be
|
||||
of interested to experts, it is not yet useable by the general
|
||||
public. This development version comprises a small set of Isabelle
|
||||
theories and a prototypical tool, called anb2thy. Using OFMC's
|
||||
fixed-point module, anb2thy generates Isabelle theory files for
|
||||
protocols that haven been successfully validated by OFMC.
|
||||
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
Protocol: BilateralKeyExchange
|
||||
|
||||
Types: Agent A,B;
|
||||
Number NA,NB;
|
||||
Symmetric_key K;
|
||||
Function pk,f
|
||||
|
||||
Knowledge: A: A,B,pk(A),pk(B),inv(pk(A)),f;
|
||||
B: A,B,pk(A),pk(B),inv(pk(B)),pk,f
|
||||
|
||||
|
||||
|
||||
Actions:
|
||||
B->A: B,{NB,B}pk(A)
|
||||
A->B: {f(NB),NA,A,K}pk(B)
|
||||
B->A: {|f(NA)|}K
|
||||
|
||||
Goals:
|
||||
A *->* B: K
|
|
@ -0,0 +1,284 @@
|
|||
Backend: Open-Source Fixedpoint Model-Checker version 2009c
|
||||
Protocol: BilateralKeyExchange
|
||||
Types:
|
||||
[(Purpose,["purposeK"]),(Agent False False,["A","B"]),(Number,["NA","NB"]),(SymmetricKey,["K"]),(Function,["pk","f"])]
|
||||
section rules:
|
||||
step rule_0:
|
||||
iknows(crypt(K,M));
|
||||
iknows(inv(K))
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_1:
|
||||
iknows(crypt(inv(K),M));
|
||||
iknows(K)
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_2:
|
||||
iknows(scrypt(K,M));
|
||||
iknows(K)
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_3:
|
||||
iknows(pair(M1,M2))
|
||||
|
||||
=>
|
||||
iknows(M1);
|
||||
iknows(M2)
|
||||
|
||||
step rule_4:
|
||||
secret(M,Agent (honest a));
|
||||
iknows(M)
|
||||
|
||||
=>
|
||||
attack(pair(secrecy,M))
|
||||
|
||||
step rule_5:
|
||||
request(A,B,Purpose (purposeNB),M,(SID sid))
|
||||
| B/=Agent (dishonest i);
|
||||
M/=Nonce (absNB(pair(B,A)))
|
||||
=>
|
||||
attack(pair(authentication,pair(A,pair(B,M))))
|
||||
|
||||
step rule_6:
|
||||
request(A,B,Purpose (purposeNA),M,(SID sid))
|
||||
| B/=Agent (dishonest i);
|
||||
M/=Nonce (absNA(pair(B,A)))
|
||||
=>
|
||||
attack(pair(authentication,pair(A,pair(B,M))))
|
||||
|
||||
step rule_7:
|
||||
request(A,B,Purpose (purposeK),M,(SID sid))
|
||||
| B/=Agent (dishonest i);
|
||||
M/=SymKey (absK(pair(B,A)))
|
||||
=>
|
||||
attack(pair(authentication,pair(A,pair(B,M))))
|
||||
|
||||
step rule_8:
|
||||
State (rB,[Agent (B),Step 0,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),(SID sid)])
|
||||
|
||||
=>
|
||||
State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (absNB(pair(Agent (B),Agent (A)))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (absNB(pair(Agent (B),Agent (A)))),Agent (B)))),(SID sid)]);
|
||||
iknows(pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (absNB(pair(Agent (B),Agent (A)))),Agent (B)))))
|
||||
|
||||
step rule_9:
|
||||
State (rA,[Agent (A),Step 0,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),(SID sid)]);
|
||||
iknows(Agent (B));
|
||||
iknows(crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))))
|
||||
|
||||
=>
|
||||
secret(SymKey (absK(pair(Agent (A),Agent (B)))),Agent (B));
|
||||
witness(Agent (A),Agent (B),Purpose (purposeK),SymKey (absK(pair(Agent (A),Agent (B)))));
|
||||
State (rA,[Agent (A),Step 1,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),Nonce (absNA(pair(Agent (A),Agent (B)))),SymKey (absK(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Agent (A),SymKey (absK(pair(Agent (A),Agent (B)))))))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Agent (A),SymKey (absK(pair(Agent (A),Agent (B)))))))))
|
||||
|
||||
step rule_10:
|
||||
State (rA,[Agent (A),Step 0,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),(SID sid)]);
|
||||
iknows(Agent (B));
|
||||
iknows(pk(Agent (A)));
|
||||
iknows(Nonce (NB))
|
||||
|
||||
=>
|
||||
secret(SymKey (absK(pair(Agent (A),Agent (B)))),Agent (B));
|
||||
witness(Agent (A),Agent (B),Purpose (purposeK),SymKey (absK(pair(Agent (A),Agent (B)))));
|
||||
State (rA,[Agent (A),Step 1,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),Nonce (absNA(pair(Agent (A),Agent (B)))),SymKey (absK(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Agent (A),SymKey (absK(pair(Agent (A),Agent (B)))))))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Agent (A),SymKey (absK(pair(Agent (A),Agent (B)))))))))
|
||||
|
||||
step rule_11:
|
||||
State (rA,[Agent (A),Step 0,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),(SID sid)]);
|
||||
iknows(Agent (B));
|
||||
iknows(Agent (A));
|
||||
iknows(Nonce (NB))
|
||||
|
||||
=>
|
||||
secret(SymKey (absK(pair(Agent (A),Agent (B)))),Agent (B));
|
||||
witness(Agent (A),Agent (B),Purpose (purposeK),SymKey (absK(pair(Agent (A),Agent (B)))));
|
||||
State (rA,[Agent (A),Step 1,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),Nonce (absNA(pair(Agent (A),Agent (B)))),SymKey (absK(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Agent (A),SymKey (absK(pair(Agent (A),Agent (B)))))))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Agent (A),SymKey (absK(pair(Agent (A),Agent (B)))))))))
|
||||
|
||||
step rule_12:
|
||||
State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeK),SymKey (K),(SID sid));
|
||||
State (rB,[Agent (B),Step 2,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),SymKey (K),Nonce (NA),f(Nonce (NB)),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),scrypt(SymKey (K),f(Nonce (NA))),(SID sid)]);
|
||||
iknows(scrypt(SymKey (K),f(Nonce (NA))))
|
||||
|
||||
step rule_13:
|
||||
State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),(SID sid)]);
|
||||
iknows(pk(Agent (B)));
|
||||
iknows(f(Nonce (NB)));
|
||||
iknows(Nonce (NA));
|
||||
iknows(Agent (A));
|
||||
iknows(SymKey (K))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeK),SymKey (K),(SID sid));
|
||||
State (rB,[Agent (B),Step 2,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),SymKey (K),Nonce (NA),f(Nonce (NB)),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),scrypt(SymKey (K),f(Nonce (NA))),(SID sid)]);
|
||||
iknows(scrypt(SymKey (K),f(Nonce (NA))))
|
||||
|
||||
step rule_14:
|
||||
State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),(SID sid)]);
|
||||
iknows(pk(Agent (B)));
|
||||
iknows(Nonce (NB));
|
||||
iknows(Nonce (NA));
|
||||
iknows(Agent (A));
|
||||
iknows(SymKey (K))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeK),SymKey (K),(SID sid));
|
||||
State (rB,[Agent (B),Step 2,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),SymKey (K),Nonce (NA),f(Nonce (NB)),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),scrypt(SymKey (K),f(Nonce (NA))),(SID sid)]);
|
||||
iknows(scrypt(SymKey (K),f(Nonce (NA))))
|
||||
|
||||
step rule_15:
|
||||
State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),(SID sid)]);
|
||||
iknows(Agent (B));
|
||||
iknows(f(Nonce (NB)));
|
||||
iknows(Nonce (NA));
|
||||
iknows(Agent (A));
|
||||
iknows(SymKey (K))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeK),SymKey (K),(SID sid));
|
||||
State (rB,[Agent (B),Step 2,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),SymKey (K),Nonce (NA),f(Nonce (NB)),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),scrypt(SymKey (K),f(Nonce (NA))),(SID sid)]);
|
||||
iknows(scrypt(SymKey (K),f(Nonce (NA))))
|
||||
|
||||
step rule_16:
|
||||
State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),(SID sid)]);
|
||||
iknows(Agent (B));
|
||||
iknows(Nonce (NB));
|
||||
iknows(Nonce (NA));
|
||||
iknows(Agent (A));
|
||||
iknows(SymKey (K))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeK),SymKey (K),(SID sid));
|
||||
State (rB,[Agent (B),Step 2,inv(pk(Agent (B))),pk(Agent (B)),pk(Agent (A)),Agent (A),Nonce (NB),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),SymKey (K),Nonce (NA),f(Nonce (NB)),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),scrypt(SymKey (K),f(Nonce (NA))),(SID sid)]);
|
||||
iknows(scrypt(SymKey (K),f(Nonce (NA))))
|
||||
|
||||
step rule_17:
|
||||
State (rA,[Agent (A),Step 1,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),Nonce (NA),SymKey (K),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),(SID sid)]);
|
||||
iknows(scrypt(SymKey (K),f(Nonce (NA))))
|
||||
|
||||
=>
|
||||
State (rA,[Agent (A),Step 2,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),Nonce (NA),SymKey (K),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),scrypt(SymKey (K),f(Nonce (NA))),(SID sid)])
|
||||
|
||||
step rule_18:
|
||||
State (rA,[Agent (A),Step 1,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),Nonce (NA),SymKey (K),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),(SID sid)]);
|
||||
iknows(SymKey (K));
|
||||
iknows(f(Nonce (NA)))
|
||||
|
||||
=>
|
||||
State (rA,[Agent (A),Step 2,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),Nonce (NA),SymKey (K),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),scrypt(SymKey (K),f(Nonce (NA))),(SID sid)])
|
||||
|
||||
step rule_19:
|
||||
State (rA,[Agent (A),Step 1,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),Nonce (NA),SymKey (K),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),(SID sid)]);
|
||||
iknows(SymKey (K));
|
||||
iknows(Nonce (NA))
|
||||
|
||||
=>
|
||||
State (rA,[Agent (A),Step 2,inv(pk(Agent (A))),pk(Agent (B)),pk(Agent (A)),Agent (B),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B))),pair(Agent (B),crypt(pk(Agent (A)),pair(Nonce (NB),Agent (B)))),Nonce (NA),SymKey (K),crypt(pk(Agent (B)),pair(f(Nonce (NB)),pair(Nonce (NA),pair(Agent (A),SymKey (K))))),scrypt(SymKey (K),f(Nonce (NA))),(SID sid)])
|
||||
|
||||
|
||||
section initial state:
|
||||
init_0: iknows(Nonce (ni));
|
||||
init_1: iknows(Agent (dishonest i));
|
||||
init_2: State (rA,[Agent (honest a),Step 0,inv(pk(Agent (honest a))),pk(Agent (dishonest i)),pk(Agent (honest a)),Agent (dishonest i),(SID sid)]);
|
||||
init_3: State (rA,[Agent (honest a),Step 0,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),(SID sid)]);
|
||||
init_4: iknows(Step 0);
|
||||
init_5: iknows(inv(pk(Agent (dishonest i))));
|
||||
init_6: iknows(pk(Agent (dishonest i)));
|
||||
init_7: iknows((SID sid));
|
||||
init_8: iknows(pk(Agent (honest a)));
|
||||
init_9: iknows(Agent (honest a));
|
||||
init_10: State (rB,[Agent (honest a),Step 0,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (dishonest i)),Agent (dishonest i),(SID sid)]);
|
||||
init_11: State (rB,[Agent (honest a),Step 0,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),(SID sid)]);
|
||||
|
||||
section fixedpoint:
|
||||
fp_0: iknows(pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)))));
|
||||
fp_1: iknows(pair(Agent (honest a),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))));
|
||||
fp_2: State (rB,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (dishonest i)),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))),(SID sid)]);
|
||||
fp_3: State (rB,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)))),(SID sid)]);
|
||||
fp_4: secret(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i));
|
||||
fp_5: witness(Agent (honest a),Agent (dishonest i),Purpose (purposeK),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
fp_6: State (rA,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (dishonest i)),pk(Agent (honest a)),Agent (dishonest i),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (dishonest i))),pair(Agent (dishonest i),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]);
|
||||
fp_7: secret(SymKey (absK(pair(Agent (honest a),Agent (honest a)))),Agent (honest a));
|
||||
fp_8: witness(Agent (honest a),Agent (honest a),Purpose (purposeK),SymKey (absK(pair(Agent (honest a),Agent (honest a)))));
|
||||
fp_9: State (rA,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (honest a))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]);
|
||||
fp_10: iknows(crypt(pk(Agent (honest a)),pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))));
|
||||
fp_11: iknows(crypt(pk(Agent (dishonest i)),pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))));
|
||||
fp_12: iknows(crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))));
|
||||
fp_13: iknows(crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))));
|
||||
fp_14: iknows(pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)))));
|
||||
fp_15: iknows(pair(Agent (honest a),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))));
|
||||
fp_16: iknows(pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)));
|
||||
fp_17: iknows(pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_18: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_19: iknows(pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))))));
|
||||
fp_20: State (rA,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (honest a))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]);
|
||||
fp_21: iknows(crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (honest a))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))));
|
||||
fp_22: iknows(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
fp_23: iknows(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
fp_24: iknows(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
fp_25: iknows(f(Nonce (ni)));
|
||||
fp_26: iknows(pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)))));
|
||||
fp_27: iknows(pair(Agent (honest a),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))));
|
||||
fp_28: iknows(pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)));
|
||||
fp_29: iknows(pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_30: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_31: iknows(pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))))));
|
||||
fp_32: State (rA,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (dishonest i)),pk(Agent (honest a)),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i))),pair(Agent (dishonest i),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]);
|
||||
fp_33: State (rA,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (dishonest i)),pk(Agent (honest a)),Agent (dishonest i),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i))),pair(Agent (dishonest i),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]);
|
||||
fp_34: State (rA,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]);
|
||||
fp_35: State (rA,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]);
|
||||
fp_36: request(Agent (honest a),Agent (honest a),Purpose (purposeK),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),(SID sid));
|
||||
fp_37: State (rB,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),f(Nonce (absNB(pair(Agent (honest a),Agent (honest a))))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (honest a))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (honest a)))),f(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))),(SID sid)]);
|
||||
fp_38: request(Agent (honest a),Agent (dishonest i),Purpose (purposeK),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),(SID sid));
|
||||
fp_39: State (rB,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (dishonest i)),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))))),(SID sid)]);
|
||||
fp_40: State (rB,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (dishonest i)),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))),(SID sid)]);
|
||||
fp_41: State (rB,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (dishonest i)),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),Nonce (ni),f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (ni),pair(Agent (dishonest i),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (ni))),(SID sid)]);
|
||||
fp_42: State (rA,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (dishonest i)),pk(Agent (honest a)),Agent (dishonest i),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (dishonest i))),pair(Agent (dishonest i),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))),(SID sid)]);
|
||||
fp_43: iknows(scrypt(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (ni))));
|
||||
fp_44: iknows(scrypt(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_45: iknows(scrypt(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_46: iknows(scrypt(SymKey (absK(pair(Agent (honest a),Agent (honest a)))),f(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))));
|
||||
fp_47: iknows(crypt(pk(Agent (honest a)),pair(f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))));
|
||||
fp_48: iknows(crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))));
|
||||
fp_49: iknows(crypt(pk(Agent (dishonest i)),pair(f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))));
|
||||
fp_50: iknows(crypt(pk(Agent (dishonest i)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))));
|
||||
fp_51: iknows(pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)))));
|
||||
fp_52: iknows(pair(Agent (honest a),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))));
|
||||
fp_53: iknows(pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)));
|
||||
fp_54: iknows(pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_55: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_56: iknows(pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))))));
|
||||
fp_57: iknows(pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))))));
|
||||
fp_58: iknows(pair(f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))))));
|
||||
fp_59: State (rA,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (dishonest i)),pk(Agent (honest a)),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i))),pair(Agent (dishonest i),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))),(SID sid)]);
|
||||
fp_60: State (rA,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (dishonest i)),pk(Agent (honest a)),Agent (dishonest i),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i))),pair(Agent (dishonest i),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))),f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))),(SID sid)]);
|
||||
fp_61: State (rA,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (honest a)))),f(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))),(SID sid)]);
|
||||
fp_62: State (rA,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (honest a)))),f(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))),(SID sid)]);
|
||||
fp_63: State (rA,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(f(Nonce (absNB(pair(Agent (honest a),Agent (honest a))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (honest a)))),f(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))),(SID sid)]);
|
||||
fp_64: State (rA,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),pk(Agent (honest a)),pk(Agent (honest a)),Agent (honest a),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (honest a))),pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),SymKey (absK(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (honest a)))))))),scrypt(SymKey (absK(pair(Agent (honest a),Agent (honest a)))),f(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))),(SID sid)]);
|
||||
fp_65: iknows(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_66: iknows(f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_67: iknows(pair(Agent (honest a),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a)))));
|
||||
fp_68: iknows(pair(Agent (honest a),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)))));
|
||||
fp_69: iknows(pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)));
|
||||
fp_70: iknows(pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_71: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_72: iknows(pair(f(Nonce (ni)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))))));
|
||||
fp_73: iknows(pair(f(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))))));
|
||||
fp_74: iknows(pair(f(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absK(pair(Agent (honest a),Agent (dishonest i))))))));
|
||||
|
||||
section abstraction:
|
||||
NB->Nonce (absNB(pair(B,A)));
|
||||
NA->Nonce (absNA(pair(A,B)));
|
||||
K->SymKey (absK(pair(A,B)))
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
Protocol: DenningSacco
|
||||
|
||||
Types: Agent A,B,s;
|
||||
Number T,timestamp,Payload;
|
||||
Symmetric_key KAB;
|
||||
Function sk
|
||||
|
||||
Knowledge: A: A,B,sk(A,s),timestamp;
|
||||
B: B,A,sk(B,s),timestamp;
|
||||
s: A,B,sk(A,s),sk(B,s)
|
||||
|
||||
Actions:
|
||||
A->s: A,B
|
||||
s->A: {|B,KAB,T,{|A,KAB,T|}sk(B,s)|}sk(A,s)
|
||||
A->B: {|A,KAB,T|}sk(B,s)
|
||||
B->A: {|Payload|}KAB
|
||||
|
||||
Goals:
|
||||
B *->* A: Payload
|
||||
|
||||
Abstraction:
|
||||
T -> timestamp;
|
||||
Payload -> payload(B,A);
|
||||
KAB -> sk(A,B)
|
|
@ -0,0 +1,213 @@
|
|||
Backend: Open-Source Fixedpoint Model-Checker version 2009c
|
||||
Protocol: DenningSacco
|
||||
Types:
|
||||
[(Purpose,["purposePayload"]),(Agent False False,["A","B","s"]),(Number,["T","timestamp","Payload"]),(SymmetricKey,["KAB"]),(Function,["sk"])]
|
||||
section rules:
|
||||
step rule_0:
|
||||
iknows(crypt(K,M));
|
||||
iknows(inv(K))
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_1:
|
||||
iknows(crypt(inv(K),M));
|
||||
iknows(K)
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_2:
|
||||
iknows(scrypt(K,M));
|
||||
iknows(K)
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_3:
|
||||
iknows(pair(M1,M2))
|
||||
|
||||
=>
|
||||
iknows(M1);
|
||||
iknows(M2)
|
||||
|
||||
step rule_4:
|
||||
secret(M,Agent (honest a));
|
||||
iknows(M)
|
||||
|
||||
=>
|
||||
attack(pair(secrecy,M))
|
||||
|
||||
step rule_5:
|
||||
request(A,B,Purpose (purposePayload),M,(SID sid))
|
||||
| B/=Agent (dishonest i);
|
||||
M/=Nonce (payload(pair(B,A)))
|
||||
=>
|
||||
attack(pair(authentication,pair(A,pair(B,M))))
|
||||
|
||||
step rule_6:
|
||||
request(A,B,Purpose (purposeKAB),M,(SID sid))
|
||||
| B/=Agent (dishonest i);
|
||||
M/=SymKey (sk(pair(B,A)))
|
||||
=>
|
||||
attack(pair(authentication,pair(A,pair(B,M))))
|
||||
|
||||
step rule_7:
|
||||
State (rA,[Agent (A),Step 0,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),(SID sid)])
|
||||
|
||||
=>
|
||||
State (rA,[Agent (A),Step 1,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),pair(Agent (A),Agent (B)),(SID sid)]);
|
||||
iknows(pair(Agent (A),Agent (B)))
|
||||
|
||||
step rule_8:
|
||||
State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (B),Agent (honest a)))),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),Agent (A),(SID sid)]);
|
||||
iknows(Agent (A));
|
||||
iknows(Agent (B))
|
||||
|
||||
=>
|
||||
State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (B),Agent (honest a)))),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),Agent (A),pair(Agent (A),Agent (B)),SymKey (sk(pair(Agent (A),Agent (B)))),Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Agent (B),pair(SymKey (sk(pair(Agent (A),Agent (B)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Agent (A),pair(SymKey (sk(pair(Agent (A),Agent (B)))),Nonce (timestamp)))))))),(SID sid)]);
|
||||
iknows(scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Agent (B),pair(SymKey (sk(pair(Agent (A),Agent (B)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Agent (A),pair(SymKey (sk(pair(Agent (A),Agent (B)))),Nonce (timestamp)))))))))
|
||||
|
||||
step rule_9:
|
||||
State (rA,[Agent (A),Step 1,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),pair(Agent (A),Agent (B)),(SID sid)]);
|
||||
iknows(scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Agent (B),pair(SymKey (KAB),pair(Nonce (T),Agent (dishonest i))))))
|
||||
|
||||
=>
|
||||
State (rA,[Agent (A),Step 2,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),pair(Agent (A),Agent (B)),Agent (dishonest i),Nonce (T),SymKey (KAB),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Agent (B),pair(SymKey (KAB),pair(Nonce (T),Agent (dishonest i))))),(SID sid)]);
|
||||
iknows(Agent (dishonest i))
|
||||
|
||||
step rule_10:
|
||||
State (rA,[Agent (A),Step 1,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),pair(Agent (A),Agent (B)),(SID sid)]);
|
||||
iknows(SymKey (sk(pair(Agent (A),Agent (honest a)))));
|
||||
iknows(Agent (B));
|
||||
iknows(SymKey (KAB));
|
||||
iknows(Nonce (T));
|
||||
iknows(Agent (dishonest i))
|
||||
|
||||
=>
|
||||
State (rA,[Agent (A),Step 2,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),pair(Agent (A),Agent (B)),Agent (dishonest i),Nonce (T),SymKey (KAB),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Agent (B),pair(SymKey (KAB),pair(Nonce (T),Agent (dishonest i))))),(SID sid)]);
|
||||
iknows(Agent (dishonest i))
|
||||
|
||||
step rule_11:
|
||||
State (rB,[Agent (B),Step 0,Nonce (timestamp),SymKey (sk(pair(Agent (B),Agent (honest a)))),Agent (A),(SID sid)]);
|
||||
iknows(scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Agent (A),pair(SymKey (KAB),Nonce (T)))))
|
||||
|
||||
=>
|
||||
secret(Nonce (payload(pair(Agent (B),Agent (A)))),Agent (A));
|
||||
witness(Agent (B),Agent (A),Purpose (purposePayload),Nonce (payload(pair(Agent (B),Agent (A)))));
|
||||
State (rB,[Agent (B),Step 1,Nonce (timestamp),SymKey (sk(pair(Agent (B),Agent (honest a)))),Agent (A),Nonce (T),SymKey (KAB),scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Agent (A),pair(SymKey (KAB),Nonce (T)))),Nonce (payload(pair(Agent (B),Agent (A)))),scrypt(SymKey (KAB),Nonce (payload(pair(Agent (B),Agent (A))))),(SID sid)]);
|
||||
iknows(scrypt(SymKey (KAB),Nonce (payload(pair(Agent (B),Agent (A))))))
|
||||
|
||||
step rule_12:
|
||||
State (rB,[Agent (B),Step 0,Nonce (timestamp),SymKey (sk(pair(Agent (B),Agent (honest a)))),Agent (A),(SID sid)]);
|
||||
iknows(SymKey (sk(pair(Agent (B),Agent (honest a)))));
|
||||
iknows(Agent (A));
|
||||
iknows(SymKey (KAB));
|
||||
iknows(Nonce (T))
|
||||
|
||||
=>
|
||||
secret(Nonce (payload(pair(Agent (B),Agent (A)))),Agent (A));
|
||||
witness(Agent (B),Agent (A),Purpose (purposePayload),Nonce (payload(pair(Agent (B),Agent (A)))));
|
||||
State (rB,[Agent (B),Step 1,Nonce (timestamp),SymKey (sk(pair(Agent (B),Agent (honest a)))),Agent (A),Nonce (T),SymKey (KAB),scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Agent (A),pair(SymKey (KAB),Nonce (T)))),Nonce (payload(pair(Agent (B),Agent (A)))),scrypt(SymKey (KAB),Nonce (payload(pair(Agent (B),Agent (A))))),(SID sid)]);
|
||||
iknows(scrypt(SymKey (KAB),Nonce (payload(pair(Agent (B),Agent (A))))))
|
||||
|
||||
step rule_13:
|
||||
State (rA,[Agent (A),Step 2,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),pair(Agent (A),Agent (B)),Agent (dishonest i),Nonce (T),SymKey (KAB),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Agent (B),pair(SymKey (KAB),pair(Nonce (T),Agent (dishonest i))))),(SID sid)]);
|
||||
iknows(scrypt(SymKey (KAB),Nonce (Payload)))
|
||||
|
||||
=>
|
||||
request(Agent (A),Agent (B),Purpose (purposePayload),Nonce (Payload),(SID sid));
|
||||
State (rA,[Agent (A),Step 3,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),pair(Agent (A),Agent (B)),Agent (dishonest i),Nonce (T),SymKey (KAB),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Agent (B),pair(SymKey (KAB),pair(Nonce (T),Agent (dishonest i))))),Nonce (Payload),scrypt(SymKey (KAB),Nonce (Payload)),(SID sid)])
|
||||
|
||||
step rule_14:
|
||||
State (rA,[Agent (A),Step 2,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),pair(Agent (A),Agent (B)),Agent (dishonest i),Nonce (T),SymKey (KAB),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Agent (B),pair(SymKey (KAB),pair(Nonce (T),Agent (dishonest i))))),(SID sid)]);
|
||||
iknows(SymKey (KAB));
|
||||
iknows(Nonce (Payload))
|
||||
|
||||
=>
|
||||
request(Agent (A),Agent (B),Purpose (purposePayload),Nonce (Payload),(SID sid));
|
||||
State (rA,[Agent (A),Step 3,Nonce (timestamp),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),pair(Agent (A),Agent (B)),Agent (dishonest i),Nonce (T),SymKey (KAB),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Agent (B),pair(SymKey (KAB),pair(Nonce (T),Agent (dishonest i))))),Nonce (Payload),scrypt(SymKey (KAB),Nonce (Payload)),(SID sid)])
|
||||
|
||||
|
||||
section initial state:
|
||||
init_0: iknows(Nonce (ni));
|
||||
init_1: iknows(Agent (dishonest i));
|
||||
init_2: State (rA,[Agent (honest a),Step 0,Nonce (timestamp),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),(SID sid)]);
|
||||
init_3: State (rA,[Agent (honest a),Step 0,Nonce (timestamp),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),(SID sid)]);
|
||||
init_4: iknows(Step 0);
|
||||
init_5: iknows(Nonce (timestamp));
|
||||
init_6: iknows(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))));
|
||||
init_7: iknows((SID sid));
|
||||
init_8: iknows(Agent (honest a));
|
||||
init_9: State (rB,[Agent (honest a),Step 0,Nonce (timestamp),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),(SID sid)]);
|
||||
init_10: State (rB,[Agent (honest a),Step 0,Nonce (timestamp),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),(SID sid)]);
|
||||
init_11: State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Agent (dishonest i),(SID sid)]);
|
||||
init_12: State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),Agent (honest a),(SID sid)]);
|
||||
init_13: State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (honest a),Agent (dishonest i),(SID sid)]);
|
||||
init_14: State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Agent (honest a),(SID sid)]);
|
||||
|
||||
section fixedpoint:
|
||||
fp_0: iknows(pair(Agent (honest a),Agent (honest a)));
|
||||
fp_1: iknows(pair(Agent (honest a),Agent (dishonest i)));
|
||||
fp_2: State (rA,[Agent (honest a),Step 1,Nonce (timestamp),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),pair(Agent (honest a),Agent (dishonest i)),(SID sid)]);
|
||||
fp_3: State (rA,[Agent (honest a),Step 1,Nonce (timestamp),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),pair(Agent (honest a),Agent (honest a)),(SID sid)]);
|
||||
fp_4: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Agent (dishonest i),pair(Agent (dishonest i),Agent (dishonest i)),SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))))))),(SID sid)]);
|
||||
fp_5: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),Agent (honest a),pair(Agent (honest a),Agent (dishonest i)),SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),pair(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),Nonce (timestamp)))))))),(SID sid)]);
|
||||
fp_6: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (honest a),Agent (dishonest i),pair(Agent (dishonest i),Agent (honest a)),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp)))))))),(SID sid)]);
|
||||
fp_7: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Agent (honest a),pair(Agent (honest a),Agent (honest a)),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),pair(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),pair(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Nonce (timestamp)))))))),(SID sid)]);
|
||||
fp_8: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),pair(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),pair(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Nonce (timestamp)))))))));
|
||||
fp_9: iknows(scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp)))))))));
|
||||
fp_10: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),pair(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),Nonce (timestamp)))))))));
|
||||
fp_11: iknows(scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))))))));
|
||||
fp_12: iknows(pair(Agent (honest a),Agent (honest a)));
|
||||
fp_13: iknows(pair(Agent (honest a),Agent (dishonest i)));
|
||||
fp_14: iknows(pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))))));
|
||||
fp_15: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))))));
|
||||
fp_16: iknows(pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))))))));
|
||||
fp_17: iknows(pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp))))));
|
||||
fp_18: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp)))))));
|
||||
fp_19: iknows(pair(Agent (honest a),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp))))))));
|
||||
fp_20: iknows(scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))));
|
||||
fp_21: iknows(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))));
|
||||
fp_22: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp)))));
|
||||
fp_23: iknows(pair(Agent (honest a),Agent (honest a)));
|
||||
fp_24: iknows(pair(Agent (honest a),Agent (dishonest i)));
|
||||
fp_25: iknows(pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))))));
|
||||
fp_26: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))))));
|
||||
fp_27: iknows(pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))))))));
|
||||
fp_28: iknows(pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp))))));
|
||||
fp_29: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp)))))));
|
||||
fp_30: iknows(pair(Agent (honest a),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp))))))));
|
||||
fp_31: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)));
|
||||
fp_32: iknows(pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))));
|
||||
fp_33: secret(Nonce (payload(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i));
|
||||
fp_34: witness(Agent (honest a),Agent (dishonest i),Purpose (purposePayload),Nonce (payload(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
fp_35: State (rB,[Agent (honest a),Step 1,Nonce (timestamp),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),Nonce (timestamp),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp)))),Nonce (payload(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (payload(pair(Agent (honest a),Agent (dishonest i))))),(SID sid)]);
|
||||
fp_36: iknows(scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (payload(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_37: iknows(pair(Agent (honest a),Agent (honest a)));
|
||||
fp_38: iknows(pair(Agent (honest a),Agent (dishonest i)));
|
||||
fp_39: iknows(pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))))));
|
||||
fp_40: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))))));
|
||||
fp_41: iknows(pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))))))));
|
||||
fp_42: iknows(pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp))))));
|
||||
fp_43: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp)))))));
|
||||
fp_44: iknows(pair(Agent (honest a),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp))))))));
|
||||
fp_45: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)));
|
||||
fp_46: iknows(pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))));
|
||||
fp_47: iknows(Nonce (payload(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
fp_48: iknows(pair(Agent (honest a),Agent (honest a)));
|
||||
fp_49: iknows(pair(Agent (honest a),Agent (dishonest i)));
|
||||
fp_50: iknows(pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))))));
|
||||
fp_51: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)))))));
|
||||
fp_52: iknows(pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))))))));
|
||||
fp_53: iknows(pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp))))));
|
||||
fp_54: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp)))))));
|
||||
fp_55: iknows(pair(Agent (honest a),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (timestamp),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (timestamp))))))));
|
||||
fp_56: iknows(pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp)));
|
||||
fp_57: iknows(pair(Agent (dishonest i),pair(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))),Nonce (timestamp))));
|
||||
|
||||
section abstraction:
|
||||
T->timestamp;
|
||||
Payload->Nonce (payload(pair(B,A)));
|
||||
KAB->SymKey (sk(pair(A,B)))
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
Protocol: ISO_onepass_pk
|
||||
|
||||
# should be fine (replay is not considered here!)
|
||||
|
||||
Types: Agent A,B,s;
|
||||
Number NA,Text1;
|
||||
Function pk
|
||||
|
||||
Knowledge: A: A,B,{A,pk(A)}inv(pk(s)),pk(A),inv(pk(A));
|
||||
B: B,pk(s)
|
||||
|
||||
Actions:
|
||||
A->B: {A,pk(A)}inv(pk(s)),
|
||||
{NA,B,Text1}inv(pk(A))
|
||||
|
||||
Goals:
|
||||
A *-> B: Text1
|
||||
|
|
@ -0,0 +1,222 @@
|
|||
Backend: Open-Source Fixedpoint Model-Checker version 2009c
|
||||
Protocol: ISO_onepass_pk
|
||||
Types:
|
||||
[(Purpose,["purposeText1"]),(Agent False False,["A","B","s"]),(Number,["NA","Text1"]),(Function,["pk"])]
|
||||
section rules:
|
||||
step rule_0:
|
||||
iknows(crypt(K,M));
|
||||
iknows(inv(K))
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_1:
|
||||
iknows(crypt(inv(K),M));
|
||||
iknows(K)
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_2:
|
||||
iknows(scrypt(K,M));
|
||||
iknows(K)
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_3:
|
||||
iknows(pair(M1,M2))
|
||||
|
||||
=>
|
||||
iknows(M1);
|
||||
iknows(M2)
|
||||
|
||||
step rule_4:
|
||||
secret(M,Agent (honest a));
|
||||
iknows(M)
|
||||
|
||||
=>
|
||||
attack(pair(secrecy,M))
|
||||
|
||||
step rule_5:
|
||||
request(A,B,Purpose (purposeNA),M,(SID sid))
|
||||
| B/=Agent (dishonest i);
|
||||
M/=Nonce (absNA(pair(B,A)))
|
||||
=>
|
||||
attack(pair(authentication,pair(A,pair(B,M))))
|
||||
|
||||
step rule_6:
|
||||
request(A,B,Purpose (purposeText1),M,(SID sid))
|
||||
| B/=Agent (dishonest i);
|
||||
M/=Nonce (absText1(pair(B,A)))
|
||||
=>
|
||||
attack(pair(authentication,pair(A,pair(B,M))))
|
||||
|
||||
step rule_7:
|
||||
State (rA,[Agent (A),Step 0,inv(pk(Agent (A))),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Agent (B),(SID sid)])
|
||||
|
||||
=>
|
||||
witness(Agent (A),Agent (B),Purpose (purposeText1),Nonce (absText1(pair(Agent (A),Agent (B)))));
|
||||
State (rA,[Agent (A),Step 1,inv(pk(Agent (A))),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Agent (B),Nonce (absNA(pair(Agent (A),Agent (B)))),Nonce (absText1(pair(Agent (A),Agent (B)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),crypt(inv(pk(Agent (A))),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Agent (B),Nonce (absText1(pair(Agent (A),Agent (B)))))))),(SID sid)]);
|
||||
iknows(pair(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),crypt(inv(pk(Agent (A))),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Agent (B),Nonce (absText1(pair(Agent (A),Agent (B)))))))))
|
||||
|
||||
step rule_8:
|
||||
State (rB,[Agent (B),Step 0,pk(Agent (honest a)),(SID sid)]);
|
||||
iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))));
|
||||
iknows(crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1)))))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeText1),Nonce (Text1),(SID sid));
|
||||
State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Nonce (Text1),Nonce (NA),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1)))),pk(Agent (A)),Agent (A),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1))))),(SID sid)])
|
||||
|
||||
step rule_9:
|
||||
State (rB,[Agent (B),Step 0,pk(Agent (honest a)),(SID sid)]);
|
||||
iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))));
|
||||
iknows(inv(pk(Agent (A))));
|
||||
iknows(Nonce (NA));
|
||||
iknows(Agent (B));
|
||||
iknows(Nonce (Text1))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeText1),Nonce (Text1),(SID sid));
|
||||
State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Nonce (Text1),Nonce (NA),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1)))),pk(Agent (A)),Agent (A),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1))))),(SID sid)])
|
||||
|
||||
step rule_10:
|
||||
State (rB,[Agent (B),Step 0,pk(Agent (honest a)),(SID sid)]);
|
||||
iknows(inv(pk(Agent (honest a))));
|
||||
iknows(Agent (A));
|
||||
iknows(pk(Agent (A)));
|
||||
iknows(crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1)))))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeText1),Nonce (Text1),(SID sid));
|
||||
State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Nonce (Text1),Nonce (NA),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1)))),pk(Agent (A)),Agent (A),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1))))),(SID sid)])
|
||||
|
||||
step rule_11:
|
||||
State (rB,[Agent (B),Step 0,pk(Agent (honest a)),(SID sid)]);
|
||||
iknows(inv(pk(Agent (honest a))));
|
||||
iknows(Agent (A));
|
||||
iknows(pk(Agent (A)));
|
||||
iknows(inv(pk(Agent (A))));
|
||||
iknows(Nonce (NA));
|
||||
iknows(Agent (B));
|
||||
iknows(Nonce (Text1))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeText1),Nonce (Text1),(SID sid));
|
||||
State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Nonce (Text1),Nonce (NA),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1)))),pk(Agent (A)),Agent (A),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1))))),(SID sid)])
|
||||
|
||||
step rule_12:
|
||||
State (rB,[Agent (B),Step 0,pk(Agent (honest a)),(SID sid)]);
|
||||
iknows(inv(pk(Agent (honest a))));
|
||||
iknows(Agent (A));
|
||||
iknows(crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1)))))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeText1),Nonce (Text1),(SID sid));
|
||||
State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Nonce (Text1),Nonce (NA),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1)))),pk(Agent (A)),Agent (A),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1))))),(SID sid)])
|
||||
|
||||
step rule_13:
|
||||
State (rB,[Agent (B),Step 0,pk(Agent (honest a)),(SID sid)]);
|
||||
iknows(inv(pk(Agent (honest a))));
|
||||
iknows(Agent (A));
|
||||
iknows(inv(pk(Agent (A))));
|
||||
iknows(Nonce (NA));
|
||||
iknows(Agent (B));
|
||||
iknows(Nonce (Text1))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeText1),Nonce (Text1),(SID sid));
|
||||
State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Nonce (Text1),Nonce (NA),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1)))),pk(Agent (A)),Agent (A),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),crypt(inv(pk(Agent (A))),pair(Nonce (NA),pair(Agent (B),Nonce (Text1))))),(SID sid)])
|
||||
|
||||
|
||||
section initial state:
|
||||
init_0: iknows(Nonce (ni));
|
||||
init_1: iknows(Agent (dishonest i));
|
||||
init_2: State (rA,[Agent (honest a),Step 0,inv(pk(Agent (honest a))),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Agent (dishonest i),(SID sid)]);
|
||||
init_3: State (rA,[Agent (honest a),Step 0,inv(pk(Agent (honest a))),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Agent (honest a),(SID sid)]);
|
||||
init_4: iknows(Step 0);
|
||||
init_5: iknows(inv(pk(Agent (dishonest i))));
|
||||
init_6: iknows(pk(Agent (dishonest i)));
|
||||
init_7: iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))));
|
||||
init_8: iknows((SID sid));
|
||||
init_9: iknows(Agent (honest a));
|
||||
init_10: State (rB,[Agent (honest a),Step 0,pk(Agent (honest a)),(SID sid)]);
|
||||
init_11: iknows(pk(Agent (honest a)));
|
||||
|
||||
section fixedpoint:
|
||||
fp_0: iknows(pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))));
|
||||
fp_1: iknows(pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))))));
|
||||
fp_2: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i))));
|
||||
fp_3: witness(Agent (honest a),Agent (dishonest i),Purpose (purposeText1),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
fp_4: State (rA,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Agent (dishonest i),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]);
|
||||
fp_5: witness(Agent (honest a),Agent (honest a),Purpose (purposeText1),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))));
|
||||
fp_6: State (rA,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]);
|
||||
fp_7: request(Agent (honest a),Agent (dishonest i),Purpose (purposeText1),Nonce (ni),(SID sid));
|
||||
fp_8: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (ni),Nonce (ni),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (ni)))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (ni))))),(SID sid)]);
|
||||
fp_9: iknows(crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))));
|
||||
fp_10: iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))));
|
||||
fp_11: iknows(crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))))));
|
||||
fp_12: iknows(pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))));
|
||||
fp_13: iknows(pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))))));
|
||||
fp_14: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i))));
|
||||
fp_15: iknows(pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_16: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_17: iknows(pair(Agent (honest a),pk(Agent (honest a))));
|
||||
fp_18: iknows(pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))));
|
||||
fp_19: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))));
|
||||
fp_20: request(Agent (honest a),Agent (honest a),Purpose (purposeText1),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),(SID sid));
|
||||
fp_21: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (honest a)),Agent (honest a),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]);
|
||||
fp_22: iknows(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
fp_23: iknows(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
fp_24: iknows(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))));
|
||||
fp_25: iknows(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))));
|
||||
fp_26: iknows(pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))));
|
||||
fp_27: iknows(pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))))));
|
||||
fp_28: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i))));
|
||||
fp_29: iknows(pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_30: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_31: iknows(pair(Agent (honest a),pk(Agent (honest a))));
|
||||
fp_32: iknows(pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))));
|
||||
fp_33: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))));
|
||||
fp_34: request(Agent (honest a),Agent (dishonest i),Purpose (purposeText1),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),(SID sid));
|
||||
fp_35: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]);
|
||||
fp_36: request(Agent (honest a),Agent (dishonest i),Purpose (purposeText1),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),(SID sid));
|
||||
fp_37: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]);
|
||||
fp_38: request(Agent (honest a),Agent (dishonest i),Purpose (purposeText1),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),(SID sid));
|
||||
fp_39: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]);
|
||||
fp_40: request(Agent (honest a),Agent (dishonest i),Purpose (purposeText1),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),(SID sid));
|
||||
fp_41: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]);
|
||||
fp_42: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (ni),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (ni)))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (ni))))),(SID sid)]);
|
||||
fp_43: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]);
|
||||
fp_44: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]);
|
||||
fp_45: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]);
|
||||
fp_46: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]);
|
||||
fp_47: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (ni),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (ni)))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (ni))))),(SID sid)]);
|
||||
fp_48: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]);
|
||||
fp_49: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]);
|
||||
fp_50: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]);
|
||||
fp_51: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]);
|
||||
fp_52: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (ni),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (ni)))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (ni))))),(SID sid)]);
|
||||
fp_53: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]);
|
||||
fp_54: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]);
|
||||
fp_55: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]);
|
||||
fp_56: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]);
|
||||
fp_57: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (ni),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (ni)))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (ni))))),(SID sid)]);
|
||||
fp_58: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))),Nonce (ni),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]);
|
||||
fp_59: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Nonce (ni),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]);
|
||||
fp_60: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))),Nonce (ni),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]);
|
||||
fp_61: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Nonce (ni),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a))))))),pk(Agent (dishonest i)),Agent (dishonest i),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),crypt(inv(pk(Agent (dishonest i))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]);
|
||||
fp_62: iknows(pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))))));
|
||||
fp_63: iknows(pair(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),crypt(inv(pk(Agent (honest a))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))))));
|
||||
fp_64: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i))));
|
||||
fp_65: iknows(pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_66: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText1(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_67: iknows(pair(Agent (honest a),pk(Agent (honest a))));
|
||||
fp_68: iknows(pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a))))));
|
||||
fp_69: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText1(pair(Agent (honest a),Agent (honest a)))))));
|
||||
|
||||
section abstraction:
|
||||
NA->Nonce (absNA(pair(A,B)));
|
||||
Text1->Nonce (absText1(pair(A,B)))
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
Protocol: ISO_twopass_symm # Verified & Certified
|
||||
|
||||
Types: Agent A,B;
|
||||
Number NB,Text1,Text2,Text3;
|
||||
Function sk
|
||||
|
||||
Knowledge: A: A,B,sk(A,B);
|
||||
B: B,A,sk(A,B)
|
||||
|
||||
Actions:
|
||||
B->A: NB
|
||||
A->B: {|NB,B,Text2|}sk(A,B)
|
||||
|
||||
Goals:
|
||||
A *-> B: Text2
|
|
@ -0,0 +1,154 @@
|
|||
Backend: Open-Source Fixedpoint Model-Checker version 2009c
|
||||
Protocol: ISO_twopass_symm
|
||||
Types:
|
||||
[(Purpose,["purposeText2"]),(Agent False False,["A","B"]),(Number,["NB","Text1","Text2","Text3"]),(Function,["sk"])]
|
||||
section rules:
|
||||
step rule_0:
|
||||
iknows(crypt(K,M));
|
||||
iknows(inv(K))
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_1:
|
||||
iknows(crypt(inv(K),M));
|
||||
iknows(K)
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_2:
|
||||
iknows(scrypt(K,M));
|
||||
iknows(K)
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_3:
|
||||
iknows(pair(M1,M2))
|
||||
|
||||
=>
|
||||
iknows(M1);
|
||||
iknows(M2)
|
||||
|
||||
step rule_4:
|
||||
secret(M,Agent (honest a));
|
||||
iknows(M)
|
||||
|
||||
=>
|
||||
attack(pair(secrecy,M))
|
||||
|
||||
step rule_5:
|
||||
request(A,B,Purpose (purposeNB),M,(SID sid))
|
||||
| B/=Agent (dishonest i);
|
||||
M/=Nonce (absNB(pair(B,A)))
|
||||
=>
|
||||
attack(pair(authentication,pair(A,pair(B,M))))
|
||||
|
||||
step rule_6:
|
||||
request(A,B,Purpose (purposeText2),M,(SID sid))
|
||||
| B/=Agent (dishonest i);
|
||||
M/=Nonce (absText2(pair(B,A)))
|
||||
=>
|
||||
attack(pair(authentication,pair(A,pair(B,M))))
|
||||
|
||||
step rule_7:
|
||||
State (rB,[Agent (B),Step 0,SymKey (sk(pair(Agent (A),Agent (B)))),Agent (A),(SID sid)])
|
||||
|
||||
=>
|
||||
State (rB,[Agent (B),Step 1,SymKey (sk(pair(Agent (A),Agent (B)))),Agent (A),Nonce (absNB(pair(Agent (B),Agent (A)))),(SID sid)]);
|
||||
iknows(Nonce (absNB(pair(Agent (B),Agent (A)))))
|
||||
|
||||
step rule_8:
|
||||
State (rA,[Agent (A),Step 0,SymKey (sk(pair(Agent (A),Agent (B)))),Agent (B),(SID sid)]);
|
||||
iknows(Nonce (NB))
|
||||
|
||||
=>
|
||||
witness(Agent (A),Agent (B),Purpose (purposeText2),Nonce (absText2(pair(Agent (A),Agent (B)))));
|
||||
State (rA,[Agent (A),Step 1,SymKey (sk(pair(Agent (A),Agent (B)))),Agent (B),Nonce (NB),Nonce (absText2(pair(Agent (A),Agent (B)))),scrypt(SymKey (sk(pair(Agent (A),Agent (B)))),pair(Nonce (NB),pair(Agent (B),Nonce (absText2(pair(Agent (A),Agent (B))))))),(SID sid)]);
|
||||
iknows(scrypt(SymKey (sk(pair(Agent (A),Agent (B)))),pair(Nonce (NB),pair(Agent (B),Nonce (absText2(pair(Agent (A),Agent (B))))))))
|
||||
|
||||
step rule_9:
|
||||
State (rB,[Agent (B),Step 1,SymKey (sk(pair(Agent (A),Agent (B)))),Agent (A),Nonce (NB),(SID sid)]);
|
||||
iknows(scrypt(SymKey (sk(pair(Agent (A),Agent (B)))),pair(Nonce (NB),pair(Agent (B),Nonce (Text2)))))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeText2),Nonce (Text2),(SID sid));
|
||||
State (rB,[Agent (B),Step 2,SymKey (sk(pair(Agent (A),Agent (B)))),Agent (A),Nonce (NB),Nonce (Text2),scrypt(SymKey (sk(pair(Agent (A),Agent (B)))),pair(Nonce (NB),pair(Agent (B),Nonce (Text2)))),(SID sid)])
|
||||
|
||||
step rule_10:
|
||||
State (rB,[Agent (B),Step 1,SymKey (sk(pair(Agent (A),Agent (B)))),Agent (A),Nonce (NB),(SID sid)]);
|
||||
iknows(SymKey (sk(pair(Agent (A),Agent (B)))));
|
||||
iknows(Nonce (NB));
|
||||
iknows(Agent (B));
|
||||
iknows(Nonce (Text2))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeText2),Nonce (Text2),(SID sid));
|
||||
State (rB,[Agent (B),Step 2,SymKey (sk(pair(Agent (A),Agent (B)))),Agent (A),Nonce (NB),Nonce (Text2),scrypt(SymKey (sk(pair(Agent (A),Agent (B)))),pair(Nonce (NB),pair(Agent (B),Nonce (Text2)))),(SID sid)])
|
||||
|
||||
|
||||
section initial state:
|
||||
init_0: iknows(Nonce (ni));
|
||||
init_1: iknows(Agent (dishonest i));
|
||||
init_2: State (rA,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i),(SID sid)]);
|
||||
init_3: State (rA,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),(SID sid)]);
|
||||
init_4: iknows(Step 0);
|
||||
init_5: iknows(SymKey (sk(pair(Agent (dishonest i),Agent (dishonest i)))));
|
||||
init_6: iknows((SID sid));
|
||||
init_7: iknows(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))));
|
||||
init_8: iknows(Agent (honest a));
|
||||
init_9: State (rB,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),(SID sid)]);
|
||||
init_10: State (rB,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),(SID sid)]);
|
||||
init_11: iknows(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
|
||||
section fixedpoint:
|
||||
fp_0: State (rB,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),(SID sid)]);
|
||||
fp_1: State (rB,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),(SID sid)]);
|
||||
fp_2: witness(Agent (honest a),Agent (dishonest i),Purpose (purposeText2),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
fp_3: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i),Nonce (ni),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (ni),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]);
|
||||
fp_4: witness(Agent (honest a),Agent (honest a),Purpose (purposeText2),Nonce (absText2(pair(Agent (honest a),Agent (honest a)))));
|
||||
fp_5: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Nonce (ni),Nonce (absText2(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]);
|
||||
fp_6: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (ni),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (honest a))))))));
|
||||
fp_7: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (ni),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))));
|
||||
fp_8: iknows(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
fp_9: iknows(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))));
|
||||
fp_10: iknows(pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_11: iknows(pair(Nonce (ni),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_12: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]);
|
||||
fp_13: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]);
|
||||
fp_14: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText2(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]);
|
||||
fp_15: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Nonce (absText2(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]);
|
||||
fp_16: request(Agent (honest a),Agent (dishonest i),Purpose (purposeText2),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),(SID sid));
|
||||
fp_17: State (rB,[Agent (honest a),Step 2,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]);
|
||||
fp_18: request(Agent (honest a),Agent (dishonest i),Purpose (purposeText2),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),(SID sid));
|
||||
fp_19: State (rB,[Agent (honest a),Step 2,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]);
|
||||
fp_20: request(Agent (honest a),Agent (dishonest i),Purpose (purposeText2),Nonce (ni),(SID sid));
|
||||
fp_21: State (rB,[Agent (honest a),Step 2,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (ni),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (ni)))),(SID sid)]);
|
||||
fp_22: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (honest a))))))));
|
||||
fp_23: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (honest a))))))));
|
||||
fp_24: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))));
|
||||
fp_25: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))));
|
||||
fp_26: iknows(Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
fp_27: iknows(pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_28: iknows(pair(Nonce (ni),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_29: iknows(pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_30: iknows(pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_31: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]);
|
||||
fp_32: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText2(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]);
|
||||
fp_33: request(Agent (honest a),Agent (honest a),Purpose (purposeText2),Nonce (absText2(pair(Agent (honest a),Agent (honest a)))),(SID sid));
|
||||
fp_34: State (rB,[Agent (honest a),Step 2,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),Nonce (absText2(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]);
|
||||
fp_35: request(Agent (honest a),Agent (dishonest i),Purpose (purposeText2),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),(SID sid));
|
||||
fp_36: State (rB,[Agent (honest a),Step 2,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]);
|
||||
fp_37: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),Nonce (absText2(pair(Agent (honest a),Agent (honest a))))))));
|
||||
fp_38: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))))));
|
||||
fp_39: iknows(pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_40: iknows(pair(Nonce (ni),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_41: iknows(pair(Nonce (absNB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_42: iknows(pair(Nonce (absNB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_43: iknows(pair(Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),Nonce (absText2(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
|
||||
section abstraction:
|
||||
NB->Nonce (absNB(pair(B,A)));
|
||||
Text2->Nonce (absText2(pair(A,B)))
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
Protocol: WideMouthFrog
|
||||
## Problem with abstract authentication
|
||||
|
||||
Types: Agent A,B,s;
|
||||
Number TA,TS; # actually timestamps
|
||||
Symmetric_key KAB;
|
||||
Function sk
|
||||
|
||||
Knowledge: A: A,B,sk(A,s);
|
||||
B: B,A,sk(B,s);
|
||||
s: A,B,sk(A,s),sk(B,s)
|
||||
|
||||
Actions:
|
||||
A->s: A,{|TA,B,KAB|}sk(A,s)
|
||||
s->B: {|TS,A,KAB|}sk(B,s)
|
||||
|
||||
Goals:
|
||||
A *->* B: KAB
|
||||
|
|
@ -0,0 +1,209 @@
|
|||
Backend: Open-Source Fixedpoint Model-Checker version 2009c
|
||||
Protocol: WideMouthFrog
|
||||
Types:
|
||||
[(Purpose,["purposeKAB"]),(Agent False False,["A","B","s"]),(Number,["TA","TS"]),(SymmetricKey,["KAB"]),(Function,["sk"])]
|
||||
section rules:
|
||||
step rule_0:
|
||||
iknows(crypt(K,M));
|
||||
iknows(inv(K))
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_1:
|
||||
iknows(crypt(inv(K),M));
|
||||
iknows(K)
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_2:
|
||||
iknows(scrypt(K,M));
|
||||
iknows(K)
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_3:
|
||||
iknows(pair(M1,M2))
|
||||
|
||||
=>
|
||||
iknows(M1);
|
||||
iknows(M2)
|
||||
|
||||
step rule_4:
|
||||
secret(M,Agent (honest a));
|
||||
iknows(M)
|
||||
|
||||
=>
|
||||
attack(pair(secrecy,M))
|
||||
|
||||
step rule_5:
|
||||
request(A,B,Purpose (purposeTA),M,(SID sid))
|
||||
| B/=Agent (dishonest i);
|
||||
M/=Nonce (absTA(pair(B,A)))
|
||||
=>
|
||||
attack(pair(authentication,pair(A,pair(B,M))))
|
||||
|
||||
step rule_6:
|
||||
request(A,B,Purpose (purposeKAB),M,(SID sid))
|
||||
| B/=Agent (dishonest i);
|
||||
M/=SymKey (absKAB(pair(B,A)))
|
||||
=>
|
||||
attack(pair(authentication,pair(A,pair(B,M))))
|
||||
|
||||
step rule_7:
|
||||
request(A,B,Purpose (purposeTS),M,(SID sid))
|
||||
| B/=Agent (dishonest i);
|
||||
M/=Nonce (absTS(pair(B,A)))
|
||||
=>
|
||||
attack(pair(authentication,pair(A,pair(B,M))))
|
||||
|
||||
step rule_8:
|
||||
State (rA,[Agent (A),Step 0,SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),(SID sid)])
|
||||
|
||||
=>
|
||||
secret(SymKey (absKAB(pair(Agent (A),Agent (B)))),Agent (B));
|
||||
witness(Agent (A),Agent (B),Purpose (purposeKAB),SymKey (absKAB(pair(Agent (A),Agent (B)))));
|
||||
State (rA,[Agent (A),Step 1,SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),Nonce (absTA(pair(Agent (A),Agent (B)))),SymKey (absKAB(pair(Agent (A),Agent (B)))),pair(Agent (A),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (A),Agent (B)))),pair(Agent (B),SymKey (absKAB(pair(Agent (A),Agent (B)))))))),(SID sid)]);
|
||||
iknows(pair(Agent (A),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (A),Agent (B)))),pair(Agent (B),SymKey (absKAB(pair(Agent (A),Agent (B)))))))))
|
||||
|
||||
step rule_9:
|
||||
State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (B),Agent (honest a)))),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),Agent (A),(SID sid)]);
|
||||
iknows(Agent (A));
|
||||
iknows(scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Nonce (TA),pair(Agent (B),SymKey (KAB)))))
|
||||
|
||||
=>
|
||||
State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (B),Agent (honest a)))),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),Agent (A),SymKey (KAB),Nonce (TA),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Nonce (TA),pair(Agent (B),SymKey (KAB)))),pair(Agent (A),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Nonce (TA),pair(Agent (B),SymKey (KAB))))),Nonce (absTS(pair(Agent (B),Agent (A)))),scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (B),Agent (A)))),pair(Agent (A),SymKey (KAB)))),(SID sid)]);
|
||||
iknows(scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (B),Agent (A)))),pair(Agent (A),SymKey (KAB)))))
|
||||
|
||||
step rule_10:
|
||||
State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (B),Agent (honest a)))),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),Agent (A),(SID sid)]);
|
||||
iknows(Agent (A));
|
||||
iknows(SymKey (sk(pair(Agent (A),Agent (honest a)))));
|
||||
iknows(Nonce (TA));
|
||||
iknows(Agent (B));
|
||||
iknows(SymKey (KAB))
|
||||
|
||||
=>
|
||||
State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (B),Agent (honest a)))),SymKey (sk(pair(Agent (A),Agent (honest a)))),Agent (B),Agent (A),SymKey (KAB),Nonce (TA),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Nonce (TA),pair(Agent (B),SymKey (KAB)))),pair(Agent (A),scrypt(SymKey (sk(pair(Agent (A),Agent (honest a)))),pair(Nonce (TA),pair(Agent (B),SymKey (KAB))))),Nonce (absTS(pair(Agent (B),Agent (A)))),scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (B),Agent (A)))),pair(Agent (A),SymKey (KAB)))),(SID sid)]);
|
||||
iknows(scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (B),Agent (A)))),pair(Agent (A),SymKey (KAB)))))
|
||||
|
||||
step rule_11:
|
||||
State (rB,[Agent (B),Step 0,SymKey (sk(pair(Agent (B),Agent (honest a)))),Agent (A),(SID sid)]);
|
||||
iknows(scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Nonce (TS),pair(Agent (A),SymKey (KAB)))))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeKAB),SymKey (KAB),(SID sid));
|
||||
State (rB,[Agent (B),Step 1,SymKey (sk(pair(Agent (B),Agent (honest a)))),Agent (A),SymKey (KAB),Nonce (TS),scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Nonce (TS),pair(Agent (A),SymKey (KAB)))),(SID sid)])
|
||||
|
||||
step rule_12:
|
||||
State (rB,[Agent (B),Step 0,SymKey (sk(pair(Agent (B),Agent (honest a)))),Agent (A),(SID sid)]);
|
||||
iknows(SymKey (sk(pair(Agent (B),Agent (honest a)))));
|
||||
iknows(Nonce (TS));
|
||||
iknows(Agent (A));
|
||||
iknows(SymKey (KAB))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeKAB),SymKey (KAB),(SID sid));
|
||||
State (rB,[Agent (B),Step 1,SymKey (sk(pair(Agent (B),Agent (honest a)))),Agent (A),SymKey (KAB),Nonce (TS),scrypt(SymKey (sk(pair(Agent (B),Agent (honest a)))),pair(Nonce (TS),pair(Agent (A),SymKey (KAB)))),(SID sid)])
|
||||
|
||||
|
||||
section initial state:
|
||||
init_0: iknows(Nonce (ni));
|
||||
init_1: iknows(Agent (dishonest i));
|
||||
init_2: State (rA,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),(SID sid)]);
|
||||
init_3: State (rA,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),(SID sid)]);
|
||||
init_4: iknows(Step 0);
|
||||
init_5: iknows(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))));
|
||||
init_6: iknows((SID sid));
|
||||
init_7: iknows(Agent (honest a));
|
||||
init_8: State (rB,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),(SID sid)]);
|
||||
init_9: State (rB,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),(SID sid)]);
|
||||
init_10: State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Agent (dishonest i),(SID sid)]);
|
||||
init_11: State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),Agent (honest a),(SID sid)]);
|
||||
init_12: State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (honest a),Agent (dishonest i),(SID sid)]);
|
||||
init_13: State (rs,[Agent (honest a),Step 0,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Agent (honest a),(SID sid)]);
|
||||
|
||||
section fixedpoint:
|
||||
fp_0: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))))))));
|
||||
fp_1: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))));
|
||||
fp_2: secret(SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i));
|
||||
fp_3: witness(Agent (honest a),Agent (dishonest i),Purpose (purposeKAB),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
fp_4: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))),(SID sid)]);
|
||||
fp_5: secret(SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))),Agent (honest a));
|
||||
fp_6: witness(Agent (honest a),Agent (honest a),Purpose (purposeKAB),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))));
|
||||
fp_7: State (rA,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))))))),(SID sid)]);
|
||||
fp_8: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (ni),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (ni),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (ni),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),(SID sid)]);
|
||||
fp_9: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (honest a),Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (ni),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (ni),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (ni),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),(SID sid)]);
|
||||
fp_10: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))));
|
||||
fp_11: iknows(scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))));
|
||||
fp_12: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))));
|
||||
fp_13: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))));
|
||||
fp_14: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))))))));
|
||||
fp_15: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))));
|
||||
fp_16: iknows(pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))));
|
||||
fp_17: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))));
|
||||
fp_18: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),(SID sid)]);
|
||||
fp_19: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))))),Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),(SID sid)]);
|
||||
fp_20: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))),Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]);
|
||||
fp_21: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))),Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))),pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))))))),Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]);
|
||||
fp_22: request(Agent (honest a),Agent (dishonest i),Purpose (purposeKAB),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),(SID sid));
|
||||
fp_23: State (rB,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),(SID sid)]);
|
||||
fp_24: request(Agent (honest a),Agent (dishonest i),Purpose (purposeKAB),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),(SID sid));
|
||||
fp_25: State (rB,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]);
|
||||
fp_26: request(Agent (honest a),Agent (honest a),Purpose (purposeKAB),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))),(SID sid));
|
||||
fp_27: State (rB,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))),Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]);
|
||||
fp_28: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))));
|
||||
fp_29: iknows(scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))));
|
||||
fp_30: iknows(scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))));
|
||||
fp_31: iknows(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))));
|
||||
fp_32: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))))))));
|
||||
fp_33: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))));
|
||||
fp_34: iknows(pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))));
|
||||
fp_35: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))));
|
||||
fp_36: iknows(pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))));
|
||||
fp_37: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))));
|
||||
fp_38: iknows(pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_39: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_40: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (honest a),Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]);
|
||||
fp_41: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (honest a),Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),(SID sid)]);
|
||||
fp_42: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))),Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))),pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))))))),Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]);
|
||||
fp_43: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (honest a),Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),(SID sid)]);
|
||||
fp_44: State (rB,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))),Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a))))))),(SID sid)]);
|
||||
fp_45: iknows(scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))));
|
||||
fp_46: iknows(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))));
|
||||
fp_47: iknows(SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
fp_48: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))))))));
|
||||
fp_49: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))));
|
||||
fp_50: iknows(pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))));
|
||||
fp_51: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))));
|
||||
fp_52: iknows(pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))));
|
||||
fp_53: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))));
|
||||
fp_54: iknows(pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_55: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_56: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))),Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]);
|
||||
fp_57: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]);
|
||||
fp_58: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))))),(SID sid)]);
|
||||
fp_59: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]);
|
||||
fp_60: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (dishonest i),Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (ni),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (ni),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (ni),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]);
|
||||
fp_61: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (honest a),Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]);
|
||||
fp_62: State (rs,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),Agent (honest a),Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (ni),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (ni),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),pair(Agent (dishonest i),scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (ni),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]);
|
||||
fp_63: State (rB,[Agent (honest a),Step 1,SymKey (sk(pair(Agent (honest a),Agent (honest a)))),Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))),Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))),(SID sid)]);
|
||||
fp_64: iknows(scrypt(SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))),pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))))));
|
||||
fp_65: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (honest a)))))))));
|
||||
fp_66: iknows(pair(Agent (honest a),scrypt(SymKey (sk(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absTA(pair(Agent (honest a),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))))));
|
||||
fp_67: iknows(pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))));
|
||||
fp_68: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))));
|
||||
fp_69: iknows(pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a))))));
|
||||
fp_70: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (sk(pair(Agent (dishonest i),Agent (honest a)))))));
|
||||
fp_71: iknows(pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_72: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (honest a)))),pair(Agent (honest a),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
fp_73: iknows(pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_74: iknows(pair(Nonce (absTS(pair(Agent (dishonest i),Agent (dishonest i)))),pair(Agent (dishonest i),SymKey (absKAB(pair(Agent (honest a),Agent (dishonest i)))))));
|
||||
|
||||
section abstraction:
|
||||
TA->Nonce (absTA(pair(A,B)));
|
||||
KAB->SymKey (absKAB(pair(A,B)));
|
||||
TS->Nonce (absTS(pair(B,A)))
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
Protocol: NSL
|
||||
|
||||
Types: Agent A,B,s;
|
||||
Number NA,NB;
|
||||
Function pk
|
||||
|
||||
Knowledge: A: A,pk(A),inv(pk(A)),s,pk(s),B;
|
||||
B: B,pk(B),inv(pk(B)),s,pk(s);
|
||||
s: s,pk,inv(pk(s))
|
||||
|
||||
Actions:
|
||||
A->s: A,B
|
||||
s->A: {B,pk(B)}(inv(pk(s)))
|
||||
A->B: {NA,A}(pk(B))
|
||||
B->s: B,A
|
||||
s->B: {A,pk(A)}(inv(pk(s)))
|
||||
B->A: {NA,NB,B}(pk(A))
|
||||
A->B: {NB}(pk(B))
|
||||
|
||||
Goals:
|
||||
A *->* B: NA
|
||||
B *->* A: NB
|
||||
|
||||
Abstraction:
|
||||
NA -> na(A,B);
|
||||
NB -> nb(B,A,equals(NA,na(A,B)))
|
|
@ -0,0 +1,401 @@
|
|||
Backend: Open-Source Fixedpoint Model-Checker version 2009c
|
||||
Protocol: NSL
|
||||
Types:
|
||||
[(Purpose,["purposeNA","purposeNB"]),(Agent False False,["A","B","s"]),(Number,["NA","NB"]),(Function,["pk"])]
|
||||
section rules:
|
||||
step rule_0:
|
||||
iknows(crypt(K,M));
|
||||
iknows(inv(K))
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_1:
|
||||
iknows(crypt(inv(K),M));
|
||||
iknows(K)
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_2:
|
||||
iknows(scrypt(K,M));
|
||||
iknows(K)
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_3:
|
||||
iknows(pair(M1,M2))
|
||||
|
||||
=>
|
||||
iknows(M1);
|
||||
iknows(M2)
|
||||
|
||||
step rule_4:
|
||||
secret(M,Agent (honest a));
|
||||
iknows(M)
|
||||
|
||||
=>
|
||||
attack(pair(secrecy,M))
|
||||
|
||||
step rule_5:
|
||||
request(A,B,Purpose (purposeNA),M,(SID sid))
|
||||
| B/=Agent (dishonest i);
|
||||
M/=Nonce (na(pair(B,A)))
|
||||
=>
|
||||
attack(pair(authentication,pair(A,pair(B,M))))
|
||||
|
||||
step rule_6:
|
||||
request(A,B,Purpose (purposeNB),M,(SID sid))
|
||||
| B/=Agent (dishonest i);
|
||||
M/=Nonce (nb(pair(B,pair(A,Arg1))))
|
||||
=>
|
||||
attack(pair(authentication,pair(A,pair(B,M))))
|
||||
|
||||
step rule_7:
|
||||
State (rA,[Agent (A),Step 0,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),(SID sid)])
|
||||
|
||||
=>
|
||||
State (rA,[Agent (A),Step 1,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),(SID sid)]);
|
||||
iknows(pair(Agent (A),Agent (B)))
|
||||
|
||||
step rule_8:
|
||||
State (rs,[Agent (honest a),Step 0,inv(pk(Agent (honest a))),(SID sid)]);
|
||||
iknows(Agent (A));
|
||||
iknows(Agent (B))
|
||||
|
||||
=>
|
||||
State (rs,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (B),Agent (A),pair(Agent (A),Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),(SID sid)]);
|
||||
iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))))
|
||||
|
||||
step rule_9:
|
||||
State (rA,[Agent (A),Step 1,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),(SID sid)]);
|
||||
iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))))
|
||||
|
||||
=>
|
||||
secret(Nonce (na(pair(Agent (A),Agent (B)))),Agent (B));
|
||||
witness(Agent (A),Agent (B),Purpose (purposeNA),Nonce (na(pair(Agent (A),Agent (B)))));
|
||||
State (rA,[Agent (A),Step 2,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),pk(Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),Nonce (na(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))))
|
||||
|
||||
step rule_10:
|
||||
State (rA,[Agent (A),Step 1,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),(SID sid)]);
|
||||
iknows(inv(pk(Agent (honest a))));
|
||||
iknows(Agent (B));
|
||||
iknows(pk(Agent (B)))
|
||||
|
||||
=>
|
||||
secret(Nonce (na(pair(Agent (A),Agent (B)))),Agent (B));
|
||||
witness(Agent (A),Agent (B),Purpose (purposeNA),Nonce (na(pair(Agent (A),Agent (B)))));
|
||||
State (rA,[Agent (A),Step 2,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),pk(Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),Nonce (na(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))))
|
||||
|
||||
step rule_11:
|
||||
State (rA,[Agent (A),Step 1,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),(SID sid)]);
|
||||
iknows(inv(pk(Agent (honest a))));
|
||||
iknows(Agent (B))
|
||||
|
||||
=>
|
||||
secret(Nonce (na(pair(Agent (A),Agent (B)))),Agent (B));
|
||||
witness(Agent (A),Agent (B),Purpose (purposeNA),Nonce (na(pair(Agent (A),Agent (B)))));
|
||||
State (rA,[Agent (A),Step 2,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),pk(Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),Nonce (na(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))))
|
||||
|
||||
step rule_12:
|
||||
State (rB,[Agent (B),Step 0,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))))
|
||||
|
||||
=>
|
||||
State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),(SID sid)]);
|
||||
iknows(pair(Agent (B),Agent (A)))
|
||||
|
||||
step rule_13:
|
||||
State (rB,[Agent (B),Step 0,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),(SID sid)]);
|
||||
iknows(pk(Agent (B)));
|
||||
iknows(Nonce (NA));
|
||||
iknows(Agent (A))
|
||||
|
||||
=>
|
||||
State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),(SID sid)]);
|
||||
iknows(pair(Agent (B),Agent (A)))
|
||||
|
||||
step rule_14:
|
||||
State (rB,[Agent (B),Step 0,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),(SID sid)]);
|
||||
iknows(Agent (B));
|
||||
iknows(Nonce (NA));
|
||||
iknows(Agent (A))
|
||||
|
||||
=>
|
||||
State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),(SID sid)]);
|
||||
iknows(pair(Agent (B),Agent (A)))
|
||||
|
||||
step rule_15:
|
||||
State (rs,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (B),Agent (A),pair(Agent (A),Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),(SID sid)]);
|
||||
iknows(Agent (B));
|
||||
iknows(Agent (A))
|
||||
|
||||
=>
|
||||
State (rs,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),Agent (B),Agent (A),pair(Agent (A),Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),pair(Agent (B),Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),(SID sid)]);
|
||||
iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))))
|
||||
|
||||
step rule_16:
|
||||
State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (na(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))),pair(Agent (B),Agent (A)),(SID sid)]);
|
||||
iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))))
|
||||
|
||||
=>
|
||||
secret(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (A));
|
||||
witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))));
|
||||
State (rB,[Agent (B),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (na(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),crypt(pk(Agent (A)),pair(Nonce (na(pair(Agent (A),Agent (B)))),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B)))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (A)),pair(Nonce (na(pair(Agent (A),Agent (B)))),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B)))))
|
||||
|
||||
step rule_17:
|
||||
State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (na(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))),pair(Agent (B),Agent (A)),(SID sid)]);
|
||||
iknows(inv(pk(Agent (honest a))));
|
||||
iknows(Agent (A));
|
||||
iknows(pk(Agent (A)))
|
||||
|
||||
=>
|
||||
secret(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (A));
|
||||
witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))));
|
||||
State (rB,[Agent (B),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (na(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),crypt(pk(Agent (A)),pair(Nonce (na(pair(Agent (A),Agent (B)))),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B)))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (A)),pair(Nonce (na(pair(Agent (A),Agent (B)))),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B)))))
|
||||
|
||||
step rule_18:
|
||||
State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (na(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))),pair(Agent (B),Agent (A)),(SID sid)]);
|
||||
iknows(inv(pk(Agent (honest a))));
|
||||
iknows(Agent (A))
|
||||
|
||||
=>
|
||||
secret(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (A));
|
||||
witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))));
|
||||
State (rB,[Agent (B),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (na(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (na(pair(Agent (A),Agent (B)))),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),crypt(pk(Agent (A)),pair(Nonce (na(pair(Agent (A),Agent (B)))),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B)))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (A)),pair(Nonce (na(pair(Agent (A),Agent (B)))),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B)))))
|
||||
|
||||
step rule_19:
|
||||
State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),(SID sid)]);
|
||||
iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))))
|
||||
| Nonce (NA)/=Nonce (na(pair(Agent (A),Agent (B))))
|
||||
=>
|
||||
secret(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (A));
|
||||
witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))));
|
||||
State (rB,[Agent (B),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B)))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B)))))
|
||||
|
||||
step rule_20:
|
||||
State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),(SID sid)]);
|
||||
iknows(inv(pk(Agent (honest a))));
|
||||
iknows(Agent (A));
|
||||
iknows(pk(Agent (A)))
|
||||
| Nonce (NA)/=Nonce (na(pair(Agent (A),Agent (B))))
|
||||
=>
|
||||
secret(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (A));
|
||||
witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))));
|
||||
State (rB,[Agent (B),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B)))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B)))))
|
||||
|
||||
step rule_21:
|
||||
State (rB,[Agent (B),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),(SID sid)]);
|
||||
iknows(inv(pk(Agent (honest a))));
|
||||
iknows(Agent (A))
|
||||
| Nonce (NA)/=Nonce (na(pair(Agent (A),Agent (B))))
|
||||
=>
|
||||
secret(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (A));
|
||||
witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))));
|
||||
State (rB,[Agent (B),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B)))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (nb(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B)))))
|
||||
|
||||
step rule_22:
|
||||
State (rA,[Agent (A),Step 2,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),pk(Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))))
|
||||
|
||||
=>
|
||||
request(Agent (A),Agent (B),Purpose (purposeNB),Nonce (NB),(SID sid));
|
||||
State (rA,[Agent (A),Step 3,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),pk(Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),Nonce (NB)))
|
||||
|
||||
step rule_23:
|
||||
State (rA,[Agent (A),Step 2,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),pk(Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),(SID sid)]);
|
||||
iknows(pk(Agent (A)));
|
||||
iknows(Nonce (NA));
|
||||
iknows(Nonce (NB));
|
||||
iknows(Agent (B))
|
||||
|
||||
=>
|
||||
request(Agent (A),Agent (B),Purpose (purposeNB),Nonce (NB),(SID sid));
|
||||
State (rA,[Agent (A),Step 3,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),pk(Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),Nonce (NB)))
|
||||
|
||||
step rule_24:
|
||||
State (rA,[Agent (A),Step 2,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),pk(Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),(SID sid)]);
|
||||
iknows(Agent (A));
|
||||
iknows(Nonce (NA));
|
||||
iknows(Nonce (NB));
|
||||
iknows(Agent (B))
|
||||
|
||||
=>
|
||||
request(Agent (A),Agent (B),Purpose (purposeNB),Nonce (NB),(SID sid));
|
||||
State (rA,[Agent (A),Step 3,Agent (B),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (A))),pk(Agent (A)),pair(Agent (A),Agent (B)),pk(Agent (B)),crypt(inv(pk(Agent (honest a))),pair(Agent (B),pk(Agent (B)))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),Nonce (NB)))
|
||||
|
||||
step rule_25:
|
||||
State (rB,[Agent (B),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),Nonce (NB)))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeNA),Nonce (NA),(SID sid));
|
||||
State (rB,[Agent (B),Step 3,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)])
|
||||
|
||||
step rule_26:
|
||||
State (rB,[Agent (B),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),(SID sid)]);
|
||||
iknows(pk(Agent (B)));
|
||||
iknows(Nonce (NB))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeNA),Nonce (NA),(SID sid));
|
||||
State (rB,[Agent (B),Step 3,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)])
|
||||
|
||||
step rule_27:
|
||||
State (rB,[Agent (B),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),(SID sid)]);
|
||||
iknows(Agent (B));
|
||||
iknows(Nonce (NB))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeNA),Nonce (NA),(SID sid));
|
||||
State (rB,[Agent (B),Step 3,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (B))),pk(Agent (B)),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),pair(Agent (B),Agent (A)),pk(Agent (A)),crypt(inv(pk(Agent (honest a))),pair(Agent (A),pk(Agent (A)))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)])
|
||||
|
||||
|
||||
section initial state:
|
||||
init_0: iknows(Nonce (ni));
|
||||
init_1: iknows(Agent (dishonest i));
|
||||
init_2: State (rA,[Agent (honest a),Step 0,Agent (dishonest i),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),(SID sid)]);
|
||||
init_3: State (rA,[Agent (honest a),Step 0,Agent (honest a),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),(SID sid)]);
|
||||
init_4: iknows(Step 0);
|
||||
init_5: iknows(pk(Agent (honest a)));
|
||||
init_6: iknows(Agent (honest a));
|
||||
init_7: iknows(inv(pk(Agent (dishonest i))));
|
||||
init_8: iknows(pk(Agent (dishonest i)));
|
||||
init_9: iknows((SID sid));
|
||||
init_10: iknows(Agent (honest a));
|
||||
init_11: State (rB,[Agent (honest a),Step 0,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),(SID sid)]);
|
||||
init_12: State (rs,[Agent (honest a),Step 0,inv(pk(Agent (honest a))),(SID sid)]);
|
||||
|
||||
section fixedpoint:
|
||||
fp_0: iknows(pair(Agent (honest a),Agent (honest a)));
|
||||
fp_1: iknows(pair(Agent (honest a),Agent (dishonest i)));
|
||||
fp_2: State (rA,[Agent (honest a),Step 1,Agent (dishonest i),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),pair(Agent (honest a),Agent (dishonest i)),(SID sid)]);
|
||||
fp_3: State (rA,[Agent (honest a),Step 1,Agent (honest a),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),pair(Agent (honest a),Agent (honest a)),(SID sid)]);
|
||||
fp_4: State (rs,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (dishonest i),Agent (dishonest i),pair(Agent (dishonest i),Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),(SID sid)]);
|
||||
fp_5: State (rs,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (honest a),Agent (dishonest i),pair(Agent (dishonest i),Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),(SID sid)]);
|
||||
fp_6: State (rs,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (dishonest i),Agent (honest a),pair(Agent (honest a),Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),(SID sid)]);
|
||||
fp_7: State (rs,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (honest a),Agent (honest a),pair(Agent (honest a),Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),(SID sid)]);
|
||||
fp_8: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (dishonest i),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (dishonest i))),pair(Agent (honest a),Agent (dishonest i)),(SID sid)]);
|
||||
fp_9: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (honest a),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (honest a))),pair(Agent (honest a),Agent (honest a)),(SID sid)]);
|
||||
fp_10: iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))));
|
||||
fp_11: iknows(crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))));
|
||||
fp_12: iknows(pair(Agent (honest a),Agent (honest a)));
|
||||
fp_13: iknows(pair(Agent (honest a),Agent (dishonest i)));
|
||||
fp_14: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i))));
|
||||
fp_15: iknows(pair(Agent (honest a),pk(Agent (honest a))));
|
||||
fp_16: secret(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i));
|
||||
fp_17: witness(Agent (honest a),Agent (dishonest i),Purpose (purposeNA),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
fp_18: State (rA,[Agent (honest a),Step 2,Agent (dishonest i),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),(SID sid)]);
|
||||
fp_19: secret(Nonce (na(pair(Agent (honest a),Agent (honest a)))),Agent (honest a));
|
||||
fp_20: witness(Agent (honest a),Agent (honest a),Purpose (purposeNA),Nonce (na(pair(Agent (honest a),Agent (honest a)))));
|
||||
fp_21: State (rA,[Agent (honest a),Step 2,Agent (honest a),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),pair(Agent (honest a),Agent (honest a)),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Nonce (na(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),(SID sid)]);
|
||||
fp_22: State (rs,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),Agent (dishonest i),Agent (dishonest i),pair(Agent (dishonest i),Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(Agent (dishonest i),Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),(SID sid)]);
|
||||
fp_23: State (rs,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),Agent (honest a),Agent (dishonest i),pair(Agent (dishonest i),Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),pair(Agent (honest a),Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),(SID sid)]);
|
||||
fp_24: State (rs,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),Agent (dishonest i),Agent (honest a),pair(Agent (honest a),Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),pair(Agent (dishonest i),Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),(SID sid)]);
|
||||
fp_25: State (rs,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),Agent (honest a),Agent (honest a),pair(Agent (honest a),Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),pair(Agent (honest a),Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),(SID sid)]);
|
||||
fp_26: secret(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (dishonest i));
|
||||
fp_27: witness(Agent (honest a),Agent (dishonest i),Purpose (purposeNB),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))));
|
||||
fp_28: State (rB,[Agent (honest a),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (dishonest i),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (dishonest i))),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),(SID sid)]);
|
||||
fp_29: secret(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a));
|
||||
fp_30: witness(Agent (honest a),Agent (honest a),Purpose (purposeNB),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))));
|
||||
fp_31: State (rB,[Agent (honest a),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (honest a),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (honest a))),pair(Agent (honest a),Agent (honest a)),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)))),(SID sid)]);
|
||||
fp_32: iknows(crypt(pk(Agent (honest a)),pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)))));
|
||||
fp_33: iknows(crypt(pk(Agent (dishonest i)),pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))));
|
||||
fp_34: iknows(crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))));
|
||||
fp_35: iknows(crypt(pk(Agent (dishonest i)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))));
|
||||
fp_36: iknows(pair(Agent (honest a),Agent (honest a)));
|
||||
fp_37: iknows(pair(Agent (honest a),Agent (dishonest i)));
|
||||
fp_38: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i))));
|
||||
fp_39: iknows(pair(Agent (honest a),pk(Agent (honest a))));
|
||||
fp_40: iknows(pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)));
|
||||
fp_41: iknows(pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)));
|
||||
fp_42: iknows(pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))));
|
||||
fp_43: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (honest a),Nonce (na(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),pair(Agent (honest a),Agent (honest a)),(SID sid)]);
|
||||
fp_44: iknows(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
fp_45: iknows(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))));
|
||||
fp_46: iknows(pair(Agent (honest a),Agent (honest a)));
|
||||
fp_47: iknows(pair(Agent (honest a),Agent (dishonest i)));
|
||||
fp_48: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i))));
|
||||
fp_49: iknows(pair(Agent (honest a),pk(Agent (honest a))));
|
||||
fp_50: iknows(pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)));
|
||||
fp_51: iknows(pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)));
|
||||
fp_52: iknows(pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))));
|
||||
fp_53: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (dishonest i),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i))),pair(Agent (honest a),Agent (dishonest i)),(SID sid)]);
|
||||
fp_54: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (honest a),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),pair(Agent (honest a),Agent (honest a)),(SID sid)]);
|
||||
fp_55: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (dishonest i),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (dishonest i))),pair(Agent (honest a),Agent (dishonest i)),(SID sid)]);
|
||||
fp_56: State (rB,[Agent (honest a),Step 1,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (honest a),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))),pair(Agent (honest a),Agent (honest a)),(SID sid)]);
|
||||
fp_57: secret(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a));
|
||||
fp_58: witness(Agent (honest a),Agent (honest a),Purpose (purposeNB),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))));
|
||||
fp_59: State (rB,[Agent (honest a),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (honest a),Nonce (na(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),pair(Agent (honest a),Agent (honest a)),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a)))),(SID sid)]);
|
||||
fp_60: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNB),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),(SID sid));
|
||||
fp_61: State (rA,[Agent (honest a),Step 3,Agent (dishonest i),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),Nonce (na(pair(Agent (honest a),Agent (dishonest i))))),(SID sid)]);
|
||||
fp_62: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNB),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),(SID sid));
|
||||
fp_63: State (rA,[Agent (honest a),Step 3,Agent (dishonest i),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))),(SID sid)]);
|
||||
fp_64: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNB),Nonce (ni),(SID sid));
|
||||
fp_65: State (rA,[Agent (honest a),Step 3,Agent (dishonest i),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (ni),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),Nonce (ni)),(SID sid)]);
|
||||
fp_66: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNA),Nonce (ni),(SID sid));
|
||||
fp_67: State (rB,[Agent (honest a),Step 3,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (dishonest i),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (dishonest i))),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))),(SID sid)]);
|
||||
fp_68: iknows(crypt(pk(Agent (dishonest i)),Nonce (ni)));
|
||||
fp_69: iknows(crypt(pk(Agent (dishonest i)),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))));
|
||||
fp_70: iknows(crypt(pk(Agent (dishonest i)),Nonce (na(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_71: iknows(crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a)))));
|
||||
fp_72: iknows(pair(Agent (honest a),Agent (honest a)));
|
||||
fp_73: iknows(pair(Agent (honest a),Agent (dishonest i)));
|
||||
fp_74: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i))));
|
||||
fp_75: iknows(pair(Agent (honest a),pk(Agent (honest a))));
|
||||
fp_76: iknows(pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)));
|
||||
fp_77: iknows(pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)));
|
||||
fp_78: iknows(pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))));
|
||||
fp_79: State (rB,[Agent (honest a),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (dishonest i),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i))),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),(SID sid)]);
|
||||
fp_80: State (rB,[Agent (honest a),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (honest a),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),pair(Agent (honest a),Agent (honest a)),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)))),(SID sid)]);
|
||||
fp_81: State (rB,[Agent (honest a),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (dishonest i),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (dishonest i))),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),(SID sid)]);
|
||||
fp_82: State (rB,[Agent (honest a),Step 2,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (honest a),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))),pair(Agent (honest a),Agent (honest a)),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)))),(SID sid)]);
|
||||
fp_83: request(Agent (honest a),Agent (honest a),Purpose (purposeNB),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),(SID sid));
|
||||
fp_84: State (rA,[Agent (honest a),Step 3,Agent (honest a),pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),pair(Agent (honest a),Agent (honest a)),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Nonce (na(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1))))),(SID sid)]);
|
||||
fp_85: iknows(crypt(pk(Agent (honest a)),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1))))));
|
||||
fp_86: iknows(crypt(pk(Agent (honest a)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)))));
|
||||
fp_87: iknows(crypt(pk(Agent (dishonest i)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))));
|
||||
fp_88: iknows(crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)))));
|
||||
fp_89: iknows(crypt(pk(Agent (dishonest i)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))));
|
||||
fp_90: iknows(pair(Agent (honest a),Agent (honest a)));
|
||||
fp_91: iknows(pair(Agent (honest a),Agent (dishonest i)));
|
||||
fp_92: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i))));
|
||||
fp_93: iknows(pair(Agent (honest a),pk(Agent (honest a))));
|
||||
fp_94: iknows(pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)));
|
||||
fp_95: iknows(pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)));
|
||||
fp_96: iknows(pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))));
|
||||
fp_97: iknows(pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))));
|
||||
fp_98: iknows(pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))));
|
||||
fp_99: request(Agent (honest a),Agent (honest a),Purpose (purposeNA),Nonce (na(pair(Agent (honest a),Agent (honest a)))),(SID sid));
|
||||
fp_100: State (rB,[Agent (honest a),Step 3,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (honest a),Nonce (na(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),pair(Agent (honest a),Agent (honest a)),pk(Agent (honest a)),crypt(inv(pk(Agent (honest a))),pair(Agent (honest a),pk(Agent (honest a)))),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (nb(pair(Agent (honest a),pair(Agent (honest a),Step 1))))),(SID sid)]);
|
||||
fp_101: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNA),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),(SID sid));
|
||||
fp_102: State (rB,[Agent (honest a),Step 3,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (dishonest i),Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i))),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))),(SID sid)]);
|
||||
fp_103: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNA),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),(SID sid));
|
||||
fp_104: State (rB,[Agent (honest a),Step 3,pk(Agent (honest a)),Agent (honest a),inv(pk(Agent (honest a))),pk(Agent (honest a)),Agent (dishonest i),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (dishonest i))),pair(Agent (honest a),Agent (dishonest i)),pk(Agent (dishonest i)),crypt(inv(pk(Agent (honest a))),pair(Agent (dishonest i),pk(Agent (dishonest i)))),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))),(SID sid)]);
|
||||
fp_105: iknows(pair(Agent (honest a),Agent (honest a)));
|
||||
fp_106: iknows(pair(Agent (honest a),Agent (dishonest i)));
|
||||
fp_107: iknows(pair(Agent (dishonest i),pk(Agent (dishonest i))));
|
||||
fp_108: iknows(pair(Agent (honest a),pk(Agent (honest a))));
|
||||
fp_109: iknows(pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)));
|
||||
fp_110: iknows(pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)));
|
||||
fp_111: iknows(pair(Nonce (ni),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))));
|
||||
fp_112: iknows(pair(Nonce (na(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))));
|
||||
fp_113: iknows(pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (nb(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))));
|
||||
|
||||
section abstraction:
|
||||
NA->Nonce (na(pair(A,B)));
|
||||
NB->Nonce (nb(pair(B,pair(A,equals(pair(NA,Nonce (na(pair(A,B)))))))))
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
Protocol: NSL # Verified
|
||||
|
||||
Types: Agent A,B;
|
||||
Number NA,NB;
|
||||
Function pk
|
||||
|
||||
Knowledge: A: A,pk,inv(pk(A)),B;
|
||||
B: B,pk,inv(pk(B))
|
||||
|
||||
Actions:
|
||||
A->B: {NA,A}(pk(B))
|
||||
B->A: {NA,NB,B}(pk(A))
|
||||
A->B: {NB}(pk(B))
|
||||
|
||||
Goals:
|
||||
A *->* B: NA
|
||||
B *->* A: NB
|
||||
|
|
@ -0,0 +1,275 @@
|
|||
Backend: Open-Source Fixedpoint Model-Checker version 2009c
|
||||
(**** REFINING ABSTRACTION: ["NA","NB"] *****)
|
||||
Protocol: NSL
|
||||
Types:
|
||||
[(Purpose,["purposeNA","purposeNB"]),(Agent False False,["A","B"]),(Number,["NA","NB"]),(Function,["pk"])]
|
||||
section rules:
|
||||
step rule_0:
|
||||
iknows(crypt(K,M));
|
||||
iknows(inv(K))
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_1:
|
||||
iknows(crypt(inv(K),M));
|
||||
iknows(K)
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_2:
|
||||
iknows(scrypt(K,M));
|
||||
iknows(K)
|
||||
|
||||
=>
|
||||
iknows(M)
|
||||
|
||||
step rule_3:
|
||||
iknows(pair(M1,M2))
|
||||
|
||||
=>
|
||||
iknows(M1);
|
||||
iknows(M2)
|
||||
|
||||
step rule_4:
|
||||
secret(M,Agent (honest a));
|
||||
iknows(M)
|
||||
|
||||
=>
|
||||
attack(pair(secrecy,M))
|
||||
|
||||
step rule_5:
|
||||
request(A,B,Purpose (purposeNA),M,(SID sid))
|
||||
| B/=Agent (dishonest i);
|
||||
M/=Nonce (absNA(pair(B,A)))
|
||||
=>
|
||||
attack(pair(authentication,pair(A,pair(B,M))))
|
||||
|
||||
step rule_6:
|
||||
request(A,B,Purpose (purposeNB),M,(SID sid))
|
||||
| B/=Agent (dishonest i);
|
||||
M/=Nonce (absNB(pair(B,pair(A,Arg1))))
|
||||
=>
|
||||
attack(pair(authentication,pair(A,pair(B,M))))
|
||||
|
||||
step rule_7:
|
||||
State (rA,[Agent (A),Step 0,Agent (B),inv(pk(Agent (A))),(SID sid)])
|
||||
|
||||
=>
|
||||
secret(Nonce (absNA(pair(Agent (A),Agent (B)))),Agent (B));
|
||||
witness(Agent (A),Agent (B),Purpose (purposeNA),Nonce (absNA(pair(Agent (A),Agent (B)))));
|
||||
State (rA,[Agent (A),Step 1,Agent (B),inv(pk(Agent (A))),Nonce (absNA(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),Agent (A))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),Agent (A))))
|
||||
|
||||
step rule_8:
|
||||
State (rB,[Agent (B),Step 0,inv(pk(Agent (B))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),Agent (A))))
|
||||
|
||||
=>
|
||||
secret(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (A));
|
||||
witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))));
|
||||
State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),Agent (A),Nonce (absNA(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),Agent (A))),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),crypt(pk(Agent (A)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B)))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (A)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B)))))
|
||||
|
||||
step rule_9:
|
||||
State (rB,[Agent (B),Step 0,inv(pk(Agent (B))),(SID sid)]);
|
||||
iknows(pk(Agent (B)));
|
||||
iknows(Nonce (absNA(pair(Agent (A),Agent (B)))));
|
||||
iknows(Agent (A))
|
||||
|
||||
=>
|
||||
secret(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (A));
|
||||
witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))));
|
||||
State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),Agent (A),Nonce (absNA(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),Agent (A))),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),crypt(pk(Agent (A)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B)))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (A)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B)))))
|
||||
|
||||
step rule_10:
|
||||
State (rB,[Agent (B),Step 0,inv(pk(Agent (B))),(SID sid)]);
|
||||
iknows(Agent (B));
|
||||
iknows(Nonce (absNA(pair(Agent (A),Agent (B)))));
|
||||
iknows(Agent (A))
|
||||
|
||||
=>
|
||||
secret(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (A));
|
||||
witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))));
|
||||
State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),Agent (A),Nonce (absNA(pair(Agent (A),Agent (B)))),crypt(pk(Agent (B)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),Agent (A))),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),crypt(pk(Agent (A)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B)))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (A)),pair(Nonce (absNA(pair(Agent (A),Agent (B)))),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 1)))),Agent (B)))))
|
||||
|
||||
step rule_11:
|
||||
State (rB,[Agent (B),Step 0,inv(pk(Agent (B))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))))
|
||||
| Nonce (NA)/=Nonce (absNA(pair(Agent (A),Agent (B))))
|
||||
=>
|
||||
secret(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (A));
|
||||
witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))));
|
||||
State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B)))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B)))))
|
||||
|
||||
step rule_12:
|
||||
State (rB,[Agent (B),Step 0,inv(pk(Agent (B))),(SID sid)]);
|
||||
iknows(pk(Agent (B)));
|
||||
iknows(Nonce (NA));
|
||||
iknows(Agent (A))
|
||||
| Nonce (NA)/=Nonce (absNA(pair(Agent (A),Agent (B))))
|
||||
=>
|
||||
secret(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (A));
|
||||
witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))));
|
||||
State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B)))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B)))))
|
||||
|
||||
step rule_13:
|
||||
State (rB,[Agent (B),Step 0,inv(pk(Agent (B))),(SID sid)]);
|
||||
iknows(Agent (B));
|
||||
iknows(Nonce (NA));
|
||||
iknows(Agent (A))
|
||||
| Nonce (NA)/=Nonce (absNA(pair(Agent (A),Agent (B))))
|
||||
=>
|
||||
secret(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (A));
|
||||
witness(Agent (B),Agent (A),Purpose (purposeNB),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))));
|
||||
State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B)))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (absNB(pair(Agent (B),pair(Agent (A),Step 0)))),Agent (B)))))
|
||||
|
||||
step rule_14:
|
||||
State (rA,[Agent (A),Step 1,Agent (B),inv(pk(Agent (A))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))))
|
||||
|
||||
=>
|
||||
request(Agent (A),Agent (B),Purpose (purposeNB),Nonce (NB),(SID sid));
|
||||
State (rA,[Agent (A),Step 2,Agent (B),inv(pk(Agent (A))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),Nonce (NB)))
|
||||
|
||||
step rule_15:
|
||||
State (rA,[Agent (A),Step 1,Agent (B),inv(pk(Agent (A))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),(SID sid)]);
|
||||
iknows(pk(Agent (A)));
|
||||
iknows(Nonce (NA));
|
||||
iknows(Nonce (NB));
|
||||
iknows(Agent (B))
|
||||
|
||||
=>
|
||||
request(Agent (A),Agent (B),Purpose (purposeNB),Nonce (NB),(SID sid));
|
||||
State (rA,[Agent (A),Step 2,Agent (B),inv(pk(Agent (A))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),Nonce (NB)))
|
||||
|
||||
step rule_16:
|
||||
State (rA,[Agent (A),Step 1,Agent (B),inv(pk(Agent (A))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),(SID sid)]);
|
||||
iknows(Agent (A));
|
||||
iknows(Nonce (NA));
|
||||
iknows(Nonce (NB));
|
||||
iknows(Agent (B))
|
||||
|
||||
=>
|
||||
request(Agent (A),Agent (B),Purpose (purposeNB),Nonce (NB),(SID sid));
|
||||
State (rA,[Agent (A),Step 2,Agent (B),inv(pk(Agent (A))),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),Nonce (NB)))
|
||||
|
||||
step rule_17:
|
||||
State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),(SID sid)]);
|
||||
iknows(crypt(pk(Agent (B)),Nonce (NB)))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeNA),Nonce (NA),(SID sid));
|
||||
State (rB,[Agent (B),Step 2,inv(pk(Agent (B))),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)])
|
||||
|
||||
step rule_18:
|
||||
State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),(SID sid)]);
|
||||
iknows(pk(Agent (B)));
|
||||
iknows(Nonce (NB))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeNA),Nonce (NA),(SID sid));
|
||||
State (rB,[Agent (B),Step 2,inv(pk(Agent (B))),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)])
|
||||
|
||||
step rule_19:
|
||||
State (rB,[Agent (B),Step 1,inv(pk(Agent (B))),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),(SID sid)]);
|
||||
iknows(Agent (B));
|
||||
iknows(Nonce (NB))
|
||||
|
||||
=>
|
||||
request(Agent (B),Agent (A),Purpose (purposeNA),Nonce (NA),(SID sid));
|
||||
State (rB,[Agent (B),Step 2,inv(pk(Agent (B))),Agent (A),Nonce (NA),crypt(pk(Agent (B)),pair(Nonce (NA),Agent (A))),Nonce (NB),crypt(pk(Agent (A)),pair(Nonce (NA),pair(Nonce (NB),Agent (B)))),crypt(pk(Agent (B)),Nonce (NB)),(SID sid)])
|
||||
|
||||
|
||||
section initial state:
|
||||
init_0: iknows(Nonce (ni));
|
||||
init_1: iknows(Agent (dishonest i));
|
||||
init_2: State (rA,[Agent (honest a),Step 0,Agent (dishonest i),inv(pk(Agent (honest a))),(SID sid)]);
|
||||
init_3: State (rA,[Agent (honest a),Step 0,Agent (honest a),inv(pk(Agent (honest a))),(SID sid)]);
|
||||
init_4: iknows(Step 0);
|
||||
init_5: iknows(inv(pk(Agent (dishonest i))));
|
||||
init_6: iknows((SID sid));
|
||||
init_7: iknows(Agent (honest a));
|
||||
init_8: State (rB,[Agent (honest a),Step 0,inv(pk(Agent (honest a))),(SID sid)]);
|
||||
|
||||
section fixedpoint:
|
||||
fp_0: secret(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i));
|
||||
fp_1: witness(Agent (honest a),Agent (dishonest i),Purpose (purposeNA),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
fp_2: State (rA,[Agent (honest a),Step 1,Agent (dishonest i),inv(pk(Agent (honest a))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),(SID sid)]);
|
||||
fp_3: secret(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Agent (honest a));
|
||||
fp_4: witness(Agent (honest a),Agent (honest a),Purpose (purposeNA),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))));
|
||||
fp_5: State (rA,[Agent (honest a),Step 1,Agent (honest a),inv(pk(Agent (honest a))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),(SID sid)]);
|
||||
fp_6: secret(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (dishonest i));
|
||||
fp_7: witness(Agent (honest a),Agent (dishonest i),Purpose (purposeNB),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))));
|
||||
fp_8: State (rB,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (dishonest i),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (dishonest i))),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (ni),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),(SID sid)]);
|
||||
fp_9: secret(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a));
|
||||
fp_10: witness(Agent (honest a),Agent (honest a),Purpose (purposeNB),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))));
|
||||
fp_11: State (rB,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (honest a),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (honest a))),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (ni),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)))),(SID sid)]);
|
||||
fp_12: iknows(crypt(pk(Agent (honest a)),pair(Nonce (ni),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)))));
|
||||
fp_13: iknows(crypt(pk(Agent (dishonest i)),pair(Nonce (ni),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))));
|
||||
fp_14: iknows(crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))));
|
||||
fp_15: iknows(crypt(pk(Agent (dishonest i)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))));
|
||||
fp_16: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)));
|
||||
fp_17: iknows(pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)));
|
||||
fp_18: iknows(pair(Nonce (ni),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))));
|
||||
fp_19: secret(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a));
|
||||
fp_20: witness(Agent (honest a),Agent (honest a),Purpose (purposeNB),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))));
|
||||
fp_21: State (rB,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a)))),(SID sid)]);
|
||||
fp_22: iknows(crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a)))));
|
||||
fp_23: iknows(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))));
|
||||
fp_24: iknows(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))));
|
||||
fp_25: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)));
|
||||
fp_26: iknows(pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)));
|
||||
fp_27: iknows(pair(Nonce (ni),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))));
|
||||
fp_28: State (rB,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (dishonest i),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i))),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),(SID sid)]);
|
||||
fp_29: State (rB,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)))),(SID sid)]);
|
||||
fp_30: State (rB,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (dishonest i))),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),(SID sid)]);
|
||||
fp_31: State (rB,[Agent (honest a),Step 1,inv(pk(Agent (honest a))),Agent (honest a),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)))),(SID sid)]);
|
||||
fp_32: request(Agent (honest a),Agent (honest a),Purpose (purposeNB),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),(SID sid));
|
||||
fp_33: State (rA,[Agent (honest a),Step 2,Agent (honest a),inv(pk(Agent (honest a))),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1))))),(SID sid)]);
|
||||
fp_34: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNB),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),(SID sid));
|
||||
fp_35: State (rA,[Agent (honest a),Step 2,Agent (dishonest i),inv(pk(Agent (honest a))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))),(SID sid)]);
|
||||
fp_36: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNB),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),(SID sid));
|
||||
fp_37: State (rA,[Agent (honest a),Step 2,Agent (dishonest i),inv(pk(Agent (honest a))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))),(SID sid)]);
|
||||
fp_38: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNB),Nonce (ni),(SID sid));
|
||||
fp_39: State (rA,[Agent (honest a),Step 2,Agent (dishonest i),inv(pk(Agent (honest a))),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a))),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (ni),Agent (dishonest i)))),crypt(pk(Agent (dishonest i)),Nonce (ni)),(SID sid)]);
|
||||
fp_40: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNA),Nonce (ni),(SID sid));
|
||||
fp_41: State (rB,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),Agent (dishonest i),Nonce (ni),crypt(pk(Agent (honest a)),pair(Nonce (ni),Agent (dishonest i))),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (ni),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))),(SID sid)]);
|
||||
fp_42: iknows(crypt(pk(Agent (dishonest i)),Nonce (ni)));
|
||||
fp_43: iknows(crypt(pk(Agent (dishonest i)),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))));
|
||||
fp_44: iknows(crypt(pk(Agent (dishonest i)),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i))))));
|
||||
fp_45: iknows(crypt(pk(Agent (honest a)),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1))))));
|
||||
fp_46: iknows(crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)))));
|
||||
fp_47: iknows(crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))));
|
||||
fp_48: iknows(crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 0)))),Agent (honest a)))));
|
||||
fp_49: iknows(crypt(pk(Agent (dishonest i)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))));
|
||||
fp_50: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)));
|
||||
fp_51: iknows(pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)));
|
||||
fp_52: iknows(pair(Nonce (ni),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))));
|
||||
fp_53: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))));
|
||||
fp_54: iknows(pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))));
|
||||
fp_55: request(Agent (honest a),Agent (honest a),Purpose (purposeNA),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),(SID sid));
|
||||
fp_56: State (rB,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),Agent (honest a),Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),Agent (honest a))),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (honest a)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (absNB(pair(Agent (honest a),pair(Agent (honest a),Step 1))))),(SID sid)]);
|
||||
fp_57: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNA),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),(SID sid));
|
||||
fp_58: State (rB,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),Agent (dishonest i),Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),crypt(pk(Agent (honest a)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (dishonest i))),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))),(SID sid)]);
|
||||
fp_59: request(Agent (honest a),Agent (dishonest i),Purpose (purposeNA),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),(SID sid));
|
||||
fp_60: State (rB,[Agent (honest a),Step 2,inv(pk(Agent (honest a))),Agent (dishonest i),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (honest a)),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (dishonest i))),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),crypt(pk(Agent (dishonest i)),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)))),crypt(pk(Agent (honest a)),Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0))))),(SID sid)]);
|
||||
fp_61: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),Agent (honest a)));
|
||||
fp_62: iknows(pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a)));
|
||||
fp_63: iknows(pair(Nonce (ni),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))));
|
||||
fp_64: iknows(pair(Nonce (absNA(pair(Agent (honest a),Agent (dishonest i)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))));
|
||||
fp_65: iknows(pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),pair(Nonce (absNB(pair(Agent (honest a),pair(Agent (dishonest i),Step 0)))),Agent (honest a))));
|
||||
|
||||
section abstraction:
|
||||
NA->Nonce (absNA(pair(A,B)));
|
||||
NB->Nonce (absNB(pair(B,pair(A,equals(pair(NA,Nonce (absNA(pair(A,B)))))))))
|
||||
|
|
@ -0,0 +1,608 @@
|
|||
header {* Analysing BilateralKeyExchange *}
|
||||
(* ***********************************
|
||||
This file is automatically generated from the AnB file "AnB/Bilateral-Key_Exchange.AnB".
|
||||
Backend: Open Source Fixedpoint Model Checker version 2009c
|
||||
************************************ *)
|
||||
|
||||
theory
|
||||
"Bilateral-Key_Exchange"
|
||||
imports
|
||||
ofmc
|
||||
begin
|
||||
|
||||
|
||||
|
||||
section {* Protocol Model (BilateralKeyExchange) *}
|
||||
datatype Role = rA | rB
|
||||
|
||||
datatype Purpose = purposeK | purposeNI | purposeNA | purposeNB
|
||||
datatype Agent = honest nat
|
||||
| dishonest nat
|
||||
|
||||
datatype Nonce = "ni" "nat"
|
||||
| "absNB" "Msg" "nat"
|
||||
| "absNA" "Msg" "nat"
|
||||
| "NI"
|
||||
| "NA"
|
||||
| "NB"
|
||||
and Msg = Nonce "Nonce"
|
||||
| Agent "Agent"
|
||||
| Purpose "Purpose"
|
||||
| pair "Msg*Msg"
|
||||
| scrypt "Msg*Msg"
|
||||
| crypt "Msg*Msg"
|
||||
| inv "Msg"
|
||||
| SID "nat"
|
||||
| Step "nat"
|
||||
| authentication
|
||||
| secrecy
|
||||
(* SymKeys *)
|
||||
| SymKey "Msg"
|
||||
| "absK" "Msg" "nat"
|
||||
(* Functions *)
|
||||
| "pk" "Msg" | "f" "Msg"
|
||||
|
||||
datatype Fact = Iknows Msg
|
||||
| State "Role * (Msg list)"
|
||||
| Secret "Msg * Msg"
|
||||
| Attack "Msg"
|
||||
| Witness "Msg * Msg * Msg * Msg"
|
||||
| Request "Msg * Msg * Msg * Msg * Msg"
|
||||
|
||||
|
||||
|
||||
|
||||
section {* Inductive Protocol Definition (BilateralKeyExchange) *}
|
||||
inductive_set
|
||||
BilateralKeyExchange::"Fact list set"
|
||||
where
|
||||
init_0: "[ Iknows(Nonce((ni Abs_NI)))] : BilateralKeyExchange"
|
||||
| init_1: "[ Iknows(Agent(dishonest(i)))] : BilateralKeyExchange"
|
||||
| init_2: "[ State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(dishonest(i))), pk(Agent(honest(a))), Agent(dishonest(i)), SID(sid)] )] : BilateralKeyExchange"
|
||||
| init_3: "[ State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), pk(Agent(honest(a))), Agent(honest(a)), SID(sid)] )] : BilateralKeyExchange"
|
||||
| init_4: "[ Iknows(Step(0))] : BilateralKeyExchange"
|
||||
| init_5: "[ Iknows(inv(pk(Agent(dishonest(i)))))] : BilateralKeyExchange"
|
||||
| init_6: "[ Iknows(pk(Agent(dishonest(i))))] : BilateralKeyExchange"
|
||||
| init_7: "[ Iknows(SID(sid))] : BilateralKeyExchange"
|
||||
| init_8: "[ Iknows(pk(Agent(honest(a))))] : BilateralKeyExchange"
|
||||
| init_9: "[ Iknows(Agent(honest(a)))] : BilateralKeyExchange"
|
||||
| init_10: "[ State(rB, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), pk(Agent(dishonest(i))), Agent(dishonest(i)), SID(sid)] )] : BilateralKeyExchange"
|
||||
| init_11: "[ State(rB, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), pk(Agent(honest(a))), Agent(honest(a)), SID(sid)] )] : BilateralKeyExchange"
|
||||
| rule_0: "[| t :BilateralKeyExchange;
|
||||
Iknows(crypt(K, M)) : (set t);
|
||||
Iknows(inv(K)) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_1: "[| t :BilateralKeyExchange;
|
||||
Iknows(crypt(inv(K), M)) : (set t);
|
||||
Iknows(K) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_2: "[| t :BilateralKeyExchange;
|
||||
Iknows(scrypt(K, M)) : (set t);
|
||||
Iknows(K) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_3: "[| t :BilateralKeyExchange;
|
||||
Iknows(pair(M1, M2)) : (set t)|]
|
||||
==>
|
||||
((Iknows(M1))
|
||||
#(Iknows(M2))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_4: "[| t :BilateralKeyExchange;
|
||||
Secret(M, Agent(honest(a))) : (set t);
|
||||
Iknows(M) : (set t)|]
|
||||
==>
|
||||
((Attack(pair(secrecy, M)))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_5: "[| t :BilateralKeyExchange;
|
||||
Request(A, B, Purpose(purposeNB), M, SID(sid)) : (set t);
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_NB .
|
||||
M = Nonce((absNB(pair(B, A)) Abs_NB)))|]
|
||||
==>
|
||||
((Attack(pair(authentication, pair(A, pair(B, M)))))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_6: "[| t :BilateralKeyExchange;
|
||||
Request(A, B, Purpose(purposeNA), M, SID(sid)) : (set t);
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_NA .
|
||||
M = Nonce((absNA(pair(B, A)) Abs_NA)))|]
|
||||
==>
|
||||
((Attack(pair(authentication, pair(A, pair(B, M)))))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_7: "[| t :BilateralKeyExchange;
|
||||
Request(A, B, Purpose(purposeK), M, SID(sid)) : (set t);
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_K .
|
||||
M = SymKey((absK(pair(B, A)) Abs_K)))|]
|
||||
==>
|
||||
((Attack(pair(authentication, pair(A, pair(B, M)))))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_8: "[| t :BilateralKeyExchange;
|
||||
State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), SID(sid)] ) : (set t)|]
|
||||
==>
|
||||
((State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB)), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB)), Agent(B)))), SID(sid)] ))
|
||||
#(Iknows(pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB)), Agent(B))))))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_9: "[| t :BilateralKeyExchange;
|
||||
State(rA, [Agent(A), Step(0), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), SID(sid)] ) : (set t);
|
||||
Iknows(Agent(B)) : (set t);
|
||||
Iknows(crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))) : (set t)|]
|
||||
==>
|
||||
((Secret(SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), Agent(B)))
|
||||
#(Witness(Agent(A), Agent(B), Purpose(purposeK), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K))))
|
||||
#(State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)))))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K))))))))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_10: "[| t :BilateralKeyExchange;
|
||||
State(rA, [Agent(A), Step(0), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), SID(sid)] ) : (set t);
|
||||
Iknows(Agent(B)) : (set t);
|
||||
Iknows(pk(Agent(A))) : (set t);
|
||||
Iknows(Nonce(NB)) : (set t)|]
|
||||
==>
|
||||
((Secret(SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), Agent(B)))
|
||||
#(Witness(Agent(A), Agent(B), Purpose(purposeK), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K))))
|
||||
#(State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)))))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K))))))))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_11: "[| t :BilateralKeyExchange;
|
||||
State(rA, [Agent(A), Step(0), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), SID(sid)] ) : (set t);
|
||||
Iknows(Agent(B)) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(Nonce(NB)) : (set t)|]
|
||||
==>
|
||||
((Secret(SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), Agent(B)))
|
||||
#(Witness(Agent(A), Agent(B), Purpose(purposeK), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K))))
|
||||
#(State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)))))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K))))))))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_12: "[| t :BilateralKeyExchange;
|
||||
State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t);
|
||||
Iknows(crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K)))))) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ))
|
||||
#(Iknows(scrypt(SymKey(K), f(Nonce(NA)))))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_13: "[| t :BilateralKeyExchange;
|
||||
State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t);
|
||||
Iknows(pk(Agent(B))) : (set t);
|
||||
Iknows(f(Nonce(NB))) : (set t);
|
||||
Iknows(Nonce(NA)) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(SymKey(K)) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ))
|
||||
#(Iknows(scrypt(SymKey(K), f(Nonce(NA)))))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_14: "[| t :BilateralKeyExchange;
|
||||
State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t);
|
||||
Iknows(pk(Agent(B))) : (set t);
|
||||
Iknows(Nonce(NB)) : (set t);
|
||||
Iknows(Nonce(NA)) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(SymKey(K)) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ))
|
||||
#(Iknows(scrypt(SymKey(K), f(Nonce(NA)))))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_15: "[| t :BilateralKeyExchange;
|
||||
State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t);
|
||||
Iknows(Agent(B)) : (set t);
|
||||
Iknows(f(Nonce(NB))) : (set t);
|
||||
Iknows(Nonce(NA)) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(SymKey(K)) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ))
|
||||
#(Iknows(scrypt(SymKey(K), f(Nonce(NA)))))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_16: "[| t :BilateralKeyExchange;
|
||||
State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t);
|
||||
Iknows(Agent(B)) : (set t);
|
||||
Iknows(Nonce(NB)) : (set t);
|
||||
Iknows(Nonce(NA)) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(SymKey(K)) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ))
|
||||
#(Iknows(scrypt(SymKey(K), f(Nonce(NA)))))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_17: "[| t :BilateralKeyExchange;
|
||||
State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), SID(sid)] ) : (set t);
|
||||
Iknows(scrypt(SymKey(K), f(Nonce(NA)))) : (set t)|]
|
||||
==>
|
||||
((State(rA, [Agent(A), Step(2), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_18: "[| t :BilateralKeyExchange;
|
||||
State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), SID(sid)] ) : (set t);
|
||||
Iknows(SymKey(K)) : (set t);
|
||||
Iknows(f(Nonce(NA))) : (set t)|]
|
||||
==>
|
||||
((State(rA, [Agent(A), Step(2), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ))
|
||||
#t) : BilateralKeyExchange"
|
||||
| rule_19: "[| t :BilateralKeyExchange;
|
||||
State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), SID(sid)] ) : (set t);
|
||||
Iknows(SymKey(K)) : (set t);
|
||||
Iknows(Nonce(NA)) : (set t)|]
|
||||
==>
|
||||
((State(rA, [Agent(A), Step(2), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ))
|
||||
#t) : BilateralKeyExchange"
|
||||
|
||||
|
||||
section {* Fixed-point Definition (BilateralKeyExchange) *}
|
||||
constdefs BilateralKeyExchange_fp::"Fact set""BilateralKeyExchange_fp == {m. ( ? a32 a33 Abs_NB5 Abs_NB6 Abs_NB7 Abs_NB4 i4 i5 i6 i7 i8 i9 i10 i11 i12 i13 i14 i15 Abs_NA3 i3 Abs_NA4 Abs_NA5 Abs_NA6 Abs_NB1 Abs_NB2 Abs_NB3 a24 a25 a26 a27 a28 a29 a30 a31 a5 Abs_NI1 a6 a7 a8 Abs_NI2 a9 a10 a11 a12 a13 a14 Abs_NI3 a15 a16 a17 a18 a19 Abs_K1 a20 a21 Abs_K2 a22 a23 Abs_NA2 sid0 a4 Abs_NI0 Abs_NB0 a0 i0 Abs_NA0 a1 i1 Abs_NA1 a2 a3 i2 Abs_K0 .
|
||||
(m = Iknows(Nonce((ni Abs_NI0))))
|
||||
| (m = Iknows(Agent(dishonest(i0))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), pk(Agent(dishonest(i0))), pk(Agent(honest(a2))), Agent(dishonest(i1)), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), SID(sid0)] ))
|
||||
| (m = Iknows(Step(0)))
|
||||
| (m = Iknows(inv(pk(Agent(dishonest(i0))))))
|
||||
| (m = Iknows(pk(Agent(dishonest(i0)))))
|
||||
| (m = Iknows(SID(sid0)))
|
||||
| (m = Iknows(pk(Agent(honest(a0)))))
|
||||
| (m = Iknows(Agent(honest(a0))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(dishonest(i0))), Agent(dishonest(i1)), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), SID(sid0)] ))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(honest(a1))), pair(Nonce((absNB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NB0)), Agent(honest(a4)))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(dishonest(i0))), pair(Nonce((absNB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NB0)), Agent(honest(a2)))))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(dishonest(i0))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NB0)), pair(Agent(honest(a4)), crypt(pk(Agent(dishonest(i3))), pair(Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i4)))) Abs_NB1)), Agent(honest(a6))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((absNB(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_NB0)), pair(Agent(honest(a7)), crypt(pk(Agent(honest(a8))), pair(Nonce((absNB(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NB1)), Agent(honest(a11))))), SID(sid0)] ))
|
||||
| (m = Secret(SymKey((absK(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_K0)), Agent(dishonest(i1))))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeK), SymKey((absK(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_K0))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(dishonest(i0))), pk(Agent(honest(a2))), Agent(dishonest(i1)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a3))), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i2)))), pair(Agent(dishonest(i3)), crypt(pk(Agent(honest(a4))), pair(Nonce((ni Abs_NI2)), Agent(dishonest(i4))))), Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i5)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a6)), Agent(dishonest(i6)))) Abs_K0)), crypt(pk(Agent(dishonest(i7))), pair(f(Nonce((ni Abs_NI3))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i8)))) Abs_NA1)), pair(Agent(honest(a8)), SymKey((absK(pair(Agent(honest(a9)), Agent(dishonest(i9)))) Abs_K1)))))), SID(sid0)] ))
|
||||
| (m = Secret(SymKey((absK(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_K0)), Agent(honest(a2))))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeK), SymKey((absK(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_K0))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a5))), pair(Nonce((ni Abs_NI1)), Agent(honest(a6)))), pair(Agent(honest(a7)), crypt(pk(Agent(honest(a8))), pair(Nonce((ni Abs_NI2)), Agent(honest(a9))))), Nonce((absNA(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a12)), Agent(honest(a13)))) Abs_K0)), crypt(pk(Agent(honest(a14))), pair(f(Nonce((ni Abs_NI3))), pair(Nonce((absNA(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_NA1)), pair(Agent(honest(a17)), SymKey((absK(pair(Agent(honest(a18)), Agent(honest(a19)))) Abs_K1)))))), SID(sid0)] ))
|
||||
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(f(Nonce((ni Abs_NI0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NA0)), pair(Agent(honest(a3)), SymKey((absK(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_K0))))))))
|
||||
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(f(Nonce((ni Abs_NI0))), pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0)), pair(Agent(honest(a1)), SymKey((absK(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_K0))))))))
|
||||
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((absNB(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NB0)), Agent(honest(a3))))))
|
||||
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NB0)), Agent(honest(a1))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(honest(a1))), pair(Nonce((absNB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NB0)), Agent(honest(a4)))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(dishonest(i0))), pair(Nonce((absNB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NB0)), Agent(honest(a2)))))))
|
||||
| (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), SymKey((absK(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_K0)))))
|
||||
| (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(honest(a1)), SymKey((absK(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_K0))))))
|
||||
| (m = Iknows(pair(f(Nonce((ni Abs_NI0))), pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(honest(a1)), SymKey((absK(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_K0)))))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((absNB(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_NB0)), crypt(pk(Agent(honest(a7))), pair(Nonce((absNB(pair(Agent(honest(a8)), Agent(honest(a9)))) Abs_NB1)), Agent(honest(a10)))), pair(Agent(honest(a11)), crypt(pk(Agent(honest(a12))), pair(Nonce((absNB(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NB2)), Agent(honest(a15))))), Nonce((absNA(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a18)), Agent(honest(a19)))) Abs_K0)), crypt(pk(Agent(honest(a20))), pair(f(Nonce((absNB(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_NB3))), pair(Nonce((absNA(pair(Agent(honest(a23)), Agent(honest(a24)))) Abs_NA1)), pair(Agent(honest(a25)), SymKey((absK(pair(Agent(honest(a26)), Agent(honest(a27)))) Abs_K1)))))), SID(sid0)] ))
|
||||
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(f(Nonce((absNB(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NB0))), pair(Nonce((absNA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_NA0)), pair(Agent(honest(a5)), SymKey((absK(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_K0))))))))
|
||||
| (m = Iknows(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0))))
|
||||
| (m = Iknows(SymKey((absK(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_K0))))
|
||||
| (m = Iknows(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0))))
|
||||
| (m = Iknows(f(Nonce((ni Abs_NI0)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(honest(a1))), pair(Nonce((absNB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NB0)), Agent(honest(a4)))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(dishonest(i0))), pair(Nonce((absNB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NB0)), Agent(honest(a2)))))))
|
||||
| (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), SymKey((absK(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_K0)))))
|
||||
| (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(honest(a1)), SymKey((absK(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_K0))))))
|
||||
| (m = Iknows(pair(f(Nonce((ni Abs_NI0))), pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(honest(a1)), SymKey((absK(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_K0)))))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(dishonest(i0))), pk(Agent(honest(a2))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NB0)), crypt(pk(Agent(honest(a4))), pair(Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i3)))) Abs_NB1)), Agent(dishonest(i4)))), pair(Agent(dishonest(i5)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNB(pair(Agent(honest(a7)), Agent(dishonest(i6)))) Abs_NB2)), Agent(dishonest(i7))))), Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i8)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a9)), Agent(dishonest(i9)))) Abs_K0)), crypt(pk(Agent(dishonest(i10))), pair(f(Nonce((absNB(pair(Agent(honest(a10)), Agent(dishonest(i11)))) Abs_NB3))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i12)))) Abs_NA1)), pair(Agent(honest(a12)), SymKey((absK(pair(Agent(honest(a13)), Agent(dishonest(i13)))) Abs_K1)))))), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(dishonest(i0))), pk(Agent(honest(a2))), Agent(dishonest(i1)), Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NA0)), crypt(pk(Agent(honest(a4))), pair(Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i3)))) Abs_NA1)), Agent(dishonest(i4)))), pair(Agent(dishonest(i5)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i6)))) Abs_NA2)), Agent(dishonest(i7))))), Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i8)))) Abs_NA3)), SymKey((absK(pair(Agent(honest(a9)), Agent(dishonest(i9)))) Abs_K0)), crypt(pk(Agent(dishonest(i10))), pair(f(Nonce((absNA(pair(Agent(honest(a10)), Agent(dishonest(i11)))) Abs_NA4))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i12)))) Abs_NA5)), pair(Agent(honest(a12)), SymKey((absK(pair(Agent(honest(a13)), Agent(dishonest(i13)))) Abs_K1)))))), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i0)))) Abs_NB0)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNB(pair(Agent(honest(a7)), Agent(dishonest(i1)))) Abs_NB1)), Agent(honest(a8)))), pair(Agent(honest(a9)), crypt(pk(Agent(honest(a10))), pair(Nonce((absNB(pair(Agent(honest(a11)), Agent(dishonest(i2)))) Abs_NB2)), Agent(honest(a12))))), Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_K0)), crypt(pk(Agent(honest(a17))), pair(f(Nonce((absNB(pair(Agent(honest(a18)), Agent(dishonest(i3)))) Abs_NB3))), pair(Nonce((absNA(pair(Agent(honest(a19)), Agent(honest(a20)))) Abs_NA1)), pair(Agent(honest(a21)), SymKey((absK(pair(Agent(honest(a22)), Agent(honest(a23)))) Abs_K1)))))), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i0)))) Abs_NA0)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i1)))) Abs_NA1)), Agent(honest(a8)))), pair(Agent(honest(a9)), crypt(pk(Agent(honest(a10))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i2)))) Abs_NA2)), Agent(honest(a12))))), Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA3)), SymKey((absK(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_K0)), crypt(pk(Agent(honest(a17))), pair(f(Nonce((absNA(pair(Agent(honest(a18)), Agent(dishonest(i3)))) Abs_NA4))), pair(Nonce((absNA(pair(Agent(honest(a19)), Agent(honest(a20)))) Abs_NA5)), pair(Agent(honest(a21)), SymKey((absK(pair(Agent(honest(a22)), Agent(honest(a23)))) Abs_K1)))))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeK), SymKey((absK(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_K0)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((absNB(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_NB0)), pair(Agent(honest(a7)), crypt(pk(Agent(honest(a8))), pair(Nonce((absNB(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NB1)), Agent(honest(a11))))), crypt(pk(Agent(honest(a12))), pair(Nonce((absNB(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NB2)), Agent(honest(a15)))), SymKey((absK(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_K0)), Nonce((absNA(pair(Agent(honest(a18)), Agent(honest(a19)))) Abs_NA0)), f(Nonce((absNB(pair(Agent(honest(a20)), Agent(honest(a21)))) Abs_NB3))), crypt(pk(Agent(honest(a22))), pair(f(Nonce((absNB(pair(Agent(honest(a23)), Agent(honest(a24)))) Abs_NB4))), pair(Nonce((absNA(pair(Agent(honest(a25)), Agent(honest(a26)))) Abs_NA1)), pair(Agent(honest(a27)), SymKey((absK(pair(Agent(honest(a28)), Agent(honest(a29)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a30)), Agent(honest(a31)))) Abs_K2)), f(Nonce((absNA(pair(Agent(honest(a32)), Agent(honest(a33)))) Abs_NA2)))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeK), SymKey((absK(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_K0)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(dishonest(i0))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NB0)), pair(Agent(honest(a4)), crypt(pk(Agent(dishonest(i3))), pair(Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i4)))) Abs_NB1)), Agent(honest(a6))))), crypt(pk(Agent(dishonest(i5))), pair(Nonce((absNB(pair(Agent(honest(a7)), Agent(dishonest(i6)))) Abs_NB2)), Agent(honest(a8)))), SymKey((absK(pair(Agent(honest(a9)), Agent(dishonest(i7)))) Abs_K0)), Nonce((absNB(pair(Agent(honest(a10)), Agent(dishonest(i8)))) Abs_NB3)), f(Nonce((absNB(pair(Agent(honest(a11)), Agent(dishonest(i9)))) Abs_NB4))), crypt(pk(Agent(honest(a12))), pair(f(Nonce((absNB(pair(Agent(honest(a13)), Agent(dishonest(i10)))) Abs_NB5))), pair(Nonce((absNB(pair(Agent(honest(a14)), Agent(dishonest(i11)))) Abs_NB6)), pair(Agent(dishonest(i12)), SymKey((absK(pair(Agent(honest(a15)), Agent(dishonest(i13)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a16)), Agent(dishonest(i14)))) Abs_K2)), f(Nonce((absNB(pair(Agent(honest(a17)), Agent(dishonest(i15)))) Abs_NB7)))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(dishonest(i0))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NB0)), pair(Agent(honest(a4)), crypt(pk(Agent(dishonest(i3))), pair(Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i4)))) Abs_NB1)), Agent(honest(a6))))), crypt(pk(Agent(dishonest(i5))), pair(Nonce((absNB(pair(Agent(honest(a7)), Agent(dishonest(i6)))) Abs_NB2)), Agent(honest(a8)))), SymKey((absK(pair(Agent(honest(a9)), Agent(dishonest(i7)))) Abs_K0)), Nonce((absNA(pair(Agent(honest(a10)), Agent(dishonest(i8)))) Abs_NA0)), f(Nonce((absNB(pair(Agent(honest(a11)), Agent(dishonest(i9)))) Abs_NB3))), crypt(pk(Agent(honest(a12))), pair(f(Nonce((absNB(pair(Agent(honest(a13)), Agent(dishonest(i10)))) Abs_NB4))), pair(Nonce((absNA(pair(Agent(honest(a14)), Agent(dishonest(i11)))) Abs_NA1)), pair(Agent(dishonest(i12)), SymKey((absK(pair(Agent(honest(a15)), Agent(dishonest(i13)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a16)), Agent(dishonest(i14)))) Abs_K2)), f(Nonce((absNA(pair(Agent(honest(a17)), Agent(dishonest(i15)))) Abs_NA2)))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(dishonest(i0))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NB0)), pair(Agent(honest(a4)), crypt(pk(Agent(dishonest(i3))), pair(Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i4)))) Abs_NB1)), Agent(honest(a6))))), crypt(pk(Agent(dishonest(i5))), pair(Nonce((absNB(pair(Agent(honest(a7)), Agent(dishonest(i6)))) Abs_NB2)), Agent(honest(a8)))), SymKey((absK(pair(Agent(honest(a9)), Agent(dishonest(i7)))) Abs_K0)), Nonce((ni Abs_NI0)), f(Nonce((absNB(pair(Agent(honest(a10)), Agent(dishonest(i8)))) Abs_NB3))), crypt(pk(Agent(honest(a11))), pair(f(Nonce((absNB(pair(Agent(honest(a12)), Agent(dishonest(i9)))) Abs_NB4))), pair(Nonce((ni Abs_NI1)), pair(Agent(dishonest(i10)), SymKey((absK(pair(Agent(honest(a13)), Agent(dishonest(i11)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a14)), Agent(dishonest(i12)))) Abs_K2)), f(Nonce((ni Abs_NI2)))), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(dishonest(i0))), pk(Agent(honest(a2))), Agent(dishonest(i1)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a3))), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i2)))), pair(Agent(dishonest(i3)), crypt(pk(Agent(honest(a4))), pair(Nonce((ni Abs_NI2)), Agent(dishonest(i4))))), Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i5)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a6)), Agent(dishonest(i6)))) Abs_K0)), crypt(pk(Agent(dishonest(i7))), pair(f(Nonce((ni Abs_NI3))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i8)))) Abs_NA1)), pair(Agent(honest(a8)), SymKey((absK(pair(Agent(honest(a9)), Agent(dishonest(i9)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a10)), Agent(dishonest(i10)))) Abs_K2)), f(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i11)))) Abs_NA2)))), SID(sid0)] ))
|
||||
| (m = Iknows(scrypt(SymKey((absK(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_K0)), f(Nonce((ni Abs_NI0))))))
|
||||
| (m = Iknows(scrypt(SymKey((absK(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_K0)), f(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0))))))
|
||||
| (m = Iknows(scrypt(SymKey((absK(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_K0)), f(Nonce((absNB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NB0))))))
|
||||
| (m = Iknows(scrypt(SymKey((absK(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_K0)), f(Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0))))))
|
||||
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(f(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_NA0))), pair(Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA1)), pair(Agent(honest(a4)), SymKey((absK(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_K0))))))))
|
||||
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(f(Nonce((absNB(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_NB0))), pair(Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), pair(Agent(honest(a4)), SymKey((absK(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_K0))))))))
|
||||
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(f(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_NA1)), pair(Agent(honest(a2)), SymKey((absK(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_K0))))))))
|
||||
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(f(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NB0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_NA0)), pair(Agent(honest(a2)), SymKey((absK(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_K0))))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(honest(a1))), pair(Nonce((absNB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NB0)), Agent(honest(a4)))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(dishonest(i0))), pair(Nonce((absNB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NB0)), Agent(honest(a2)))))))
|
||||
| (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), SymKey((absK(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_K0)))))
|
||||
| (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(honest(a1)), SymKey((absK(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_K0))))))
|
||||
| (m = Iknows(pair(f(Nonce((ni Abs_NI0))), pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(honest(a1)), SymKey((absK(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_K0)))))))
|
||||
| (m = Iknows(pair(f(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)), pair(Agent(honest(a2)), SymKey((absK(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_K0)))))))
|
||||
| (m = Iknows(pair(f(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA1)), pair(Agent(honest(a2)), SymKey((absK(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_K0)))))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(dishonest(i0))), pk(Agent(honest(a2))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NB0)), crypt(pk(Agent(honest(a4))), pair(Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i3)))) Abs_NB1)), Agent(dishonest(i4)))), pair(Agent(dishonest(i5)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNB(pair(Agent(honest(a7)), Agent(dishonest(i6)))) Abs_NB2)), Agent(dishonest(i7))))), Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i8)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a9)), Agent(dishonest(i9)))) Abs_K0)), crypt(pk(Agent(dishonest(i10))), pair(f(Nonce((absNB(pair(Agent(honest(a10)), Agent(dishonest(i11)))) Abs_NB3))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i12)))) Abs_NA1)), pair(Agent(honest(a12)), SymKey((absK(pair(Agent(honest(a13)), Agent(dishonest(i13)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a14)), Agent(dishonest(i14)))) Abs_K2)), f(Nonce((absNA(pair(Agent(honest(a15)), Agent(dishonest(i15)))) Abs_NA2)))), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(dishonest(i0))), pk(Agent(honest(a2))), Agent(dishonest(i1)), Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NA0)), crypt(pk(Agent(honest(a4))), pair(Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i3)))) Abs_NA1)), Agent(dishonest(i4)))), pair(Agent(dishonest(i5)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i6)))) Abs_NA2)), Agent(dishonest(i7))))), Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i8)))) Abs_NA3)), SymKey((absK(pair(Agent(honest(a9)), Agent(dishonest(i9)))) Abs_K0)), crypt(pk(Agent(dishonest(i10))), pair(f(Nonce((absNA(pair(Agent(honest(a10)), Agent(dishonest(i11)))) Abs_NA4))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i12)))) Abs_NA5)), pair(Agent(honest(a12)), SymKey((absK(pair(Agent(honest(a13)), Agent(dishonest(i13)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a14)), Agent(dishonest(i14)))) Abs_K2)), f(Nonce((absNA(pair(Agent(honest(a15)), Agent(dishonest(i15)))) Abs_NA6)))), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i0)))) Abs_NB0)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNB(pair(Agent(honest(a7)), Agent(dishonest(i1)))) Abs_NB1)), Agent(honest(a8)))), pair(Agent(honest(a9)), crypt(pk(Agent(honest(a10))), pair(Nonce((absNB(pair(Agent(honest(a11)), Agent(dishonest(i2)))) Abs_NB2)), Agent(honest(a12))))), Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_K0)), crypt(pk(Agent(honest(a17))), pair(f(Nonce((absNB(pair(Agent(honest(a18)), Agent(dishonest(i3)))) Abs_NB3))), pair(Nonce((absNA(pair(Agent(honest(a19)), Agent(honest(a20)))) Abs_NA1)), pair(Agent(honest(a21)), SymKey((absK(pair(Agent(honest(a22)), Agent(honest(a23)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a24)), Agent(honest(a25)))) Abs_K2)), f(Nonce((absNA(pair(Agent(honest(a26)), Agent(honest(a27)))) Abs_NA2)))), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i0)))) Abs_NA0)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i1)))) Abs_NA1)), Agent(honest(a8)))), pair(Agent(honest(a9)), crypt(pk(Agent(honest(a10))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i2)))) Abs_NA2)), Agent(honest(a12))))), Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA3)), SymKey((absK(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_K0)), crypt(pk(Agent(honest(a17))), pair(f(Nonce((absNA(pair(Agent(honest(a18)), Agent(dishonest(i3)))) Abs_NA4))), pair(Nonce((absNA(pair(Agent(honest(a19)), Agent(honest(a20)))) Abs_NA5)), pair(Agent(honest(a21)), SymKey((absK(pair(Agent(honest(a22)), Agent(honest(a23)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a24)), Agent(honest(a25)))) Abs_K2)), f(Nonce((absNA(pair(Agent(honest(a26)), Agent(honest(a27)))) Abs_NA6)))), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((absNB(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_NB0)), crypt(pk(Agent(honest(a7))), pair(Nonce((absNB(pair(Agent(honest(a8)), Agent(honest(a9)))) Abs_NB1)), Agent(honest(a10)))), pair(Agent(honest(a11)), crypt(pk(Agent(honest(a12))), pair(Nonce((absNB(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NB2)), Agent(honest(a15))))), Nonce((absNA(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a18)), Agent(honest(a19)))) Abs_K0)), crypt(pk(Agent(honest(a20))), pair(f(Nonce((absNB(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_NB3))), pair(Nonce((absNA(pair(Agent(honest(a23)), Agent(honest(a24)))) Abs_NA1)), pair(Agent(honest(a25)), SymKey((absK(pair(Agent(honest(a26)), Agent(honest(a27)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a28)), Agent(honest(a29)))) Abs_K2)), f(Nonce((absNA(pair(Agent(honest(a30)), Agent(honest(a31)))) Abs_NA2)))), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), pk(Agent(honest(a3))), Agent(honest(a4)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a5))), pair(Nonce((ni Abs_NI1)), Agent(honest(a6)))), pair(Agent(honest(a7)), crypt(pk(Agent(honest(a8))), pair(Nonce((ni Abs_NI2)), Agent(honest(a9))))), Nonce((absNA(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_NA0)), SymKey((absK(pair(Agent(honest(a12)), Agent(honest(a13)))) Abs_K0)), crypt(pk(Agent(honest(a14))), pair(f(Nonce((ni Abs_NI3))), pair(Nonce((absNA(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_NA1)), pair(Agent(honest(a17)), SymKey((absK(pair(Agent(honest(a18)), Agent(honest(a19)))) Abs_K1)))))), scrypt(SymKey((absK(pair(Agent(honest(a20)), Agent(honest(a21)))) Abs_K2)), f(Nonce((absNA(pair(Agent(honest(a22)), Agent(honest(a23)))) Abs_NA2)))), SID(sid0)] ))
|
||||
| (m = Iknows(f(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0)))))
|
||||
| (m = Iknows(f(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(honest(a1))), pair(Nonce((absNB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NB0)), Agent(honest(a4)))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), crypt(pk(Agent(dishonest(i0))), pair(Nonce((absNB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NB0)), Agent(honest(a2)))))))
|
||||
| (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), SymKey((absK(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_K0)))))
|
||||
| (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(honest(a1)), SymKey((absK(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_K0))))))
|
||||
| (m = Iknows(pair(f(Nonce((ni Abs_NI0))), pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(honest(a1)), SymKey((absK(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_K0)))))))
|
||||
| (m = Iknows(pair(f(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)), pair(Agent(honest(a2)), SymKey((absK(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_K0)))))))
|
||||
| (m = Iknows(pair(f(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA1)), pair(Agent(honest(a2)), SymKey((absK(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_K0)))))))
|
||||
)}"
|
||||
|
||||
|
||||
section {* Checking Fixed-point (BilateralKeyExchange) *}
|
||||
lemma fp_attack_free: "~ (Attack m : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_0: "Iknows(Nonce((ni Abs_NI))) : BilateralKeyExchange_fp"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_1: "Iknows(Agent(dishonest(i))) : BilateralKeyExchange_fp"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_2: "State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(dishonest(i))), pk(Agent(honest(a))), Agent(dishonest(i)), SID(sid)] ) : BilateralKeyExchange_fp"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_3: "State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), pk(Agent(honest(a))), Agent(honest(a)), SID(sid)] ) : BilateralKeyExchange_fp"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_4: "Iknows(Step(0)) : BilateralKeyExchange_fp"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_5: "Iknows(inv(pk(Agent(dishonest(i))))) : BilateralKeyExchange_fp"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_6: "Iknows(pk(Agent(dishonest(i)))) : BilateralKeyExchange_fp"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_7: "Iknows(SID(sid)) : BilateralKeyExchange_fp"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_8: "Iknows(pk(Agent(honest(a)))) : BilateralKeyExchange_fp"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_9: "Iknows(Agent(honest(a))) : BilateralKeyExchange_fp"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_10: "State(rB, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), pk(Agent(dishonest(i))), Agent(dishonest(i)), SID(sid)] ) : BilateralKeyExchange_fp"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_11: "State(rB, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), pk(Agent(honest(a))), Agent(honest(a)), SID(sid)] ) : BilateralKeyExchange_fp"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_0: "[|
|
||||
Iknows(crypt(K, M)) : BilateralKeyExchange_fp;
|
||||
Iknows(inv(K)) : BilateralKeyExchange_fp|]
|
||||
==>
|
||||
(Iknows(M) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_1: "[|
|
||||
Iknows(crypt(inv(K), M)) : BilateralKeyExchange_fp;
|
||||
Iknows(K) : BilateralKeyExchange_fp|]
|
||||
==>
|
||||
(Iknows(M) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_2: "[|
|
||||
Iknows(scrypt(K, M)) : BilateralKeyExchange_fp;
|
||||
Iknows(K) : BilateralKeyExchange_fp|]
|
||||
==>
|
||||
(Iknows(M) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_3: "[|
|
||||
Iknows(pair(M1, M2)) : BilateralKeyExchange_fp|]
|
||||
==>
|
||||
(Iknows(M1) : BilateralKeyExchange_fp) &
|
||||
(Iknows(M2) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_4: "[|
|
||||
Secret(M, Agent(honest(a))) : BilateralKeyExchange_fp;
|
||||
Iknows(M) : BilateralKeyExchange_fp|]
|
||||
==>
|
||||
(Attack(pair(secrecy, M)) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_5: "[|
|
||||
Request(A, B, Purpose(purposeNB), M, SID(sid)) : BilateralKeyExchange_fp;
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_NB .
|
||||
M = Nonce((absNB(pair(B, A)) Abs_NB)))|]
|
||||
==>
|
||||
(Attack(pair(authentication, pair(A, pair(B, M)))) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_6: "[|
|
||||
Request(A, B, Purpose(purposeNA), M, SID(sid)) : BilateralKeyExchange_fp;
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_NA .
|
||||
M = Nonce((absNA(pair(B, A)) Abs_NA)))|]
|
||||
==>
|
||||
(Attack(pair(authentication, pair(A, pair(B, M)))) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_7: "[|
|
||||
Request(A, B, Purpose(purposeK), M, SID(sid)) : BilateralKeyExchange_fp;
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_K .
|
||||
M = SymKey((absK(pair(B, A)) Abs_K)))|]
|
||||
==>
|
||||
(Attack(pair(authentication, pair(A, pair(B, M)))) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_8: "[|
|
||||
State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), SID(sid)] ) : BilateralKeyExchange_fp|]
|
||||
==>
|
||||
(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB)), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB)), Agent(B)))), SID(sid)] ) : BilateralKeyExchange_fp) &
|
||||
(Iknows(pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB)), Agent(B))))) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_9: "[|
|
||||
State(rA, [Agent(A), Step(0), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), SID(sid)] ) : BilateralKeyExchange_fp;
|
||||
Iknows(Agent(B)) : BilateralKeyExchange_fp;
|
||||
Iknows(crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))) : BilateralKeyExchange_fp|]
|
||||
==>
|
||||
(Secret(SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), Agent(B)) : BilateralKeyExchange_fp) &
|
||||
(Witness(Agent(A), Agent(B), Purpose(purposeK), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K))) : BilateralKeyExchange_fp) &
|
||||
(State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)))))), SID(sid)] ) : BilateralKeyExchange_fp) &
|
||||
(Iknows(crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K))))))) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_10: "[|
|
||||
State(rA, [Agent(A), Step(0), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), SID(sid)] ) : BilateralKeyExchange_fp;
|
||||
Iknows(Agent(B)) : BilateralKeyExchange_fp;
|
||||
Iknows(pk(Agent(A))) : BilateralKeyExchange_fp;
|
||||
Iknows(Nonce(NB)) : BilateralKeyExchange_fp|]
|
||||
==>
|
||||
(Secret(SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), Agent(B)) : BilateralKeyExchange_fp) &
|
||||
(Witness(Agent(A), Agent(B), Purpose(purposeK), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K))) : BilateralKeyExchange_fp) &
|
||||
(State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)))))), SID(sid)] ) : BilateralKeyExchange_fp) &
|
||||
(Iknows(crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K))))))) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_11: "[|
|
||||
State(rA, [Agent(A), Step(0), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), SID(sid)] ) : BilateralKeyExchange_fp;
|
||||
Iknows(Agent(B)) : BilateralKeyExchange_fp;
|
||||
Iknows(Agent(A)) : BilateralKeyExchange_fp;
|
||||
Iknows(Nonce(NB)) : BilateralKeyExchange_fp|]
|
||||
==>
|
||||
(Secret(SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), Agent(B)) : BilateralKeyExchange_fp) &
|
||||
(Witness(Agent(A), Agent(B), Purpose(purposeK), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K))) : BilateralKeyExchange_fp) &
|
||||
(State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K)))))), SID(sid)] ) : BilateralKeyExchange_fp) &
|
||||
(Iknows(crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(A), SymKey((absK(pair(Agent(A), Agent(B))) Abs_K))))))) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_12: "[|
|
||||
State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : BilateralKeyExchange_fp;
|
||||
Iknows(crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K)))))) : BilateralKeyExchange_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid)) : BilateralKeyExchange_fp) &
|
||||
(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ) : BilateralKeyExchange_fp) &
|
||||
(Iknows(scrypt(SymKey(K), f(Nonce(NA)))) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_13: "[|
|
||||
State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : BilateralKeyExchange_fp;
|
||||
Iknows(pk(Agent(B))) : BilateralKeyExchange_fp;
|
||||
Iknows(f(Nonce(NB))) : BilateralKeyExchange_fp;
|
||||
Iknows(Nonce(NA)) : BilateralKeyExchange_fp;
|
||||
Iknows(Agent(A)) : BilateralKeyExchange_fp;
|
||||
Iknows(SymKey(K)) : BilateralKeyExchange_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid)) : BilateralKeyExchange_fp) &
|
||||
(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ) : BilateralKeyExchange_fp) &
|
||||
(Iknows(scrypt(SymKey(K), f(Nonce(NA)))) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_14: "[|
|
||||
State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : BilateralKeyExchange_fp;
|
||||
Iknows(pk(Agent(B))) : BilateralKeyExchange_fp;
|
||||
Iknows(Nonce(NB)) : BilateralKeyExchange_fp;
|
||||
Iknows(Nonce(NA)) : BilateralKeyExchange_fp;
|
||||
Iknows(Agent(A)) : BilateralKeyExchange_fp;
|
||||
Iknows(SymKey(K)) : BilateralKeyExchange_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid)) : BilateralKeyExchange_fp) &
|
||||
(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ) : BilateralKeyExchange_fp) &
|
||||
(Iknows(scrypt(SymKey(K), f(Nonce(NA)))) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_15: "[|
|
||||
State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : BilateralKeyExchange_fp;
|
||||
Iknows(Agent(B)) : BilateralKeyExchange_fp;
|
||||
Iknows(f(Nonce(NB))) : BilateralKeyExchange_fp;
|
||||
Iknows(Nonce(NA)) : BilateralKeyExchange_fp;
|
||||
Iknows(Agent(A)) : BilateralKeyExchange_fp;
|
||||
Iknows(SymKey(K)) : BilateralKeyExchange_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid)) : BilateralKeyExchange_fp) &
|
||||
(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ) : BilateralKeyExchange_fp) &
|
||||
(Iknows(scrypt(SymKey(K), f(Nonce(NA)))) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_16: "[|
|
||||
State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : BilateralKeyExchange_fp;
|
||||
Iknows(Agent(B)) : BilateralKeyExchange_fp;
|
||||
Iknows(Nonce(NB)) : BilateralKeyExchange_fp;
|
||||
Iknows(Nonce(NA)) : BilateralKeyExchange_fp;
|
||||
Iknows(Agent(A)) : BilateralKeyExchange_fp;
|
||||
Iknows(SymKey(K)) : BilateralKeyExchange_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeK), SymKey(K), SID(sid)) : BilateralKeyExchange_fp) &
|
||||
(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), pk(Agent(B)), pk(Agent(A)), Agent(A), Nonce(NB), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), SymKey(K), Nonce(NA), f(Nonce(NB)), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ) : BilateralKeyExchange_fp) &
|
||||
(Iknows(scrypt(SymKey(K), f(Nonce(NA)))) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_17: "[|
|
||||
State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), SID(sid)] ) : BilateralKeyExchange_fp;
|
||||
Iknows(scrypt(SymKey(K), f(Nonce(NA)))) : BilateralKeyExchange_fp|]
|
||||
==>
|
||||
(State(rA, [Agent(A), Step(2), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_18: "[|
|
||||
State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), SID(sid)] ) : BilateralKeyExchange_fp;
|
||||
Iknows(SymKey(K)) : BilateralKeyExchange_fp;
|
||||
Iknows(f(Nonce(NA))) : BilateralKeyExchange_fp|]
|
||||
==>
|
||||
(State(rA, [Agent(A), Step(2), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_19: "[|
|
||||
State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), SID(sid)] ) : BilateralKeyExchange_fp;
|
||||
Iknows(SymKey(K)) : BilateralKeyExchange_fp;
|
||||
Iknows(Nonce(NA)) : BilateralKeyExchange_fp|]
|
||||
==>
|
||||
(State(rA, [Agent(A), Step(2), inv(pk(Agent(A))), pk(Agent(B)), pk(Agent(A)), Agent(B), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B))), pair(Agent(B), crypt(pk(Agent(A)), pair(Nonce(NB), Agent(B)))), Nonce(NA), SymKey(K), crypt(pk(Agent(B)), pair(f(Nonce(NB)), pair(Nonce(NA), pair(Agent(A), SymKey(K))))), scrypt(SymKey(K), f(Nonce(NA))), SID(sid)] ) : BilateralKeyExchange_fp)"
|
||||
by(simp only: BilateralKeyExchange_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
|
||||
|
||||
section {* Security Proof(s) (BilateralKeyExchange) *}
|
||||
lemma over_approx: "t : BilateralKeyExchange ==> (set t) <= BilateralKeyExchange_fp"
|
||||
apply(rule BilateralKeyExchange.induct, simp_all)
|
||||
apply(propagate_fp, cut_tac init_0, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_1, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_2, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_3, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_4, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_5, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_6, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_7, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_8, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_9, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_10, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_11, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_0, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_1, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_2, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_3, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_4, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_5, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_6, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_7, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_8, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_9, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_10, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_11, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_12, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_13, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_14, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_15, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_16, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_17, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_18, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_19, (assumption | simp)+)
|
||||
done
|
||||
|
||||
|
||||
|
||||
end (* theory *)
|
|
@ -0,0 +1,488 @@
|
|||
header {* Analysing DenningSacco *}
|
||||
(* ***********************************
|
||||
This file is automatically generated from the AnB file "AnB/Denning-Sacco.AnB".
|
||||
Backend: Open Source Fixedpoint Model Checker version 2009c
|
||||
************************************ *)
|
||||
|
||||
theory
|
||||
"Denning-Sacco"
|
||||
imports
|
||||
ofmc
|
||||
begin
|
||||
|
||||
|
||||
|
||||
section {* Protocol Model (DenningSacco) *}
|
||||
datatype Role = rA | rB | rs
|
||||
|
||||
datatype Purpose = purposeNI | purposeT | purposetimestamp | purposePayload
|
||||
datatype Agent = honest nat
|
||||
| dishonest nat
|
||||
|
||||
datatype Nonce = "ni" "nat"
|
||||
| "timestamp" "nat"
|
||||
| "payload" "Msg" "nat"
|
||||
| "NI"
|
||||
| "T"
|
||||
| "Payload"
|
||||
and Msg = Nonce "Nonce"
|
||||
| Agent "Agent"
|
||||
| Purpose "Purpose"
|
||||
| pair "Msg*Msg"
|
||||
| scrypt "Msg*Msg"
|
||||
| crypt "Msg*Msg"
|
||||
| inv "Msg"
|
||||
| SID "nat"
|
||||
| Step "nat"
|
||||
| authentication
|
||||
| secrecy
|
||||
(* SymKeys *)
|
||||
| SymKey "Msg"
|
||||
| "sk" "Msg" "nat"
|
||||
(* Functions *)
|
||||
|
||||
datatype Fact = Iknows Msg
|
||||
| State "Role * (Msg list)"
|
||||
| Secret "Msg * Msg"
|
||||
| Attack "Msg"
|
||||
| Witness "Msg * Msg * Msg * Msg"
|
||||
| Request "Msg * Msg * Msg * Msg * Msg"
|
||||
|
||||
|
||||
|
||||
|
||||
section {* Inductive Protocol Definition (DenningSacco) *}
|
||||
inductive_set
|
||||
DenningSacco::"Fact list set"
|
||||
where
|
||||
init_0: "[ Iknows(Nonce((ni Abs_NI)))] : DenningSacco"
|
||||
| init_1: "[ Iknows(Agent(dishonest(i)))] : DenningSacco"
|
||||
| init_2: "[ State(rA, [Agent(honest(a)), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(dishonest(i)), SID(sid)] )] : DenningSacco"
|
||||
| init_3: "[ State(rA, [Agent(honest(a)), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(honest(a)), SID(sid)] )] : DenningSacco"
|
||||
| init_4: "[ Iknows(Step(0))] : DenningSacco"
|
||||
| init_5: "[ Iknows(Nonce((timestamp Abs_T)))] : DenningSacco"
|
||||
| init_6: "[ Iknows(SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB)))] : DenningSacco"
|
||||
| init_7: "[ Iknows(SID(sid))] : DenningSacco"
|
||||
| init_8: "[ Iknows(Agent(honest(a)))] : DenningSacco"
|
||||
| init_9: "[ State(rB, [Agent(honest(a)), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(dishonest(i)), SID(sid)] )] : DenningSacco"
|
||||
| init_10: "[ State(rB, [Agent(honest(a)), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(honest(a)), SID(sid)] )] : DenningSacco"
|
||||
| init_11: "[ State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB)), Agent(dishonest(i)), Agent(dishonest(i)), SID(sid)] )] : DenningSacco"
|
||||
| init_12: "[ State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(dishonest(i)), Agent(honest(a)), SID(sid)] )] : DenningSacco"
|
||||
| init_13: "[ State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB)), Agent(honest(a)), Agent(dishonest(i)), SID(sid)] )] : DenningSacco"
|
||||
| init_14: "[ State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(honest(a)), Agent(honest(a)), SID(sid)] )] : DenningSacco"
|
||||
| rule_0: "[| t :DenningSacco;
|
||||
Iknows(crypt(K, M)) : (set t);
|
||||
Iknows(inv(K)) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : DenningSacco"
|
||||
| rule_1: "[| t :DenningSacco;
|
||||
Iknows(crypt(inv(K), M)) : (set t);
|
||||
Iknows(K) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : DenningSacco"
|
||||
| rule_2: "[| t :DenningSacco;
|
||||
Iknows(scrypt(K, M)) : (set t);
|
||||
Iknows(K) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : DenningSacco"
|
||||
| rule_3: "[| t :DenningSacco;
|
||||
Iknows(pair(M1, M2)) : (set t)|]
|
||||
==>
|
||||
((Iknows(M1))
|
||||
#(Iknows(M2))
|
||||
#t) : DenningSacco"
|
||||
| rule_4: "[| t :DenningSacco;
|
||||
Secret(M, Agent(honest(a))) : (set t);
|
||||
Iknows(M) : (set t)|]
|
||||
==>
|
||||
((Attack(pair(secrecy, M)))
|
||||
#t) : DenningSacco"
|
||||
| rule_5: "[| t :DenningSacco;
|
||||
Request(A, B, Purpose(purposePayload), M, SID(sid)) : (set t);
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_Payload .
|
||||
M = Nonce((payload(pair(B, A)) Abs_Payload)))|]
|
||||
==>
|
||||
((Attack(pair(authentication, pair(A, pair(B, M)))))
|
||||
#t) : DenningSacco"
|
||||
| rule_6: "[| t :DenningSacco;
|
||||
Request(A, B, Purpose(purposeKAB), M, SID(sid)) : (set t);
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_KAB .
|
||||
M = SymKey((sk(pair(B, A)) Abs_KAB)))|]
|
||||
==>
|
||||
((Attack(pair(authentication, pair(A, pair(B, M)))))
|
||||
#t) : DenningSacco"
|
||||
| rule_7: "[| t :DenningSacco;
|
||||
State(rA, [Agent(A), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), SID(sid)] ) : (set t)|]
|
||||
==>
|
||||
((State(rA, [Agent(A), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), SID(sid)] ))
|
||||
#(Iknows(pair(Agent(A), Agent(B))))
|
||||
#t) : DenningSacco"
|
||||
| rule_8: "[| t :DenningSacco;
|
||||
State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), Agent(A), SID(sid)] ) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(Agent(B)) : (set t)|]
|
||||
==>
|
||||
((State(rs, [Agent(honest(a)), Step(1), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), Agent(A), pair(Agent(A), Agent(B)), SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), Nonce((timestamp Abs_T)), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), pair(Nonce((timestamp Abs_T)), scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), Nonce((timestamp Abs_T))))))))), SID(sid)] ))
|
||||
#(Iknows(scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), pair(Nonce((timestamp Abs_T)), scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), Nonce((timestamp Abs_T)))))))))))
|
||||
#t) : DenningSacco"
|
||||
| rule_9: "[| t :DenningSacco;
|
||||
State(rA, [Agent(A), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), SID(sid)] ) : (set t);
|
||||
Iknows(scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i))))))) : (set t)|]
|
||||
==>
|
||||
((State(rA, [Agent(A), Step(2), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), SID(sid)] ))
|
||||
#(Iknows(Agent(dishonest(i))))
|
||||
#t) : DenningSacco"
|
||||
| rule_10: "[| t :DenningSacco;
|
||||
State(rA, [Agent(A), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), SID(sid)] ) : (set t);
|
||||
Iknows(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB))) : (set t);
|
||||
Iknows(Agent(B)) : (set t);
|
||||
Iknows(SymKey(KAB)) : (set t);
|
||||
Iknows(Nonce(T)) : (set t);
|
||||
Iknows(Agent(dishonest(i))) : (set t)|]
|
||||
==>
|
||||
((State(rA, [Agent(A), Step(2), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), SID(sid)] ))
|
||||
#(Iknows(Agent(dishonest(i))))
|
||||
#t) : DenningSacco"
|
||||
| rule_11: "[| t :DenningSacco;
|
||||
State(rB, [Agent(B), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), Agent(A), SID(sid)] ) : (set t);
|
||||
Iknows(scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey(KAB), Nonce(T))))) : (set t)|]
|
||||
==>
|
||||
((Secret(Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)), Agent(A)))
|
||||
#(Witness(Agent(B), Agent(A), Purpose(purposePayload), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload))))
|
||||
#(State(rB, [Agent(B), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), Agent(A), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey(KAB), Nonce(T)))), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)), scrypt(SymKey(KAB), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload))), SID(sid)] ))
|
||||
#(Iknows(scrypt(SymKey(KAB), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)))))
|
||||
#t) : DenningSacco"
|
||||
| rule_12: "[| t :DenningSacco;
|
||||
State(rB, [Agent(B), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), Agent(A), SID(sid)] ) : (set t);
|
||||
Iknows(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB))) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(SymKey(KAB)) : (set t);
|
||||
Iknows(Nonce(T)) : (set t)|]
|
||||
==>
|
||||
((Secret(Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)), Agent(A)))
|
||||
#(Witness(Agent(B), Agent(A), Purpose(purposePayload), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload))))
|
||||
#(State(rB, [Agent(B), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), Agent(A), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey(KAB), Nonce(T)))), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)), scrypt(SymKey(KAB), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload))), SID(sid)] ))
|
||||
#(Iknows(scrypt(SymKey(KAB), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)))))
|
||||
#t) : DenningSacco"
|
||||
| rule_13: "[| t :DenningSacco;
|
||||
State(rA, [Agent(A), Step(2), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), SID(sid)] ) : (set t);
|
||||
Iknows(scrypt(SymKey(KAB), Nonce(Payload))) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(A), Agent(B), Purpose(purposePayload), Nonce(Payload), SID(sid)))
|
||||
#(State(rA, [Agent(A), Step(3), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), Nonce(Payload), scrypt(SymKey(KAB), Nonce(Payload)), SID(sid)] ))
|
||||
#t) : DenningSacco"
|
||||
| rule_14: "[| t :DenningSacco;
|
||||
State(rA, [Agent(A), Step(2), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), SID(sid)] ) : (set t);
|
||||
Iknows(SymKey(KAB)) : (set t);
|
||||
Iknows(Nonce(Payload)) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(A), Agent(B), Purpose(purposePayload), Nonce(Payload), SID(sid)))
|
||||
#(State(rA, [Agent(A), Step(3), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), Nonce(Payload), scrypt(SymKey(KAB), Nonce(Payload)), SID(sid)] ))
|
||||
#t) : DenningSacco"
|
||||
|
||||
|
||||
section {* Fixed-point Definition (DenningSacco) *}
|
||||
constdefs DenningSacco_fp::"Fact set""DenningSacco_fp == {m. ( ? Abs_NI0 i8 i9 i10 i11 i12 i13 i14 i15 a10 a11 a12 a13 a14 a15 a16 a17 Abs_KAB5 a18 a19 a20 Abs_KAB6 i7 a5 a6 Abs_KAB3 Abs_T2 a7 a8 Abs_KAB4 a9 Abs_Payload1 sid0 Abs_Payload0 i3 i4 i5 i6 a0 a1 a2 a3 Abs_KAB1 a4 Abs_KAB2 Abs_T1 i0 i1 i2 Abs_KAB0 Abs_T0 .
|
||||
(m = Iknows(Nonce((ni Abs_NI0))))
|
||||
| (m = Iknows(Agent(dishonest(i0))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(0), Nonce((timestamp Abs_T0)), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), Agent(dishonest(i0)), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(0), Nonce((timestamp Abs_T0)), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), Agent(honest(a3)), SID(sid0)] ))
|
||||
| (m = Iknows(Step(0)))
|
||||
| (m = Iknows(Nonce((timestamp Abs_T0))))
|
||||
| (m = Iknows(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0))))
|
||||
| (m = Iknows(SID(sid0)))
|
||||
| (m = Iknows(Agent(honest(a0))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(0), Nonce((timestamp Abs_T0)), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), Agent(dishonest(i0)), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(0), Nonce((timestamp Abs_T0)), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), Agent(honest(a3)), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(0), SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))) Abs_KAB0)), SymKey((sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))) Abs_KAB1)), Agent(dishonest(i2)), Agent(dishonest(i3)), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(0), SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))) Abs_KAB0)), SymKey((sk(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_KAB1)), Agent(dishonest(i1)), Agent(honest(a4)), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(0), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a3)))) Abs_KAB1)), Agent(honest(a4)), Agent(dishonest(i1)), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(0), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), SymKey((sk(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_KAB1)), Agent(honest(a5)), Agent(honest(a6)), SID(sid0)] ))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), Nonce((timestamp Abs_T0)), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), Agent(dishonest(i0)), pair(Agent(honest(a3)), Agent(dishonest(i1))), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), Nonce((timestamp Abs_T0)), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), Agent(honest(a3)), pair(Agent(honest(a4)), Agent(honest(a5))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))) Abs_KAB0)), SymKey((sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))) Abs_KAB1)), Agent(dishonest(i2)), Agent(dishonest(i3)), pair(Agent(dishonest(i4)), Agent(dishonest(i5))), SymKey((sk(pair(Agent(dishonest(i6)), Agent(dishonest(i7)))) Abs_KAB2)), Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i8)), Agent(honest(a3)))) Abs_KAB3)), pair(Agent(dishonest(i9)), pair(SymKey((sk(pair(Agent(dishonest(i10)), Agent(dishonest(i11)))) Abs_KAB4)), pair(Nonce((timestamp Abs_T1)), scrypt(SymKey((sk(pair(Agent(dishonest(i12)), Agent(honest(a4)))) Abs_KAB5)), pair(Agent(dishonest(i13)), pair(SymKey((sk(pair(Agent(dishonest(i14)), Agent(dishonest(i15)))) Abs_KAB6)), Nonce((timestamp Abs_T2))))))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))) Abs_KAB0)), SymKey((sk(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_KAB1)), Agent(dishonest(i1)), Agent(honest(a4)), pair(Agent(honest(a5)), Agent(dishonest(i2))), SymKey((sk(pair(Agent(honest(a6)), Agent(dishonest(i3)))) Abs_KAB2)), Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_KAB3)), pair(Agent(dishonest(i4)), pair(SymKey((sk(pair(Agent(honest(a9)), Agent(dishonest(i5)))) Abs_KAB4)), pair(Nonce((timestamp Abs_T1)), scrypt(SymKey((sk(pair(Agent(dishonest(i6)), Agent(honest(a10)))) Abs_KAB5)), pair(Agent(honest(a11)), pair(SymKey((sk(pair(Agent(honest(a12)), Agent(dishonest(i7)))) Abs_KAB6)), Nonce((timestamp Abs_T2))))))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a3)))) Abs_KAB1)), Agent(honest(a4)), Agent(dishonest(i1)), pair(Agent(dishonest(i2)), Agent(honest(a5))), SymKey((sk(pair(Agent(dishonest(i3)), Agent(honest(a6)))) Abs_KAB2)), Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i4)), Agent(honest(a7)))) Abs_KAB3)), pair(Agent(honest(a8)), pair(SymKey((sk(pair(Agent(dishonest(i5)), Agent(honest(a9)))) Abs_KAB4)), pair(Nonce((timestamp Abs_T1)), scrypt(SymKey((sk(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_KAB5)), pair(Agent(dishonest(i6)), pair(SymKey((sk(pair(Agent(dishonest(i7)), Agent(honest(a12)))) Abs_KAB6)), Nonce((timestamp Abs_T2))))))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), SymKey((sk(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_KAB1)), Agent(honest(a5)), Agent(honest(a6)), pair(Agent(honest(a7)), Agent(honest(a8))), SymKey((sk(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_KAB2)), Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_KAB3)), pair(Agent(honest(a13)), pair(SymKey((sk(pair(Agent(honest(a14)), Agent(honest(a15)))) Abs_KAB4)), pair(Nonce((timestamp Abs_T1)), scrypt(SymKey((sk(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_KAB5)), pair(Agent(honest(a18)), pair(SymKey((sk(pair(Agent(honest(a19)), Agent(honest(a20)))) Abs_KAB6)), Nonce((timestamp Abs_T2))))))))), SID(sid0)] ))
|
||||
| (m = Iknows(scrypt(SymKey((sk(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_KAB0)), pair(Agent(honest(a2)), pair(SymKey((sk(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_KAB1)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_KAB2)), pair(Agent(honest(a7)), pair(SymKey((sk(pair(Agent(honest(a8)), Agent(honest(a9)))) Abs_KAB3)), Nonce((timestamp Abs_T1)))))))))))
|
||||
| (m = Iknows(scrypt(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Agent(honest(a1)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))) Abs_KAB1)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_KAB2)), pair(Agent(dishonest(i2)), pair(SymKey((sk(pair(Agent(dishonest(i3)), Agent(honest(a5)))) Abs_KAB3)), Nonce((timestamp Abs_T1)))))))))))
|
||||
| (m = Iknows(scrypt(SymKey((sk(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_KAB0)), pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_KAB1)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a3)))) Abs_KAB2)), pair(Agent(honest(a4)), pair(SymKey((sk(pair(Agent(honest(a5)), Agent(dishonest(i3)))) Abs_KAB3)), Nonce((timestamp Abs_T1)))))))))))
|
||||
| (m = Iknows(scrypt(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(dishonest(i3)))) Abs_KAB1)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i4)), Agent(honest(a1)))) Abs_KAB2)), pair(Agent(dishonest(i5)), pair(SymKey((sk(pair(Agent(dishonest(i6)), Agent(dishonest(i7)))) Abs_KAB3)), Nonce((timestamp Abs_T1)))))))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
|
||||
| (m = Iknows(pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(dishonest(i3)))) Abs_KAB1)), Nonce((timestamp Abs_T1))))))))
|
||||
| (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a0)))) Abs_KAB1)), pair(Agent(dishonest(i3)), pair(SymKey((sk(pair(Agent(dishonest(i4)), Agent(dishonest(i5)))) Abs_KAB2)), Nonce((timestamp Abs_T1)))))))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i3)), Agent(honest(a0)))) Abs_KAB1)), pair(Agent(dishonest(i4)), pair(SymKey((sk(pair(Agent(dishonest(i5)), Agent(dishonest(i6)))) Abs_KAB2)), Nonce((timestamp Abs_T1))))))))))
|
||||
| (m = Iknows(pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_KAB0)), pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))) Abs_KAB1)), Nonce((timestamp Abs_T1))))))))
|
||||
| (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB1)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a3)))) Abs_KAB2)), Nonce((timestamp Abs_T1)))))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_KAB1)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a4)))) Abs_KAB2)), Nonce((timestamp Abs_T1))))))))))
|
||||
| (m = Iknows(scrypt(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(dishonest(i3)))) Abs_KAB1)), Nonce((timestamp Abs_T0)))))))
|
||||
| (m = Iknows(SymKey((sk(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_KAB0))))
|
||||
| (m = Iknows(scrypt(SymKey((sk(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_KAB0)), pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))) Abs_KAB1)), Nonce((timestamp Abs_T0)))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
|
||||
| (m = Iknows(pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(dishonest(i3)))) Abs_KAB1)), Nonce((timestamp Abs_T1))))))))
|
||||
| (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a0)))) Abs_KAB1)), pair(Agent(dishonest(i3)), pair(SymKey((sk(pair(Agent(dishonest(i4)), Agent(dishonest(i5)))) Abs_KAB2)), Nonce((timestamp Abs_T1)))))))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i3)), Agent(honest(a0)))) Abs_KAB1)), pair(Agent(dishonest(i4)), pair(SymKey((sk(pair(Agent(dishonest(i5)), Agent(dishonest(i6)))) Abs_KAB2)), Nonce((timestamp Abs_T1))))))))))
|
||||
| (m = Iknows(pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_KAB0)), pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))) Abs_KAB1)), Nonce((timestamp Abs_T1))))))))
|
||||
| (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB1)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a3)))) Abs_KAB2)), Nonce((timestamp Abs_T1)))))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_KAB1)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a4)))) Abs_KAB2)), Nonce((timestamp Abs_T1))))))))))
|
||||
| (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_KAB0)), Nonce((timestamp Abs_T0)))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((timestamp Abs_T0))))))
|
||||
| (m = Secret(Nonce((payload(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_Payload0)), Agent(dishonest(i1))))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposePayload), Nonce((payload(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_Payload0))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), Nonce((timestamp Abs_T0)), SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB0)), Agent(dishonest(i0)), Nonce((timestamp Abs_T1)), SymKey((sk(pair(Agent(dishonest(i1)), Agent(honest(a3)))) Abs_KAB1)), scrypt(SymKey((sk(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_KAB2)), pair(Agent(dishonest(i2)), pair(SymKey((sk(pair(Agent(dishonest(i3)), Agent(honest(a6)))) Abs_KAB3)), Nonce((timestamp Abs_T2))))), Nonce((payload(pair(Agent(honest(a7)), Agent(dishonest(i4)))) Abs_Payload0)), scrypt(SymKey((sk(pair(Agent(dishonest(i5)), Agent(honest(a8)))) Abs_KAB4)), Nonce((payload(pair(Agent(honest(a9)), Agent(dishonest(i6)))) Abs_Payload1))), SID(sid0)] ))
|
||||
| (m = Iknows(scrypt(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), Nonce((payload(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_Payload0)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
|
||||
| (m = Iknows(pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(dishonest(i3)))) Abs_KAB1)), Nonce((timestamp Abs_T1))))))))
|
||||
| (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a0)))) Abs_KAB1)), pair(Agent(dishonest(i3)), pair(SymKey((sk(pair(Agent(dishonest(i4)), Agent(dishonest(i5)))) Abs_KAB2)), Nonce((timestamp Abs_T1)))))))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i3)), Agent(honest(a0)))) Abs_KAB1)), pair(Agent(dishonest(i4)), pair(SymKey((sk(pair(Agent(dishonest(i5)), Agent(dishonest(i6)))) Abs_KAB2)), Nonce((timestamp Abs_T1))))))))))
|
||||
| (m = Iknows(pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_KAB0)), pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))) Abs_KAB1)), Nonce((timestamp Abs_T1))))))))
|
||||
| (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB1)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a3)))) Abs_KAB2)), Nonce((timestamp Abs_T1)))))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_KAB1)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a4)))) Abs_KAB2)), Nonce((timestamp Abs_T1))))))))))
|
||||
| (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_KAB0)), Nonce((timestamp Abs_T0)))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((timestamp Abs_T0))))))
|
||||
| (m = Iknows(Nonce((payload(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_Payload0))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
|
||||
| (m = Iknows(pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(dishonest(i3)))) Abs_KAB1)), Nonce((timestamp Abs_T1))))))))
|
||||
| (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a0)))) Abs_KAB1)), pair(Agent(dishonest(i3)), pair(SymKey((sk(pair(Agent(dishonest(i4)), Agent(dishonest(i5)))) Abs_KAB2)), Nonce((timestamp Abs_T1)))))))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(dishonest(i3)), Agent(honest(a0)))) Abs_KAB1)), pair(Agent(dishonest(i4)), pair(SymKey((sk(pair(Agent(dishonest(i5)), Agent(dishonest(i6)))) Abs_KAB2)), Nonce((timestamp Abs_T1))))))))))
|
||||
| (m = Iknows(pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_KAB0)), pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))) Abs_KAB1)), Nonce((timestamp Abs_T1))))))))
|
||||
| (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_KAB1)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a3)))) Abs_KAB2)), Nonce((timestamp Abs_T1)))))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(honest(a1)))) Abs_KAB0)), pair(Nonce((timestamp Abs_T0)), scrypt(SymKey((sk(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_KAB1)), pair(Agent(dishonest(i1)), pair(SymKey((sk(pair(Agent(dishonest(i2)), Agent(honest(a4)))) Abs_KAB2)), Nonce((timestamp Abs_T1))))))))))
|
||||
| (m = Iknows(pair(SymKey((sk(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_KAB0)), Nonce((timestamp Abs_T0)))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), pair(SymKey((sk(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((timestamp Abs_T0))))))
|
||||
)}"
|
||||
|
||||
|
||||
section {* Checking Fixed-point (DenningSacco) *}
|
||||
lemma fp_attack_free: "~ (Attack m : DenningSacco_fp)"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_0: "Iknows(Nonce((ni Abs_NI))) : DenningSacco_fp"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_1: "Iknows(Agent(dishonest(i))) : DenningSacco_fp"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_2: "State(rA, [Agent(honest(a)), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(dishonest(i)), SID(sid)] ) : DenningSacco_fp"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_3: "State(rA, [Agent(honest(a)), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(honest(a)), SID(sid)] ) : DenningSacco_fp"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_4: "Iknows(Step(0)) : DenningSacco_fp"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_5: "Iknows(Nonce((timestamp Abs_T))) : DenningSacco_fp"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_6: "Iknows(SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB))) : DenningSacco_fp"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_7: "Iknows(SID(sid)) : DenningSacco_fp"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_8: "Iknows(Agent(honest(a))) : DenningSacco_fp"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_9: "State(rB, [Agent(honest(a)), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(dishonest(i)), SID(sid)] ) : DenningSacco_fp"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_10: "State(rB, [Agent(honest(a)), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(honest(a)), SID(sid)] ) : DenningSacco_fp"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_11: "State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB)), Agent(dishonest(i)), Agent(dishonest(i)), SID(sid)] ) : DenningSacco_fp"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_12: "State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(dishonest(i)), Agent(honest(a)), SID(sid)] ) : DenningSacco_fp"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_13: "State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(dishonest(i)), Agent(honest(a)))) Abs_KAB)), Agent(honest(a)), Agent(dishonest(i)), SID(sid)] ) : DenningSacco_fp"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_14: "State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(honest(a)), Agent(honest(a)))) Abs_KAB)), Agent(honest(a)), Agent(honest(a)), SID(sid)] ) : DenningSacco_fp"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_0: "[|
|
||||
Iknows(crypt(K, M)) : DenningSacco_fp;
|
||||
Iknows(inv(K)) : DenningSacco_fp|]
|
||||
==>
|
||||
(Iknows(M) : DenningSacco_fp)"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_1: "[|
|
||||
Iknows(crypt(inv(K), M)) : DenningSacco_fp;
|
||||
Iknows(K) : DenningSacco_fp|]
|
||||
==>
|
||||
(Iknows(M) : DenningSacco_fp)"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_2: "[|
|
||||
Iknows(scrypt(K, M)) : DenningSacco_fp;
|
||||
Iknows(K) : DenningSacco_fp|]
|
||||
==>
|
||||
(Iknows(M) : DenningSacco_fp)"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_3: "[|
|
||||
Iknows(pair(M1, M2)) : DenningSacco_fp|]
|
||||
==>
|
||||
(Iknows(M1) : DenningSacco_fp) &
|
||||
(Iknows(M2) : DenningSacco_fp)"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_4: "[|
|
||||
Secret(M, Agent(honest(a))) : DenningSacco_fp;
|
||||
Iknows(M) : DenningSacco_fp|]
|
||||
==>
|
||||
(Attack(pair(secrecy, M)) : DenningSacco_fp)"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_5: "[|
|
||||
Request(A, B, Purpose(purposePayload), M, SID(sid)) : DenningSacco_fp;
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_Payload .
|
||||
M = Nonce((payload(pair(B, A)) Abs_Payload)))|]
|
||||
==>
|
||||
(Attack(pair(authentication, pair(A, pair(B, M)))) : DenningSacco_fp)"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_6: "[|
|
||||
Request(A, B, Purpose(purposeKAB), M, SID(sid)) : DenningSacco_fp;
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_KAB .
|
||||
M = SymKey((sk(pair(B, A)) Abs_KAB)))|]
|
||||
==>
|
||||
(Attack(pair(authentication, pair(A, pair(B, M)))) : DenningSacco_fp)"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_7: "[|
|
||||
State(rA, [Agent(A), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), SID(sid)] ) : DenningSacco_fp|]
|
||||
==>
|
||||
(State(rA, [Agent(A), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), SID(sid)] ) : DenningSacco_fp) &
|
||||
(Iknows(pair(Agent(A), Agent(B))) : DenningSacco_fp)"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_8: "[|
|
||||
State(rs, [Agent(honest(a)), Step(0), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), Agent(A), SID(sid)] ) : DenningSacco_fp;
|
||||
Iknows(Agent(A)) : DenningSacco_fp;
|
||||
Iknows(Agent(B)) : DenningSacco_fp|]
|
||||
==>
|
||||
(State(rs, [Agent(honest(a)), Step(1), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), Agent(A), pair(Agent(A), Agent(B)), SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), Nonce((timestamp Abs_T)), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), pair(Nonce((timestamp Abs_T)), scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), Nonce((timestamp Abs_T))))))))), SID(sid)] ) : DenningSacco_fp) &
|
||||
(Iknows(scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), pair(Nonce((timestamp Abs_T)), scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey((sk(pair(Agent(A), Agent(B))) Abs_KAB)), Nonce((timestamp Abs_T)))))))))) : DenningSacco_fp)"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_9: "[|
|
||||
State(rA, [Agent(A), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), SID(sid)] ) : DenningSacco_fp;
|
||||
Iknows(scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i))))))) : DenningSacco_fp|]
|
||||
==>
|
||||
(State(rA, [Agent(A), Step(2), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), SID(sid)] ) : DenningSacco_fp) &
|
||||
(Iknows(Agent(dishonest(i))) : DenningSacco_fp)"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_10: "[|
|
||||
State(rA, [Agent(A), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), SID(sid)] ) : DenningSacco_fp;
|
||||
Iknows(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB))) : DenningSacco_fp;
|
||||
Iknows(Agent(B)) : DenningSacco_fp;
|
||||
Iknows(SymKey(KAB)) : DenningSacco_fp;
|
||||
Iknows(Nonce(T)) : DenningSacco_fp;
|
||||
Iknows(Agent(dishonest(i))) : DenningSacco_fp|]
|
||||
==>
|
||||
(State(rA, [Agent(A), Step(2), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), SID(sid)] ) : DenningSacco_fp) &
|
||||
(Iknows(Agent(dishonest(i))) : DenningSacco_fp)"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_11: "[|
|
||||
State(rB, [Agent(B), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), Agent(A), SID(sid)] ) : DenningSacco_fp;
|
||||
Iknows(scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey(KAB), Nonce(T))))) : DenningSacco_fp|]
|
||||
==>
|
||||
(Secret(Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)), Agent(A)) : DenningSacco_fp) &
|
||||
(Witness(Agent(B), Agent(A), Purpose(purposePayload), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload))) : DenningSacco_fp) &
|
||||
(State(rB, [Agent(B), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), Agent(A), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey(KAB), Nonce(T)))), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)), scrypt(SymKey(KAB), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload))), SID(sid)] ) : DenningSacco_fp) &
|
||||
(Iknows(scrypt(SymKey(KAB), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)))) : DenningSacco_fp)"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_12: "[|
|
||||
State(rB, [Agent(B), Step(0), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), Agent(A), SID(sid)] ) : DenningSacco_fp;
|
||||
Iknows(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB))) : DenningSacco_fp;
|
||||
Iknows(Agent(A)) : DenningSacco_fp;
|
||||
Iknows(SymKey(KAB)) : DenningSacco_fp;
|
||||
Iknows(Nonce(T)) : DenningSacco_fp|]
|
||||
==>
|
||||
(Secret(Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)), Agent(A)) : DenningSacco_fp) &
|
||||
(Witness(Agent(B), Agent(A), Purpose(purposePayload), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload))) : DenningSacco_fp) &
|
||||
(State(rB, [Agent(B), Step(1), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), Agent(A), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(B), Agent(honest(a)))) Abs_KAB)), pair(Agent(A), pair(SymKey(KAB), Nonce(T)))), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)), scrypt(SymKey(KAB), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload))), SID(sid)] ) : DenningSacco_fp) &
|
||||
(Iknows(scrypt(SymKey(KAB), Nonce((payload(pair(Agent(B), Agent(A))) Abs_Payload)))) : DenningSacco_fp)"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_13: "[|
|
||||
State(rA, [Agent(A), Step(2), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), SID(sid)] ) : DenningSacco_fp;
|
||||
Iknows(scrypt(SymKey(KAB), Nonce(Payload))) : DenningSacco_fp|]
|
||||
==>
|
||||
(Request(Agent(A), Agent(B), Purpose(purposePayload), Nonce(Payload), SID(sid)) : DenningSacco_fp) &
|
||||
(State(rA, [Agent(A), Step(3), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), Nonce(Payload), scrypt(SymKey(KAB), Nonce(Payload)), SID(sid)] ) : DenningSacco_fp)"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_14: "[|
|
||||
State(rA, [Agent(A), Step(2), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), SID(sid)] ) : DenningSacco_fp;
|
||||
Iknows(SymKey(KAB)) : DenningSacco_fp;
|
||||
Iknows(Nonce(Payload)) : DenningSacco_fp|]
|
||||
==>
|
||||
(Request(Agent(A), Agent(B), Purpose(purposePayload), Nonce(Payload), SID(sid)) : DenningSacco_fp) &
|
||||
(State(rA, [Agent(A), Step(3), Nonce((timestamp Abs_T)), SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), Agent(B), pair(Agent(A), Agent(B)), Agent(dishonest(i)), Nonce(T), SymKey(KAB), scrypt(SymKey((sk(pair(Agent(A), Agent(honest(a)))) Abs_KAB)), pair(Agent(B), pair(SymKey(KAB), pair(Nonce(T), Agent(dishonest(i)))))), Nonce(Payload), scrypt(SymKey(KAB), Nonce(Payload)), SID(sid)] ) : DenningSacco_fp)"
|
||||
by(simp only: DenningSacco_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
|
||||
|
||||
section {* Security Proof(s) (DenningSacco) *}
|
||||
lemma over_approx: "t : DenningSacco ==> (set t) <= DenningSacco_fp"
|
||||
apply(rule DenningSacco.induct, simp_all)
|
||||
apply(propagate_fp, cut_tac init_0, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_1, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_2, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_3, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_4, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_5, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_6, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_7, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_8, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_9, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_10, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_11, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_12, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_13, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_14, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_0, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_1, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_2, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_3, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_4, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_5, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_6, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_7, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_8, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_9, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_10, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_11, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_12, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_13, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_14, (assumption | simp)+)
|
||||
done
|
||||
|
||||
|
||||
|
||||
end (* theory *)
|
|
@ -0,0 +1,484 @@
|
|||
header {* Analysing ISO_onepass_pk *}
|
||||
(* ***********************************
|
||||
This file is automatically generated from the AnB file "AnB/ISOpubKeyOnePassUnilateralAuthProt.AnB".
|
||||
Backend: Open Source Fixedpoint Model Checker version 2009c
|
||||
************************************ *)
|
||||
|
||||
theory
|
||||
"ISOpubKeyOnePassUnilateralAuthProt"
|
||||
imports
|
||||
ofmc
|
||||
begin
|
||||
|
||||
|
||||
|
||||
section {* Protocol Model (ISO_onepass_pk) *}
|
||||
datatype Role = rA | rB | rs
|
||||
|
||||
datatype Purpose = purposeNI | purposeNA | purposeText1
|
||||
datatype Agent = honest nat
|
||||
| dishonest nat
|
||||
|
||||
datatype Nonce = "ni" "nat"
|
||||
| "absNA" "Msg" "nat"
|
||||
| "absText1" "Msg" "nat"
|
||||
| "NI"
|
||||
| "NA"
|
||||
| "Text1"
|
||||
and Msg = Nonce "Nonce"
|
||||
| Agent "Agent"
|
||||
| Purpose "Purpose"
|
||||
| pair "Msg*Msg"
|
||||
| scrypt "Msg*Msg"
|
||||
| crypt "Msg*Msg"
|
||||
| inv "Msg"
|
||||
| SID "nat"
|
||||
| Step "nat"
|
||||
| authentication
|
||||
| secrecy
|
||||
(* SymKeys *)
|
||||
| SymKey "Msg"
|
||||
(* Functions *)
|
||||
| "pk" "Msg"
|
||||
|
||||
datatype Fact = Iknows Msg
|
||||
| State "Role * (Msg list)"
|
||||
| Secret "Msg * Msg"
|
||||
| Attack "Msg"
|
||||
| Witness "Msg * Msg * Msg * Msg"
|
||||
| Request "Msg * Msg * Msg * Msg * Msg"
|
||||
|
||||
|
||||
|
||||
|
||||
section {* Inductive Protocol Definition (ISO_onepass_pk) *}
|
||||
inductive_set
|
||||
ISO_onepass_pk::"Fact list set"
|
||||
where
|
||||
init_0: "[ Iknows(Nonce((ni Abs_NI)))] : ISO_onepass_pk"
|
||||
| init_1: "[ Iknows(Agent(dishonest(i)))] : ISO_onepass_pk"
|
||||
| init_2: "[ State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), crypt(inv(pk(Agent(honest(a)))), pair(Agent(honest(a)), pk(Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] )] : ISO_onepass_pk"
|
||||
| init_3: "[ State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), crypt(inv(pk(Agent(honest(a)))), pair(Agent(honest(a)), pk(Agent(honest(a))))), Agent(honest(a)), SID(sid)] )] : ISO_onepass_pk"
|
||||
| init_4: "[ Iknows(Step(0))] : ISO_onepass_pk"
|
||||
| init_5: "[ Iknows(inv(pk(Agent(dishonest(i)))))] : ISO_onepass_pk"
|
||||
| init_6: "[ Iknows(pk(Agent(dishonest(i))))] : ISO_onepass_pk"
|
||||
| init_7: "[ Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(dishonest(i)), pk(Agent(dishonest(i))))))] : ISO_onepass_pk"
|
||||
| init_8: "[ Iknows(SID(sid))] : ISO_onepass_pk"
|
||||
| init_9: "[ Iknows(Agent(honest(a)))] : ISO_onepass_pk"
|
||||
| init_10: "[ State(rB, [Agent(honest(a)), Step(0), pk(Agent(honest(a))), SID(sid)] )] : ISO_onepass_pk"
|
||||
| init_11: "[ Iknows(pk(Agent(honest(a))))] : ISO_onepass_pk"
|
||||
| rule_0: "[| t :ISO_onepass_pk;
|
||||
Iknows(crypt(K, M)) : (set t);
|
||||
Iknows(inv(K)) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : ISO_onepass_pk"
|
||||
| rule_1: "[| t :ISO_onepass_pk;
|
||||
Iknows(crypt(inv(K), M)) : (set t);
|
||||
Iknows(K) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : ISO_onepass_pk"
|
||||
| rule_2: "[| t :ISO_onepass_pk;
|
||||
Iknows(scrypt(K, M)) : (set t);
|
||||
Iknows(K) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : ISO_onepass_pk"
|
||||
| rule_3: "[| t :ISO_onepass_pk;
|
||||
Iknows(pair(M1, M2)) : (set t)|]
|
||||
==>
|
||||
((Iknows(M1))
|
||||
#(Iknows(M2))
|
||||
#t) : ISO_onepass_pk"
|
||||
| rule_4: "[| t :ISO_onepass_pk;
|
||||
Secret(M, Agent(honest(a))) : (set t);
|
||||
Iknows(M) : (set t)|]
|
||||
==>
|
||||
((Attack(pair(secrecy, M)))
|
||||
#t) : ISO_onepass_pk"
|
||||
| rule_5: "[| t :ISO_onepass_pk;
|
||||
Request(A, B, Purpose(purposeNA), M, SID(sid)) : (set t);
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_NA .
|
||||
M = Nonce((absNA(pair(B, A)) Abs_NA)))|]
|
||||
==>
|
||||
((Attack(pair(authentication, pair(A, pair(B, M)))))
|
||||
#t) : ISO_onepass_pk"
|
||||
| rule_6: "[| t :ISO_onepass_pk;
|
||||
Request(A, B, Purpose(purposeText1), M, SID(sid)) : (set t);
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_Text1 .
|
||||
M = Nonce((absText1(pair(B, A)) Abs_Text1)))|]
|
||||
==>
|
||||
((Attack(pair(authentication, pair(A, pair(B, M)))))
|
||||
#t) : ISO_onepass_pk"
|
||||
| rule_7: "[| t :ISO_onepass_pk;
|
||||
State(rA, [Agent(A), Step(0), inv(pk(Agent(A))), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Agent(B), SID(sid)] ) : (set t)|]
|
||||
==>
|
||||
((Witness(Agent(A), Agent(B), Purpose(purposeText1), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1))))
|
||||
#(State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Agent(B), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1)), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(B), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1)))))), SID(sid)] ))
|
||||
#(Iknows(pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(B), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1))))))))
|
||||
#t) : ISO_onepass_pk"
|
||||
| rule_8: "[| t :ISO_onepass_pk;
|
||||
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : (set t);
|
||||
Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : (set t);
|
||||
Iknows(crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ))
|
||||
#t) : ISO_onepass_pk"
|
||||
| rule_9: "[| t :ISO_onepass_pk;
|
||||
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : (set t);
|
||||
Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : (set t);
|
||||
Iknows(inv(pk(Agent(A)))) : (set t);
|
||||
Iknows(Nonce(NA)) : (set t);
|
||||
Iknows(Agent(B)) : (set t);
|
||||
Iknows(Nonce(Text1)) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ))
|
||||
#t) : ISO_onepass_pk"
|
||||
| rule_10: "[| t :ISO_onepass_pk;
|
||||
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : (set t);
|
||||
Iknows(inv(pk(Agent(honest(a))))) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(pk(Agent(A))) : (set t);
|
||||
Iknows(crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ))
|
||||
#t) : ISO_onepass_pk"
|
||||
| rule_11: "[| t :ISO_onepass_pk;
|
||||
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : (set t);
|
||||
Iknows(inv(pk(Agent(honest(a))))) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(pk(Agent(A))) : (set t);
|
||||
Iknows(inv(pk(Agent(A)))) : (set t);
|
||||
Iknows(Nonce(NA)) : (set t);
|
||||
Iknows(Agent(B)) : (set t);
|
||||
Iknows(Nonce(Text1)) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ))
|
||||
#t) : ISO_onepass_pk"
|
||||
| rule_12: "[| t :ISO_onepass_pk;
|
||||
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : (set t);
|
||||
Iknows(inv(pk(Agent(honest(a))))) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ))
|
||||
#t) : ISO_onepass_pk"
|
||||
| rule_13: "[| t :ISO_onepass_pk;
|
||||
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : (set t);
|
||||
Iknows(inv(pk(Agent(honest(a))))) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(inv(pk(Agent(A)))) : (set t);
|
||||
Iknows(Nonce(NA)) : (set t);
|
||||
Iknows(Agent(B)) : (set t);
|
||||
Iknows(Nonce(Text1)) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ))
|
||||
#t) : ISO_onepass_pk"
|
||||
|
||||
|
||||
section {* Fixed-point Definition (ISO_onepass_pk) *}
|
||||
constdefs ISO_onepass_pk_fp::"Fact set""ISO_onepass_pk_fp == {m. ( ? Abs_NI3 Abs_NI4 Abs_NI5 a18 a19 a20 a21 a22 a23 a24 a25 i11 i12 i13 Abs_Text13 Abs_Text14 Abs_Text15 Abs_NA3 a12 a13 a14 Abs_NA4 a15 a16 a17 Abs_NA5 i8 i9 i10 Abs_Text11 Abs_Text12 Abs_NI0 Abs_NI1 Abs_NA1 i3 i4 i5 i6 i7 Abs_NI2 a9 a10 a11 Abs_NA2 sid0 a6 a7 a8 a5 i0 i1 i2 a0 a1 Abs_NA0 a2 a3 a4 Abs_Text10 .
|
||||
(m = Iknows(Nonce((ni Abs_NI0))))
|
||||
| (m = Iknows(Agent(dishonest(i0))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), crypt(inv(pk(Agent(honest(a3)))), pair(Agent(honest(a4)), pk(Agent(honest(a5))))), Agent(dishonest(i0)), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), crypt(inv(pk(Agent(honest(a3)))), pair(Agent(honest(a4)), pk(Agent(honest(a5))))), Agent(honest(a6)), SID(sid0)] ))
|
||||
| (m = Iknows(Step(0)))
|
||||
| (m = Iknows(inv(pk(Agent(dishonest(i0))))))
|
||||
| (m = Iknows(pk(Agent(dishonest(i0)))))
|
||||
| (m = Iknows(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1)))))))
|
||||
| (m = Iknows(SID(sid0)))
|
||||
| (m = Iknows(Agent(honest(a0))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(0), pk(Agent(honest(a1))), SID(sid0)] ))
|
||||
| (m = Iknows(pk(Agent(honest(a0)))))
|
||||
| (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA0)), pair(Agent(honest(a6)), Nonce((absText1(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_Text10))))))))
|
||||
| (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_Text10))))))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText1), Nonce((absText1(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_Text10))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), crypt(inv(pk(Agent(honest(a3)))), pair(Agent(honest(a4)), pk(Agent(honest(a5))))), Agent(dishonest(i0)), Nonce((absNA(pair(Agent(honest(a6)), Agent(dishonest(i1)))) Abs_NA0)), Nonce((absText1(pair(Agent(honest(a7)), Agent(dishonest(i2)))) Abs_Text10)), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(honest(a9)), pk(Agent(honest(a10))))), crypt(inv(pk(Agent(honest(a11)))), pair(Nonce((absNA(pair(Agent(honest(a12)), Agent(dishonest(i3)))) Abs_NA1)), pair(Agent(dishonest(i4)), Nonce((absText1(pair(Agent(honest(a13)), Agent(dishonest(i5)))) Abs_Text11)))))), SID(sid0)] ))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeText1), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), pk(Agent(honest(a2))), crypt(inv(pk(Agent(honest(a3)))), pair(Agent(honest(a4)), pk(Agent(honest(a5))))), Agent(honest(a6)), Nonce((absNA(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_NA0)), Nonce((absText1(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_Text10)), pair(crypt(inv(pk(Agent(honest(a11)))), pair(Agent(honest(a12)), pk(Agent(honest(a13))))), crypt(inv(pk(Agent(honest(a14)))), pair(Nonce((absNA(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_NA1)), pair(Agent(honest(a17)), Nonce((absText1(pair(Agent(honest(a18)), Agent(honest(a19)))) Abs_Text11)))))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText1), Nonce((ni Abs_NI0)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((ni Abs_NI0)), Nonce((ni Abs_NI1)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a2)), Nonce((ni Abs_NI3))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a3)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a4)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((ni Abs_NI4)), pair(Agent(honest(a5)), Nonce((ni Abs_NI5)))))), SID(sid0)] ))
|
||||
| (m = Iknows(crypt(inv(pk(Agent(honest(a0)))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NA0)), pair(Agent(honest(a3)), Nonce((absText1(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_Text10)))))))
|
||||
| (m = Iknows(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2)))))))
|
||||
| (m = Iknows(crypt(inv(pk(Agent(honest(a0)))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_Text10)))))))
|
||||
| (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA0)), pair(Agent(honest(a6)), Nonce((absText1(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_Text10))))))))
|
||||
| (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_Text10))))))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), Nonce((absText1(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text10)))))
|
||||
| (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_Text10))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Nonce((absText1(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_Text10)))))
|
||||
| (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NA0)), pair(Agent(honest(a2)), Nonce((absText1(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_Text10))))))
|
||||
| (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeText1), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA0)), crypt(inv(pk(Agent(honest(a6)))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_NA1)), pair(Agent(honest(a9)), Nonce((absText1(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_Text11))))), pk(Agent(honest(a12))), Agent(honest(a13)), crypt(inv(pk(Agent(honest(a14)))), pair(Agent(honest(a15)), pk(Agent(honest(a16))))), pair(crypt(inv(pk(Agent(honest(a17)))), pair(Agent(honest(a18)), pk(Agent(honest(a19))))), crypt(inv(pk(Agent(honest(a20)))), pair(Nonce((absNA(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_NA2)), pair(Agent(honest(a23)), Nonce((absText1(pair(Agent(honest(a24)), Agent(honest(a25)))) Abs_Text12)))))), SID(sid0)] ))
|
||||
| (m = Iknows(Nonce((absText1(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_Text10))))
|
||||
| (m = Iknows(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0))))
|
||||
| (m = Iknows(Nonce((absText1(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_Text10))))
|
||||
| (m = Iknows(Nonce((absNA(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NA0))))
|
||||
| (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA0)), pair(Agent(honest(a6)), Nonce((absText1(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_Text10))))))))
|
||||
| (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_Text10))))))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), Nonce((absText1(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text10)))))
|
||||
| (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_Text10))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Nonce((absText1(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_Text10)))))
|
||||
| (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NA0)), pair(Agent(honest(a2)), Nonce((absText1(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_Text10))))))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText1), Nonce((absText1(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_Text10)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text10)), Nonce((absText1(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_Text11)), crypt(inv(pk(Agent(dishonest(i2)))), pair(Nonce((absText1(pair(Agent(honest(a4)), Agent(dishonest(i3)))) Abs_Text12)), pair(Agent(honest(a5)), Nonce((absText1(pair(Agent(honest(a6)), Agent(dishonest(i4)))) Abs_Text13))))), pk(Agent(dishonest(i5))), Agent(dishonest(i6)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i9)), pk(Agent(dishonest(i10))))), crypt(inv(pk(Agent(dishonest(i11)))), pair(Nonce((absText1(pair(Agent(honest(a9)), Agent(dishonest(i12)))) Abs_Text14)), pair(Agent(honest(a10)), Nonce((absText1(pair(Agent(honest(a11)), Agent(dishonest(i13)))) Abs_Text15)))))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText1), Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NA0)), Nonce((absText1(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_Text10)), crypt(inv(pk(Agent(dishonest(i2)))), pair(Nonce((absText1(pair(Agent(honest(a4)), Agent(dishonest(i3)))) Abs_Text11)), pair(Agent(honest(a5)), Nonce((absNA(pair(Agent(honest(a6)), Agent(dishonest(i4)))) Abs_NA1))))), pk(Agent(dishonest(i5))), Agent(dishonest(i6)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i9)), pk(Agent(dishonest(i10))))), crypt(inv(pk(Agent(dishonest(i11)))), pair(Nonce((absText1(pair(Agent(honest(a9)), Agent(dishonest(i12)))) Abs_Text12)), pair(Agent(honest(a10)), Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i13)))) Abs_NA2)))))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText1), Nonce((absText1(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_Text10)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), Nonce((absText1(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_Text11)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absText1(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_Text12)), pair(Agent(honest(a6)), Nonce((absText1(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_Text13))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absText1(pair(Agent(honest(a11)), Agent(dishonest(i10)))) Abs_Text14)), pair(Agent(honest(a12)), Nonce((absText1(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_Text15)))))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText1), Nonce((absNA(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NA0)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), Nonce((absText1(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_Text10)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absText1(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_Text11)), pair(Agent(honest(a6)), Nonce((absNA(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_NA1))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absText1(pair(Agent(honest(a11)), Agent(dishonest(i10)))) Abs_Text12)), pair(Agent(honest(a12)), Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA2)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((ni Abs_NI0)), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text10)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absText1(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_Text11)), pair(Agent(honest(a4)), Nonce((ni Abs_NI1))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a5)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absText1(pair(Agent(honest(a7)), Agent(dishonest(i10)))) Abs_Text12)), pair(Agent(honest(a8)), Nonce((ni Abs_NI2)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text10)), Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_NA0)), crypt(inv(pk(Agent(dishonest(i2)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i3)))) Abs_NA1)), pair(Agent(honest(a5)), Nonce((absText1(pair(Agent(honest(a6)), Agent(dishonest(i4)))) Abs_Text11))))), pk(Agent(dishonest(i5))), Agent(dishonest(i6)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i9)), pk(Agent(dishonest(i10))))), crypt(inv(pk(Agent(dishonest(i11)))), pair(Nonce((absNA(pair(Agent(honest(a9)), Agent(dishonest(i12)))) Abs_NA2)), pair(Agent(honest(a10)), Nonce((absText1(pair(Agent(honest(a11)), Agent(dishonest(i13)))) Abs_Text12)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NA0)), Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_NA1)), crypt(inv(pk(Agent(dishonest(i2)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i3)))) Abs_NA2)), pair(Agent(honest(a5)), Nonce((absNA(pair(Agent(honest(a6)), Agent(dishonest(i4)))) Abs_NA3))))), pk(Agent(dishonest(i5))), Agent(dishonest(i6)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i9)), pk(Agent(dishonest(i10))))), crypt(inv(pk(Agent(dishonest(i11)))), pair(Nonce((absNA(pair(Agent(honest(a9)), Agent(dishonest(i12)))) Abs_NA4)), pair(Agent(honest(a10)), Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i13)))) Abs_NA5)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NA0)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_NA1)), pair(Agent(honest(a6)), Nonce((absText1(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_Text11))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i10)))) Abs_NA2)), pair(Agent(honest(a12)), Nonce((absText1(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_Text12)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NA1)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_NA2)), pair(Agent(honest(a6)), Nonce((absNA(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_NA3))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(dishonest(i10)))) Abs_NA4)), pair(Agent(honest(a12)), Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA5)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((ni Abs_NI0)), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NA0)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_NA1)), pair(Agent(honest(a4)), Nonce((ni Abs_NI1))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a5)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i10)))) Abs_NA2)), pair(Agent(honest(a8)), Nonce((ni Abs_NI2)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text10)), Nonce((absText1(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_Text11)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absText1(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_Text12)), pair(Agent(honest(a7)), Nonce((absText1(pair(Agent(honest(a8)), Agent(dishonest(i2)))) Abs_Text13))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absText1(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_Text14)), pair(Agent(honest(a13)), Nonce((absText1(pair(Agent(honest(a14)), Agent(dishonest(i10)))) Abs_Text15)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NA0)), Nonce((absText1(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_Text10)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absText1(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_Text11)), pair(Agent(honest(a7)), Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i2)))) Abs_NA1))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absText1(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_Text12)), pair(Agent(honest(a13)), Nonce((absNA(pair(Agent(honest(a14)), Agent(dishonest(i10)))) Abs_NA2)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), Nonce((absText1(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_Text11)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((absText1(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_Text12)), pair(Agent(honest(a8)), Nonce((absText1(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_Text13))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a11)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a12)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((absText1(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_Text14)), pair(Agent(honest(a15)), Nonce((absText1(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_Text15)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), Nonce((absText1(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_Text10)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((absText1(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_Text11)), pair(Agent(honest(a8)), Nonce((absNA(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NA1))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a11)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a12)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((absText1(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_Text12)), pair(Agent(honest(a15)), Nonce((absNA(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_NA2)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((ni Abs_NI0)), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((absText1(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_Text11)), pair(Agent(honest(a6)), Nonce((ni Abs_NI1))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((absText1(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_Text12)), pair(Agent(honest(a11)), Nonce((ni Abs_NI2)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text10)), Nonce((absNA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_NA0)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absNA(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_NA1)), pair(Agent(honest(a7)), Nonce((absText1(pair(Agent(honest(a8)), Agent(dishonest(i2)))) Abs_Text11))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_NA2)), pair(Agent(honest(a13)), Nonce((absText1(pair(Agent(honest(a14)), Agent(dishonest(i10)))) Abs_Text12)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NA0)), Nonce((absNA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_NA1)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((absNA(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_NA2)), pair(Agent(honest(a7)), Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i2)))) Abs_NA3))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a10)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((absNA(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_NA4)), pair(Agent(honest(a13)), Nonce((absNA(pair(Agent(honest(a14)), Agent(dishonest(i10)))) Abs_NA5)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA0)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA1)), pair(Agent(honest(a8)), Nonce((absText1(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_Text11))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a11)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a12)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA2)), pair(Agent(honest(a15)), Nonce((absText1(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_Text12)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA1)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA2)), pair(Agent(honest(a8)), Nonce((absNA(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NA3))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a11)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a12)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((absNA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_NA4)), pair(Agent(honest(a15)), Nonce((absNA(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_NA5)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((ni Abs_NI0)), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA1)), pair(Agent(honest(a6)), Nonce((ni Abs_NI1))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((absNA(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NA2)), pair(Agent(honest(a11)), Nonce((ni Abs_NI2)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text10)), Nonce((ni Abs_NI0)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a3)), Nonce((absText1(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_Text11))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a5)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a7)), Nonce((absText1(pair(Agent(honest(a8)), Agent(dishonest(i10)))) Abs_Text12)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NA0)), Nonce((ni Abs_NI0)), crypt(inv(pk(Agent(dishonest(i1)))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a3)), Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_NA1))))), pk(Agent(dishonest(i3))), Agent(dishonest(i4)), crypt(inv(pk(Agent(honest(a5)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), pair(crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i7)), pk(Agent(dishonest(i8))))), crypt(inv(pk(Agent(dishonest(i9)))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a7)), Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i10)))) Abs_NA2)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absText1(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text10)), Nonce((ni Abs_NI0)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a4)), Nonce((absText1(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_Text11))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a9)), Nonce((absText1(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_Text12)))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), Nonce((ni Abs_NI0)), crypt(inv(pk(Agent(dishonest(i0)))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a4)), Nonce((absNA(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_NA1))))), pk(Agent(dishonest(i1))), Agent(dishonest(i2)), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), pair(crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i5)), pk(Agent(dishonest(i6))))), crypt(inv(pk(Agent(dishonest(i7)))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a9)), Nonce((absNA(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_NA2)))))), SID(sid0)] ))
|
||||
| (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NA0)), pair(Agent(honest(a6)), Nonce((absText1(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_Text10))))))))
|
||||
| (m = Iknows(pair(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2))))), crypt(inv(pk(Agent(honest(a3)))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_Text10))))))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), Nonce((absText1(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text10)))))
|
||||
| (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Agent(dishonest(i1)), Nonce((absText1(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_Text10))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Nonce((absText1(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_Text10)))))
|
||||
| (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NA0)), pair(Agent(honest(a2)), Nonce((absText1(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_Text10))))))
|
||||
)}"
|
||||
|
||||
|
||||
section {* Checking Fixed-point (ISO_onepass_pk) *}
|
||||
lemma fp_attack_free: "~ (Attack m : ISO_onepass_pk_fp)"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_0: "Iknows(Nonce((ni Abs_NI))) : ISO_onepass_pk_fp"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_1: "Iknows(Agent(dishonest(i))) : ISO_onepass_pk_fp"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_2: "State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), crypt(inv(pk(Agent(honest(a)))), pair(Agent(honest(a)), pk(Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] ) : ISO_onepass_pk_fp"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_3: "State(rA, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), crypt(inv(pk(Agent(honest(a)))), pair(Agent(honest(a)), pk(Agent(honest(a))))), Agent(honest(a)), SID(sid)] ) : ISO_onepass_pk_fp"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_4: "Iknows(Step(0)) : ISO_onepass_pk_fp"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_5: "Iknows(inv(pk(Agent(dishonest(i))))) : ISO_onepass_pk_fp"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_6: "Iknows(pk(Agent(dishonest(i)))) : ISO_onepass_pk_fp"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_7: "Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(dishonest(i)), pk(Agent(dishonest(i)))))) : ISO_onepass_pk_fp"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_8: "Iknows(SID(sid)) : ISO_onepass_pk_fp"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_9: "Iknows(Agent(honest(a))) : ISO_onepass_pk_fp"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_10: "State(rB, [Agent(honest(a)), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_11: "Iknows(pk(Agent(honest(a)))) : ISO_onepass_pk_fp"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_0: "[|
|
||||
Iknows(crypt(K, M)) : ISO_onepass_pk_fp;
|
||||
Iknows(inv(K)) : ISO_onepass_pk_fp|]
|
||||
==>
|
||||
(Iknows(M) : ISO_onepass_pk_fp)"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_1: "[|
|
||||
Iknows(crypt(inv(K), M)) : ISO_onepass_pk_fp;
|
||||
Iknows(K) : ISO_onepass_pk_fp|]
|
||||
==>
|
||||
(Iknows(M) : ISO_onepass_pk_fp)"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_2: "[|
|
||||
Iknows(scrypt(K, M)) : ISO_onepass_pk_fp;
|
||||
Iknows(K) : ISO_onepass_pk_fp|]
|
||||
==>
|
||||
(Iknows(M) : ISO_onepass_pk_fp)"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_3: "[|
|
||||
Iknows(pair(M1, M2)) : ISO_onepass_pk_fp|]
|
||||
==>
|
||||
(Iknows(M1) : ISO_onepass_pk_fp) &
|
||||
(Iknows(M2) : ISO_onepass_pk_fp)"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_4: "[|
|
||||
Secret(M, Agent(honest(a))) : ISO_onepass_pk_fp;
|
||||
Iknows(M) : ISO_onepass_pk_fp|]
|
||||
==>
|
||||
(Attack(pair(secrecy, M)) : ISO_onepass_pk_fp)"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_5: "[|
|
||||
Request(A, B, Purpose(purposeNA), M, SID(sid)) : ISO_onepass_pk_fp;
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_NA .
|
||||
M = Nonce((absNA(pair(B, A)) Abs_NA)))|]
|
||||
==>
|
||||
(Attack(pair(authentication, pair(A, pair(B, M)))) : ISO_onepass_pk_fp)"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_6: "[|
|
||||
Request(A, B, Purpose(purposeText1), M, SID(sid)) : ISO_onepass_pk_fp;
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_Text1 .
|
||||
M = Nonce((absText1(pair(B, A)) Abs_Text1)))|]
|
||||
==>
|
||||
(Attack(pair(authentication, pair(A, pair(B, M)))) : ISO_onepass_pk_fp)"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_7: "[|
|
||||
State(rA, [Agent(A), Step(0), inv(pk(Agent(A))), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Agent(B), SID(sid)] ) : ISO_onepass_pk_fp|]
|
||||
==>
|
||||
(Witness(Agent(A), Agent(B), Purpose(purposeText1), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1))) : ISO_onepass_pk_fp) &
|
||||
(State(rA, [Agent(A), Step(1), inv(pk(Agent(A))), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Agent(B), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1)), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(B), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1)))))), SID(sid)] ) : ISO_onepass_pk_fp) &
|
||||
(Iknows(pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Agent(B), Nonce((absText1(pair(Agent(A), Agent(B))) Abs_Text1))))))) : ISO_onepass_pk_fp)"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_8: "[|
|
||||
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp;
|
||||
Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : ISO_onepass_pk_fp;
|
||||
Iknows(crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))) : ISO_onepass_pk_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)) : ISO_onepass_pk_fp) &
|
||||
(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ) : ISO_onepass_pk_fp)"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_9: "[|
|
||||
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp;
|
||||
Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : ISO_onepass_pk_fp;
|
||||
Iknows(inv(pk(Agent(A)))) : ISO_onepass_pk_fp;
|
||||
Iknows(Nonce(NA)) : ISO_onepass_pk_fp;
|
||||
Iknows(Agent(B)) : ISO_onepass_pk_fp;
|
||||
Iknows(Nonce(Text1)) : ISO_onepass_pk_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)) : ISO_onepass_pk_fp) &
|
||||
(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ) : ISO_onepass_pk_fp)"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_10: "[|
|
||||
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp;
|
||||
Iknows(inv(pk(Agent(honest(a))))) : ISO_onepass_pk_fp;
|
||||
Iknows(Agent(A)) : ISO_onepass_pk_fp;
|
||||
Iknows(pk(Agent(A))) : ISO_onepass_pk_fp;
|
||||
Iknows(crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))) : ISO_onepass_pk_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)) : ISO_onepass_pk_fp) &
|
||||
(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ) : ISO_onepass_pk_fp)"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_11: "[|
|
||||
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp;
|
||||
Iknows(inv(pk(Agent(honest(a))))) : ISO_onepass_pk_fp;
|
||||
Iknows(Agent(A)) : ISO_onepass_pk_fp;
|
||||
Iknows(pk(Agent(A))) : ISO_onepass_pk_fp;
|
||||
Iknows(inv(pk(Agent(A)))) : ISO_onepass_pk_fp;
|
||||
Iknows(Nonce(NA)) : ISO_onepass_pk_fp;
|
||||
Iknows(Agent(B)) : ISO_onepass_pk_fp;
|
||||
Iknows(Nonce(Text1)) : ISO_onepass_pk_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)) : ISO_onepass_pk_fp) &
|
||||
(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ) : ISO_onepass_pk_fp)"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_12: "[|
|
||||
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp;
|
||||
Iknows(inv(pk(Agent(honest(a))))) : ISO_onepass_pk_fp;
|
||||
Iknows(Agent(A)) : ISO_onepass_pk_fp;
|
||||
Iknows(crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))) : ISO_onepass_pk_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)) : ISO_onepass_pk_fp) &
|
||||
(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ) : ISO_onepass_pk_fp)"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_13: "[|
|
||||
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), SID(sid)] ) : ISO_onepass_pk_fp;
|
||||
Iknows(inv(pk(Agent(honest(a))))) : ISO_onepass_pk_fp;
|
||||
Iknows(Agent(A)) : ISO_onepass_pk_fp;
|
||||
Iknows(inv(pk(Agent(A)))) : ISO_onepass_pk_fp;
|
||||
Iknows(Nonce(NA)) : ISO_onepass_pk_fp;
|
||||
Iknows(Agent(B)) : ISO_onepass_pk_fp;
|
||||
Iknows(Nonce(Text1)) : ISO_onepass_pk_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeText1), Nonce(Text1), SID(sid)) : ISO_onepass_pk_fp) &
|
||||
(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Nonce(Text1), Nonce(NA), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1)))), pk(Agent(A)), Agent(A), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), pair(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), crypt(inv(pk(Agent(A))), pair(Nonce(NA), pair(Agent(B), Nonce(Text1))))), SID(sid)] ) : ISO_onepass_pk_fp)"
|
||||
by(simp only: ISO_onepass_pk_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
|
||||
|
||||
section {* Security Proof(s) (ISO_onepass_pk) *}
|
||||
lemma over_approx: "t : ISO_onepass_pk ==> (set t) <= ISO_onepass_pk_fp"
|
||||
apply(rule ISO_onepass_pk.induct, simp_all)
|
||||
apply(propagate_fp, cut_tac init_0, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_1, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_2, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_3, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_4, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_5, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_6, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_7, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_8, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_9, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_10, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_11, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_0, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_1, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_2, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_3, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_4, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_5, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_6, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_7, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_8, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_9, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_10, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_11, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_12, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_13, (assumption | simp)+)
|
||||
done
|
||||
|
||||
|
||||
|
||||
end (* theory *)
|
|
@ -0,0 +1,376 @@
|
|||
header {* Analysing ISO_twopass_symm *}
|
||||
(* ***********************************
|
||||
This file is automatically generated from the AnB file "AnB/ISOsymKeyTwoPassUnilateralAuthProt.AnB".
|
||||
Backend: Open Source Fixedpoint Model Checker version 2009c
|
||||
************************************ *)
|
||||
|
||||
theory
|
||||
"ISOsymKeyTwoPassUnilateralAuthProt"
|
||||
imports
|
||||
ofmc
|
||||
begin
|
||||
|
||||
|
||||
|
||||
section {* Protocol Model (ISO_twopass_symm) *}
|
||||
datatype Role = rA | rB
|
||||
|
||||
datatype Purpose = purposeNI | purposeNB | purposeText1 | purposeText2 | purposeText3
|
||||
datatype Agent = honest nat
|
||||
| dishonest nat
|
||||
|
||||
datatype Nonce = "ni" "nat"
|
||||
| "absNB" "Msg" "nat"
|
||||
| "absText2" "Msg" "nat"
|
||||
| "NI"
|
||||
| "NB"
|
||||
| "Text1"
|
||||
| "Text2"
|
||||
| "Text3"
|
||||
and Msg = Nonce "Nonce"
|
||||
| Agent "Agent"
|
||||
| Purpose "Purpose"
|
||||
| pair "Msg*Msg"
|
||||
| scrypt "Msg*Msg"
|
||||
| crypt "Msg*Msg"
|
||||
| inv "Msg"
|
||||
| SID "nat"
|
||||
| Step "nat"
|
||||
| authentication
|
||||
| secrecy
|
||||
(* SymKeys *)
|
||||
| SymKey "Msg"
|
||||
(* Functions *)
|
||||
| "sk" "Msg"
|
||||
|
||||
datatype Fact = Iknows Msg
|
||||
| State "Role * (Msg list)"
|
||||
| Secret "Msg * Msg"
|
||||
| Attack "Msg"
|
||||
| Witness "Msg * Msg * Msg * Msg"
|
||||
| Request "Msg * Msg * Msg * Msg * Msg"
|
||||
|
||||
|
||||
|
||||
|
||||
section {* Inductive Protocol Definition (ISO_twopass_symm) *}
|
||||
inductive_set
|
||||
ISO_twopass_symm::"Fact list set"
|
||||
where
|
||||
init_0: "[ Iknows(Nonce((ni Abs_NI)))] : ISO_twopass_symm"
|
||||
| init_1: "[ Iknows(Agent(dishonest(i)))] : ISO_twopass_symm"
|
||||
| init_2: "[ State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(dishonest(i))))), Agent(dishonest(i)), SID(sid)] )] : ISO_twopass_symm"
|
||||
| init_3: "[ State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] )] : ISO_twopass_symm"
|
||||
| init_4: "[ Iknows(Step(0))] : ISO_twopass_symm"
|
||||
| init_5: "[ Iknows(SymKey(sk(pair(Agent(dishonest(i)), Agent(dishonest(i))))))] : ISO_twopass_symm"
|
||||
| init_6: "[ Iknows(SID(sid))] : ISO_twopass_symm"
|
||||
| init_7: "[ Iknows(SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))))] : ISO_twopass_symm"
|
||||
| init_8: "[ Iknows(Agent(honest(a)))] : ISO_twopass_symm"
|
||||
| init_9: "[ State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] )] : ISO_twopass_symm"
|
||||
| init_10: "[ State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] )] : ISO_twopass_symm"
|
||||
| init_11: "[ Iknows(SymKey(sk(pair(Agent(honest(a)), Agent(dishonest(i))))))] : ISO_twopass_symm"
|
||||
| rule_0: "[| t :ISO_twopass_symm;
|
||||
Iknows(crypt(K, M)) : (set t);
|
||||
Iknows(inv(K)) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : ISO_twopass_symm"
|
||||
| rule_1: "[| t :ISO_twopass_symm;
|
||||
Iknows(crypt(inv(K), M)) : (set t);
|
||||
Iknows(K) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : ISO_twopass_symm"
|
||||
| rule_2: "[| t :ISO_twopass_symm;
|
||||
Iknows(scrypt(K, M)) : (set t);
|
||||
Iknows(K) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : ISO_twopass_symm"
|
||||
| rule_3: "[| t :ISO_twopass_symm;
|
||||
Iknows(pair(M1, M2)) : (set t)|]
|
||||
==>
|
||||
((Iknows(M1))
|
||||
#(Iknows(M2))
|
||||
#t) : ISO_twopass_symm"
|
||||
| rule_4: "[| t :ISO_twopass_symm;
|
||||
Secret(M, Agent(honest(a))) : (set t);
|
||||
Iknows(M) : (set t)|]
|
||||
==>
|
||||
((Attack(pair(secrecy, M)))
|
||||
#t) : ISO_twopass_symm"
|
||||
| rule_5: "[| t :ISO_twopass_symm;
|
||||
Request(A, B, Purpose(purposeNB), M, SID(sid)) : (set t);
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_NB .
|
||||
M = Nonce((absNB(pair(B, A)) Abs_NB)))|]
|
||||
==>
|
||||
((Attack(pair(authentication, pair(A, pair(B, M)))))
|
||||
#t) : ISO_twopass_symm"
|
||||
| rule_6: "[| t :ISO_twopass_symm;
|
||||
Request(A, B, Purpose(purposeText2), M, SID(sid)) : (set t);
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_Text2 .
|
||||
M = Nonce((absText2(pair(B, A)) Abs_Text2)))|]
|
||||
==>
|
||||
((Attack(pair(authentication, pair(A, pair(B, M)))))
|
||||
#t) : ISO_twopass_symm"
|
||||
| rule_7: "[| t :ISO_twopass_symm;
|
||||
State(rB, [Agent(B), Step(0), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), SID(sid)] ) : (set t)|]
|
||||
==>
|
||||
((State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB)), SID(sid)] ))
|
||||
#(Iknows(Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB))))
|
||||
#t) : ISO_twopass_symm"
|
||||
| rule_8: "[| t :ISO_twopass_symm;
|
||||
State(rA, [Agent(A), Step(0), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(B), SID(sid)] ) : (set t);
|
||||
Iknows(Nonce(NB)) : (set t)|]
|
||||
==>
|
||||
((Witness(Agent(A), Agent(B), Purpose(purposeText2), Nonce((absText2(pair(Agent(A), Agent(B))) Abs_Text2))))
|
||||
#(State(rA, [Agent(A), Step(1), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(B), Nonce(NB), Nonce((absText2(pair(Agent(A), Agent(B))) Abs_Text2)), scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce((absText2(pair(Agent(A), Agent(B))) Abs_Text2))))), SID(sid)] ))
|
||||
#(Iknows(scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce((absText2(pair(Agent(A), Agent(B))) Abs_Text2)))))))
|
||||
#t) : ISO_twopass_symm"
|
||||
| rule_9: "[| t :ISO_twopass_symm;
|
||||
State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce(NB), SID(sid)] ) : (set t);
|
||||
Iknows(scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce(Text2))))) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeText2), Nonce(Text2), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(2), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce(NB), Nonce(Text2), scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce(Text2)))), SID(sid)] ))
|
||||
#t) : ISO_twopass_symm"
|
||||
| rule_10: "[| t :ISO_twopass_symm;
|
||||
State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce(NB), SID(sid)] ) : (set t);
|
||||
Iknows(SymKey(sk(pair(Agent(A), Agent(B))))) : (set t);
|
||||
Iknows(Nonce(NB)) : (set t);
|
||||
Iknows(Agent(B)) : (set t);
|
||||
Iknows(Nonce(Text2)) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeText2), Nonce(Text2), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(2), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce(NB), Nonce(Text2), scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce(Text2)))), SID(sid)] ))
|
||||
#t) : ISO_twopass_symm"
|
||||
|
||||
|
||||
section {* Fixed-point Definition (ISO_twopass_symm) *}
|
||||
constdefs ISO_twopass_symm_fp::"Fact set""ISO_twopass_symm_fp == {m. ( ? Abs_NB2 Abs_NB3 Abs_NI1 i7 Abs_Text22 Abs_Text23 a8 a9 a10 a11 a12 a13 a14 i4 i5 Abs_NB1 a6 a7 i6 sid0 a3 a4 a5 i3 Abs_NI0 Abs_NB0 a2 a0 i0 Abs_Text20 i1 a1 i2 Abs_Text21 .
|
||||
(m = Iknows(Nonce((ni Abs_NI0))))
|
||||
| (m = Iknows(Agent(dishonest(i0))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(dishonest(i0))))), Agent(dishonest(i1)), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), SID(sid0)] ))
|
||||
| (m = Iknows(Step(0)))
|
||||
| (m = Iknows(SymKey(sk(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))))))
|
||||
| (m = Iknows(SID(sid0)))
|
||||
| (m = Iknows(SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))))))
|
||||
| (m = Iknows(Agent(honest(a0))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), Agent(dishonest(i1)), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), SID(sid0)] ))
|
||||
| (m = Iknows(SymKey(sk(pair(Agent(honest(a0)), Agent(dishonest(i0)))))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), Nonce((absNB(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NB0)), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_NB0)), SID(sid0)] ))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText2), Nonce((absText2(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_Text20))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(dishonest(i0))))), Agent(dishonest(i1)), Nonce((ni Abs_NI0)), Nonce((absText2(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_Text20)), scrypt(SymKey(sk(pair(Agent(honest(a3)), Agent(dishonest(i3))))), pair(Nonce((ni Abs_NI1)), pair(Agent(dishonest(i4)), Nonce((absText2(pair(Agent(honest(a4)), Agent(dishonest(i5)))) Abs_Text21))))), SID(sid0)] ))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeText2), Nonce((absText2(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text20))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), Nonce((ni Abs_NI0)), Nonce((absText2(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_Text20)), scrypt(SymKey(sk(pair(Agent(honest(a6)), Agent(honest(a7))))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a8)), Nonce((absText2(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_Text21))))), SID(sid0)] ))
|
||||
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((ni Abs_NI0)), pair(Agent(honest(a2)), Nonce((absText2(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_Text20)))))))
|
||||
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(dishonest(i0))))), pair(Nonce((ni Abs_NI0)), pair(Agent(dishonest(i1)), Nonce((absText2(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_Text20)))))))
|
||||
| (m = Iknows(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0))))
|
||||
| (m = Iknows(Nonce((absNB(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NB0))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), Nonce((absText2(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text20)))))
|
||||
| (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Agent(dishonest(i0)), Nonce((absText2(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text20))))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(dishonest(i0))))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_NB0)), Nonce((absText2(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_Text20)), scrypt(SymKey(sk(pair(Agent(honest(a4)), Agent(dishonest(i4))))), pair(Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i5)))) Abs_NB1)), pair(Agent(dishonest(i6)), Nonce((absText2(pair(Agent(honest(a6)), Agent(dishonest(i7)))) Abs_Text21))))), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(dishonest(i0))))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NB0)), Nonce((absText2(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_Text20)), scrypt(SymKey(sk(pair(Agent(honest(a5)), Agent(dishonest(i3))))), pair(Nonce((absNB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NB1)), pair(Agent(dishonest(i4)), Nonce((absText2(pair(Agent(honest(a8)), Agent(dishonest(i5)))) Abs_Text21))))), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), Nonce((absNB(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_NB0)), Nonce((absText2(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_Text20)), scrypt(SymKey(sk(pair(Agent(honest(a7)), Agent(honest(a8))))), pair(Nonce((absNB(pair(Agent(honest(a9)), Agent(dishonest(i1)))) Abs_NB1)), pair(Agent(honest(a10)), Nonce((absText2(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_Text21))))), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), Nonce((absNB(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NB0)), Nonce((absText2(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_Text20)), scrypt(SymKey(sk(pair(Agent(honest(a8)), Agent(honest(a9))))), pair(Nonce((absNB(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_NB1)), pair(Agent(honest(a12)), Nonce((absText2(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_Text21))))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText2), Nonce((absNB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NB0)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_NB0)), Nonce((absNB(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_NB1)), scrypt(SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a4))))), pair(Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i5)))) Abs_NB2)), pair(Agent(honest(a6)), Nonce((absNB(pair(Agent(honest(a7)), Agent(dishonest(i6)))) Abs_NB3))))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText2), Nonce((absNB(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NB0)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_NB0)), Nonce((absNB(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_NB1)), scrypt(SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a5))))), pair(Nonce((absNB(pair(Agent(honest(a6)), Agent(dishonest(i4)))) Abs_NB2)), pair(Agent(honest(a7)), Nonce((absNB(pair(Agent(honest(a8)), Agent(honest(a9)))) Abs_NB3))))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText2), Nonce((ni Abs_NI0)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_NB0)), Nonce((ni Abs_NI0)), scrypt(SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a3))))), pair(Nonce((absNB(pair(Agent(honest(a4)), Agent(dishonest(i4)))) Abs_NB1)), pair(Agent(honest(a5)), Nonce((ni Abs_NI1))))), SID(sid0)] ))
|
||||
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absNB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NB0)), pair(Agent(honest(a4)), Nonce((absText2(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_Text20)))))))
|
||||
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absNB(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_NB0)), pair(Agent(honest(a3)), Nonce((absText2(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_Text20)))))))
|
||||
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(dishonest(i0))))), pair(Nonce((absNB(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NB0)), pair(Agent(dishonest(i1)), Nonce((absText2(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_Text20)))))))
|
||||
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(dishonest(i0))))), pair(Nonce((absNB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NB0)), pair(Agent(dishonest(i2)), Nonce((absText2(pair(Agent(honest(a2)), Agent(dishonest(i3)))) Abs_Text20)))))))
|
||||
| (m = Iknows(Nonce((absText2(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_Text20))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), Nonce((absText2(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text20)))))
|
||||
| (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Agent(dishonest(i0)), Nonce((absText2(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text20))))))
|
||||
| (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0)), pair(Agent(dishonest(i1)), Nonce((absText2(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_Text20))))))
|
||||
| (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NB0)), pair(Agent(dishonest(i0)), Nonce((absText2(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_Text20))))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(dishonest(i0))))), Agent(dishonest(i1)), Nonce((absText2(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_Text20)), Nonce((absText2(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_Text21)), scrypt(SymKey(sk(pair(Agent(honest(a4)), Agent(dishonest(i4))))), pair(Nonce((absText2(pair(Agent(honest(a5)), Agent(dishonest(i5)))) Abs_Text22)), pair(Agent(dishonest(i6)), Nonce((absText2(pair(Agent(honest(a6)), Agent(dishonest(i7)))) Abs_Text23))))), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), Nonce((absText2(pair(Agent(honest(a4)), Agent(dishonest(i0)))) Abs_Text20)), Nonce((absText2(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_Text21)), scrypt(SymKey(sk(pair(Agent(honest(a7)), Agent(honest(a8))))), pair(Nonce((absText2(pair(Agent(honest(a9)), Agent(dishonest(i1)))) Abs_Text22)), pair(Agent(honest(a10)), Nonce((absText2(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_Text23))))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeText2), Nonce((absText2(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_Text20)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), Nonce((absNB(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_NB0)), Nonce((absText2(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_Text20)), scrypt(SymKey(sk(pair(Agent(honest(a8)), Agent(honest(a9))))), pair(Nonce((absNB(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_NB1)), pair(Agent(honest(a12)), Nonce((absText2(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_Text21))))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeText2), Nonce((absText2(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_Text20)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), Agent(dishonest(i1)), Nonce((absNB(pair(Agent(honest(a2)), Agent(dishonest(i2)))) Abs_NB0)), Nonce((absText2(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_Text20)), scrypt(SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a4))))), pair(Nonce((absNB(pair(Agent(honest(a5)), Agent(dishonest(i5)))) Abs_NB1)), pair(Agent(honest(a6)), Nonce((absText2(pair(Agent(honest(a7)), Agent(dishonest(i6)))) Abs_Text21))))), SID(sid0)] ))
|
||||
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absText2(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_Text20)), pair(Agent(honest(a3)), Nonce((absText2(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_Text21)))))))
|
||||
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(dishonest(i0))))), pair(Nonce((absText2(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_Text20)), pair(Agent(dishonest(i2)), Nonce((absText2(pair(Agent(honest(a2)), Agent(dishonest(i3)))) Abs_Text21)))))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), Nonce((absText2(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text20)))))
|
||||
| (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Agent(dishonest(i0)), Nonce((absText2(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_Text20))))))
|
||||
| (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NB0)), pair(Agent(dishonest(i1)), Nonce((absText2(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_Text20))))))
|
||||
| (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NB0)), pair(Agent(dishonest(i0)), Nonce((absText2(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_Text20))))))
|
||||
| (m = Iknows(pair(Nonce((absText2(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_Text20)), pair(Agent(dishonest(i1)), Nonce((absText2(pair(Agent(honest(a1)), Agent(dishonest(i2)))) Abs_Text21))))))
|
||||
)}"
|
||||
|
||||
|
||||
section {* Checking Fixed-point (ISO_twopass_symm) *}
|
||||
lemma fp_attack_free: "~ (Attack m : ISO_twopass_symm_fp)"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_0: "Iknows(Nonce((ni Abs_NI))) : ISO_twopass_symm_fp"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_1: "Iknows(Agent(dishonest(i))) : ISO_twopass_symm_fp"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_2: "State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(dishonest(i))))), Agent(dishonest(i)), SID(sid)] ) : ISO_twopass_symm_fp"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_3: "State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] ) : ISO_twopass_symm_fp"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_4: "Iknows(Step(0)) : ISO_twopass_symm_fp"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_5: "Iknows(SymKey(sk(pair(Agent(dishonest(i)), Agent(dishonest(i)))))) : ISO_twopass_symm_fp"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_6: "Iknows(SID(sid)) : ISO_twopass_symm_fp"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_7: "Iknows(SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a)))))) : ISO_twopass_symm_fp"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_8: "Iknows(Agent(honest(a))) : ISO_twopass_symm_fp"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_9: "State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] ) : ISO_twopass_symm_fp"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_10: "State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] ) : ISO_twopass_symm_fp"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_11: "Iknows(SymKey(sk(pair(Agent(honest(a)), Agent(dishonest(i)))))) : ISO_twopass_symm_fp"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_0: "[|
|
||||
Iknows(crypt(K, M)) : ISO_twopass_symm_fp;
|
||||
Iknows(inv(K)) : ISO_twopass_symm_fp|]
|
||||
==>
|
||||
(Iknows(M) : ISO_twopass_symm_fp)"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_1: "[|
|
||||
Iknows(crypt(inv(K), M)) : ISO_twopass_symm_fp;
|
||||
Iknows(K) : ISO_twopass_symm_fp|]
|
||||
==>
|
||||
(Iknows(M) : ISO_twopass_symm_fp)"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_2: "[|
|
||||
Iknows(scrypt(K, M)) : ISO_twopass_symm_fp;
|
||||
Iknows(K) : ISO_twopass_symm_fp|]
|
||||
==>
|
||||
(Iknows(M) : ISO_twopass_symm_fp)"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_3: "[|
|
||||
Iknows(pair(M1, M2)) : ISO_twopass_symm_fp|]
|
||||
==>
|
||||
(Iknows(M1) : ISO_twopass_symm_fp) &
|
||||
(Iknows(M2) : ISO_twopass_symm_fp)"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_4: "[|
|
||||
Secret(M, Agent(honest(a))) : ISO_twopass_symm_fp;
|
||||
Iknows(M) : ISO_twopass_symm_fp|]
|
||||
==>
|
||||
(Attack(pair(secrecy, M)) : ISO_twopass_symm_fp)"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_5: "[|
|
||||
Request(A, B, Purpose(purposeNB), M, SID(sid)) : ISO_twopass_symm_fp;
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_NB .
|
||||
M = Nonce((absNB(pair(B, A)) Abs_NB)))|]
|
||||
==>
|
||||
(Attack(pair(authentication, pair(A, pair(B, M)))) : ISO_twopass_symm_fp)"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_6: "[|
|
||||
Request(A, B, Purpose(purposeText2), M, SID(sid)) : ISO_twopass_symm_fp;
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_Text2 .
|
||||
M = Nonce((absText2(pair(B, A)) Abs_Text2)))|]
|
||||
==>
|
||||
(Attack(pair(authentication, pair(A, pair(B, M)))) : ISO_twopass_symm_fp)"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_7: "[|
|
||||
State(rB, [Agent(B), Step(0), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), SID(sid)] ) : ISO_twopass_symm_fp|]
|
||||
==>
|
||||
(State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB)), SID(sid)] ) : ISO_twopass_symm_fp) &
|
||||
(Iknows(Nonce((absNB(pair(Agent(B), Agent(A))) Abs_NB))) : ISO_twopass_symm_fp)"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_8: "[|
|
||||
State(rA, [Agent(A), Step(0), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(B), SID(sid)] ) : ISO_twopass_symm_fp;
|
||||
Iknows(Nonce(NB)) : ISO_twopass_symm_fp|]
|
||||
==>
|
||||
(Witness(Agent(A), Agent(B), Purpose(purposeText2), Nonce((absText2(pair(Agent(A), Agent(B))) Abs_Text2))) : ISO_twopass_symm_fp) &
|
||||
(State(rA, [Agent(A), Step(1), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(B), Nonce(NB), Nonce((absText2(pair(Agent(A), Agent(B))) Abs_Text2)), scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce((absText2(pair(Agent(A), Agent(B))) Abs_Text2))))), SID(sid)] ) : ISO_twopass_symm_fp) &
|
||||
(Iknows(scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce((absText2(pair(Agent(A), Agent(B))) Abs_Text2)))))) : ISO_twopass_symm_fp)"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_9: "[|
|
||||
State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce(NB), SID(sid)] ) : ISO_twopass_symm_fp;
|
||||
Iknows(scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce(Text2))))) : ISO_twopass_symm_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeText2), Nonce(Text2), SID(sid)) : ISO_twopass_symm_fp) &
|
||||
(State(rB, [Agent(B), Step(2), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce(NB), Nonce(Text2), scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce(Text2)))), SID(sid)] ) : ISO_twopass_symm_fp)"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_10: "[|
|
||||
State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce(NB), SID(sid)] ) : ISO_twopass_symm_fp;
|
||||
Iknows(SymKey(sk(pair(Agent(A), Agent(B))))) : ISO_twopass_symm_fp;
|
||||
Iknows(Nonce(NB)) : ISO_twopass_symm_fp;
|
||||
Iknows(Agent(B)) : ISO_twopass_symm_fp;
|
||||
Iknows(Nonce(Text2)) : ISO_twopass_symm_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeText2), Nonce(Text2), SID(sid)) : ISO_twopass_symm_fp) &
|
||||
(State(rB, [Agent(B), Step(2), SymKey(sk(pair(Agent(A), Agent(B)))), Agent(A), Nonce(NB), Nonce(Text2), scrypt(SymKey(sk(pair(Agent(A), Agent(B)))), pair(Nonce(NB), pair(Agent(B), Nonce(Text2)))), SID(sid)] ) : ISO_twopass_symm_fp)"
|
||||
by(simp only: ISO_twopass_symm_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
|
||||
|
||||
section {* Security Proof(s) (ISO_twopass_symm) *}
|
||||
lemma over_approx: "t : ISO_twopass_symm ==> (set t) <= ISO_twopass_symm_fp"
|
||||
apply(rule ISO_twopass_symm.induct, simp_all)
|
||||
apply(propagate_fp, cut_tac init_0, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_1, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_2, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_3, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_4, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_5, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_6, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_7, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_8, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_9, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_10, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_11, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_0, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_1, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_2, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_3, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_4, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_5, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_6, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_7, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_8, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_9, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_10, (assumption | simp)+)
|
||||
done
|
||||
|
||||
|
||||
|
||||
end (* theory *)
|
|
@ -0,0 +1,83 @@
|
|||
#############################################################################
|
||||
# Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL
|
||||
#
|
||||
# IsaMakefile ---
|
||||
# This file is part of Isabelle-OFMC.
|
||||
#
|
||||
# Copyright (c) 2009 Achim D. Brucker, Germany
|
||||
#
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
#
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
#
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
#
|
||||
# * Neither the name of the copyright holders nor the names of its
|
||||
# contributors may be used to endorse or promote products derived
|
||||
# from this software without specific prior written permission.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
##############################################################################
|
||||
# $Id: IsaMakefile 927 2009-11-01 22:36:10Z brucker $
|
||||
|
||||
default: ofmc-anb
|
||||
images:
|
||||
test: ofmc-anb
|
||||
|
||||
all: images test
|
||||
|
||||
## global settings
|
||||
|
||||
SRC = $(ISABELLE_HOME)/src
|
||||
OUT = $(ISABELLE_OUTPUT)
|
||||
LOG = $(OUT)/log
|
||||
HEAP = ofmc-anb
|
||||
|
||||
MV = mv
|
||||
CP = cp
|
||||
|
||||
USEDIR = $(ISATOOL) usedir -b -g true -v true -i true -d pdf ## -D generated
|
||||
USEDIR = $(ISATOOL) usedir -b
|
||||
|
||||
HOSTNAME = $(shell,$(ISATOOL) getenv HOSTNAME)
|
||||
export HOSTNAME
|
||||
|
||||
## ofmc-isabelle
|
||||
|
||||
$(HEAP): $(LOG)/HOL-$(HEAP).gz
|
||||
|
||||
$(LOG)/HOL-$(HEAP).gz: ROOT.ML document/root.tex *.thy
|
||||
@$(RM) -rf $(ISABELLE_BROWSER_INFO)/HOL/$(HEAP)/document
|
||||
@$(USEDIR) ofmc $(HEAP)
|
||||
@$(CP) $(ISABELLE_BROWSER_INFO)/HOL/ofmc/$(HEAP)/document.pdf $(HEAP).pdf
|
||||
|
||||
thygen:
|
||||
for i in AnB/*.AnB; do echo -e $$i; anb2thy $$i > `basename $$i .AnB`.thy; done
|
||||
thygen-noproof:
|
||||
for i in AnB/*.AnB; do echo -e $$i; anb2thy --noproof $$i > `basename $$i .AnB`.thy; done
|
||||
|
||||
fpgen:
|
||||
for i in AnB/*.AnB; do echo -e $$i; ofmc $$i -ot Isa > AnB/`basename $$i .AnB`.fp; done
|
||||
|
||||
## clean
|
||||
|
||||
clean:
|
||||
@$(RM) -f $(LOG)/HOL-$(HEAP).gz
|
|
@ -0,0 +1,76 @@
|
|||
(*****************************************************************************
|
||||
* HOL-OCL --- connecting OFMC and Isabelle/HOL
|
||||
*
|
||||
* ROOT.ML ---
|
||||
* This file is part of Isabelle-OFMC.
|
||||
*
|
||||
* Copyright (c) 2009 Achim D. Brucker, Germany
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* * Neither the name of the copyright holders nor the names of its
|
||||
* contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
******************************************************************************)
|
||||
(* $Id: ROOT.ML 931 2009-11-01 22:44:01Z brucker $ *)
|
||||
|
||||
|
||||
val today = (Date.toString(Date.fromTimeUniv (Time.now())))^" (UTC)"
|
||||
val hostname = getOpt (OS.Process.getEnv "HOSTNAME", "hostname not set")
|
||||
val timer = Timer.startRealTimer ()
|
||||
val log_file = "document/report.tex"
|
||||
|
||||
val _ = File.write (Path.explode (log_file))
|
||||
( "% This file was generated automatically \n"
|
||||
^"\\section{Runtime Report}\n"
|
||||
^"All reported runtime are measured on host ``"^hostname^"'' on "^today^".\n\n"
|
||||
^"\\begin{tabular}{lr}\n"
|
||||
)
|
||||
|
||||
fun log_thy thy =
|
||||
let
|
||||
val start = Timer.checkRealTimer timer
|
||||
val _ = use_thy thy
|
||||
val stop = Timer.checkRealTimer timer
|
||||
val duration = Time.-(stop,start)
|
||||
val _ = File.append (Path.explode(log_file)) (" "^thy^" & "^(Time.toString duration)^"\\\\\n")
|
||||
in () end
|
||||
|
||||
|
||||
|
||||
val _ = map log_thy [
|
||||
"ISOsymKeyTwoPassUnilateralAuthProt",
|
||||
"Denning-Sacco",
|
||||
"nsl",
|
||||
"ISOpubKeyOnePassUnilateralAuthProt",
|
||||
"WideMouthFrog",
|
||||
"Bilateral-Key_Exchange",
|
||||
"nsl-ks"
|
||||
]
|
||||
|
||||
val _ = File.append (Path.explode (log_file)) ("\\end{tabular}")
|
||||
|
|
@ -0,0 +1,466 @@
|
|||
header {* Analysing WideMouthFrog *}
|
||||
(* ***********************************
|
||||
This file is automatically generated from the AnB file "AnB/WideMouthFrog.AnB".
|
||||
Backend: Open Source Fixedpoint Model Checker version 2009c
|
||||
************************************ *)
|
||||
|
||||
theory
|
||||
"WideMouthFrog"
|
||||
imports
|
||||
ofmc
|
||||
begin
|
||||
|
||||
|
||||
|
||||
section {* Protocol Model (WideMouthFrog) *}
|
||||
datatype Role = rA | rB | rs
|
||||
|
||||
datatype Purpose = purposeKAB | purposeNI | purposeTA | purposeTS
|
||||
datatype Agent = honest nat
|
||||
| dishonest nat
|
||||
|
||||
datatype Nonce = "ni" "nat"
|
||||
| "absTA" "Msg" "nat"
|
||||
| "absTS" "Msg" "nat"
|
||||
| "NI"
|
||||
| "TA"
|
||||
| "TS"
|
||||
and Msg = Nonce "Nonce"
|
||||
| Agent "Agent"
|
||||
| Purpose "Purpose"
|
||||
| pair "Msg*Msg"
|
||||
| scrypt "Msg*Msg"
|
||||
| crypt "Msg*Msg"
|
||||
| inv "Msg"
|
||||
| SID "nat"
|
||||
| Step "nat"
|
||||
| authentication
|
||||
| secrecy
|
||||
(* SymKeys *)
|
||||
| SymKey "Msg"
|
||||
| "absKAB" "Msg" "nat"
|
||||
(* Functions *)
|
||||
| "sk" "Msg"
|
||||
|
||||
datatype Fact = Iknows Msg
|
||||
| State "Role * (Msg list)"
|
||||
| Secret "Msg * Msg"
|
||||
| Attack "Msg"
|
||||
| Witness "Msg * Msg * Msg * Msg"
|
||||
| Request "Msg * Msg * Msg * Msg * Msg"
|
||||
|
||||
|
||||
|
||||
|
||||
section {* Inductive Protocol Definition (WideMouthFrog) *}
|
||||
inductive_set
|
||||
WideMouthFrog::"Fact list set"
|
||||
where
|
||||
init_0: "[ Iknows(Nonce((ni Abs_NI)))] : WideMouthFrog"
|
||||
| init_1: "[ Iknows(Agent(dishonest(i)))] : WideMouthFrog"
|
||||
| init_2: "[ State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] )] : WideMouthFrog"
|
||||
| init_3: "[ State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] )] : WideMouthFrog"
|
||||
| init_4: "[ Iknows(Step(0))] : WideMouthFrog"
|
||||
| init_5: "[ Iknows(SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))))] : WideMouthFrog"
|
||||
| init_6: "[ Iknows(SID(sid))] : WideMouthFrog"
|
||||
| init_7: "[ Iknows(Agent(honest(a)))] : WideMouthFrog"
|
||||
| init_8: "[ State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] )] : WideMouthFrog"
|
||||
| init_9: "[ State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] )] : WideMouthFrog"
|
||||
| init_10: "[ State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), Agent(dishonest(i)), Agent(dishonest(i)), SID(sid)] )] : WideMouthFrog"
|
||||
| init_11: "[ State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(dishonest(i)), Agent(honest(a)), SID(sid)] )] : WideMouthFrog"
|
||||
| init_12: "[ State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), Agent(honest(a)), Agent(dishonest(i)), SID(sid)] )] : WideMouthFrog"
|
||||
| init_13: "[ State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), Agent(honest(a)), SID(sid)] )] : WideMouthFrog"
|
||||
| rule_0: "[| t :WideMouthFrog;
|
||||
Iknows(crypt(K, M)) : (set t);
|
||||
Iknows(inv(K)) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : WideMouthFrog"
|
||||
| rule_1: "[| t :WideMouthFrog;
|
||||
Iknows(crypt(inv(K), M)) : (set t);
|
||||
Iknows(K) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : WideMouthFrog"
|
||||
| rule_2: "[| t :WideMouthFrog;
|
||||
Iknows(scrypt(K, M)) : (set t);
|
||||
Iknows(K) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : WideMouthFrog"
|
||||
| rule_3: "[| t :WideMouthFrog;
|
||||
Iknows(pair(M1, M2)) : (set t)|]
|
||||
==>
|
||||
((Iknows(M1))
|
||||
#(Iknows(M2))
|
||||
#t) : WideMouthFrog"
|
||||
| rule_4: "[| t :WideMouthFrog;
|
||||
Secret(M, Agent(honest(a))) : (set t);
|
||||
Iknows(M) : (set t)|]
|
||||
==>
|
||||
((Attack(pair(secrecy, M)))
|
||||
#t) : WideMouthFrog"
|
||||
| rule_5: "[| t :WideMouthFrog;
|
||||
Request(A, B, Purpose(purposeTA), M, SID(sid)) : (set t);
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_TA .
|
||||
M = Nonce((absTA(pair(B, A)) Abs_TA)))|]
|
||||
==>
|
||||
((Attack(pair(authentication, pair(A, pair(B, M)))))
|
||||
#t) : WideMouthFrog"
|
||||
| rule_6: "[| t :WideMouthFrog;
|
||||
Request(A, B, Purpose(purposeKAB), M, SID(sid)) : (set t);
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_KAB .
|
||||
M = SymKey((absKAB(pair(B, A)) Abs_KAB)))|]
|
||||
==>
|
||||
((Attack(pair(authentication, pair(A, pair(B, M)))))
|
||||
#t) : WideMouthFrog"
|
||||
| rule_7: "[| t :WideMouthFrog;
|
||||
Request(A, B, Purpose(purposeTS), M, SID(sid)) : (set t);
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_TS .
|
||||
M = Nonce((absTS(pair(B, A)) Abs_TS)))|]
|
||||
==>
|
||||
((Attack(pair(authentication, pair(A, pair(B, M)))))
|
||||
#t) : WideMouthFrog"
|
||||
| rule_8: "[| t :WideMouthFrog;
|
||||
State(rA, [Agent(A), Step(0), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), SID(sid)] ) : (set t)|]
|
||||
==>
|
||||
((Secret(SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)), Agent(B)))
|
||||
#(Witness(Agent(A), Agent(B), Purpose(purposeKAB), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB))))
|
||||
#(State(rA, [Agent(A), Step(1), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Nonce((absTA(pair(Agent(A), Agent(B))) Abs_TA)), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)), pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce((absTA(pair(Agent(A), Agent(B))) Abs_TA)), pair(Agent(B), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)))))), SID(sid)] ))
|
||||
#(Iknows(pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce((absTA(pair(Agent(A), Agent(B))) Abs_TA)), pair(Agent(B), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB))))))))
|
||||
#t) : WideMouthFrog"
|
||||
| rule_9: "[| t :WideMouthFrog;
|
||||
State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SID(sid)] ) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB))))) : (set t)|]
|
||||
==>
|
||||
((State(rs, [Agent(honest(a)), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SymKey(KAB), Nonce(TA), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB)))), pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB))))), Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB)))), SID(sid)] ))
|
||||
#(Iknows(scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB))))))
|
||||
#t) : WideMouthFrog"
|
||||
| rule_10: "[| t :WideMouthFrog;
|
||||
State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SID(sid)] ) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(SymKey(sk(pair(Agent(A), Agent(honest(a)))))) : (set t);
|
||||
Iknows(Nonce(TA)) : (set t);
|
||||
Iknows(Agent(B)) : (set t);
|
||||
Iknows(SymKey(KAB)) : (set t)|]
|
||||
==>
|
||||
((State(rs, [Agent(honest(a)), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SymKey(KAB), Nonce(TA), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB)))), pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB))))), Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB)))), SID(sid)] ))
|
||||
#(Iknows(scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB))))))
|
||||
#t) : WideMouthFrog"
|
||||
| rule_11: "[| t :WideMouthFrog;
|
||||
State(rB, [Agent(B), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SID(sid)] ) : (set t);
|
||||
Iknows(scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce(TS), pair(Agent(A), SymKey(KAB))))) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeKAB), SymKey(KAB), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SymKey(KAB), Nonce(TS), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce(TS), pair(Agent(A), SymKey(KAB)))), SID(sid)] ))
|
||||
#t) : WideMouthFrog"
|
||||
| rule_12: "[| t :WideMouthFrog;
|
||||
State(rB, [Agent(B), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SID(sid)] ) : (set t);
|
||||
Iknows(SymKey(sk(pair(Agent(B), Agent(honest(a)))))) : (set t);
|
||||
Iknows(Nonce(TS)) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(SymKey(KAB)) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeKAB), SymKey(KAB), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SymKey(KAB), Nonce(TS), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce(TS), pair(Agent(A), SymKey(KAB)))), SID(sid)] ))
|
||||
#t) : WideMouthFrog"
|
||||
|
||||
|
||||
section {* Fixed-point Definition (WideMouthFrog) *}
|
||||
constdefs WideMouthFrog_fp::"Fact set""WideMouthFrog_fp == {m. ( ? Abs_TA2 Abs_TA1 a21 a22 a23 a24 a25 a26 a27 a28 a29 a30 a31 a32 a33 a34 a17 a18 a19 a20 i19 i20 i21 i22 i23 i24 i18 i12 Abs_TS2 i13 i14 Abs_TS3 i15 Abs_TS4 i16 i17 Abs_NI0 Abs_NI1 i6 a9 Abs_NI2 a10 a11 i7 Abs_KAB2 a12 i8 a13 a14 a15 i9 i10 a16 i11 Abs_KAB3 Abs_TS1 a8 i5 Abs_KAB1 sid0 i4 a5 a6 a7 a3 Abs_TA0 a4 a1 a2 i0 i1 Abs_TS0 i2 a0 i3 Abs_KAB0 .
|
||||
(m = Iknows(Nonce((ni Abs_NI0))))
|
||||
| (m = Iknows(Agent(dishonest(i0))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(dishonest(i0)), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), SID(sid0)] ))
|
||||
| (m = Iknows(Step(0)))
|
||||
| (m = Iknows(SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a0)))))))
|
||||
| (m = Iknows(SID(sid0)))
|
||||
| (m = Iknows(Agent(honest(a0))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(dishonest(i0)), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(honest(a2)), Agent(honest(a3))))), Agent(dishonest(i1)), Agent(honest(a4)), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(0), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(honest(a3)), Agent(honest(a4))))), Agent(honest(a5)), Agent(honest(a6)), SID(sid0)] ))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_TA0)), pair(Agent(honest(a5)), SymKey((absKAB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_KAB0))))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(dishonest(i0)))) Abs_TA0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_KAB0))))))))
|
||||
| (m = Secret(SymKey((absKAB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_KAB0)), Agent(dishonest(i1))))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeKAB), SymKey((absKAB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_KAB0))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(dishonest(i0)), Nonce((absTA(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_TA0)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_KAB0)), pair(Agent(honest(a5)), scrypt(SymKey(sk(pair(Agent(honest(a6)), Agent(honest(a7))))), pair(Nonce((absTA(pair(Agent(honest(a8)), Agent(dishonest(i3)))) Abs_TA1)), pair(Agent(dishonest(i4)), SymKey((absKAB(pair(Agent(honest(a9)), Agent(dishonest(i5)))) Abs_KAB1)))))), SID(sid0)] ))
|
||||
| (m = Secret(SymKey((absKAB(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_KAB0)), Agent(honest(a2))))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeKAB), SymKey((absKAB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_KAB0))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), Nonce((absTA(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_TA0)), SymKey((absKAB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_KAB0)), pair(Agent(honest(a8)), scrypt(SymKey(sk(pair(Agent(honest(a9)), Agent(honest(a10))))), pair(Nonce((absTA(pair(Agent(honest(a11)), Agent(honest(a12)))) Abs_TA1)), pair(Agent(honest(a13)), SymKey((absKAB(pair(Agent(honest(a14)), Agent(honest(a15)))) Abs_KAB1)))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a3))))), Nonce((ni Abs_NI0)), scrypt(SymKey(sk(pair(Agent(dishonest(i5)), Agent(honest(a4))))), pair(Nonce((ni Abs_NI1)), pair(Agent(dishonest(i6)), SymKey(sk(pair(Agent(dishonest(i7)), Agent(honest(a5)))))))), pair(Agent(dishonest(i8)), scrypt(SymKey(sk(pair(Agent(dishonest(i9)), Agent(honest(a6))))), pair(Nonce((ni Abs_NI2)), pair(Agent(dishonest(i10)), SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a7))))))))), Nonce((absTS(pair(Agent(dishonest(i12)), Agent(dishonest(i13)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i14)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(dishonest(i15)), Agent(dishonest(i16)))) Abs_TS1)), pair(Agent(dishonest(i17)), SymKey(sk(pair(Agent(dishonest(i18)), Agent(honest(a9)))))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SymKey(sk(pair(Agent(dishonest(i2)), Agent(honest(a5))))), Nonce((ni Abs_NI0)), scrypt(SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a6))))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a7)), SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a8)))))))), pair(Agent(dishonest(i5)), scrypt(SymKey(sk(pair(Agent(dishonest(i6)), Agent(honest(a9))))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a10)), SymKey(sk(pair(Agent(dishonest(i7)), Agent(honest(a11))))))))), Nonce((absTS(pair(Agent(honest(a12)), Agent(dishonest(i8)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a13)), Agent(honest(a14))))), pair(Nonce((absTS(pair(Agent(honest(a15)), Agent(dishonest(i9)))) Abs_TS1)), pair(Agent(dishonest(i10)), SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a16)))))))), SID(sid0)] ))
|
||||
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absTS(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_TS0)), pair(Agent(dishonest(i1)), SymKey(sk(pair(Agent(dishonest(i2)), Agent(honest(a3))))))))))
|
||||
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a0))))), pair(Nonce((absTS(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_TS0)), pair(Agent(dishonest(i3)), SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a1))))))))))
|
||||
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absTA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_TA0)), pair(Agent(honest(a4)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_KAB0)))))))
|
||||
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absTA(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_TA0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_KAB0)))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_TA0)), pair(Agent(honest(a5)), SymKey((absKAB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_KAB0))))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(dishonest(i0)))) Abs_TA0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_KAB0))))))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a0))))))))
|
||||
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_TS0)), pair(Agent(dishonest(i2)), SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a0)))))))))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a3))))), Nonce((absTS(pair(Agent(dishonest(i5)), Agent(dishonest(i6)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i7)), Agent(honest(a4))))), pair(Nonce((absTS(pair(Agent(dishonest(i8)), Agent(dishonest(i9)))) Abs_TS1)), pair(Agent(dishonest(i10)), SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a5)))))))), pair(Agent(dishonest(i12)), scrypt(SymKey(sk(pair(Agent(dishonest(i13)), Agent(honest(a6))))), pair(Nonce((absTS(pair(Agent(dishonest(i14)), Agent(dishonest(i15)))) Abs_TS2)), pair(Agent(dishonest(i16)), SymKey(sk(pair(Agent(dishonest(i17)), Agent(honest(a7))))))))), Nonce((absTS(pair(Agent(dishonest(i18)), Agent(dishonest(i19)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(dishonest(i20)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(dishonest(i21)), Agent(dishonest(i22)))) Abs_TS4)), pair(Agent(dishonest(i23)), SymKey(sk(pair(Agent(dishonest(i24)), Agent(honest(a9)))))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(honest(a2)), Agent(honest(a3))))), Agent(dishonest(i1)), Agent(honest(a4)), SymKey(sk(pair(Agent(dishonest(i2)), Agent(honest(a5))))), Nonce((absTS(pair(Agent(honest(a6)), Agent(dishonest(i3)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a7)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(honest(a9)), Agent(dishonest(i4)))) Abs_TS1)), pair(Agent(dishonest(i5)), SymKey(sk(pair(Agent(dishonest(i6)), Agent(honest(a10)))))))), pair(Agent(honest(a11)), scrypt(SymKey(sk(pair(Agent(honest(a12)), Agent(honest(a13))))), pair(Nonce((absTS(pair(Agent(honest(a14)), Agent(dishonest(i7)))) Abs_TS2)), pair(Agent(dishonest(i8)), SymKey(sk(pair(Agent(dishonest(i9)), Agent(honest(a15))))))))), Nonce((absTS(pair(Agent(dishonest(i10)), Agent(honest(a16)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a17))))), pair(Nonce((absTS(pair(Agent(dishonest(i12)), Agent(honest(a18)))) Abs_TS4)), pair(Agent(honest(a19)), SymKey(sk(pair(Agent(dishonest(i13)), Agent(honest(a20)))))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(honest(a2)), Agent(honest(a3))))), Agent(dishonest(i1)), Agent(honest(a4)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((absTA(pair(Agent(honest(a6)), Agent(dishonest(i3)))) Abs_TA0)), scrypt(SymKey(sk(pair(Agent(honest(a7)), Agent(honest(a8))))), pair(Nonce((absTA(pair(Agent(honest(a9)), Agent(dishonest(i4)))) Abs_TA1)), pair(Agent(dishonest(i5)), SymKey((absKAB(pair(Agent(honest(a10)), Agent(dishonest(i6)))) Abs_KAB1))))), pair(Agent(honest(a11)), scrypt(SymKey(sk(pair(Agent(honest(a12)), Agent(honest(a13))))), pair(Nonce((absTA(pair(Agent(honest(a14)), Agent(dishonest(i7)))) Abs_TA2)), pair(Agent(dishonest(i8)), SymKey((absKAB(pair(Agent(honest(a15)), Agent(dishonest(i9)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(dishonest(i10)), Agent(honest(a16)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a17))))), pair(Nonce((absTS(pair(Agent(dishonest(i12)), Agent(honest(a18)))) Abs_TS1)), pair(Agent(honest(a19)), SymKey((absKAB(pair(Agent(honest(a20)), Agent(dishonest(i13)))) Abs_KAB3))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(honest(a3)), Agent(honest(a4))))), Agent(honest(a5)), Agent(honest(a6)), SymKey((absKAB(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_KAB0)), Nonce((absTA(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_TA0)), scrypt(SymKey(sk(pair(Agent(honest(a11)), Agent(honest(a12))))), pair(Nonce((absTA(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_TA1)), pair(Agent(honest(a15)), SymKey((absKAB(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_KAB1))))), pair(Agent(honest(a18)), scrypt(SymKey(sk(pair(Agent(honest(a19)), Agent(honest(a20))))), pair(Nonce((absTA(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_TA2)), pair(Agent(honest(a23)), SymKey((absKAB(pair(Agent(honest(a24)), Agent(honest(a25)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(honest(a26)), Agent(honest(a27)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a28)), Agent(honest(a29))))), pair(Nonce((absTS(pair(Agent(honest(a30)), Agent(honest(a31)))) Abs_TS1)), pair(Agent(honest(a32)), SymKey((absKAB(pair(Agent(honest(a33)), Agent(honest(a34)))) Abs_KAB3))))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeKAB), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a1))))), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(dishonest(i0)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a3))))), Nonce((absTS(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a5)), Agent(honest(a6))))), pair(Nonce((absTS(pair(Agent(honest(a7)), Agent(dishonest(i3)))) Abs_TS1)), pair(Agent(dishonest(i4)), SymKey(sk(pair(Agent(dishonest(i5)), Agent(honest(a8)))))))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeKAB), SymKey((absKAB(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_KAB0)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(dishonest(i0)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_KAB0)), Nonce((absTA(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_TA0)), scrypt(SymKey(sk(pair(Agent(honest(a5)), Agent(honest(a6))))), pair(Nonce((absTA(pair(Agent(honest(a7)), Agent(dishonest(i3)))) Abs_TA1)), pair(Agent(dishonest(i4)), SymKey((absKAB(pair(Agent(honest(a8)), Agent(dishonest(i5)))) Abs_KAB1))))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeKAB), SymKey((absKAB(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_KAB0)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_KAB0)), Nonce((absTA(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_TA0)), scrypt(SymKey(sk(pair(Agent(honest(a8)), Agent(honest(a9))))), pair(Nonce((absTA(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_TA1)), pair(Agent(honest(a12)), SymKey((absKAB(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_KAB1))))), SID(sid0)] ))
|
||||
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absTS(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_TS0)), pair(Agent(honest(a4)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(honest(a6)))) Abs_KAB0)))))))
|
||||
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a0))))), pair(Nonce((absTS(pair(Agent(dishonest(i1)), Agent(honest(a1)))) Abs_TS0)), pair(Agent(honest(a2)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_KAB0)))))))
|
||||
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a0))))), pair(Nonce((absTS(pair(Agent(dishonest(i1)), Agent(honest(a1)))) Abs_TS0)), pair(Agent(honest(a2)), SymKey(sk(pair(Agent(dishonest(i2)), Agent(honest(a3))))))))))
|
||||
| (m = Iknows(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_TS0))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_TA0)), pair(Agent(honest(a5)), SymKey((absKAB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_KAB0))))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(dishonest(i0)))) Abs_TA0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_KAB0))))))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a0))))))))
|
||||
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_TS0)), pair(Agent(dishonest(i2)), SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a0)))))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))))))
|
||||
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)), pair(Agent(honest(a1)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), SymKey((absKAB(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_KAB0)))))
|
||||
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)), pair(Agent(honest(a1)), SymKey((absKAB(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_KAB0))))))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((absTS(pair(Agent(dishonest(i3)), Agent(honest(a6)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a7))))), pair(Nonce((absTS(pair(Agent(dishonest(i5)), Agent(honest(a8)))) Abs_TS1)), pair(Agent(honest(a9)), SymKey((absKAB(pair(Agent(honest(a10)), Agent(dishonest(i6)))) Abs_KAB1))))), pair(Agent(dishonest(i7)), scrypt(SymKey(sk(pair(Agent(dishonest(i8)), Agent(honest(a11))))), pair(Nonce((absTS(pair(Agent(dishonest(i9)), Agent(honest(a12)))) Abs_TS2)), pair(Agent(honest(a13)), SymKey((absKAB(pair(Agent(honest(a14)), Agent(dishonest(i10)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(honest(a15)), Agent(dishonest(i11)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(honest(a16)), Agent(honest(a17))))), pair(Nonce((absTS(pair(Agent(honest(a18)), Agent(dishonest(i12)))) Abs_TS4)), pair(Agent(dishonest(i13)), SymKey((absKAB(pair(Agent(honest(a19)), Agent(dishonest(i14)))) Abs_KAB3))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SymKey(sk(pair(Agent(dishonest(i2)), Agent(honest(a5))))), Nonce((absTS(pair(Agent(dishonest(i3)), Agent(honest(a6)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a7))))), pair(Nonce((absTS(pair(Agent(dishonest(i5)), Agent(honest(a8)))) Abs_TS1)), pair(Agent(honest(a9)), SymKey(sk(pair(Agent(dishonest(i6)), Agent(honest(a10)))))))), pair(Agent(dishonest(i7)), scrypt(SymKey(sk(pair(Agent(dishonest(i8)), Agent(honest(a11))))), pair(Nonce((absTS(pair(Agent(dishonest(i9)), Agent(honest(a12)))) Abs_TS2)), pair(Agent(honest(a13)), SymKey(sk(pair(Agent(dishonest(i10)), Agent(honest(a14))))))))), Nonce((absTS(pair(Agent(honest(a15)), Agent(dishonest(i11)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(honest(a16)), Agent(honest(a17))))), pair(Nonce((absTS(pair(Agent(honest(a18)), Agent(dishonest(i12)))) Abs_TS4)), pair(Agent(dishonest(i13)), SymKey(sk(pair(Agent(dishonest(i14)), Agent(honest(a19)))))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(honest(a3)), Agent(honest(a4))))), Agent(honest(a5)), Agent(honest(a6)), SymKey((absKAB(pair(Agent(honest(a7)), Agent(honest(a8)))) Abs_KAB0)), Nonce((absTS(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a11)), Agent(honest(a12))))), pair(Nonce((absTS(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_TS1)), pair(Agent(honest(a15)), SymKey((absKAB(pair(Agent(honest(a16)), Agent(honest(a17)))) Abs_KAB1))))), pair(Agent(honest(a18)), scrypt(SymKey(sk(pair(Agent(honest(a19)), Agent(honest(a20))))), pair(Nonce((absTS(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_TS2)), pair(Agent(honest(a23)), SymKey((absKAB(pair(Agent(honest(a24)), Agent(honest(a25)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(honest(a26)), Agent(honest(a27)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(honest(a28)), Agent(honest(a29))))), pair(Nonce((absTS(pair(Agent(honest(a30)), Agent(honest(a31)))) Abs_TS4)), pair(Agent(honest(a32)), SymKey((absKAB(pair(Agent(honest(a33)), Agent(honest(a34)))) Abs_KAB3))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SymKey(sk(pair(Agent(dishonest(i2)), Agent(honest(a5))))), Nonce((absTS(pair(Agent(dishonest(i3)), Agent(dishonest(i4)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i5)), Agent(honest(a6))))), pair(Nonce((absTS(pair(Agent(dishonest(i6)), Agent(dishonest(i7)))) Abs_TS1)), pair(Agent(honest(a7)), SymKey(sk(pair(Agent(dishonest(i8)), Agent(honest(a8)))))))), pair(Agent(dishonest(i9)), scrypt(SymKey(sk(pair(Agent(dishonest(i10)), Agent(honest(a9))))), pair(Nonce((absTS(pair(Agent(dishonest(i11)), Agent(dishonest(i12)))) Abs_TS2)), pair(Agent(honest(a10)), SymKey(sk(pair(Agent(dishonest(i13)), Agent(honest(a11))))))))), Nonce((absTS(pair(Agent(honest(a12)), Agent(dishonest(i14)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(honest(a13)), Agent(honest(a14))))), pair(Nonce((absTS(pair(Agent(honest(a15)), Agent(dishonest(i15)))) Abs_TS4)), pair(Agent(dishonest(i16)), SymKey(sk(pair(Agent(dishonest(i17)), Agent(honest(a16)))))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(honest(a3)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(honest(a5)))) Abs_KAB0)), Nonce((absTS(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a8)), Agent(honest(a9))))), pair(Nonce((absTS(pair(Agent(honest(a10)), Agent(honest(a11)))) Abs_TS1)), pair(Agent(honest(a12)), SymKey((absKAB(pair(Agent(honest(a13)), Agent(honest(a14)))) Abs_KAB1))))), SID(sid0)] ))
|
||||
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(honest(a0)), Agent(honest(a1))))), pair(Nonce((absTS(pair(Agent(honest(a2)), Agent(dishonest(i0)))) Abs_TS0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i2)))) Abs_KAB0)))))))
|
||||
| (m = Iknows(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0))))
|
||||
| (m = Iknows(SymKey((absKAB(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_KAB0))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_TA0)), pair(Agent(honest(a5)), SymKey((absKAB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_KAB0))))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(dishonest(i0)))) Abs_TA0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_KAB0))))))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a0))))))))
|
||||
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_TS0)), pair(Agent(dishonest(i2)), SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a0)))))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))))))
|
||||
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)), pair(Agent(honest(a1)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), SymKey((absKAB(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_KAB0)))))
|
||||
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)), pair(Agent(honest(a1)), SymKey((absKAB(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_KAB0))))))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(honest(a2)), Agent(honest(a3))))), Agent(dishonest(i1)), Agent(honest(a4)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((absTS(pair(Agent(honest(a6)), Agent(dishonest(i3)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a7)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(honest(a9)), Agent(dishonest(i4)))) Abs_TS1)), pair(Agent(dishonest(i5)), SymKey((absKAB(pair(Agent(honest(a10)), Agent(dishonest(i6)))) Abs_KAB1))))), pair(Agent(honest(a11)), scrypt(SymKey(sk(pair(Agent(honest(a12)), Agent(honest(a13))))), pair(Nonce((absTS(pair(Agent(honest(a14)), Agent(dishonest(i7)))) Abs_TS2)), pair(Agent(dishonest(i8)), SymKey((absKAB(pair(Agent(honest(a15)), Agent(dishonest(i9)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(dishonest(i10)), Agent(honest(a16)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a17))))), pair(Nonce((absTS(pair(Agent(dishonest(i12)), Agent(honest(a18)))) Abs_TS4)), pair(Agent(honest(a19)), SymKey((absKAB(pair(Agent(honest(a20)), Agent(dishonest(i13)))) Abs_KAB3))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i4)))) Abs_KAB0)), Nonce((absTS(pair(Agent(dishonest(i5)), Agent(honest(a4)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i6)), Agent(honest(a5))))), pair(Nonce((absTS(pair(Agent(dishonest(i7)), Agent(honest(a6)))) Abs_TS1)), pair(Agent(dishonest(i8)), SymKey((absKAB(pair(Agent(honest(a7)), Agent(dishonest(i9)))) Abs_KAB1))))), pair(Agent(dishonest(i10)), scrypt(SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(dishonest(i12)), Agent(honest(a9)))) Abs_TS2)), pair(Agent(dishonest(i13)), SymKey((absKAB(pair(Agent(honest(a10)), Agent(dishonest(i14)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(dishonest(i15)), Agent(dishonest(i16)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(dishonest(i17)), Agent(honest(a11))))), pair(Nonce((absTS(pair(Agent(dishonest(i18)), Agent(dishonest(i19)))) Abs_TS4)), pair(Agent(dishonest(i20)), SymKey((absKAB(pair(Agent(honest(a12)), Agent(dishonest(i21)))) Abs_KAB3))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SymKey(sk(pair(Agent(dishonest(i4)), Agent(honest(a3))))), Nonce((absTS(pair(Agent(dishonest(i5)), Agent(honest(a4)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i6)), Agent(honest(a5))))), pair(Nonce((absTS(pair(Agent(dishonest(i7)), Agent(honest(a6)))) Abs_TS1)), pair(Agent(dishonest(i8)), SymKey(sk(pair(Agent(dishonest(i9)), Agent(honest(a7)))))))), pair(Agent(dishonest(i10)), scrypt(SymKey(sk(pair(Agent(dishonest(i11)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(dishonest(i12)), Agent(honest(a9)))) Abs_TS2)), pair(Agent(dishonest(i13)), SymKey(sk(pair(Agent(dishonest(i14)), Agent(honest(a10))))))))), Nonce((absTS(pair(Agent(dishonest(i15)), Agent(dishonest(i16)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(dishonest(i17)), Agent(honest(a11))))), pair(Nonce((absTS(pair(Agent(dishonest(i18)), Agent(dishonest(i19)))) Abs_TS4)), pair(Agent(dishonest(i20)), SymKey(sk(pair(Agent(dishonest(i21)), Agent(honest(a12)))))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i4)))) Abs_KAB0)), Nonce((absTS(pair(Agent(dishonest(i5)), Agent(dishonest(i6)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i7)), Agent(honest(a4))))), pair(Nonce((absTS(pair(Agent(dishonest(i8)), Agent(dishonest(i9)))) Abs_TS1)), pair(Agent(dishonest(i10)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i11)))) Abs_KAB1))))), pair(Agent(dishonest(i12)), scrypt(SymKey(sk(pair(Agent(dishonest(i13)), Agent(honest(a6))))), pair(Nonce((absTS(pair(Agent(dishonest(i14)), Agent(dishonest(i15)))) Abs_TS2)), pair(Agent(dishonest(i16)), SymKey((absKAB(pair(Agent(honest(a7)), Agent(dishonest(i17)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(dishonest(i18)), Agent(dishonest(i19)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(dishonest(i20)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(dishonest(i21)), Agent(dishonest(i22)))) Abs_TS4)), pair(Agent(dishonest(i23)), SymKey((absKAB(pair(Agent(honest(a9)), Agent(dishonest(i24)))) Abs_KAB3))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2))))), Agent(dishonest(i2)), Agent(dishonest(i3)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i4)))) Abs_KAB0)), Nonce((ni Abs_NI0)), scrypt(SymKey(sk(pair(Agent(dishonest(i5)), Agent(honest(a4))))), pair(Nonce((ni Abs_NI1)), pair(Agent(dishonest(i6)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i7)))) Abs_KAB1))))), pair(Agent(dishonest(i8)), scrypt(SymKey(sk(pair(Agent(dishonest(i9)), Agent(honest(a6))))), pair(Nonce((ni Abs_NI2)), pair(Agent(dishonest(i10)), SymKey((absKAB(pair(Agent(honest(a7)), Agent(dishonest(i11)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(dishonest(i12)), Agent(dishonest(i13)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i14)), Agent(honest(a8))))), pair(Nonce((absTS(pair(Agent(dishonest(i15)), Agent(dishonest(i16)))) Abs_TS1)), pair(Agent(dishonest(i17)), SymKey((absKAB(pair(Agent(honest(a9)), Agent(dishonest(i18)))) Abs_KAB3))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((absTS(pair(Agent(dishonest(i3)), Agent(dishonest(i4)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(dishonest(i5)), Agent(honest(a6))))), pair(Nonce((absTS(pair(Agent(dishonest(i6)), Agent(dishonest(i7)))) Abs_TS1)), pair(Agent(honest(a7)), SymKey((absKAB(pair(Agent(honest(a8)), Agent(dishonest(i8)))) Abs_KAB1))))), pair(Agent(dishonest(i9)), scrypt(SymKey(sk(pair(Agent(dishonest(i10)), Agent(honest(a9))))), pair(Nonce((absTS(pair(Agent(dishonest(i11)), Agent(dishonest(i12)))) Abs_TS2)), pair(Agent(honest(a10)), SymKey((absKAB(pair(Agent(honest(a11)), Agent(dishonest(i13)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(honest(a12)), Agent(dishonest(i14)))) Abs_TS3)), scrypt(SymKey(sk(pair(Agent(honest(a13)), Agent(honest(a14))))), pair(Nonce((absTS(pair(Agent(honest(a15)), Agent(dishonest(i15)))) Abs_TS4)), pair(Agent(dishonest(i16)), SymKey((absKAB(pair(Agent(honest(a16)), Agent(dishonest(i17)))) Abs_KAB3))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a3))))), Agent(honest(a4)), Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a5)), Agent(dishonest(i2)))) Abs_KAB0)), Nonce((ni Abs_NI0)), scrypt(SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a6))))), pair(Nonce((ni Abs_NI1)), pair(Agent(honest(a7)), SymKey((absKAB(pair(Agent(honest(a8)), Agent(dishonest(i4)))) Abs_KAB1))))), pair(Agent(dishonest(i5)), scrypt(SymKey(sk(pair(Agent(dishonest(i6)), Agent(honest(a9))))), pair(Nonce((ni Abs_NI2)), pair(Agent(honest(a10)), SymKey((absKAB(pair(Agent(honest(a11)), Agent(dishonest(i7)))) Abs_KAB2)))))), Nonce((absTS(pair(Agent(honest(a12)), Agent(dishonest(i8)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a13)), Agent(honest(a14))))), pair(Nonce((absTS(pair(Agent(honest(a15)), Agent(dishonest(i9)))) Abs_TS1)), pair(Agent(dishonest(i10)), SymKey((absKAB(pair(Agent(honest(a16)), Agent(dishonest(i11)))) Abs_KAB3))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), Agent(dishonest(i0)), SymKey((absKAB(pair(Agent(honest(a3)), Agent(dishonest(i1)))) Abs_KAB0)), Nonce((absTS(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_TS0)), scrypt(SymKey(sk(pair(Agent(honest(a5)), Agent(honest(a6))))), pair(Nonce((absTS(pair(Agent(honest(a7)), Agent(dishonest(i3)))) Abs_TS1)), pair(Agent(dishonest(i4)), SymKey((absKAB(pair(Agent(honest(a8)), Agent(dishonest(i5)))) Abs_KAB1))))), SID(sid0)] ))
|
||||
| (m = Iknows(scrypt(SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a0))))), pair(Nonce((absTS(pair(Agent(dishonest(i1)), Agent(dishonest(i2)))) Abs_TS0)), pair(Agent(dishonest(i3)), SymKey((absKAB(pair(Agent(honest(a1)), Agent(dishonest(i4)))) Abs_KAB0)))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_TA0)), pair(Agent(honest(a5)), SymKey((absKAB(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_KAB0))))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), scrypt(SymKey(sk(pair(Agent(honest(a1)), Agent(honest(a2))))), pair(Nonce((absTA(pair(Agent(honest(a3)), Agent(dishonest(i0)))) Abs_TA0)), pair(Agent(dishonest(i1)), SymKey((absKAB(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_KAB0))))))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a0))))))))
|
||||
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_TS0)), pair(Agent(dishonest(i2)), SymKey(sk(pair(Agent(dishonest(i3)), Agent(honest(a0)))))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), SymKey(sk(pair(Agent(dishonest(i0)), Agent(honest(a1))))))))
|
||||
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)), pair(Agent(honest(a1)), SymKey(sk(pair(Agent(dishonest(i1)), Agent(honest(a2)))))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), SymKey((absKAB(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_KAB0)))))
|
||||
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(honest(a0)))) Abs_TS0)), pair(Agent(honest(a1)), SymKey((absKAB(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_KAB0))))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), SymKey((absKAB(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_KAB0)))))
|
||||
| (m = Iknows(pair(Nonce((absTS(pair(Agent(dishonest(i0)), Agent(dishonest(i1)))) Abs_TS0)), pair(Agent(dishonest(i2)), SymKey((absKAB(pair(Agent(honest(a0)), Agent(dishonest(i3)))) Abs_KAB0))))))
|
||||
)}"
|
||||
|
||||
|
||||
section {* Checking Fixed-point (WideMouthFrog) *}
|
||||
lemma fp_attack_free: "~ (Attack m : WideMouthFrog_fp)"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_0: "Iknows(Nonce((ni Abs_NI))) : WideMouthFrog_fp"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_1: "Iknows(Agent(dishonest(i))) : WideMouthFrog_fp"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_2: "State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] ) : WideMouthFrog_fp"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_3: "State(rA, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] ) : WideMouthFrog_fp"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_4: "Iknows(Step(0)) : WideMouthFrog_fp"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_5: "Iknows(SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a)))))) : WideMouthFrog_fp"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_6: "Iknows(SID(sid)) : WideMouthFrog_fp"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_7: "Iknows(Agent(honest(a))) : WideMouthFrog_fp"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_8: "State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(dishonest(i)), SID(sid)] ) : WideMouthFrog_fp"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_9: "State(rB, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), SID(sid)] ) : WideMouthFrog_fp"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_10: "State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), Agent(dishonest(i)), Agent(dishonest(i)), SID(sid)] ) : WideMouthFrog_fp"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_11: "State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(dishonest(i)), Agent(honest(a)), SID(sid)] ) : WideMouthFrog_fp"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_12: "State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), SymKey(sk(pair(Agent(dishonest(i)), Agent(honest(a))))), Agent(honest(a)), Agent(dishonest(i)), SID(sid)] ) : WideMouthFrog_fp"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_13: "State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), SymKey(sk(pair(Agent(honest(a)), Agent(honest(a))))), Agent(honest(a)), Agent(honest(a)), SID(sid)] ) : WideMouthFrog_fp"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_0: "[|
|
||||
Iknows(crypt(K, M)) : WideMouthFrog_fp;
|
||||
Iknows(inv(K)) : WideMouthFrog_fp|]
|
||||
==>
|
||||
(Iknows(M) : WideMouthFrog_fp)"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_1: "[|
|
||||
Iknows(crypt(inv(K), M)) : WideMouthFrog_fp;
|
||||
Iknows(K) : WideMouthFrog_fp|]
|
||||
==>
|
||||
(Iknows(M) : WideMouthFrog_fp)"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_2: "[|
|
||||
Iknows(scrypt(K, M)) : WideMouthFrog_fp;
|
||||
Iknows(K) : WideMouthFrog_fp|]
|
||||
==>
|
||||
(Iknows(M) : WideMouthFrog_fp)"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_3: "[|
|
||||
Iknows(pair(M1, M2)) : WideMouthFrog_fp|]
|
||||
==>
|
||||
(Iknows(M1) : WideMouthFrog_fp) &
|
||||
(Iknows(M2) : WideMouthFrog_fp)"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_4: "[|
|
||||
Secret(M, Agent(honest(a))) : WideMouthFrog_fp;
|
||||
Iknows(M) : WideMouthFrog_fp|]
|
||||
==>
|
||||
(Attack(pair(secrecy, M)) : WideMouthFrog_fp)"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_5: "[|
|
||||
Request(A, B, Purpose(purposeTA), M, SID(sid)) : WideMouthFrog_fp;
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_TA .
|
||||
M = Nonce((absTA(pair(B, A)) Abs_TA)))|]
|
||||
==>
|
||||
(Attack(pair(authentication, pair(A, pair(B, M)))) : WideMouthFrog_fp)"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_6: "[|
|
||||
Request(A, B, Purpose(purposeKAB), M, SID(sid)) : WideMouthFrog_fp;
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_KAB .
|
||||
M = SymKey((absKAB(pair(B, A)) Abs_KAB)))|]
|
||||
==>
|
||||
(Attack(pair(authentication, pair(A, pair(B, M)))) : WideMouthFrog_fp)"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_7: "[|
|
||||
Request(A, B, Purpose(purposeTS), M, SID(sid)) : WideMouthFrog_fp;
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_TS .
|
||||
M = Nonce((absTS(pair(B, A)) Abs_TS)))|]
|
||||
==>
|
||||
(Attack(pair(authentication, pair(A, pair(B, M)))) : WideMouthFrog_fp)"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_8: "[|
|
||||
State(rA, [Agent(A), Step(0), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), SID(sid)] ) : WideMouthFrog_fp|]
|
||||
==>
|
||||
(Secret(SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)), Agent(B)) : WideMouthFrog_fp) &
|
||||
(Witness(Agent(A), Agent(B), Purpose(purposeKAB), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB))) : WideMouthFrog_fp) &
|
||||
(State(rA, [Agent(A), Step(1), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Nonce((absTA(pair(Agent(A), Agent(B))) Abs_TA)), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)), pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce((absTA(pair(Agent(A), Agent(B))) Abs_TA)), pair(Agent(B), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB)))))), SID(sid)] ) : WideMouthFrog_fp) &
|
||||
(Iknows(pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce((absTA(pair(Agent(A), Agent(B))) Abs_TA)), pair(Agent(B), SymKey((absKAB(pair(Agent(A), Agent(B))) Abs_KAB))))))) : WideMouthFrog_fp)"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_9: "[|
|
||||
State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SID(sid)] ) : WideMouthFrog_fp;
|
||||
Iknows(Agent(A)) : WideMouthFrog_fp;
|
||||
Iknows(scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB))))) : WideMouthFrog_fp|]
|
||||
==>
|
||||
(State(rs, [Agent(honest(a)), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SymKey(KAB), Nonce(TA), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB)))), pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB))))), Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB)))), SID(sid)] ) : WideMouthFrog_fp) &
|
||||
(Iknows(scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB))))) : WideMouthFrog_fp)"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_10: "[|
|
||||
State(rs, [Agent(honest(a)), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SID(sid)] ) : WideMouthFrog_fp;
|
||||
Iknows(Agent(A)) : WideMouthFrog_fp;
|
||||
Iknows(SymKey(sk(pair(Agent(A), Agent(honest(a)))))) : WideMouthFrog_fp;
|
||||
Iknows(Nonce(TA)) : WideMouthFrog_fp;
|
||||
Iknows(Agent(B)) : WideMouthFrog_fp;
|
||||
Iknows(SymKey(KAB)) : WideMouthFrog_fp|]
|
||||
==>
|
||||
(State(rs, [Agent(honest(a)), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), SymKey(sk(pair(Agent(A), Agent(honest(a))))), Agent(B), Agent(A), SymKey(KAB), Nonce(TA), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB)))), pair(Agent(A), scrypt(SymKey(sk(pair(Agent(A), Agent(honest(a))))), pair(Nonce(TA), pair(Agent(B), SymKey(KAB))))), Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB)))), SID(sid)] ) : WideMouthFrog_fp) &
|
||||
(Iknows(scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce((absTS(pair(Agent(B), Agent(A))) Abs_TS)), pair(Agent(A), SymKey(KAB))))) : WideMouthFrog_fp)"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_11: "[|
|
||||
State(rB, [Agent(B), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SID(sid)] ) : WideMouthFrog_fp;
|
||||
Iknows(scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce(TS), pair(Agent(A), SymKey(KAB))))) : WideMouthFrog_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeKAB), SymKey(KAB), SID(sid)) : WideMouthFrog_fp) &
|
||||
(State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SymKey(KAB), Nonce(TS), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce(TS), pair(Agent(A), SymKey(KAB)))), SID(sid)] ) : WideMouthFrog_fp)"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_12: "[|
|
||||
State(rB, [Agent(B), Step(0), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SID(sid)] ) : WideMouthFrog_fp;
|
||||
Iknows(SymKey(sk(pair(Agent(B), Agent(honest(a)))))) : WideMouthFrog_fp;
|
||||
Iknows(Nonce(TS)) : WideMouthFrog_fp;
|
||||
Iknows(Agent(A)) : WideMouthFrog_fp;
|
||||
Iknows(SymKey(KAB)) : WideMouthFrog_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeKAB), SymKey(KAB), SID(sid)) : WideMouthFrog_fp) &
|
||||
(State(rB, [Agent(B), Step(1), SymKey(sk(pair(Agent(B), Agent(honest(a))))), Agent(A), SymKey(KAB), Nonce(TS), scrypt(SymKey(sk(pair(Agent(B), Agent(honest(a))))), pair(Nonce(TS), pair(Agent(A), SymKey(KAB)))), SID(sid)] ) : WideMouthFrog_fp)"
|
||||
by(simp only: WideMouthFrog_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
|
||||
|
||||
section {* Security Proof(s) (WideMouthFrog) *}
|
||||
lemma over_approx: "t : WideMouthFrog ==> (set t) <= WideMouthFrog_fp"
|
||||
apply(rule WideMouthFrog.induct, simp_all)
|
||||
apply(propagate_fp, cut_tac init_0, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_1, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_2, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_3, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_4, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_5, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_6, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_7, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_8, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_9, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_10, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_11, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_12, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_13, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_0, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_1, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_2, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_3, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_4, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_5, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_6, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_7, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_8, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_9, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_10, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_11, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_12, (assumption | simp)+)
|
||||
done
|
||||
|
||||
|
||||
|
||||
end (* theory *)
|
|
@ -0,0 +1,38 @@
|
|||
\documentclass[11pt,a4paper,DIVcalc,twoside]{scrartcl}
|
||||
\usepackage{amsmath}
|
||||
\usepackage{graphicx}
|
||||
\usepackage[T1]{fontenc}
|
||||
\usepackage{amsmath,amsfonts,amssymb}
|
||||
\usepackage{isabelle}
|
||||
\usepackage{isabellesym}
|
||||
\isabellestyle{it}
|
||||
%\usepackage{fixisa}
|
||||
% <isabelle-section-setup>
|
||||
\renewcommand{\isamarkupheader}[1]{\section{#1}}
|
||||
\renewcommand{\isamarkupchapter}[1]{\subsection{#1}}
|
||||
\renewcommand{\isamarkupsection}[1]{\subsection{#1}}
|
||||
\renewcommand{\isamarkupsubsection}[1]{\subsubsection{#1}}
|
||||
|
||||
\usepackage[hyperref,dvipsnames,table]{xcolor}
|
||||
% urls in roman style, theory text in math-similar italics
|
||||
\isabellestyle{it}
|
||||
\newcommand{\includeIfExists}[1]{\IfFileExists{#1}{\include{#1}}{}}
|
||||
|
||||
\title{Testsuite}
|
||||
\author{}
|
||||
|
||||
\begin{document}
|
||||
|
||||
\maketitle
|
||||
\tableofcontents
|
||||
|
||||
\input{session.tex}
|
||||
\includeIfExists{report.tex}
|
||||
|
||||
|
||||
\end{document}
|
||||
|
||||
%%% Local Variables:
|
||||
%%% mode: latex
|
||||
%%% TeX-master: t
|
||||
%%% End:
|
|
@ -0,0 +1,814 @@
|
|||
header {* Analysing NSL *}
|
||||
(* ***********************************
|
||||
This file is automatically generated from the AnB file "AnB/nsl-ks.AnB".
|
||||
Backend: Open Source Fixedpoint Model Checker version 2009c
|
||||
************************************ *)
|
||||
|
||||
theory
|
||||
"nsl-ks"
|
||||
imports
|
||||
ofmc
|
||||
begin
|
||||
|
||||
|
||||
|
||||
section {* Protocol Model (NSL) *}
|
||||
datatype Role = rA | rB | rs
|
||||
|
||||
datatype Purpose = purposeNI | purposeNA | purposeNB
|
||||
datatype Agent = honest nat
|
||||
| dishonest nat
|
||||
|
||||
datatype Nonce = "ni" "nat"
|
||||
| "na" "Msg" "nat"
|
||||
| "nb" "Msg" "nat"
|
||||
| "NI"
|
||||
| "NA"
|
||||
| "NB"
|
||||
and Msg = Nonce "Nonce"
|
||||
| Agent "Agent"
|
||||
| Purpose "Purpose"
|
||||
| pair "Msg*Msg"
|
||||
| scrypt "Msg*Msg"
|
||||
| crypt "Msg*Msg"
|
||||
| inv "Msg"
|
||||
| SID "nat"
|
||||
| Step "nat"
|
||||
| authentication
|
||||
| secrecy
|
||||
(* SymKeys *)
|
||||
| SymKey "Msg"
|
||||
(* Functions *)
|
||||
| "pk" "Msg"
|
||||
|
||||
datatype Fact = Iknows Msg
|
||||
| State "Role * (Msg list)"
|
||||
| Secret "Msg * Msg"
|
||||
| Attack "Msg"
|
||||
| Witness "Msg * Msg * Msg * Msg"
|
||||
| Request "Msg * Msg * Msg * Msg * Msg"
|
||||
|
||||
|
||||
|
||||
|
||||
section {* Inductive Protocol Definition (NSL) *}
|
||||
inductive_set
|
||||
NSL::"Fact list set"
|
||||
where
|
||||
init_0: "[ Iknows(Nonce((ni Abs_NI)))] : NSL"
|
||||
| init_1: "[ Iknows(Agent(dishonest(i)))] : NSL"
|
||||
| init_2: "[ State(rA, [Agent(honest(a)), Step(0), Agent(dishonest(i)), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), SID(sid)] )] : NSL"
|
||||
| init_3: "[ State(rA, [Agent(honest(a)), Step(0), Agent(honest(a)), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), SID(sid)] )] : NSL"
|
||||
| init_4: "[ Iknows(Step(0))] : NSL"
|
||||
| init_5: "[ Iknows(pk(Agent(honest(a))))] : NSL"
|
||||
| init_6: "[ Iknows(Agent(honest(a)))] : NSL"
|
||||
| init_7: "[ Iknows(inv(pk(Agent(dishonest(i)))))] : NSL"
|
||||
| init_8: "[ Iknows(pk(Agent(dishonest(i))))] : NSL"
|
||||
| init_9: "[ Iknows(SID(sid))] : NSL"
|
||||
| init_10: "[ Iknows(Agent(honest(a)))] : NSL"
|
||||
| init_11: "[ State(rB, [Agent(honest(a)), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), SID(sid)] )] : NSL"
|
||||
| init_12: "[ State(rs, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), SID(sid)] )] : NSL"
|
||||
| rule_0: "[| t :NSL;
|
||||
Iknows(crypt(K, M)) : (set t);
|
||||
Iknows(inv(K)) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : NSL"
|
||||
| rule_1: "[| t :NSL;
|
||||
Iknows(crypt(inv(K), M)) : (set t);
|
||||
Iknows(K) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : NSL"
|
||||
| rule_2: "[| t :NSL;
|
||||
Iknows(scrypt(K, M)) : (set t);
|
||||
Iknows(K) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : NSL"
|
||||
| rule_3: "[| t :NSL;
|
||||
Iknows(pair(M1, M2)) : (set t)|]
|
||||
==>
|
||||
((Iknows(M1))
|
||||
#(Iknows(M2))
|
||||
#t) : NSL"
|
||||
| rule_4: "[| t :NSL;
|
||||
Secret(M, Agent(honest(a))) : (set t);
|
||||
Iknows(M) : (set t)|]
|
||||
==>
|
||||
((Attack(pair(secrecy, M)))
|
||||
#t) : NSL"
|
||||
| rule_5: "[| t :NSL;
|
||||
Request(A, B, Purpose(purposeNA), M, SID(sid)) : (set t);
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_NA .
|
||||
M = Nonce((na(pair(B, A)) Abs_NA)))|]
|
||||
==>
|
||||
((Attack(pair(authentication, pair(A, pair(B, M)))))
|
||||
#t) : NSL"
|
||||
| rule_6: "[| t :NSL;
|
||||
Request(A, B, Purpose(purposeNB), M, SID(sid)) : (set t);
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Arg1 Abs_NB .
|
||||
M = Nonce((nb(pair(B, pair(A, Arg1))) Abs_NB)))|]
|
||||
==>
|
||||
((Attack(pair(authentication, pair(A, pair(B, M)))))
|
||||
#t) : NSL"
|
||||
| rule_7: "[| t :NSL;
|
||||
State(rA, [Agent(A), Step(0), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), SID(sid)] ) : (set t)|]
|
||||
==>
|
||||
((State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ))
|
||||
#(Iknows(pair(Agent(A), Agent(B))))
|
||||
#t) : NSL"
|
||||
| rule_8: "[| t :NSL;
|
||||
State(rs, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), SID(sid)] ) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(Agent(B)) : (set t)|]
|
||||
==>
|
||||
((State(rs, [Agent(honest(a)), Step(1), inv(pk(Agent(honest(a)))), Agent(B), Agent(A), pair(Agent(A), Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), SID(sid)] ))
|
||||
#(Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B))))))
|
||||
#t) : NSL"
|
||||
| rule_9: "[| t :NSL;
|
||||
State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : (set t);
|
||||
Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B))))) : (set t)|]
|
||||
==>
|
||||
((Secret(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B)))
|
||||
#(Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA))))
|
||||
#(State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))))
|
||||
#t) : NSL"
|
||||
| rule_10: "[| t :NSL;
|
||||
State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : (set t);
|
||||
Iknows(inv(pk(Agent(honest(a))))) : (set t);
|
||||
Iknows(Agent(B)) : (set t);
|
||||
Iknows(pk(Agent(B))) : (set t)|]
|
||||
==>
|
||||
((Secret(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B)))
|
||||
#(Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA))))
|
||||
#(State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))))
|
||||
#t) : NSL"
|
||||
| rule_11: "[| t :NSL;
|
||||
State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : (set t);
|
||||
Iknows(inv(pk(Agent(honest(a))))) : (set t);
|
||||
Iknows(Agent(B)) : (set t)|]
|
||||
==>
|
||||
((Secret(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B)))
|
||||
#(Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA))))
|
||||
#(State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))))
|
||||
#t) : NSL"
|
||||
| rule_12: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), SID(sid)] ) : (set t);
|
||||
Iknows(crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A)))) : (set t)|]
|
||||
==>
|
||||
((State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ))
|
||||
#(Iknows(pair(Agent(B), Agent(A))))
|
||||
#t) : NSL"
|
||||
| rule_13: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), SID(sid)] ) : (set t);
|
||||
Iknows(pk(Agent(B))) : (set t);
|
||||
Iknows(Nonce(NA)) : (set t);
|
||||
Iknows(Agent(A)) : (set t)|]
|
||||
==>
|
||||
((State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ))
|
||||
#(Iknows(pair(Agent(B), Agent(A))))
|
||||
#t) : NSL"
|
||||
| rule_14: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), SID(sid)] ) : (set t);
|
||||
Iknows(Agent(B)) : (set t);
|
||||
Iknows(Nonce(NA)) : (set t);
|
||||
Iknows(Agent(A)) : (set t)|]
|
||||
==>
|
||||
((State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ))
|
||||
#(Iknows(pair(Agent(B), Agent(A))))
|
||||
#t) : NSL"
|
||||
| rule_15: "[| t :NSL;
|
||||
State(rs, [Agent(honest(a)), Step(1), inv(pk(Agent(honest(a)))), Agent(B), Agent(A), pair(Agent(A), Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), SID(sid)] ) : (set t);
|
||||
Iknows(Agent(B)) : (set t);
|
||||
Iknows(Agent(A)) : (set t)|]
|
||||
==>
|
||||
((State(rs, [Agent(honest(a)), Step(2), inv(pk(Agent(honest(a)))), Agent(B), Agent(A), pair(Agent(A), Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), pair(Agent(B), Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), SID(sid)] ))
|
||||
#(Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))))
|
||||
#t) : NSL"
|
||||
| rule_16: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : (set t);
|
||||
Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : (set t)|]
|
||||
==>
|
||||
((Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)))
|
||||
#(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))))
|
||||
#(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))))
|
||||
#t) : NSL"
|
||||
| rule_17: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : (set t);
|
||||
Iknows(inv(pk(Agent(honest(a))))) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(pk(Agent(A))) : (set t)|]
|
||||
==>
|
||||
((Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)))
|
||||
#(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))))
|
||||
#(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))))
|
||||
#t) : NSL"
|
||||
| rule_18: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : (set t);
|
||||
Iknows(inv(pk(Agent(honest(a))))) : (set t);
|
||||
Iknows(Agent(A)) : (set t)|]
|
||||
==>
|
||||
((Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)))
|
||||
#(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))))
|
||||
#(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))))
|
||||
#t) : NSL"
|
||||
| rule_19: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : (set t);
|
||||
Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : (set t);
|
||||
~ ( ? A B Abs_NA .
|
||||
Nonce(NA) = Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))|]
|
||||
==>
|
||||
((Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)))
|
||||
#(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))))
|
||||
#(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))))
|
||||
#t) : NSL"
|
||||
| rule_20: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : (set t);
|
||||
Iknows(inv(pk(Agent(honest(a))))) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(pk(Agent(A))) : (set t);
|
||||
~ ( ? A B Abs_NA .
|
||||
Nonce(NA) = Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))|]
|
||||
==>
|
||||
((Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)))
|
||||
#(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))))
|
||||
#(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))))
|
||||
#t) : NSL"
|
||||
| rule_21: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : (set t);
|
||||
Iknows(inv(pk(Agent(honest(a))))) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
~ ( ? A B Abs_NA .
|
||||
Nonce(NA) = Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))|]
|
||||
==>
|
||||
((Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)))
|
||||
#(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))))
|
||||
#(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))))
|
||||
#t) : NSL"
|
||||
| rule_22: "[| t :NSL;
|
||||
State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : (set t);
|
||||
Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B))))) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)))
|
||||
#(State(rA, [Agent(A), Step(3), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(B)), Nonce(NB))))
|
||||
#t) : NSL"
|
||||
| rule_23: "[| t :NSL;
|
||||
State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : (set t);
|
||||
Iknows(pk(Agent(A))) : (set t);
|
||||
Iknows(Nonce(NA)) : (set t);
|
||||
Iknows(Nonce(NB)) : (set t);
|
||||
Iknows(Agent(B)) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)))
|
||||
#(State(rA, [Agent(A), Step(3), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(B)), Nonce(NB))))
|
||||
#t) : NSL"
|
||||
| rule_24: "[| t :NSL;
|
||||
State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(Nonce(NA)) : (set t);
|
||||
Iknows(Nonce(NB)) : (set t);
|
||||
Iknows(Agent(B)) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)))
|
||||
#(State(rA, [Agent(A), Step(3), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(B)), Nonce(NB))))
|
||||
#t) : NSL"
|
||||
| rule_25: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t);
|
||||
Iknows(crypt(pk(Agent(B)), Nonce(NB))) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(3), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ))
|
||||
#t) : NSL"
|
||||
| rule_26: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t);
|
||||
Iknows(pk(Agent(B))) : (set t);
|
||||
Iknows(Nonce(NB)) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(3), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ))
|
||||
#t) : NSL"
|
||||
| rule_27: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t);
|
||||
Iknows(Agent(B)) : (set t);
|
||||
Iknows(Nonce(NB)) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(3), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ))
|
||||
#t) : NSL"
|
||||
|
||||
|
||||
section {* Fixed-point Definition (NSL) *}
|
||||
constdefs NSL_fp::"Fact set""NSL_fp == {m. ( ? Abs_NA3 Abs_NA4 Abs_NA5 i13 Abs_NI1 Abs_NI2 a16 a17 a18 a19 a20 a21 a22 a23 a24 a25 a26 a27 a28 Abs_NA1 Abs_NA2 a3 a4 a5 a6 a7 i2 i3 a8 i4 i5 a9 i6 i7 a10 i8 Abs_NB2 i9 a11 i10 Abs_NB3 a12 i11 Abs_NB4 a13 a14 a15 i12 Abs_NB5 sid0 Abs_NI0 Abs_NA0 a0 i0 Abs_NB0 a1 i1 Abs_NB1 a2 .
|
||||
(m = Iknows(Nonce((ni Abs_NI0))))
|
||||
| (m = Iknows(Agent(dishonest(i0))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(0), Agent(dishonest(i0)), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(0), Agent(honest(a1)), pk(Agent(honest(a2))), Agent(honest(a3)), inv(pk(Agent(honest(a4)))), pk(Agent(honest(a5))), SID(sid0)] ))
|
||||
| (m = Iknows(Step(0)))
|
||||
| (m = Iknows(pk(Agent(honest(a0)))))
|
||||
| (m = Iknows(Agent(honest(a0))))
|
||||
| (m = Iknows(inv(pk(Agent(dishonest(i0))))))
|
||||
| (m = Iknows(pk(Agent(dishonest(i0)))))
|
||||
| (m = Iknows(SID(sid0)))
|
||||
| (m = Iknows(Agent(honest(a0))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(0), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), SID(sid0)] ))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), Agent(dishonest(i0)), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), pair(Agent(honest(a5)), Agent(dishonest(i1))), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), Agent(honest(a1)), pk(Agent(honest(a2))), Agent(honest(a3)), inv(pk(Agent(honest(a4)))), pk(Agent(honest(a5))), pair(Agent(honest(a6)), Agent(honest(a7))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Agent(dishonest(i1)), pair(Agent(dishonest(i2)), Agent(dishonest(i3))), crypt(inv(pk(Agent(honest(a2)))), pair(Agent(dishonest(i4)), pk(Agent(dishonest(i5))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Agent(dishonest(i0)), pair(Agent(dishonest(i1)), Agent(honest(a3))), crypt(inv(pk(Agent(honest(a4)))), pair(Agent(honest(a5)), pk(Agent(honest(a6))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Agent(honest(a2)), pair(Agent(honest(a3)), Agent(dishonest(i1))), crypt(inv(pk(Agent(honest(a4)))), pair(Agent(dishonest(i2)), pk(Agent(dishonest(i3))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Agent(honest(a3)), pair(Agent(honest(a4)), Agent(honest(a5))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(honest(a7)), pk(Agent(honest(a8))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a5))), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i1)))), pair(Agent(honest(a6)), Agent(dishonest(i2))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a6))), pair(Nonce((ni Abs_NI1)), Agent(honest(a7)))), pair(Agent(honest(a8)), Agent(honest(a9))), SID(sid0)] ))
|
||||
| (m = Iknows(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(honest(a1)), pk(Agent(honest(a2)))))))
|
||||
| (m = Iknows(crypt(inv(pk(Agent(honest(a0)))), pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1)))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1))))))
|
||||
| (m = Secret(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(dishonest(i1))))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((na(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(2), Agent(dishonest(i0)), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), pair(Agent(honest(a5)), Agent(dishonest(i1))), pk(Agent(dishonest(i2))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i5)))) Abs_NA0)), crypt(pk(Agent(dishonest(i6))), pair(Nonce((na(pair(Agent(honest(a8)), Agent(dishonest(i7)))) Abs_NA1)), Agent(honest(a9)))), SID(sid0)] ))
|
||||
| (m = Secret(Nonce((na(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NA0)), Agent(honest(a2))))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNA), Nonce((na(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(2), Agent(honest(a1)), pk(Agent(honest(a2))), Agent(honest(a3)), inv(pk(Agent(honest(a4)))), pk(Agent(honest(a5))), pair(Agent(honest(a6)), Agent(honest(a7))), pk(Agent(honest(a8))), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(honest(a10)), pk(Agent(honest(a11))))), Nonce((na(pair(Agent(honest(a12)), Agent(honest(a13)))) Abs_NA0)), crypt(pk(Agent(honest(a14))), pair(Nonce((na(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_NA1)), Agent(honest(a17)))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Agent(dishonest(i1)), pair(Agent(dishonest(i2)), Agent(dishonest(i3))), crypt(inv(pk(Agent(honest(a2)))), pair(Agent(dishonest(i4)), pk(Agent(dishonest(i5))))), pair(Agent(dishonest(i6)), Agent(dishonest(i7))), crypt(inv(pk(Agent(honest(a3)))), pair(Agent(dishonest(i8)), pk(Agent(dishonest(i9))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Agent(dishonest(i0)), pair(Agent(dishonest(i1)), Agent(honest(a3))), crypt(inv(pk(Agent(honest(a4)))), pair(Agent(honest(a5)), pk(Agent(honest(a6))))), pair(Agent(honest(a7)), Agent(dishonest(i2))), crypt(inv(pk(Agent(honest(a8)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Agent(honest(a2)), pair(Agent(honest(a3)), Agent(dishonest(i1))), crypt(inv(pk(Agent(honest(a4)))), pair(Agent(dishonest(i2)), pk(Agent(dishonest(i3))))), pair(Agent(dishonest(i4)), Agent(honest(a5))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(honest(a7)), pk(Agent(honest(a8))))), SID(sid0)] ))
|
||||
| (m = State(rs, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Agent(honest(a3)), pair(Agent(honest(a4)), Agent(honest(a5))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(honest(a7)), pk(Agent(honest(a8))))), pair(Agent(honest(a9)), Agent(honest(a10))), crypt(inv(pk(Agent(honest(a11)))), pair(Agent(honest(a12)), pk(Agent(honest(a13))))), SID(sid0)] ))
|
||||
| (m = Secret(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(dishonest(i1))))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a5))), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i1)))), pair(Agent(honest(a6)), Agent(dishonest(i2))), pk(Agent(dishonest(i3))), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i4)), pk(Agent(dishonest(i5))))), Nonce((nb(pair(Agent(honest(a8)), pair(Agent(dishonest(i6)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i7))), pair(Nonce((ni Abs_NI2)), pair(Nonce((nb(pair(Agent(honest(a9)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB1)), Agent(honest(a10))))), SID(sid0)] ))
|
||||
| (m = Secret(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(honest(a1)), Step(0)))) Abs_NB0)), Agent(honest(a2))))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNB), Nonce((nb(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(0)))) Abs_NB0))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a6))), pair(Nonce((ni Abs_NI1)), Agent(honest(a7)))), pair(Agent(honest(a8)), Agent(honest(a9))), pk(Agent(honest(a10))), crypt(inv(pk(Agent(honest(a11)))), pair(Agent(honest(a12)), pk(Agent(honest(a13))))), Nonce((nb(pair(Agent(honest(a14)), pair(Agent(honest(a15)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a16))), pair(Nonce((ni Abs_NI2)), pair(Nonce((nb(pair(Agent(honest(a17)), pair(Agent(honest(a18)), Step(0)))) Abs_NB1)), Agent(honest(a19))))), SID(sid0)] ))
|
||||
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(honest(a2)), Step(0)))) Abs_NB0)), Agent(honest(a3)))))))
|
||||
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))))
|
||||
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((na(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NA0)), Agent(honest(a3))))))
|
||||
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0)), Agent(honest(a1))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1))))))
|
||||
| (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((na(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA0)), crypt(pk(Agent(honest(a8))), pair(Nonce((na(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NA1)), Agent(honest(a11)))), pair(Agent(honest(a12)), Agent(honest(a13))), SID(sid0)] ))
|
||||
| (m = Iknows(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0))))
|
||||
| (m = Iknows(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1))))))
|
||||
| (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((na(pair(Agent(honest(a5)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(honest(a6))), pair(Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i2)))) Abs_NA1)), Agent(dishonest(i3)))), pair(Agent(honest(a8)), Agent(dishonest(i4))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((na(pair(Agent(honest(a6)), Agent(dishonest(i0)))) Abs_NA0)), crypt(pk(Agent(honest(a7))), pair(Nonce((na(pair(Agent(honest(a8)), Agent(dishonest(i1)))) Abs_NA1)), Agent(honest(a9)))), pair(Agent(honest(a10)), Agent(honest(a11))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((nb(pair(Agent(honest(a5)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a6))), pair(Nonce((nb(pair(Agent(honest(a7)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB1)), Agent(dishonest(i3)))), pair(Agent(honest(a8)), Agent(dishonest(i4))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((nb(pair(Agent(honest(a6)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a7))), pair(Nonce((nb(pair(Agent(honest(a8)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB1)), Agent(honest(a9)))), pair(Agent(honest(a10)), Agent(honest(a11))), SID(sid0)] ))
|
||||
| (m = Secret(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(honest(a1)), Step(1)))) Abs_NB0)), Agent(honest(a2))))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNB), Nonce((nb(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(1)))) Abs_NB0))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((na(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA0)), crypt(pk(Agent(honest(a8))), pair(Nonce((na(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NA1)), Agent(honest(a11)))), pair(Agent(honest(a12)), Agent(honest(a13))), pk(Agent(honest(a14))), crypt(inv(pk(Agent(honest(a15)))), pair(Agent(honest(a16)), pk(Agent(honest(a17))))), Nonce((nb(pair(Agent(honest(a18)), pair(Agent(honest(a19)), Step(1)))) Abs_NB0)), crypt(pk(Agent(honest(a20))), pair(Nonce((na(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a23)), pair(Agent(honest(a24)), Step(1)))) Abs_NB1)), Agent(honest(a25))))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((na(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)), SID(sid0)))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(3), Agent(dishonest(i0)), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), pair(Agent(honest(a5)), Agent(dishonest(i1))), pk(Agent(dishonest(i2))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i5)))) Abs_NA0)), crypt(pk(Agent(dishonest(i6))), pair(Nonce((na(pair(Agent(honest(a8)), Agent(dishonest(i7)))) Abs_NA1)), Agent(honest(a9)))), Nonce((na(pair(Agent(honest(a10)), Agent(dishonest(i8)))) Abs_NA2)), crypt(pk(Agent(honest(a11))), pair(Nonce((na(pair(Agent(honest(a12)), Agent(dishonest(i9)))) Abs_NA3)), pair(Nonce((na(pair(Agent(honest(a13)), Agent(dishonest(i10)))) Abs_NA4)), Agent(dishonest(i11))))), crypt(pk(Agent(dishonest(i12))), Nonce((na(pair(Agent(honest(a14)), Agent(dishonest(i13)))) Abs_NA5))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), SID(sid0)))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(3), Agent(dishonest(i0)), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), pair(Agent(honest(a5)), Agent(dishonest(i1))), pk(Agent(dishonest(i2))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i5)))) Abs_NA0)), crypt(pk(Agent(dishonest(i6))), pair(Nonce((na(pair(Agent(honest(a8)), Agent(dishonest(i7)))) Abs_NA1)), Agent(honest(a9)))), Nonce((nb(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a11))), pair(Nonce((na(pair(Agent(honest(a12)), Agent(dishonest(i9)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a13)), pair(Agent(dishonest(i10)), Step(0)))) Abs_NB1)), Agent(dishonest(i11))))), crypt(pk(Agent(dishonest(i12))), Nonce((nb(pair(Agent(honest(a14)), pair(Agent(dishonest(i13)), Step(0)))) Abs_NB2))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((ni Abs_NI0)), SID(sid0)))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(3), Agent(dishonest(i0)), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), pair(Agent(honest(a5)), Agent(dishonest(i1))), pk(Agent(dishonest(i2))), crypt(inv(pk(Agent(honest(a6)))), pair(Agent(dishonest(i3)), pk(Agent(dishonest(i4))))), Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i5)))) Abs_NA0)), crypt(pk(Agent(dishonest(i6))), pair(Nonce((na(pair(Agent(honest(a8)), Agent(dishonest(i7)))) Abs_NA1)), Agent(honest(a9)))), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a10))), pair(Nonce((na(pair(Agent(honest(a11)), Agent(dishonest(i8)))) Abs_NA2)), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i9))))), crypt(pk(Agent(dishonest(i10))), Nonce((ni Abs_NI2))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((ni Abs_NI0)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(3), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a5))), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i1)))), pair(Agent(honest(a6)), Agent(dishonest(i2))), pk(Agent(dishonest(i3))), crypt(inv(pk(Agent(honest(a7)))), pair(Agent(dishonest(i4)), pk(Agent(dishonest(i5))))), Nonce((nb(pair(Agent(honest(a8)), pair(Agent(dishonest(i6)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i7))), pair(Nonce((ni Abs_NI2)), pair(Nonce((nb(pair(Agent(honest(a9)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB1)), Agent(honest(a10))))), crypt(pk(Agent(honest(a11))), Nonce((nb(pair(Agent(honest(a12)), pair(Agent(dishonest(i9)), Step(0)))) Abs_NB2))), SID(sid0)] ))
|
||||
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), Nonce((ni Abs_NI0)))))
|
||||
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)))))
|
||||
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0)))))
|
||||
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((na(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NA0)), pair(Nonce((nb(pair(Agent(honest(a3)), pair(Agent(honest(a4)), Step(1)))) Abs_NB0)), Agent(honest(a5)))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1))))))
|
||||
| (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((na(pair(Agent(honest(a5)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(honest(a6))), pair(Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i2)))) Abs_NA1)), Agent(dishonest(i3)))), pair(Agent(honest(a8)), Agent(dishonest(i4))), pk(Agent(dishonest(i5))), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i6)), pk(Agent(dishonest(i7))))), Nonce((nb(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i9))), pair(Nonce((na(pair(Agent(honest(a11)), Agent(dishonest(i10)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a12)), pair(Agent(dishonest(i11)), Step(0)))) Abs_NB1)), Agent(honest(a13))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((na(pair(Agent(honest(a6)), Agent(dishonest(i0)))) Abs_NA0)), crypt(pk(Agent(honest(a7))), pair(Nonce((na(pair(Agent(honest(a8)), Agent(dishonest(i1)))) Abs_NA1)), Agent(honest(a9)))), pair(Agent(honest(a10)), Agent(honest(a11))), pk(Agent(honest(a12))), crypt(inv(pk(Agent(honest(a13)))), pair(Agent(honest(a14)), pk(Agent(honest(a15))))), Nonce((nb(pair(Agent(honest(a16)), pair(Agent(honest(a17)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a18))), pair(Nonce((na(pair(Agent(honest(a19)), Agent(dishonest(i2)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a20)), pair(Agent(honest(a21)), Step(0)))) Abs_NB1)), Agent(honest(a22))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((nb(pair(Agent(honest(a5)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a6))), pair(Nonce((nb(pair(Agent(honest(a7)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB1)), Agent(dishonest(i3)))), pair(Agent(honest(a8)), Agent(dishonest(i4))), pk(Agent(dishonest(i5))), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i6)), pk(Agent(dishonest(i7))))), Nonce((nb(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB2)), crypt(pk(Agent(dishonest(i9))), pair(Nonce((nb(pair(Agent(honest(a11)), pair(Agent(dishonest(i10)), Step(0)))) Abs_NB3)), pair(Nonce((nb(pair(Agent(honest(a12)), pair(Agent(dishonest(i11)), Step(0)))) Abs_NB4)), Agent(honest(a13))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((nb(pair(Agent(honest(a6)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a7))), pair(Nonce((nb(pair(Agent(honest(a8)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB1)), Agent(honest(a9)))), pair(Agent(honest(a10)), Agent(honest(a11))), pk(Agent(honest(a12))), crypt(inv(pk(Agent(honest(a13)))), pair(Agent(honest(a14)), pk(Agent(honest(a15))))), Nonce((nb(pair(Agent(honest(a16)), pair(Agent(honest(a17)), Step(0)))) Abs_NB2)), crypt(pk(Agent(honest(a18))), pair(Nonce((nb(pair(Agent(honest(a19)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB3)), pair(Nonce((nb(pair(Agent(honest(a20)), pair(Agent(honest(a21)), Step(0)))) Abs_NB4)), Agent(honest(a22))))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNB), Nonce((nb(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(1)))) Abs_NB0)), SID(sid0)))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(3), Agent(honest(a1)), pk(Agent(honest(a2))), Agent(honest(a3)), inv(pk(Agent(honest(a4)))), pk(Agent(honest(a5))), pair(Agent(honest(a6)), Agent(honest(a7))), pk(Agent(honest(a8))), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(honest(a10)), pk(Agent(honest(a11))))), Nonce((na(pair(Agent(honest(a12)), Agent(honest(a13)))) Abs_NA0)), crypt(pk(Agent(honest(a14))), pair(Nonce((na(pair(Agent(honest(a15)), Agent(honest(a16)))) Abs_NA1)), Agent(honest(a17)))), Nonce((nb(pair(Agent(honest(a18)), pair(Agent(honest(a19)), Step(1)))) Abs_NB0)), crypt(pk(Agent(honest(a20))), pair(Nonce((na(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a23)), pair(Agent(honest(a24)), Step(1)))) Abs_NB1)), Agent(honest(a25))))), crypt(pk(Agent(honest(a26))), Nonce((nb(pair(Agent(honest(a27)), pair(Agent(honest(a28)), Step(1)))) Abs_NB2))), SID(sid0)] ))
|
||||
| (m = Iknows(crypt(pk(Agent(honest(a0))), Nonce((nb(pair(Agent(honest(a1)), pair(Agent(honest(a2)), Step(1)))) Abs_NB0)))))
|
||||
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), pair(Nonce((nb(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(0)))) Abs_NB1)), Agent(honest(a4)))))))
|
||||
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB1)), Agent(honest(a2)))))))
|
||||
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((na(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_NA0)), pair(Nonce((nb(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(0)))) Abs_NB0)), Agent(honest(a4)))))))
|
||||
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB0)), Agent(honest(a2)))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1))))))
|
||||
| (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))))
|
||||
| (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), Agent(honest(a2))))))
|
||||
| (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB1)), Agent(honest(a2))))))
|
||||
| (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNA), Nonce((na(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(3), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(honest(a5)), Nonce((na(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA0)), crypt(pk(Agent(honest(a8))), pair(Nonce((na(pair(Agent(honest(a9)), Agent(honest(a10)))) Abs_NA1)), Agent(honest(a11)))), pair(Agent(honest(a12)), Agent(honest(a13))), pk(Agent(honest(a14))), crypt(inv(pk(Agent(honest(a15)))), pair(Agent(honest(a16)), pk(Agent(honest(a17))))), Nonce((nb(pair(Agent(honest(a18)), pair(Agent(honest(a19)), Step(1)))) Abs_NB0)), crypt(pk(Agent(honest(a20))), pair(Nonce((na(pair(Agent(honest(a21)), Agent(honest(a22)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a23)), pair(Agent(honest(a24)), Step(1)))) Abs_NB1)), Agent(honest(a25))))), crypt(pk(Agent(honest(a26))), Nonce((nb(pair(Agent(honest(a27)), pair(Agent(honest(a28)), Step(1)))) Abs_NB2))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((na(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(3), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((na(pair(Agent(honest(a5)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(honest(a6))), pair(Nonce((na(pair(Agent(honest(a7)), Agent(dishonest(i2)))) Abs_NA1)), Agent(dishonest(i3)))), pair(Agent(honest(a8)), Agent(dishonest(i4))), pk(Agent(dishonest(i5))), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i6)), pk(Agent(dishonest(i7))))), Nonce((nb(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i9))), pair(Nonce((na(pair(Agent(honest(a11)), Agent(dishonest(i10)))) Abs_NA2)), pair(Nonce((nb(pair(Agent(honest(a12)), pair(Agent(dishonest(i11)), Step(0)))) Abs_NB1)), Agent(honest(a13))))), crypt(pk(Agent(honest(a14))), Nonce((nb(pair(Agent(honest(a15)), pair(Agent(dishonest(i12)), Step(0)))) Abs_NB2))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(3), pk(Agent(honest(a1))), Agent(honest(a2)), inv(pk(Agent(honest(a3)))), pk(Agent(honest(a4))), Agent(dishonest(i0)), Nonce((nb(pair(Agent(honest(a5)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a6))), pair(Nonce((nb(pair(Agent(honest(a7)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB1)), Agent(dishonest(i3)))), pair(Agent(honest(a8)), Agent(dishonest(i4))), pk(Agent(dishonest(i5))), crypt(inv(pk(Agent(honest(a9)))), pair(Agent(dishonest(i6)), pk(Agent(dishonest(i7))))), Nonce((nb(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB2)), crypt(pk(Agent(dishonest(i9))), pair(Nonce((nb(pair(Agent(honest(a11)), pair(Agent(dishonest(i10)), Step(0)))) Abs_NB3)), pair(Nonce((nb(pair(Agent(honest(a12)), pair(Agent(dishonest(i11)), Step(0)))) Abs_NB4)), Agent(honest(a13))))), crypt(pk(Agent(honest(a14))), Nonce((nb(pair(Agent(honest(a15)), pair(Agent(dishonest(i12)), Step(0)))) Abs_NB5))), SID(sid0)] ))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), Agent(dishonest(i0)))))
|
||||
| (m = Iknows(pair(Agent(dishonest(i0)), pk(Agent(dishonest(i1))))))
|
||||
| (m = Iknows(pair(Agent(honest(a0)), pk(Agent(honest(a1))))))
|
||||
| (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))))
|
||||
| (m = Iknows(pair(Nonce((na(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), Agent(honest(a2))))))
|
||||
| (m = Iknows(pair(Nonce((nb(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), pair(Nonce((nb(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB1)), Agent(honest(a2))))))
|
||||
)}"
|
||||
|
||||
|
||||
section {* Checking Fixed-point (NSL) *}
|
||||
lemma fp_attack_free: "~ (Attack m : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_0: "Iknows(Nonce((ni Abs_NI))) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_1: "Iknows(Agent(dishonest(i))) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_2: "State(rA, [Agent(honest(a)), Step(0), Agent(dishonest(i)), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), SID(sid)] ) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_3: "State(rA, [Agent(honest(a)), Step(0), Agent(honest(a)), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), SID(sid)] ) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_4: "Iknows(Step(0)) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_5: "Iknows(pk(Agent(honest(a)))) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_6: "Iknows(Agent(honest(a))) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_7: "Iknows(inv(pk(Agent(dishonest(i))))) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_8: "Iknows(pk(Agent(dishonest(i)))) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_9: "Iknows(SID(sid)) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_10: "Iknows(Agent(honest(a))) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_11: "State(rB, [Agent(honest(a)), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(honest(a)))), pk(Agent(honest(a))), SID(sid)] ) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_12: "State(rs, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), SID(sid)] ) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_0: "[|
|
||||
Iknows(crypt(K, M)) : NSL_fp;
|
||||
Iknows(inv(K)) : NSL_fp|]
|
||||
==>
|
||||
(Iknows(M) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_1: "[|
|
||||
Iknows(crypt(inv(K), M)) : NSL_fp;
|
||||
Iknows(K) : NSL_fp|]
|
||||
==>
|
||||
(Iknows(M) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_2: "[|
|
||||
Iknows(scrypt(K, M)) : NSL_fp;
|
||||
Iknows(K) : NSL_fp|]
|
||||
==>
|
||||
(Iknows(M) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_3: "[|
|
||||
Iknows(pair(M1, M2)) : NSL_fp|]
|
||||
==>
|
||||
(Iknows(M1) : NSL_fp) &
|
||||
(Iknows(M2) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_4: "[|
|
||||
Secret(M, Agent(honest(a))) : NSL_fp;
|
||||
Iknows(M) : NSL_fp|]
|
||||
==>
|
||||
(Attack(pair(secrecy, M)) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_5: "[|
|
||||
Request(A, B, Purpose(purposeNA), M, SID(sid)) : NSL_fp;
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_NA .
|
||||
M = Nonce((na(pair(B, A)) Abs_NA)))|]
|
||||
==>
|
||||
(Attack(pair(authentication, pair(A, pair(B, M)))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_6: "[|
|
||||
Request(A, B, Purpose(purposeNB), M, SID(sid)) : NSL_fp;
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Arg1 Abs_NB .
|
||||
M = Nonce((nb(pair(B, pair(A, Arg1))) Abs_NB)))|]
|
||||
==>
|
||||
(Attack(pair(authentication, pair(A, pair(B, M)))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_7: "[|
|
||||
State(rA, [Agent(A), Step(0), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), SID(sid)] ) : NSL_fp|]
|
||||
==>
|
||||
(State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(pair(Agent(A), Agent(B))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_8: "[|
|
||||
State(rs, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(Agent(A)) : NSL_fp;
|
||||
Iknows(Agent(B)) : NSL_fp|]
|
||||
==>
|
||||
(State(rs, [Agent(honest(a)), Step(1), inv(pk(Agent(honest(a)))), Agent(B), Agent(A), pair(Agent(A), Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B))))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_9: "[|
|
||||
State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : NSL_fp;
|
||||
Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B))))) : NSL_fp|]
|
||||
==>
|
||||
(Secret(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B)) : NSL_fp) &
|
||||
(Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA))) : NSL_fp) &
|
||||
(State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_10: "[|
|
||||
State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : NSL_fp;
|
||||
Iknows(inv(pk(Agent(honest(a))))) : NSL_fp;
|
||||
Iknows(Agent(B)) : NSL_fp;
|
||||
Iknows(pk(Agent(B))) : NSL_fp|]
|
||||
==>
|
||||
(Secret(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B)) : NSL_fp) &
|
||||
(Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA))) : NSL_fp) &
|
||||
(State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_11: "[|
|
||||
State(rA, [Agent(A), Step(1), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), SID(sid)] ) : NSL_fp;
|
||||
Iknows(inv(pk(Agent(honest(a))))) : NSL_fp;
|
||||
Iknows(Agent(B)) : NSL_fp|]
|
||||
==>
|
||||
(Secret(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B)) : NSL_fp) &
|
||||
(Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA))) : NSL_fp) &
|
||||
(State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_12: "[|
|
||||
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), SID(sid)] ) : NSL_fp;
|
||||
Iknows(crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A)))) : NSL_fp|]
|
||||
==>
|
||||
(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(pair(Agent(B), Agent(A))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_13: "[|
|
||||
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), SID(sid)] ) : NSL_fp;
|
||||
Iknows(pk(Agent(B))) : NSL_fp;
|
||||
Iknows(Nonce(NA)) : NSL_fp;
|
||||
Iknows(Agent(A)) : NSL_fp|]
|
||||
==>
|
||||
(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(pair(Agent(B), Agent(A))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_14: "[|
|
||||
State(rB, [Agent(B), Step(0), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), SID(sid)] ) : NSL_fp;
|
||||
Iknows(Agent(B)) : NSL_fp;
|
||||
Iknows(Nonce(NA)) : NSL_fp;
|
||||
Iknows(Agent(A)) : NSL_fp|]
|
||||
==>
|
||||
(State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(pair(Agent(B), Agent(A))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_15: "[|
|
||||
State(rs, [Agent(honest(a)), Step(1), inv(pk(Agent(honest(a)))), Agent(B), Agent(A), pair(Agent(A), Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(Agent(B)) : NSL_fp;
|
||||
Iknows(Agent(A)) : NSL_fp|]
|
||||
==>
|
||||
(State(rs, [Agent(honest(a)), Step(2), inv(pk(Agent(honest(a)))), Agent(B), Agent(A), pair(Agent(A), Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), pair(Agent(B), Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_16: "[|
|
||||
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp;
|
||||
Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : NSL_fp|]
|
||||
==>
|
||||
(Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)) : NSL_fp) &
|
||||
(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))) : NSL_fp) &
|
||||
(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_17: "[|
|
||||
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp;
|
||||
Iknows(inv(pk(Agent(honest(a))))) : NSL_fp;
|
||||
Iknows(Agent(A)) : NSL_fp;
|
||||
Iknows(pk(Agent(A))) : NSL_fp|]
|
||||
==>
|
||||
(Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)) : NSL_fp) &
|
||||
(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))) : NSL_fp) &
|
||||
(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_18: "[|
|
||||
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp;
|
||||
Iknows(inv(pk(Agent(honest(a))))) : NSL_fp;
|
||||
Iknows(Agent(A)) : NSL_fp|]
|
||||
==>
|
||||
(Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)) : NSL_fp) &
|
||||
(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))) : NSL_fp) &
|
||||
(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(A)), pair(Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_19: "[|
|
||||
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp;
|
||||
Iknows(crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A))))) : NSL_fp;
|
||||
~ ( ? A B Abs_NA .
|
||||
Nonce(NA) = Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))|]
|
||||
==>
|
||||
(Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)) : NSL_fp) &
|
||||
(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))) : NSL_fp) &
|
||||
(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_20: "[|
|
||||
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp;
|
||||
Iknows(inv(pk(Agent(honest(a))))) : NSL_fp;
|
||||
Iknows(Agent(A)) : NSL_fp;
|
||||
Iknows(pk(Agent(A))) : NSL_fp;
|
||||
~ ( ? A B Abs_NA .
|
||||
Nonce(NA) = Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))|]
|
||||
==>
|
||||
(Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)) : NSL_fp) &
|
||||
(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))) : NSL_fp) &
|
||||
(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_21: "[|
|
||||
State(rB, [Agent(B), Step(1), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), SID(sid)] ) : NSL_fp;
|
||||
Iknows(inv(pk(Agent(honest(a))))) : NSL_fp;
|
||||
Iknows(Agent(A)) : NSL_fp;
|
||||
~ ( ? A B Abs_NA .
|
||||
Nonce(NA) = Nonce((na(pair(Agent(A), Agent(B))) Abs_NA)))|]
|
||||
==>
|
||||
(Secret(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)) : NSL_fp) &
|
||||
(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))) : NSL_fp) &
|
||||
(State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((nb(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_22: "[|
|
||||
State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B))))) : NSL_fp|]
|
||||
==>
|
||||
(Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)) : NSL_fp) &
|
||||
(State(rA, [Agent(A), Step(3), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_23: "[|
|
||||
State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(pk(Agent(A))) : NSL_fp;
|
||||
Iknows(Nonce(NA)) : NSL_fp;
|
||||
Iknows(Nonce(NB)) : NSL_fp;
|
||||
Iknows(Agent(B)) : NSL_fp|]
|
||||
==>
|
||||
(Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)) : NSL_fp) &
|
||||
(State(rA, [Agent(A), Step(3), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_24: "[|
|
||||
State(rA, [Agent(A), Step(2), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(Agent(A)) : NSL_fp;
|
||||
Iknows(Nonce(NA)) : NSL_fp;
|
||||
Iknows(Nonce(NB)) : NSL_fp;
|
||||
Iknows(Agent(B)) : NSL_fp|]
|
||||
==>
|
||||
(Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)) : NSL_fp) &
|
||||
(State(rA, [Agent(A), Step(3), Agent(B), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(A))), pk(Agent(A)), pair(Agent(A), Agent(B)), pk(Agent(B)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(B), pk(Agent(B)))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_25: "[|
|
||||
State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)) : NSL_fp) &
|
||||
(State(rB, [Agent(B), Step(3), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_26: "[|
|
||||
State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(pk(Agent(B))) : NSL_fp;
|
||||
Iknows(Nonce(NB)) : NSL_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)) : NSL_fp) &
|
||||
(State(rB, [Agent(B), Step(3), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_27: "[|
|
||||
State(rB, [Agent(B), Step(2), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(Agent(B)) : NSL_fp;
|
||||
Iknows(Nonce(NB)) : NSL_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)) : NSL_fp) &
|
||||
(State(rB, [Agent(B), Step(3), pk(Agent(honest(a))), Agent(honest(a)), inv(pk(Agent(B))), pk(Agent(B)), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), pair(Agent(B), Agent(A)), pk(Agent(A)), crypt(inv(pk(Agent(honest(a)))), pair(Agent(A), pk(Agent(A)))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
|
||||
|
||||
section {* Security Proof(s) (NSL) *}
|
||||
lemma over_approx: "t : NSL ==> (set t) <= NSL_fp"
|
||||
apply(rule NSL.induct, simp_all)
|
||||
apply(propagate_fp, cut_tac init_0, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_1, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_2, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_3, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_4, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_5, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_6, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_7, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_8, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_9, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_10, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_11, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_12, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_0, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_1, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_2, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_3, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_4, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_5, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_6, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_7, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_8, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_9, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_10, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_11, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_12, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_13, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_14, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_15, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_16, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_17, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_18, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_19, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_20, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_21, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_22, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_23, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_24, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_25, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_26, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_27, (assumption | simp)+)
|
||||
done
|
||||
|
||||
|
||||
|
||||
end (* theory *)
|
|
@ -0,0 +1,592 @@
|
|||
header {* Analysing NSL *}
|
||||
(* ***********************************
|
||||
This file is automatically generated from the AnB file "AnB/nsl.AnB".
|
||||
Backend: Open Source Fixedpoint Model Checker version 2009c
|
||||
************************************ *)
|
||||
|
||||
theory
|
||||
"nsl"
|
||||
imports
|
||||
ofmc
|
||||
begin
|
||||
|
||||
|
||||
|
||||
section {* Protocol Model (NSL) *}
|
||||
datatype Role = rA | rB
|
||||
|
||||
datatype Purpose = purposeNA | purposeNB
|
||||
datatype Agent = honest nat
|
||||
| dishonest nat
|
||||
|
||||
datatype Nonce = "ni" "nat"
|
||||
| "absNA" "Msg" "nat"
|
||||
| "absNB" "Msg" "nat"
|
||||
| "NI"
|
||||
| "NA"
|
||||
| "NB"
|
||||
and Msg = Nonce "Nonce"
|
||||
| Agent "Agent"
|
||||
| Purpose "Purpose"
|
||||
| pair "Msg*Msg"
|
||||
| scrypt "Msg*Msg"
|
||||
| crypt "Msg*Msg"
|
||||
| inv "Msg"
|
||||
| SID "nat"
|
||||
| Step "nat"
|
||||
| authentication
|
||||
| secrecy
|
||||
(* SymKeys *)
|
||||
| SymKey "Msg"
|
||||
(* Functions *)
|
||||
| "pk" "Msg"
|
||||
|
||||
datatype Fact = Iknows Msg
|
||||
| State "Role * (Msg list)"
|
||||
| Secret "Msg * Msg"
|
||||
| Attack "Msg"
|
||||
| Witness "Msg * Msg * Msg * Msg"
|
||||
| Request "Msg * Msg * Msg * Msg * Msg"
|
||||
|
||||
|
||||
|
||||
|
||||
section {* Inductive Protocol Definition (NSL) *}
|
||||
inductive_set
|
||||
NSL::"Fact list set"
|
||||
where
|
||||
init_0: "[ Iknows(Nonce((ni Abs_NI)))] : NSL"
|
||||
| init_1: "[ Iknows(Agent(dishonest(i)))] : NSL"
|
||||
| init_2: "[ State(rA, [Agent(honest(a)), Step(0), Agent(dishonest(i)), inv(pk(Agent(honest(a)))), SID(sid)] )] : NSL"
|
||||
| init_3: "[ State(rA, [Agent(honest(a)), Step(0), Agent(honest(a)), inv(pk(Agent(honest(a)))), SID(sid)] )] : NSL"
|
||||
| init_4: "[ Iknows(Step(0))] : NSL"
|
||||
| init_5: "[ Iknows(inv(pk(Agent(dishonest(i)))))] : NSL"
|
||||
| init_6: "[ Iknows(SID(sid))] : NSL"
|
||||
| init_7: "[ Iknows(Agent(honest(a)))] : NSL"
|
||||
| init_8: "[ State(rB, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), SID(sid)] )] : NSL"
|
||||
| rule_0: "[| t :NSL;
|
||||
Iknows(crypt(K, M)) : (set t);
|
||||
Iknows(inv(K)) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : NSL"
|
||||
| rule_1: "[| t :NSL;
|
||||
Iknows(crypt(inv(K), M)) : (set t);
|
||||
Iknows(K) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : NSL"
|
||||
| rule_2: "[| t :NSL;
|
||||
Iknows(scrypt(K, M)) : (set t);
|
||||
Iknows(K) : (set t)|]
|
||||
==>
|
||||
((Iknows(M))
|
||||
#t) : NSL"
|
||||
| rule_3: "[| t :NSL;
|
||||
Iknows(pair(M1, M2)) : (set t)|]
|
||||
==>
|
||||
((Iknows(M1))
|
||||
#(Iknows(M2))
|
||||
#t) : NSL"
|
||||
| rule_4: "[| t :NSL;
|
||||
Secret(M, Agent(honest(a))) : (set t);
|
||||
Iknows(M) : (set t)|]
|
||||
==>
|
||||
((Attack(pair(secrecy, M)))
|
||||
#t) : NSL"
|
||||
| rule_5: "[| t :NSL;
|
||||
Request(A, B, Purpose(purposeNA), M, SID(sid)) : (set t);
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_NA .
|
||||
M = Nonce((absNA(pair(B, A)) Abs_NA)))|]
|
||||
==>
|
||||
((Attack(pair(authentication, pair(A, pair(B, M)))))
|
||||
#t) : NSL"
|
||||
| rule_6: "[| t :NSL;
|
||||
Request(A, B, Purpose(purposeNB), M, SID(sid)) : (set t);
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Arg1 Abs_NB .
|
||||
M = Nonce((absNB(pair(B, pair(A, Arg1))) Abs_NB)))|]
|
||||
==>
|
||||
((Attack(pair(authentication, pair(A, pair(B, M)))))
|
||||
#t) : NSL"
|
||||
| rule_7: "[| t :NSL;
|
||||
State(rA, [Agent(A), Step(0), Agent(B), inv(pk(Agent(A))), SID(sid)] ) : (set t)|]
|
||||
==>
|
||||
((Secret(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B)))
|
||||
#(Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA))))
|
||||
#(State(rA, [Agent(A), Step(1), Agent(B), inv(pk(Agent(A))), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))))
|
||||
#t) : NSL"
|
||||
| rule_8: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : (set t);
|
||||
Iknows(crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))) : (set t)|]
|
||||
==>
|
||||
((Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)))
|
||||
#(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))))
|
||||
#(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))))
|
||||
#t) : NSL"
|
||||
| rule_9: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : (set t);
|
||||
Iknows(pk(Agent(B))) : (set t);
|
||||
Iknows(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA))) : (set t);
|
||||
Iknows(Agent(A)) : (set t)|]
|
||||
==>
|
||||
((Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)))
|
||||
#(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))))
|
||||
#(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))))
|
||||
#t) : NSL"
|
||||
| rule_10: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : (set t);
|
||||
Iknows(Agent(B)) : (set t);
|
||||
Iknows(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA))) : (set t);
|
||||
Iknows(Agent(A)) : (set t)|]
|
||||
==>
|
||||
((Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)))
|
||||
#(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))))
|
||||
#(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))))
|
||||
#t) : NSL"
|
||||
| rule_11: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : (set t);
|
||||
Iknows(crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A)))) : (set t);
|
||||
~ ( ? A B Abs_NA .
|
||||
Nonce(NA) = Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)))|]
|
||||
==>
|
||||
((Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)))
|
||||
#(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))))
|
||||
#(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))))
|
||||
#t) : NSL"
|
||||
| rule_12: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : (set t);
|
||||
Iknows(pk(Agent(B))) : (set t);
|
||||
Iknows(Nonce(NA)) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
~ ( ? A B Abs_NA .
|
||||
Nonce(NA) = Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)))|]
|
||||
==>
|
||||
((Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)))
|
||||
#(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))))
|
||||
#(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))))
|
||||
#t) : NSL"
|
||||
| rule_13: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : (set t);
|
||||
Iknows(Agent(B)) : (set t);
|
||||
Iknows(Nonce(NA)) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
~ ( ? A B Abs_NA .
|
||||
Nonce(NA) = Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)))|]
|
||||
==>
|
||||
((Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)))
|
||||
#(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))))
|
||||
#(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))))
|
||||
#t) : NSL"
|
||||
| rule_14: "[| t :NSL;
|
||||
State(rA, [Agent(A), Step(1), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : (set t);
|
||||
Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B))))) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)))
|
||||
#(State(rA, [Agent(A), Step(2), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(B)), Nonce(NB))))
|
||||
#t) : NSL"
|
||||
| rule_15: "[| t :NSL;
|
||||
State(rA, [Agent(A), Step(1), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : (set t);
|
||||
Iknows(pk(Agent(A))) : (set t);
|
||||
Iknows(Nonce(NA)) : (set t);
|
||||
Iknows(Nonce(NB)) : (set t);
|
||||
Iknows(Agent(B)) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)))
|
||||
#(State(rA, [Agent(A), Step(2), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(B)), Nonce(NB))))
|
||||
#t) : NSL"
|
||||
| rule_16: "[| t :NSL;
|
||||
State(rA, [Agent(A), Step(1), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : (set t);
|
||||
Iknows(Agent(A)) : (set t);
|
||||
Iknows(Nonce(NA)) : (set t);
|
||||
Iknows(Nonce(NB)) : (set t);
|
||||
Iknows(Agent(B)) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)))
|
||||
#(State(rA, [Agent(A), Step(2), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ))
|
||||
#(Iknows(crypt(pk(Agent(B)), Nonce(NB))))
|
||||
#t) : NSL"
|
||||
| rule_17: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t);
|
||||
Iknows(crypt(pk(Agent(B)), Nonce(NB))) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ))
|
||||
#t) : NSL"
|
||||
| rule_18: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t);
|
||||
Iknows(pk(Agent(B))) : (set t);
|
||||
Iknows(Nonce(NB)) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ))
|
||||
#t) : NSL"
|
||||
| rule_19: "[| t :NSL;
|
||||
State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : (set t);
|
||||
Iknows(Agent(B)) : (set t);
|
||||
Iknows(Nonce(NB)) : (set t)|]
|
||||
==>
|
||||
((Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)))
|
||||
#(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ))
|
||||
#t) : NSL"
|
||||
|
||||
|
||||
section {* Fixed-point Definition (NSL) *}
|
||||
constdefs NSL_fp::"Fact set""NSL_fp == {m. ( ? Abs_NA3 Abs_NA4 Abs_NA5 i9 Abs_NI1 Abs_NI2 a11 a12 a13 a14 a15 a16 a17 a18 a19 Abs_NA1 Abs_NA2 a3 a4 i2 i3 a5 i4 Abs_NB2 i5 a6 i6 Abs_NB3 a7 i7 Abs_NB4 a8 a9 a10 i8 Abs_NB5 sid0 Abs_NI0 Abs_NA0 a0 i0 Abs_NB0 a1 i1 Abs_NB1 a2 .
|
||||
(m = Iknows(Nonce((ni Abs_NI0))))
|
||||
| (m = Iknows(Agent(dishonest(i0))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(0), Agent(dishonest(i0)), inv(pk(Agent(honest(a1)))), SID(sid0)] ))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(0), Agent(honest(a1)), inv(pk(Agent(honest(a2)))), SID(sid0)] ))
|
||||
| (m = Iknows(Step(0)))
|
||||
| (m = Iknows(inv(pk(Agent(dishonest(i0))))))
|
||||
| (m = Iknows(SID(sid0)))
|
||||
| (m = Iknows(Agent(honest(a0))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(0), inv(pk(Agent(honest(a1)))), SID(sid0)] ))
|
||||
| (m = Secret(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(dishonest(i1))))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), Agent(dishonest(i0)), inv(pk(Agent(honest(a1)))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(dishonest(i2))), pair(Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_NA1)), Agent(honest(a4)))), SID(sid0)] ))
|
||||
| (m = Secret(Nonce((absNA(pair(Agent(honest(a0)), Agent(honest(a1)))) Abs_NA0)), Agent(honest(a2))))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNA), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0))))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(1), Agent(honest(a1)), inv(pk(Agent(honest(a2)))), Nonce((absNA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_NA0)), crypt(pk(Agent(honest(a5))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA1)), Agent(honest(a8)))), SID(sid0)] ))
|
||||
| (m = Secret(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(dishonest(i1))))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a2))), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i1)))), Nonce((absNB(pair(Agent(honest(a3)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i3))), pair(Nonce((ni Abs_NI2)), pair(Nonce((absNB(pair(Agent(honest(a4)), pair(Agent(dishonest(i4)), Step(0)))) Abs_NB1)), Agent(honest(a5))))), SID(sid0)] ))
|
||||
| (m = Secret(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(honest(a1)), Step(0)))) Abs_NB0)), Agent(honest(a2))))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNB), Nonce((absNB(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(0)))) Abs_NB0))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a3))), pair(Nonce((ni Abs_NI1)), Agent(honest(a4)))), Nonce((absNB(pair(Agent(honest(a5)), pair(Agent(honest(a6)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a7))), pair(Nonce((ni Abs_NI2)), pair(Nonce((absNB(pair(Agent(honest(a8)), pair(Agent(honest(a9)), Step(0)))) Abs_NB1)), Agent(honest(a10))))), SID(sid0)] ))
|
||||
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((ni Abs_NI0)), pair(Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(honest(a2)), Step(0)))) Abs_NB0)), Agent(honest(a3)))))))
|
||||
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((ni Abs_NI0)), pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))))
|
||||
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NA0)), Agent(honest(a3))))))
|
||||
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0)), Agent(honest(a1))))))
|
||||
| (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))))
|
||||
| (m = Secret(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(honest(a1)), Step(1)))) Abs_NB0)), Agent(honest(a2))))
|
||||
| (m = Witness(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNB), Nonce((absNB(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(1)))) Abs_NB0))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Nonce((absNA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_NA0)), crypt(pk(Agent(honest(a5))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA1)), Agent(honest(a8)))), Nonce((absNB(pair(Agent(honest(a9)), pair(Agent(honest(a10)), Step(1)))) Abs_NB0)), crypt(pk(Agent(honest(a11))), pair(Nonce((absNA(pair(Agent(honest(a12)), Agent(honest(a13)))) Abs_NA2)), pair(Nonce((absNB(pair(Agent(honest(a14)), pair(Agent(honest(a15)), Step(1)))) Abs_NB1)), Agent(honest(a16))))), SID(sid0)] ))
|
||||
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(honest(a2)))) Abs_NA0)), pair(Nonce((absNB(pair(Agent(honest(a3)), pair(Agent(honest(a4)), Step(1)))) Abs_NB0)), Agent(honest(a5)))))))
|
||||
| (m = Iknows(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0))))
|
||||
| (m = Iknows(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0))))
|
||||
| (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(honest(a3))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_NA1)), Agent(dishonest(i3)))), Nonce((absNB(pair(Agent(honest(a5)), pair(Agent(dishonest(i4)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i5))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(dishonest(i6)))) Abs_NA2)), pair(Nonce((absNB(pair(Agent(honest(a7)), pair(Agent(dishonest(i7)), Step(0)))) Abs_NB1)), Agent(honest(a8))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i0)))) Abs_NA0)), crypt(pk(Agent(honest(a4))), pair(Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i1)))) Abs_NA1)), Agent(honest(a6)))), Nonce((absNB(pair(Agent(honest(a7)), pair(Agent(honest(a8)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a9))), pair(Nonce((absNA(pair(Agent(honest(a10)), Agent(dishonest(i2)))) Abs_NA2)), pair(Nonce((absNB(pair(Agent(honest(a11)), pair(Agent(honest(a12)), Step(0)))) Abs_NB1)), Agent(honest(a13))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Nonce((absNB(pair(Agent(honest(a2)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a3))), pair(Nonce((absNB(pair(Agent(honest(a4)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB1)), Agent(dishonest(i3)))), Nonce((absNB(pair(Agent(honest(a5)), pair(Agent(dishonest(i4)), Step(0)))) Abs_NB2)), crypt(pk(Agent(dishonest(i5))), pair(Nonce((absNB(pair(Agent(honest(a6)), pair(Agent(dishonest(i6)), Step(0)))) Abs_NB3)), pair(Nonce((absNB(pair(Agent(honest(a7)), pair(Agent(dishonest(i7)), Step(0)))) Abs_NB4)), Agent(honest(a8))))), SID(sid0)] ))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(1), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Nonce((absNB(pair(Agent(honest(a3)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a4))), pair(Nonce((absNB(pair(Agent(honest(a5)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB1)), Agent(honest(a6)))), Nonce((absNB(pair(Agent(honest(a7)), pair(Agent(honest(a8)), Step(0)))) Abs_NB2)), crypt(pk(Agent(honest(a9))), pair(Nonce((absNB(pair(Agent(honest(a10)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB3)), pair(Nonce((absNB(pair(Agent(honest(a11)), pair(Agent(honest(a12)), Step(0)))) Abs_NB4)), Agent(honest(a13))))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNB), Nonce((absNB(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(1)))) Abs_NB0)), SID(sid0)))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(2), Agent(honest(a1)), inv(pk(Agent(honest(a2)))), Nonce((absNA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_NA0)), crypt(pk(Agent(honest(a5))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA1)), Agent(honest(a8)))), Nonce((absNB(pair(Agent(honest(a9)), pair(Agent(honest(a10)), Step(1)))) Abs_NB0)), crypt(pk(Agent(honest(a11))), pair(Nonce((absNA(pair(Agent(honest(a12)), Agent(honest(a13)))) Abs_NA2)), pair(Nonce((absNB(pair(Agent(honest(a14)), pair(Agent(honest(a15)), Step(1)))) Abs_NB1)), Agent(honest(a16))))), crypt(pk(Agent(honest(a17))), Nonce((absNB(pair(Agent(honest(a18)), pair(Agent(honest(a19)), Step(1)))) Abs_NB2))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)), SID(sid0)))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(2), Agent(dishonest(i0)), inv(pk(Agent(honest(a1)))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(dishonest(i2))), pair(Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_NA1)), Agent(honest(a4)))), Nonce((absNA(pair(Agent(honest(a5)), Agent(dishonest(i4)))) Abs_NA2)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i5)))) Abs_NA3)), pair(Nonce((absNA(pair(Agent(honest(a8)), Agent(dishonest(i6)))) Abs_NA4)), Agent(dishonest(i7))))), crypt(pk(Agent(dishonest(i8))), Nonce((absNA(pair(Agent(honest(a9)), Agent(dishonest(i9)))) Abs_NA5))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), SID(sid0)))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(2), Agent(dishonest(i0)), inv(pk(Agent(honest(a1)))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(dishonest(i2))), pair(Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_NA1)), Agent(honest(a4)))), Nonce((absNB(pair(Agent(honest(a5)), pair(Agent(dishonest(i4)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a6))), pair(Nonce((absNA(pair(Agent(honest(a7)), Agent(dishonest(i5)))) Abs_NA2)), pair(Nonce((absNB(pair(Agent(honest(a8)), pair(Agent(dishonest(i6)), Step(0)))) Abs_NB1)), Agent(dishonest(i7))))), crypt(pk(Agent(dishonest(i8))), Nonce((absNB(pair(Agent(honest(a9)), pair(Agent(dishonest(i9)), Step(0)))) Abs_NB2))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNB), Nonce((ni Abs_NI0)), SID(sid0)))
|
||||
| (m = State(rA, [Agent(honest(a0)), Step(2), Agent(dishonest(i0)), inv(pk(Agent(honest(a1)))), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(dishonest(i2))), pair(Nonce((absNA(pair(Agent(honest(a3)), Agent(dishonest(i3)))) Abs_NA1)), Agent(honest(a4)))), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a5))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(dishonest(i4)))) Abs_NA2)), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i5))))), crypt(pk(Agent(dishonest(i6))), Nonce((ni Abs_NI2))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((ni Abs_NI0)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Nonce((ni Abs_NI0)), crypt(pk(Agent(honest(a2))), pair(Nonce((ni Abs_NI1)), Agent(dishonest(i1)))), Nonce((absNB(pair(Agent(honest(a3)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i3))), pair(Nonce((ni Abs_NI2)), pair(Nonce((absNB(pair(Agent(honest(a4)), pair(Agent(dishonest(i4)), Step(0)))) Abs_NB1)), Agent(honest(a5))))), crypt(pk(Agent(honest(a6))), Nonce((absNB(pair(Agent(honest(a7)), pair(Agent(dishonest(i5)), Step(0)))) Abs_NB2))), SID(sid0)] ))
|
||||
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), Nonce((ni Abs_NI0)))))
|
||||
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)))))
|
||||
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0)))))
|
||||
| (m = Iknows(crypt(pk(Agent(honest(a0))), Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(honest(a2)), Step(1)))) Abs_NB0)))))
|
||||
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), pair(Nonce((absNB(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(0)))) Abs_NB1)), Agent(honest(a4)))))))
|
||||
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), pair(Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB1)), Agent(honest(a2)))))))
|
||||
| (m = Iknows(crypt(pk(Agent(honest(a0))), pair(Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i0)))) Abs_NA0)), pair(Nonce((absNB(pair(Agent(honest(a2)), pair(Agent(honest(a3)), Step(0)))) Abs_NB0)), Agent(honest(a4)))))))
|
||||
| (m = Iknows(crypt(pk(Agent(dishonest(i0))), pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i1)))) Abs_NA0)), pair(Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB0)), Agent(honest(a2)))))))
|
||||
| (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))))
|
||||
| (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), Agent(honest(a2))))))
|
||||
| (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), pair(Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB1)), Agent(honest(a2))))))
|
||||
| (m = Request(Agent(honest(a0)), Agent(honest(a1)), Purpose(purposeNA), Nonce((absNA(pair(Agent(honest(a2)), Agent(honest(a3)))) Abs_NA0)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(honest(a2)), Nonce((absNA(pair(Agent(honest(a3)), Agent(honest(a4)))) Abs_NA0)), crypt(pk(Agent(honest(a5))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(honest(a7)))) Abs_NA1)), Agent(honest(a8)))), Nonce((absNB(pair(Agent(honest(a9)), pair(Agent(honest(a10)), Step(1)))) Abs_NB0)), crypt(pk(Agent(honest(a11))), pair(Nonce((absNA(pair(Agent(honest(a12)), Agent(honest(a13)))) Abs_NA2)), pair(Nonce((absNB(pair(Agent(honest(a14)), pair(Agent(honest(a15)), Step(1)))) Abs_NB1)), Agent(honest(a16))))), crypt(pk(Agent(honest(a17))), Nonce((absNB(pair(Agent(honest(a18)), pair(Agent(honest(a19)), Step(1)))) Abs_NB2))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((absNA(pair(Agent(honest(a1)), Agent(dishonest(i1)))) Abs_NA0)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Nonce((absNA(pair(Agent(honest(a2)), Agent(dishonest(i1)))) Abs_NA0)), crypt(pk(Agent(honest(a3))), pair(Nonce((absNA(pair(Agent(honest(a4)), Agent(dishonest(i2)))) Abs_NA1)), Agent(dishonest(i3)))), Nonce((absNB(pair(Agent(honest(a5)), pair(Agent(dishonest(i4)), Step(0)))) Abs_NB0)), crypt(pk(Agent(dishonest(i5))), pair(Nonce((absNA(pair(Agent(honest(a6)), Agent(dishonest(i6)))) Abs_NA2)), pair(Nonce((absNB(pair(Agent(honest(a7)), pair(Agent(dishonest(i7)), Step(0)))) Abs_NB1)), Agent(honest(a8))))), crypt(pk(Agent(honest(a9))), Nonce((absNB(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB2))), SID(sid0)] ))
|
||||
| (m = Request(Agent(honest(a0)), Agent(dishonest(i0)), Purpose(purposeNA), Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), SID(sid0)))
|
||||
| (m = State(rB, [Agent(honest(a0)), Step(2), inv(pk(Agent(honest(a1)))), Agent(dishonest(i0)), Nonce((absNB(pair(Agent(honest(a2)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), crypt(pk(Agent(honest(a3))), pair(Nonce((absNB(pair(Agent(honest(a4)), pair(Agent(dishonest(i2)), Step(0)))) Abs_NB1)), Agent(dishonest(i3)))), Nonce((absNB(pair(Agent(honest(a5)), pair(Agent(dishonest(i4)), Step(0)))) Abs_NB2)), crypt(pk(Agent(dishonest(i5))), pair(Nonce((absNB(pair(Agent(honest(a6)), pair(Agent(dishonest(i6)), Step(0)))) Abs_NB3)), pair(Nonce((absNB(pair(Agent(honest(a7)), pair(Agent(dishonest(i7)), Step(0)))) Abs_NB4)), Agent(honest(a8))))), crypt(pk(Agent(honest(a9))), Nonce((absNB(pair(Agent(honest(a10)), pair(Agent(dishonest(i8)), Step(0)))) Abs_NB5))), SID(sid0)] ))
|
||||
| (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1)))))
|
||||
| (m = Iknows(pair(Nonce((ni Abs_NI0)), pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), Agent(honest(a1))))))
|
||||
| (m = Iknows(pair(Nonce((absNA(pair(Agent(honest(a0)), Agent(dishonest(i0)))) Abs_NA0)), pair(Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB0)), Agent(honest(a2))))))
|
||||
| (m = Iknows(pair(Nonce((absNB(pair(Agent(honest(a0)), pair(Agent(dishonest(i0)), Step(0)))) Abs_NB0)), pair(Nonce((absNB(pair(Agent(honest(a1)), pair(Agent(dishonest(i1)), Step(0)))) Abs_NB1)), Agent(honest(a2))))))
|
||||
)}"
|
||||
|
||||
|
||||
section {* Checking Fixed-point (NSL) *}
|
||||
lemma fp_attack_free: "~ (Attack m : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_0: "Iknows(Nonce((ni Abs_NI))) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_1: "Iknows(Agent(dishonest(i))) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_2: "State(rA, [Agent(honest(a)), Step(0), Agent(dishonest(i)), inv(pk(Agent(honest(a)))), SID(sid)] ) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_3: "State(rA, [Agent(honest(a)), Step(0), Agent(honest(a)), inv(pk(Agent(honest(a)))), SID(sid)] ) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_4: "Iknows(Step(0)) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_5: "Iknows(inv(pk(Agent(dishonest(i))))) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_6: "Iknows(SID(sid)) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_7: "Iknows(Agent(honest(a))) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma init_8: "State(rB, [Agent(honest(a)), Step(0), inv(pk(Agent(honest(a)))), SID(sid)] ) : NSL_fp"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_0: "[|
|
||||
Iknows(crypt(K, M)) : NSL_fp;
|
||||
Iknows(inv(K)) : NSL_fp|]
|
||||
==>
|
||||
(Iknows(M) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_1: "[|
|
||||
Iknows(crypt(inv(K), M)) : NSL_fp;
|
||||
Iknows(K) : NSL_fp|]
|
||||
==>
|
||||
(Iknows(M) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_2: "[|
|
||||
Iknows(scrypt(K, M)) : NSL_fp;
|
||||
Iknows(K) : NSL_fp|]
|
||||
==>
|
||||
(Iknows(M) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_3: "[|
|
||||
Iknows(pair(M1, M2)) : NSL_fp|]
|
||||
==>
|
||||
(Iknows(M1) : NSL_fp) &
|
||||
(Iknows(M2) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_4: "[|
|
||||
Secret(M, Agent(honest(a))) : NSL_fp;
|
||||
Iknows(M) : NSL_fp|]
|
||||
==>
|
||||
(Attack(pair(secrecy, M)) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_5: "[|
|
||||
Request(A, B, Purpose(purposeNA), M, SID(sid)) : NSL_fp;
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Abs_NA .
|
||||
M = Nonce((absNA(pair(B, A)) Abs_NA)))|]
|
||||
==>
|
||||
(Attack(pair(authentication, pair(A, pair(B, M)))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_6: "[|
|
||||
Request(A, B, Purpose(purposeNB), M, SID(sid)) : NSL_fp;
|
||||
~ ( ? i .
|
||||
B = Agent(dishonest(i)));
|
||||
~ ( ? B A Arg1 Abs_NB .
|
||||
M = Nonce((absNB(pair(B, pair(A, Arg1))) Abs_NB)))|]
|
||||
==>
|
||||
(Attack(pair(authentication, pair(A, pair(B, M)))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_7: "[|
|
||||
State(rA, [Agent(A), Step(0), Agent(B), inv(pk(Agent(A))), SID(sid)] ) : NSL_fp|]
|
||||
==>
|
||||
(Secret(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(B)) : NSL_fp) &
|
||||
(Witness(Agent(A), Agent(B), Purpose(purposeNA), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA))) : NSL_fp) &
|
||||
(State(rA, [Agent(A), Step(1), Agent(B), inv(pk(Agent(A))), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_8: "[|
|
||||
State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A)))) : NSL_fp|]
|
||||
==>
|
||||
(Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)) : NSL_fp) &
|
||||
(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))) : NSL_fp) &
|
||||
(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_9: "[|
|
||||
State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(pk(Agent(B))) : NSL_fp;
|
||||
Iknows(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA))) : NSL_fp;
|
||||
Iknows(Agent(A)) : NSL_fp|]
|
||||
==>
|
||||
(Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)) : NSL_fp) &
|
||||
(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))) : NSL_fp) &
|
||||
(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_10: "[|
|
||||
State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(Agent(B)) : NSL_fp;
|
||||
Iknows(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA))) : NSL_fp;
|
||||
Iknows(Agent(A)) : NSL_fp|]
|
||||
==>
|
||||
(Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(A)) : NSL_fp) &
|
||||
(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB))) : NSL_fp) &
|
||||
(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), crypt(pk(Agent(B)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(A)), pair(Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(1)))) Abs_NB)), Agent(B))))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_11: "[|
|
||||
State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A)))) : NSL_fp;
|
||||
~ ( ? A B Abs_NA .
|
||||
Nonce(NA) = Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)))|]
|
||||
==>
|
||||
(Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)) : NSL_fp) &
|
||||
(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))) : NSL_fp) &
|
||||
(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_12: "[|
|
||||
State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(pk(Agent(B))) : NSL_fp;
|
||||
Iknows(Nonce(NA)) : NSL_fp;
|
||||
Iknows(Agent(A)) : NSL_fp;
|
||||
~ ( ? A B Abs_NA .
|
||||
Nonce(NA) = Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)))|]
|
||||
==>
|
||||
(Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)) : NSL_fp) &
|
||||
(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))) : NSL_fp) &
|
||||
(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_13: "[|
|
||||
State(rB, [Agent(B), Step(0), inv(pk(Agent(B))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(Agent(B)) : NSL_fp;
|
||||
Iknows(Nonce(NA)) : NSL_fp;
|
||||
Iknows(Agent(A)) : NSL_fp;
|
||||
~ ( ? A B Abs_NA .
|
||||
Nonce(NA) = Nonce((absNA(pair(Agent(A), Agent(B))) Abs_NA)))|]
|
||||
==>
|
||||
(Secret(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(A)) : NSL_fp) &
|
||||
(Witness(Agent(B), Agent(A), Purpose(purposeNB), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB))) : NSL_fp) &
|
||||
(State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B)))), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce((absNB(pair(Agent(B), pair(Agent(A), Step(0)))) Abs_NB)), Agent(B))))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_14: "[|
|
||||
State(rA, [Agent(A), Step(1), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B))))) : NSL_fp|]
|
||||
==>
|
||||
(Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)) : NSL_fp) &
|
||||
(State(rA, [Agent(A), Step(2), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_15: "[|
|
||||
State(rA, [Agent(A), Step(1), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(pk(Agent(A))) : NSL_fp;
|
||||
Iknows(Nonce(NA)) : NSL_fp;
|
||||
Iknows(Nonce(NB)) : NSL_fp;
|
||||
Iknows(Agent(B)) : NSL_fp|]
|
||||
==>
|
||||
(Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)) : NSL_fp) &
|
||||
(State(rA, [Agent(A), Step(2), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_16: "[|
|
||||
State(rA, [Agent(A), Step(1), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(Agent(A)) : NSL_fp;
|
||||
Iknows(Nonce(NA)) : NSL_fp;
|
||||
Iknows(Nonce(NB)) : NSL_fp;
|
||||
Iknows(Agent(B)) : NSL_fp|]
|
||||
==>
|
||||
(Request(Agent(A), Agent(B), Purpose(purposeNB), Nonce(NB), SID(sid)) : NSL_fp) &
|
||||
(State(rA, [Agent(A), Step(2), Agent(B), inv(pk(Agent(A))), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp) &
|
||||
(Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_17: "[|
|
||||
State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(crypt(pk(Agent(B)), Nonce(NB))) : NSL_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)) : NSL_fp) &
|
||||
(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_18: "[|
|
||||
State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(pk(Agent(B))) : NSL_fp;
|
||||
Iknows(Nonce(NB)) : NSL_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)) : NSL_fp) &
|
||||
(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
lemma rule_19: "[|
|
||||
State(rB, [Agent(B), Step(1), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), SID(sid)] ) : NSL_fp;
|
||||
Iknows(Agent(B)) : NSL_fp;
|
||||
Iknows(Nonce(NB)) : NSL_fp|]
|
||||
==>
|
||||
(Request(Agent(B), Agent(A), Purpose(purposeNA), Nonce(NA), SID(sid)) : NSL_fp) &
|
||||
(State(rB, [Agent(B), Step(2), inv(pk(Agent(B))), Agent(A), Nonce(NA), crypt(pk(Agent(B)), pair(Nonce(NA), Agent(A))), Nonce(NB), crypt(pk(Agent(A)), pair(Nonce(NA), pair(Nonce(NB), Agent(B)))), crypt(pk(Agent(B)), Nonce(NB)), SID(sid)] ) : NSL_fp)"
|
||||
by(simp only: NSL_fp_def, simp only: set2pred, simp, auto?)+
|
||||
|
||||
|
||||
|
||||
section {* Security Proof(s) (NSL) *}
|
||||
lemma over_approx: "t : NSL ==> (set t) <= NSL_fp"
|
||||
apply(rule NSL.induct, simp_all)
|
||||
apply(propagate_fp, cut_tac init_0, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_1, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_2, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_3, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_4, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_5, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_6, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_7, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac init_8, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_0, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_1, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_2, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_3, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_4, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_5, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_6, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_7, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_8, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_9, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_10, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_11, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_12, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_13, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_14, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_15, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_16, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_17, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_18, (assumption | simp)+)
|
||||
apply(propagate_fp, cut_tac rule_19, (assumption | simp)+)
|
||||
done
|
||||
|
||||
|
||||
|
||||
end (* theory *)
|
|
@ -0,0 +1,95 @@
|
|||
#############################################################################
|
||||
# Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL
|
||||
#
|
||||
# IsaMakefile --- main build setup for Isabelle-OFMC
|
||||
# This file is part of Isabelle-OFMC.
|
||||
#
|
||||
# Copyright (c) 2009 Achim D. Brucker, Germany
|
||||
#
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
#
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
#
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
#
|
||||
# * Neither the name of the copyright holders nor the names of its
|
||||
# contributors may be used to endorse or promote products derived
|
||||
# from this software without specific prior written permission.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
##############################################################################
|
||||
# $Id: IsaMakefile 935 2009-11-02 00:02:50Z brucker $
|
||||
|
||||
# determine current source version:
|
||||
nullstring:=
|
||||
space := $(nullstring) #
|
||||
#
|
||||
REVISION := $(shell svnversion .)
|
||||
VER_MAIJOR=0
|
||||
VER_MINOR=0
|
||||
VER_MICRO=0
|
||||
VER_TAG=$(space)(dev build: $(REVISION))
|
||||
|
||||
CONFIG_SED_SCRIPT='s/<COLLECTIONTYPE>/$(COLLECTIONTYPE)/;\
|
||||
s/<UNIVERSE>/$(UNIVERSE)/;\
|
||||
s/<VER_MAIJOR>/$(VER_MAIJOR)/;s/<VER_MINOR>/$(VER_MINOR)/;\
|
||||
s/<VER_MICRO>/$(VER_MICRO)/;s/<VER_TAG>/${VER_TAG}/;\
|
||||
s/<XMI_SUPPORT>/$(XMI_SUPPORT)/;\
|
||||
s/<REVISION>/$(REVISION)/'
|
||||
|
||||
## global settings
|
||||
# make internal configuration
|
||||
.PHONY: config.sml
|
||||
|
||||
ECHO=echo
|
||||
RM=rm
|
||||
MV=mv
|
||||
SED=sed
|
||||
MLTON=mlton
|
||||
|
||||
## targets
|
||||
HEAP=ofmc
|
||||
SRC = $(ISABELLE_HOME)/src
|
||||
OUT = $(ISABELLE_OUTPUT)
|
||||
LOG = $(OUT)/log
|
||||
|
||||
USEDIR = $(ISATOOL) usedir -b -g true -v true -i true -d pdf -D generated
|
||||
USEDIR = $(ISATOOL) usedir -b
|
||||
|
||||
$(LOG)/$(HEAP).gz: config.sml ROOT.ML *.thy *.ML ../bin/anb2thy
|
||||
@(test -e generated && find generated -name .svn -type d -print0 | xargs -0 /bin/rm -fr || true)
|
||||
@$(RM) -rf $(ISABELLE_BROWSER_INFO)/HOL/HOL/$(HEAP)/document
|
||||
@($(USEDIR) HOL $(HEAP) \
|
||||
|| \
|
||||
($(ECHO) -e "\033[1;31;40m";\
|
||||
$(ECHO) -e "\a *************************************************" ;\
|
||||
$(ECHO) -e "\a ****************** BUILD FAILED ***************" ;\
|
||||
$(ECHO) -e "\a *************************************************" ;\
|
||||
$(ECHO) -e "\033[1;37;40m\033[0;37;0m")\
|
||||
|| true)
|
||||
|
||||
config.sml:
|
||||
@$(RM) -rf config.sml
|
||||
@$(SED) -e $(CONFIG_SED_SCRIPT) config.sml.in > config.sml
|
||||
|
||||
../bin/anb2thy: encoder/*.sml
|
||||
$(MLTON) encoder/anb2thy.cm
|
||||
$(MV) encoder/anb2thy ../bin
|
|
@ -0,0 +1,75 @@
|
|||
(*****************************************************************************
|
||||
* Isabelle/OFMC --- connecting OFMC and Isabelle/HOL
|
||||
*
|
||||
* ROOT.ML --- main file for Isabelle-OFMC.
|
||||
* This file is part of Isabelle-OFMC.
|
||||
*
|
||||
* Copyright (c) 2009 Achim D. Brucker, Germany
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* * Neither the name of the copyright holders nor the names of its
|
||||
* contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
******************************************************************************)
|
||||
(* $Id: ROOT.ML 935 2009-11-02 00:02:50Z brucker $ *)
|
||||
|
||||
use "config.sml";
|
||||
|
||||
OS.FileSys.chDir "encoder";
|
||||
use "root.sml";
|
||||
OS.FileSys.chDir "..";
|
||||
|
||||
use "config.sml";
|
||||
|
||||
val isabelle_version = Distribution.version
|
||||
val ofmc_version = Int.toString(ofmc_ver_major)^"."^Int.toString(ofmc_ver_minor)^"."
|
||||
^Int.toString(ofmc_ver_micro)^ofmc_ver_tag
|
||||
val version = "Isabelle/ofmc "^ofmc_version^", based on "^isabelle_version;
|
||||
|
||||
fun infostr _ = (
|
||||
("\n")^
|
||||
(" Isabelle/ofmc "^ofmc_version^" \n")^
|
||||
(" connecting OFMC and Isabelle/HOL \n")^
|
||||
(" Copyright (c) 2009 Achim D. Brucker \n")^
|
||||
(" \n")^
|
||||
(" Configuration: \n")^
|
||||
(" - ofmc binary: "^(ofmc_connector.ofmc_home()^ofmc_connector.ofmc)^"\n" )^
|
||||
(" - Isabelle: "^(isabelle_version)^"\n" )^
|
||||
(" - ML-system: "^(ml_system)^"\n" ));
|
||||
|
||||
fun info () = writeln (infostr());
|
||||
|
||||
use_thy "ofmc";
|
||||
|
||||
|
||||
|
||||
|
||||
val welcome = Toplevel.imperative (info);
|
||||
val welcomeP =
|
||||
OuterSyntax.improper_command "welcome" "print welcome message" OuterKeyword.diag
|
||||
(Scan.succeed (Toplevel.no_timing o welcome));
|
|
@ -0,0 +1,82 @@
|
|||
(*****************************************************************************
|
||||
* Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL
|
||||
*
|
||||
* config.sml.in --- main configuration file for Isabelle-OFMC
|
||||
* This file is part of Isabelle-OFMC.
|
||||
*
|
||||
* Copyright (c) 2009 Achim D. Brucker, Germany
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* * Neither the name of the copyright holders nor the names of its
|
||||
* contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
******************************************************************************)
|
||||
(* $Id: config.sml.in 349 2009-01-16 19:17:39Z brucker $ *)
|
||||
|
||||
|
||||
|
||||
structure config =
|
||||
struct
|
||||
val ofmc_id = "$Id: config.sml.in 349 2009-01-16 19:17:39Z brucker $"
|
||||
end;
|
||||
|
||||
|
||||
|
||||
(** Major version number.
|
||||
*
|
||||
* Modify when incompatible changes are made to published interfaces.
|
||||
*)
|
||||
val ofmc_ver_major = 0
|
||||
|
||||
(* Minor version number.
|
||||
*
|
||||
* Modify when new functionality is added or new interfaces are
|
||||
* defined, but all changes are backward compatible.
|
||||
*)
|
||||
val ofmc_ver_minor = 0
|
||||
|
||||
(** Patch number.
|
||||
*
|
||||
* Modify for every released patch.
|
||||
*)
|
||||
val ofmc_ver_micro= 0
|
||||
|
||||
|
||||
(** Version tag: a string describing the version.
|
||||
*
|
||||
* This tag remains " (dev build)" in the repository so that we can
|
||||
* always see from "version()" that the software has been built
|
||||
* from the repository rather than a "blessed" distribution.
|
||||
*
|
||||
* When rolling a tarball, we automatically replace this text with ""
|
||||
* for final releases; in prereleases, it becomes " (Alpha)",
|
||||
* " (Beta 1)", etc., as appropriate.
|
||||
*
|
||||
*)
|
||||
val ofmc_ver_tag = " (dev build: 929:933M)"
|
||||
|
|
@ -0,0 +1,82 @@
|
|||
(*****************************************************************************
|
||||
* Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL
|
||||
*
|
||||
* config.sml.in --- main configuration file for Isabelle-OFMC
|
||||
* This file is part of Isabelle-OFMC.
|
||||
*
|
||||
* Copyright (c) 2009 Achim D. Brucker, Germany
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* * Neither the name of the copyright holders nor the names of its
|
||||
* contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
******************************************************************************)
|
||||
(* $Id: config.sml.in 349 2009-01-16 19:17:39Z brucker $ *)
|
||||
|
||||
|
||||
|
||||
structure config =
|
||||
struct
|
||||
val ofmc_id = "$Id: config.sml.in 349 2009-01-16 19:17:39Z brucker $"
|
||||
end;
|
||||
|
||||
|
||||
|
||||
(** Major version number.
|
||||
*
|
||||
* Modify when incompatible changes are made to published interfaces.
|
||||
*)
|
||||
val ofmc_ver_major = <VER_MAIJOR>
|
||||
|
||||
(* Minor version number.
|
||||
*
|
||||
* Modify when new functionality is added or new interfaces are
|
||||
* defined, but all changes are backward compatible.
|
||||
*)
|
||||
val ofmc_ver_minor = <VER_MINOR>
|
||||
|
||||
(** Patch number.
|
||||
*
|
||||
* Modify for every released patch.
|
||||
*)
|
||||
val ofmc_ver_micro= <VER_MICRO>
|
||||
|
||||
|
||||
(** Version tag: a string describing the version.
|
||||
*
|
||||
* This tag remains " (dev build)" in the repository so that we can
|
||||
* always see from "version()" that the software has been built
|
||||
* from the repository rather than a "blessed" distribution.
|
||||
*
|
||||
* When rolling a tarball, we automatically replace this text with ""
|
||||
* for final releases; in prereleases, it becomes " (Alpha)",
|
||||
* " (Beta 1)", etc., as appropriate.
|
||||
*
|
||||
*)
|
||||
val ofmc_ver_tag = "<VER_TAG>"
|
||||
|
|
@ -0,0 +1,68 @@
|
|||
(*****************************************************************************
|
||||
* Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL
|
||||
*
|
||||
* encoder.cm ---
|
||||
* This file is part of Isabelle-OFMC.
|
||||
*
|
||||
* Copyright (c) 2009 Achim D. Brucker, Germany
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* * Neither the name of the copyright holders nor the names of its
|
||||
* contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
******************************************************************************)
|
||||
(* $Id: anb2thy.cm 870 2009-10-30 11:05:03Z brucker $ *)
|
||||
|
||||
Group is
|
||||
|
||||
#if(defined(SMLNJ_VERSION) && (SMLNJ_MINOR_VERSION < 60))
|
||||
$/basis.cm
|
||||
$/ml-yacc-lib.cm
|
||||
#endif
|
||||
#if(defined(SMLNJ_VERSION) && (SMLNJ_MINOR_VERSION >= 60))
|
||||
$smlnj/basis/basis.cm
|
||||
$smlnj/ml-yacc/ml-yacc-lib.cm
|
||||
#endif
|
||||
|
||||
ofmcfp.sml
|
||||
#if(defined(SMLNJ_VERSION))
|
||||
ofmc-fp.grm
|
||||
ofmc-fp.lex
|
||||
#else
|
||||
"ml-yacc-lib/base.sig"
|
||||
"ml-yacc-lib/join.sml"
|
||||
"ml-yacc-lib/lrtable.sml"
|
||||
"ml-yacc-lib/stream.sml"
|
||||
"ml-yacc-lib/parser2.sml"
|
||||
ofmc-fp.grm.sig
|
||||
ofmc-fp.lex.sml
|
||||
ofmc-fp.grm.sml
|
||||
#endif
|
||||
ofmc_connector.sml
|
||||
ofmc_abstraction.sml
|
||||
ofmc_thygen.sml
|
|
@ -0,0 +1,323 @@
|
|||
(******************************************************************************
|
||||
* STANDARD ML OF NEW JERSEY COPYRIGHT NOTICE, LICENSE AND DISCLAIMER.
|
||||
*
|
||||
* Copyright (c) 1989-2002 by Lucent Technologies
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software and its
|
||||
* documentation for any purpose and without fee is hereby granted,
|
||||
* provided that the above copyright notice appear in all copies and that
|
||||
* both the copyright notice and this permission notice and warranty
|
||||
* disclaimer appear in supporting documentation, and that the name of
|
||||
* Lucent Technologies, Bell Labs or any Lucent entity not be used in
|
||||
* advertising or publicity pertaining to distribution of the software
|
||||
* without specific, written prior permission.
|
||||
*
|
||||
* Lucent disclaims all warranties with regard to this software,
|
||||
* including all implied warranties of merchantability and fitness. In no
|
||||
* event shall Lucent be liable for any special, indirect or
|
||||
* consequential damages or any damages whatsoever resulting from loss of
|
||||
* use, data or profits, whether in an action of contract, negligence or
|
||||
* other tortious action, arising out of or in connection with the use
|
||||
* or performance of this software.
|
||||
******************************************************************************)
|
||||
(* $Id: base.sig 6662 2007-07-04 06:41:30Z brucker $ *)
|
||||
|
||||
(* ML-Yacc Parser Generator (c) 1989 Andrew W. Appel, David R. Tarditi *)
|
||||
|
||||
(* base.sig: Base signature file for SML-Yacc. This file contains signatures
|
||||
that must be loaded before any of the files produced by ML-Yacc are loaded
|
||||
*)
|
||||
|
||||
(* STREAM: signature for a lazy stream.*)
|
||||
|
||||
signature STREAM =
|
||||
sig type 'xa stream
|
||||
val streamify : (unit -> '_a) -> '_a stream
|
||||
val cons : '_a * '_a stream -> '_a stream
|
||||
val get : '_a stream -> '_a * '_a stream
|
||||
end
|
||||
|
||||
(* LR_TABLE: signature for an LR Table.
|
||||
|
||||
The list of actions and gotos passed to mkLrTable must be ordered by state
|
||||
number. The values for state 0 are the first in the list, the values for
|
||||
state 1 are next, etc.
|
||||
*)
|
||||
|
||||
signature LR_TABLE =
|
||||
sig
|
||||
datatype ('a,'b) pairlist = EMPTY | PAIR of 'a * 'b * ('a,'b) pairlist
|
||||
datatype state = STATE of int
|
||||
datatype term = T of int
|
||||
datatype nonterm = NT of int
|
||||
datatype action = SHIFT of state
|
||||
| REDUCE of int
|
||||
| ACCEPT
|
||||
| ERROR
|
||||
type table
|
||||
|
||||
val numStates : table -> int
|
||||
val numRules : table -> int
|
||||
val describeActions : table -> state ->
|
||||
(term,action) pairlist * action
|
||||
val describeGoto : table -> state -> (nonterm,state) pairlist
|
||||
val action : table -> state * term -> action
|
||||
val goto : table -> state * nonterm -> state
|
||||
val initialState : table -> state
|
||||
exception Goto of state * nonterm
|
||||
|
||||
val mkLrTable : {actions : ((term,action) pairlist * action) array,
|
||||
gotos : (nonterm,state) pairlist array,
|
||||
numStates : int, numRules : int,
|
||||
initialState : state} -> table
|
||||
end
|
||||
|
||||
(* TOKEN: signature revealing the internal structure of a token. This signature
|
||||
TOKEN distinct from the signature {parser name}_TOKENS produced by ML-Yacc.
|
||||
The {parser name}_TOKENS structures contain some types and functions to
|
||||
construct tokens from values and positions.
|
||||
|
||||
The representation of token was very carefully chosen here to allow the
|
||||
polymorphic parser to work without knowing the types of semantic values
|
||||
or line numbers.
|
||||
|
||||
This has had an impact on the TOKENS structure produced by SML-Yacc, which
|
||||
is a structure parameter to lexer functors. We would like to have some
|
||||
type 'a token which functions to construct tokens would create. A
|
||||
constructor function for a integer token might be
|
||||
|
||||
INT: int * 'a * 'a -> 'a token.
|
||||
|
||||
This is not possible because we need to have tokens with the representation
|
||||
given below for the polymorphic parser.
|
||||
|
||||
Thus our constructur functions for tokens have the form:
|
||||
|
||||
INT: int * 'a * 'a -> (svalue,'a) token
|
||||
|
||||
This in turn has had an impact on the signature that lexers for SML-Yacc
|
||||
must match and the types that a user must declare in the user declarations
|
||||
section of lexers.
|
||||
*)
|
||||
|
||||
signature TOKEN =
|
||||
sig
|
||||
structure LrTable : LR_TABLE
|
||||
datatype ('a,'b) token = TOKEN of LrTable.term * ('a * 'b * 'b)
|
||||
val sameToken : ('a,'b) token * ('a,'b) token -> bool
|
||||
end
|
||||
|
||||
(* LR_PARSER: signature for a polymorphic LR parser *)
|
||||
|
||||
signature LR_PARSER =
|
||||
sig
|
||||
structure Stream: STREAM
|
||||
structure LrTable : LR_TABLE
|
||||
structure Token : TOKEN
|
||||
|
||||
sharing LrTable = Token.LrTable
|
||||
|
||||
exception ParseError
|
||||
|
||||
val parse : {table : LrTable.table,
|
||||
lexer : ('_b,'_c) Token.token Stream.stream,
|
||||
arg: 'arg,
|
||||
saction : int *
|
||||
'_c *
|
||||
(LrTable.state * ('_b * '_c * '_c)) list *
|
||||
'arg ->
|
||||
LrTable.nonterm *
|
||||
('_b * '_c * '_c) *
|
||||
((LrTable.state *('_b * '_c * '_c)) list),
|
||||
void : '_b,
|
||||
ec : { is_keyword : LrTable.term -> bool,
|
||||
noShift : LrTable.term -> bool,
|
||||
preferred_change : (LrTable.term list * LrTable.term list) list,
|
||||
errtermvalue : LrTable.term -> '_b,
|
||||
showTerminal : LrTable.term -> string,
|
||||
terms: LrTable.term list,
|
||||
error : string * '_c * '_c -> unit
|
||||
},
|
||||
lookahead : int (* max amount of lookahead used in *)
|
||||
(* error correction *)
|
||||
} -> '_b *
|
||||
(('_b,'_c) Token.token Stream.stream)
|
||||
end
|
||||
|
||||
(* LEXER: a signature that most lexers produced for use with SML-Yacc's
|
||||
output will match. The user is responsible for declaring type token,
|
||||
type pos, and type svalue in the UserDeclarations section of a lexer.
|
||||
|
||||
Note that type token is abstract in the lexer. This allows SML-Yacc to
|
||||
create a TOKENS signature for use with lexers produced by ML-Lex that
|
||||
treats the type token abstractly. Lexers that are functors parametrized by
|
||||
a Tokens structure matching a TOKENS signature cannot examine the structure
|
||||
of tokens.
|
||||
*)
|
||||
|
||||
signature LEXER =
|
||||
sig
|
||||
structure UserDeclarations :
|
||||
sig
|
||||
type ('a,'b) token
|
||||
type pos
|
||||
type svalue
|
||||
end
|
||||
val makeLexer : (int -> string) -> unit ->
|
||||
(UserDeclarations.svalue,UserDeclarations.pos) UserDeclarations.token
|
||||
end
|
||||
|
||||
(* ARG_LEXER: the %arg option of ML-Lex allows users to produce lexers which
|
||||
also take an argument before yielding a function from unit to a token
|
||||
*)
|
||||
|
||||
signature ARG_LEXER =
|
||||
sig
|
||||
structure UserDeclarations :
|
||||
sig
|
||||
type ('a,'b) token
|
||||
type pos
|
||||
type svalue
|
||||
type arg
|
||||
end
|
||||
val makeLexer : (int -> string) -> UserDeclarations.arg -> unit ->
|
||||
(UserDeclarations.svalue,UserDeclarations.pos) UserDeclarations.token
|
||||
end
|
||||
|
||||
(* PARSER_DATA: the signature of ParserData structures in {parser name}LrValsFun
|
||||
produced by SML-Yacc. All such structures match this signature.
|
||||
|
||||
The {parser name}LrValsFun produces a structure which contains all the values
|
||||
except for the lexer needed to call the polymorphic parser mentioned
|
||||
before.
|
||||
|
||||
*)
|
||||
|
||||
signature PARSER_DATA =
|
||||
sig
|
||||
(* the type of line numbers *)
|
||||
|
||||
type pos
|
||||
|
||||
(* the type of semantic values *)
|
||||
|
||||
type svalue
|
||||
|
||||
(* the type of the user-supplied argument to the parser *)
|
||||
type arg
|
||||
|
||||
(* the intended type of the result of the parser. This value is
|
||||
produced by applying extract from the structure Actions to the
|
||||
final semantic value resultiing from a parse.
|
||||
*)
|
||||
|
||||
type result
|
||||
|
||||
structure LrTable : LR_TABLE
|
||||
structure Token : TOKEN
|
||||
sharing Token.LrTable = LrTable
|
||||
|
||||
(* structure Actions contains the functions which mantain the
|
||||
semantic values stack in the parser. Void is used to provide
|
||||
a default value for the semantic stack.
|
||||
*)
|
||||
|
||||
structure Actions :
|
||||
sig
|
||||
val actions : int * pos *
|
||||
(LrTable.state * (svalue * pos * pos)) list * arg->
|
||||
LrTable.nonterm * (svalue * pos * pos) *
|
||||
((LrTable.state *(svalue * pos * pos)) list)
|
||||
val void : svalue
|
||||
val extract : svalue -> result
|
||||
end
|
||||
|
||||
(* structure EC contains information used to improve error
|
||||
recovery in an error-correcting parser *)
|
||||
|
||||
structure EC :
|
||||
sig
|
||||
val is_keyword : LrTable.term -> bool
|
||||
val noShift : LrTable.term -> bool
|
||||
val preferred_change : (LrTable.term list * LrTable.term list) list
|
||||
val errtermvalue : LrTable.term -> svalue
|
||||
val showTerminal : LrTable.term -> string
|
||||
val terms: LrTable.term list
|
||||
end
|
||||
|
||||
(* table is the LR table for the parser *)
|
||||
|
||||
val table : LrTable.table
|
||||
end
|
||||
|
||||
(* signature PARSER is the signature that most user parsers created by
|
||||
SML-Yacc will match.
|
||||
*)
|
||||
|
||||
signature PARSER =
|
||||
sig
|
||||
structure Token : TOKEN
|
||||
structure Stream : STREAM
|
||||
exception ParseError
|
||||
|
||||
(* type pos is the type of line numbers *)
|
||||
|
||||
type pos
|
||||
|
||||
(* type result is the type of the result from the parser *)
|
||||
|
||||
type result
|
||||
|
||||
(* the type of the user-supplied argument to the parser *)
|
||||
type arg
|
||||
|
||||
(* type svalue is the type of semantic values for the semantic value
|
||||
stack
|
||||
*)
|
||||
|
||||
type svalue
|
||||
|
||||
(* val makeLexer is used to create a stream of tokens for the parser *)
|
||||
|
||||
val makeLexer : (int -> string) ->
|
||||
(svalue,pos) Token.token Stream.stream
|
||||
|
||||
(* val parse takes a stream of tokens and a function to print
|
||||
errors and returns a value of type result and a stream containing
|
||||
the unused tokens
|
||||
*)
|
||||
|
||||
val parse : int * ((svalue,pos) Token.token Stream.stream) *
|
||||
(string * pos * pos -> unit) * arg ->
|
||||
result * (svalue,pos) Token.token Stream.stream
|
||||
|
||||
val sameToken : (svalue,pos) Token.token * (svalue,pos) Token.token ->
|
||||
bool
|
||||
end
|
||||
|
||||
(* signature ARG_PARSER is the signature that will be matched by parsers whose
|
||||
lexer takes an additional argument.
|
||||
*)
|
||||
|
||||
signature ARG_PARSER =
|
||||
sig
|
||||
structure Token : TOKEN
|
||||
structure Stream : STREAM
|
||||
exception ParseError
|
||||
|
||||
type arg
|
||||
type lexarg
|
||||
type pos
|
||||
type result
|
||||
type svalue
|
||||
|
||||
val makeLexer : (int -> string) -> lexarg ->
|
||||
(svalue,pos) Token.token Stream.stream
|
||||
val parse : int * ((svalue,pos) Token.token Stream.stream) *
|
||||
(string * pos * pos -> unit) * arg ->
|
||||
result * (svalue,pos) Token.token Stream.stream
|
||||
|
||||
val sameToken : (svalue,pos) Token.token * (svalue,pos) Token.token ->
|
||||
bool
|
||||
end
|
||||
|
|
@ -0,0 +1,118 @@
|
|||
(******************************************************************************
|
||||
* STANDARD ML OF NEW JERSEY COPYRIGHT NOTICE, LICENSE AND DISCLAIMER.
|
||||
*
|
||||
* Copyright (c) 1989-2002 by Lucent Technologies
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software and its
|
||||
* documentation for any purpose and without fee is hereby granted,
|
||||
* provided that the above copyright notice appear in all copies and that
|
||||
* both the copyright notice and this permission notice and warranty
|
||||
* disclaimer appear in supporting documentation, and that the name of
|
||||
* Lucent Technologies, Bell Labs or any Lucent entity not be used in
|
||||
* advertising or publicity pertaining to distribution of the software
|
||||
* without specific, written prior permission.
|
||||
*
|
||||
* Lucent disclaims all warranties with regard to this software,
|
||||
* including all implied warranties of merchantability and fitness. In no
|
||||
* event shall Lucent be liable for any special, indirect or
|
||||
* consequential damages or any damages whatsoever resulting from loss of
|
||||
* use, data or profits, whether in an action of contract, negligence or
|
||||
* other tortious action, arising out of or in connection with the use
|
||||
* or performance of this software.
|
||||
******************************************************************************)
|
||||
(* $Id: join.sml 6662 2007-07-04 06:41:30Z brucker $ *)
|
||||
|
||||
(* ML-Yacc Parser Generator (c) 1989 Andrew W. Appel, David R. Tarditi *)
|
||||
|
||||
(* functor Join creates a user parser by putting together a Lexer structure,
|
||||
an LrValues structure, and a polymorphic parser structure. Note that
|
||||
the Lexer and LrValues structure must share the type pos (i.e. the type
|
||||
of line numbers), the type svalues for semantic values, and the type
|
||||
of tokens.
|
||||
*)
|
||||
|
||||
functor Join(structure Lex : LEXER
|
||||
structure ParserData: PARSER_DATA
|
||||
structure LrParser : LR_PARSER
|
||||
sharing ParserData.LrTable = LrParser.LrTable
|
||||
sharing ParserData.Token = LrParser.Token
|
||||
sharing type Lex.UserDeclarations.svalue = ParserData.svalue
|
||||
sharing type Lex.UserDeclarations.pos = ParserData.pos
|
||||
sharing type Lex.UserDeclarations.token = ParserData.Token.token)
|
||||
: PARSER =
|
||||
struct
|
||||
structure Token = ParserData.Token
|
||||
structure Stream = LrParser.Stream
|
||||
|
||||
exception ParseError = LrParser.ParseError
|
||||
|
||||
type arg = ParserData.arg
|
||||
type pos = ParserData.pos
|
||||
type result = ParserData.result
|
||||
type svalue = ParserData.svalue
|
||||
val makeLexer = LrParser.Stream.streamify o Lex.makeLexer
|
||||
val parse = fn (lookahead,lexer,error,arg) =>
|
||||
(fn (a,b) => (ParserData.Actions.extract a,b))
|
||||
(LrParser.parse {table = ParserData.table,
|
||||
lexer=lexer,
|
||||
lookahead=lookahead,
|
||||
saction = ParserData.Actions.actions,
|
||||
arg=arg,
|
||||
void= ParserData.Actions.void,
|
||||
ec = {is_keyword = ParserData.EC.is_keyword,
|
||||
noShift = ParserData.EC.noShift,
|
||||
preferred_change = ParserData.EC.preferred_change,
|
||||
errtermvalue = ParserData.EC.errtermvalue,
|
||||
error=error,
|
||||
showTerminal = ParserData.EC.showTerminal,
|
||||
terms = ParserData.EC.terms}}
|
||||
)
|
||||
val sameToken = Token.sameToken
|
||||
end
|
||||
|
||||
(* functor JoinWithArg creates a variant of the parser structure produced
|
||||
above. In this case, the makeLexer take an additional argument before
|
||||
yielding a value of type unit -> (svalue,pos) token
|
||||
*)
|
||||
|
||||
functor JoinWithArg(structure Lex : ARG_LEXER
|
||||
structure ParserData: PARSER_DATA
|
||||
structure LrParser : LR_PARSER
|
||||
sharing ParserData.LrTable = LrParser.LrTable
|
||||
sharing ParserData.Token = LrParser.Token
|
||||
sharing type Lex.UserDeclarations.svalue = ParserData.svalue
|
||||
sharing type Lex.UserDeclarations.pos = ParserData.pos
|
||||
sharing type Lex.UserDeclarations.token = ParserData.Token.token)
|
||||
: ARG_PARSER =
|
||||
struct
|
||||
structure Token = ParserData.Token
|
||||
structure Stream = LrParser.Stream
|
||||
|
||||
exception ParseError = LrParser.ParseError
|
||||
|
||||
type arg = ParserData.arg
|
||||
type lexarg = Lex.UserDeclarations.arg
|
||||
type pos = ParserData.pos
|
||||
type result = ParserData.result
|
||||
type svalue = ParserData.svalue
|
||||
|
||||
val makeLexer = fn s => fn arg =>
|
||||
LrParser.Stream.streamify (Lex.makeLexer s arg)
|
||||
val parse = fn (lookahead,lexer,error,arg) =>
|
||||
(fn (a,b) => (ParserData.Actions.extract a,b))
|
||||
(LrParser.parse {table = ParserData.table,
|
||||
lexer=lexer,
|
||||
lookahead=lookahead,
|
||||
saction = ParserData.Actions.actions,
|
||||
arg=arg,
|
||||
void= ParserData.Actions.void,
|
||||
ec = {is_keyword = ParserData.EC.is_keyword,
|
||||
noShift = ParserData.EC.noShift,
|
||||
preferred_change = ParserData.EC.preferred_change,
|
||||
errtermvalue = ParserData.EC.errtermvalue,
|
||||
error=error,
|
||||
showTerminal = ParserData.EC.showTerminal,
|
||||
terms = ParserData.EC.terms}}
|
||||
)
|
||||
val sameToken = Token.sameToken
|
||||
end;
|
|
@ -0,0 +1,83 @@
|
|||
(******************************************************************************
|
||||
* STANDARD ML OF NEW JERSEY COPYRIGHT NOTICE, LICENSE AND DISCLAIMER.
|
||||
*
|
||||
* Copyright (c) 1989-2002 by Lucent Technologies
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software and its
|
||||
* documentation for any purpose and without fee is hereby granted,
|
||||
* provided that the above copyright notice appear in all copies and that
|
||||
* both the copyright notice and this permission notice and warranty
|
||||
* disclaimer appear in supporting documentation, and that the name of
|
||||
* Lucent Technologies, Bell Labs or any Lucent entity not be used in
|
||||
* advertising or publicity pertaining to distribution of the software
|
||||
* without specific, written prior permission.
|
||||
*
|
||||
* Lucent disclaims all warranties with regard to this software,
|
||||
* including all implied warranties of merchantability and fitness. In no
|
||||
* event shall Lucent be liable for any special, indirect or
|
||||
* consequential damages or any damages whatsoever resulting from loss of
|
||||
* use, data or profits, whether in an action of contract, negligence or
|
||||
* other tortious action, arising out of or in connection with the use
|
||||
* or performance of this software.
|
||||
******************************************************************************)
|
||||
(* $Id: lrtable.sml 6662 2007-07-04 06:41:30Z brucker $ *)
|
||||
|
||||
(* ML-Yacc Parser Generator (c) 1989 Andrew W. Appel, David R. Tarditi *)
|
||||
structure LrTable : LR_TABLE =
|
||||
struct
|
||||
open Array List
|
||||
infix 9 sub
|
||||
datatype ('a,'b) pairlist = EMPTY
|
||||
| PAIR of 'a * 'b * ('a,'b) pairlist
|
||||
datatype term = T of int
|
||||
datatype nonterm = NT of int
|
||||
datatype state = STATE of int
|
||||
datatype action = SHIFT of state
|
||||
| REDUCE of int (* rulenum from grammar *)
|
||||
| ACCEPT
|
||||
| ERROR
|
||||
exception Goto of state * nonterm
|
||||
type table = {states: int, rules : int,initialState: state,
|
||||
action: ((term,action) pairlist * action) array,
|
||||
goto : (nonterm,state) pairlist array}
|
||||
val numStates = fn ({states,...} : table) => states
|
||||
val numRules = fn ({rules,...} : table) => rules
|
||||
val describeActions =
|
||||
fn ({action,...} : table) =>
|
||||
fn (STATE s) => action sub s
|
||||
val describeGoto =
|
||||
fn ({goto,...} : table) =>
|
||||
fn (STATE s) => goto sub s
|
||||
fun findTerm (T term,row,default) =
|
||||
let fun find (PAIR (T key,data,r)) =
|
||||
if key < term then find r
|
||||
else if key=term then data
|
||||
else default
|
||||
| find EMPTY = default
|
||||
in find row
|
||||
end
|
||||
fun findNonterm (NT nt,row) =
|
||||
let fun find (PAIR (NT key,data,r)) =
|
||||
if key < nt then find r
|
||||
else if key=nt then SOME data
|
||||
else NONE
|
||||
| find EMPTY = NONE
|
||||
in find row
|
||||
end
|
||||
val action = fn ({action,...} : table) =>
|
||||
fn (STATE state,term) =>
|
||||
let val (row,default) = action sub state
|
||||
in findTerm(term,row,default)
|
||||
end
|
||||
val goto = fn ({goto,...} : table) =>
|
||||
fn (a as (STATE state,nonterm)) =>
|
||||
case findNonterm(nonterm,goto sub state)
|
||||
of SOME state => state
|
||||
| NONE => raise (Goto a)
|
||||
val initialState = fn ({initialState,...} : table) => initialState
|
||||
val mkLrTable = fn {actions,gotos,initialState,numStates,numRules} =>
|
||||
({action=actions,goto=gotos,
|
||||
states=numStates,
|
||||
rules=numRules,
|
||||
initialState=initialState} : table)
|
||||
end;
|
|
@ -0,0 +1,566 @@
|
|||
(******************************************************************************
|
||||
* STANDARD ML OF NEW JERSEY COPYRIGHT NOTICE, LICENSE AND DISCLAIMER.
|
||||
*
|
||||
* Copyright (c) 1989-2002 by Lucent Technologies
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software and its
|
||||
* documentation for any purpose and without fee is hereby granted,
|
||||
* provided that the above copyright notice appear in all copies and that
|
||||
* both the copyright notice and this permission notice and warranty
|
||||
* disclaimer appear in supporting documentation, and that the name of
|
||||
* Lucent Technologies, Bell Labs or any Lucent entity not be used in
|
||||
* advertising or publicity pertaining to distribution of the software
|
||||
* without specific, written prior permission.
|
||||
*
|
||||
* Lucent disclaims all warranties with regard to this software,
|
||||
* including all implied warranties of merchantability and fitness. In no
|
||||
* event shall Lucent be liable for any special, indirect or
|
||||
* consequential damages or any damages whatsoever resulting from loss of
|
||||
* use, data or profits, whether in an action of contract, negligence or
|
||||
* other tortious action, arising out of or in connection with the use
|
||||
* or performance of this software.
|
||||
******************************************************************************)
|
||||
(* $Id: parser2.sml 6662 2007-07-04 06:41:30Z brucker $ *)
|
||||
|
||||
(* ML-Yacc Parser Generator (c) 1989 Andrew W. Appel, David R. Tarditi *)
|
||||
|
||||
(* parser.sml: This is a parser driver for LR tables with an error-recovery
|
||||
routine added to it. The routine used is described in detail in this
|
||||
article:
|
||||
|
||||
'A Practical Method for LR and LL Syntactic Error Diagnosis and
|
||||
Recovery', by M. Burke and G. Fisher, ACM Transactions on
|
||||
Programming Langauges and Systems, Vol. 9, No. 2, April 1987,
|
||||
pp. 164-197.
|
||||
|
||||
This program is an implementation is the partial, deferred method discussed
|
||||
in the article. The algorithm and data structures used in the program
|
||||
are described below.
|
||||
|
||||
This program assumes that all semantic actions are delayed. A semantic
|
||||
action should produce a function from unit -> value instead of producing the
|
||||
normal value. The parser returns the semantic value on the top of the
|
||||
stack when accept is encountered. The user can deconstruct this value
|
||||
and apply the unit -> value function in it to get the answer.
|
||||
|
||||
It also assumes that the lexer is a lazy stream.
|
||||
|
||||
Data Structures:
|
||||
----------------
|
||||
|
||||
* The parser:
|
||||
|
||||
The state stack has the type
|
||||
|
||||
(state * (semantic value * line # * line #)) list
|
||||
|
||||
The parser keeps a queue of (state stack * lexer pair). A lexer pair
|
||||
consists of a terminal * value pair and a lexer. This allows the
|
||||
parser to reconstruct the states for terminals to the left of a
|
||||
syntax error, and attempt to make error corrections there.
|
||||
|
||||
The queue consists of a pair of lists (x,y). New additions to
|
||||
the queue are cons'ed onto y. The first element of x is the top
|
||||
of the queue. If x is nil, then y is reversed and used
|
||||
in place of x.
|
||||
|
||||
Algorithm:
|
||||
----------
|
||||
|
||||
* The steady-state parser:
|
||||
|
||||
This parser keeps the length of the queue of state stacks at
|
||||
a steady state by always removing an element from the front when
|
||||
another element is placed on the end.
|
||||
|
||||
It has these arguments:
|
||||
|
||||
stack: current stack
|
||||
queue: value of the queue
|
||||
lexPair ((terminal,value),lex stream)
|
||||
|
||||
When SHIFT is encountered, the state to shift to and the value are
|
||||
are pushed onto the state stack. The state stack and lexPair are
|
||||
placed on the queue. The front element of the queue is removed.
|
||||
|
||||
When REDUCTION is encountered, the rule is applied to the current
|
||||
stack to yield a triple (nonterm,value,new stack). A new
|
||||
stack is formed by adding (goto(top state of stack,nonterm),value)
|
||||
to the stack.
|
||||
|
||||
When ACCEPT is encountered, the top value from the stack and the
|
||||
lexer are returned.
|
||||
|
||||
When an ERROR is encountered, fixError is called. FixError
|
||||
takes the arguments to the parser, fixes the error if possible and
|
||||
returns a new set of arguments.
|
||||
|
||||
* The distance-parser:
|
||||
|
||||
This parser includes an additional argument distance. It pushes
|
||||
elements on the queue until it has parsed distance tokens, or an
|
||||
ACCEPT or ERROR occurs. It returns a stack, lexer, the number of
|
||||
tokens left unparsed, a queue, and an action option.
|
||||
*)
|
||||
|
||||
signature FIFO =
|
||||
sig type 'a queue
|
||||
val empty : 'a queue
|
||||
exception Empty
|
||||
val get : 'a queue -> 'a * 'a queue
|
||||
val put : 'a * 'a queue -> 'a queue
|
||||
end
|
||||
|
||||
(* drt (12/15/89) -- the functor should be used in development work, but
|
||||
it wastes space in the release version.
|
||||
|
||||
functor ParserGen(structure LrTable : LR_TABLE
|
||||
structure Stream : STREAM) : LR_PARSER =
|
||||
*)
|
||||
|
||||
structure LrParser :> LR_PARSER =
|
||||
struct
|
||||
structure LrTable = LrTable
|
||||
structure Stream = Stream
|
||||
|
||||
fun eqT (LrTable.T i, LrTable.T i') = i = i'
|
||||
|
||||
structure Token : TOKEN =
|
||||
struct
|
||||
structure LrTable = LrTable
|
||||
datatype ('a,'b) token = TOKEN of LrTable.term * ('a * 'b * 'b)
|
||||
val sameToken = fn (TOKEN(t,_),TOKEN(t',_)) => eqT (t,t')
|
||||
end
|
||||
|
||||
open LrTable
|
||||
open Token
|
||||
|
||||
val DEBUG1 = false
|
||||
val DEBUG2 = false
|
||||
exception ParseError
|
||||
exception ParseImpossible of int
|
||||
|
||||
structure Fifo :> FIFO =
|
||||
struct
|
||||
type 'a queue = ('a list * 'a list)
|
||||
val empty = (nil,nil)
|
||||
exception Empty
|
||||
fun get(a::x, y) = (a, (x,y))
|
||||
| get(nil, nil) = raise Empty
|
||||
| get(nil, y) = get(rev y, nil)
|
||||
fun put(a,(x,y)) = (x,a::y)
|
||||
end
|
||||
|
||||
type ('a,'b) elem = (state * ('a * 'b * 'b))
|
||||
type ('a,'b) stack = ('a,'b) elem list
|
||||
type ('a,'b) lexv = ('a,'b) token
|
||||
type ('a,'b) lexpair = ('a,'b) lexv * (('a,'b) lexv Stream.stream)
|
||||
type ('a,'b) distanceParse =
|
||||
('a,'b) lexpair *
|
||||
('a,'b) stack *
|
||||
(('a,'b) stack * ('a,'b) lexpair) Fifo.queue *
|
||||
int ->
|
||||
('a,'b) lexpair *
|
||||
('a,'b) stack *
|
||||
(('a,'b) stack * ('a,'b) lexpair) Fifo.queue *
|
||||
int *
|
||||
action option
|
||||
|
||||
type ('a,'b) ecRecord =
|
||||
{is_keyword : term -> bool,
|
||||
preferred_change : (term list * term list) list,
|
||||
error : string * 'b * 'b -> unit,
|
||||
errtermvalue : term -> 'a,
|
||||
terms : term list,
|
||||
showTerminal : term -> string,
|
||||
noShift : term -> bool}
|
||||
|
||||
local
|
||||
val print = fn s => TextIO.output(TextIO.stdOut,s)
|
||||
val println = fn s => (print s; print "\n")
|
||||
val showState = fn (STATE s) => "STATE " ^ (Int.toString s)
|
||||
in
|
||||
fun printStack(stack: ('a,'b) stack, n: int) =
|
||||
case stack
|
||||
of (state,_) :: rest =>
|
||||
(print("\t" ^ Int.toString n ^ ": ");
|
||||
println(showState state);
|
||||
printStack(rest, n+1))
|
||||
| nil => ()
|
||||
|
||||
fun prAction showTerminal
|
||||
(stack as (state,_) :: _, next as (TOKEN (term,_),_), action) =
|
||||
(println "Parse: state stack:";
|
||||
printStack(stack, 0);
|
||||
print(" state="
|
||||
^ showState state
|
||||
^ " next="
|
||||
^ showTerminal term
|
||||
^ " action="
|
||||
);
|
||||
case action
|
||||
of SHIFT state => println ("SHIFT " ^ (showState state))
|
||||
| REDUCE i => println ("REDUCE " ^ (Int.toString i))
|
||||
| ERROR => println "ERROR"
|
||||
| ACCEPT => println "ACCEPT")
|
||||
| prAction _ (_,_,action) = ()
|
||||
end
|
||||
|
||||
(* ssParse: parser which maintains the queue of (state * lexvalues) in a
|
||||
steady-state. It takes a table, showTerminal function, saction
|
||||
function, and fixError function. It parses until an ACCEPT is
|
||||
encountered, or an exception is raised. When an error is encountered,
|
||||
fixError is called with the arguments of parseStep (lexv,stack,and
|
||||
queue). It returns the lexv, and a new stack and queue adjusted so
|
||||
that the lexv can be parsed *)
|
||||
|
||||
val ssParse =
|
||||
fn (table,showTerminal,saction,fixError,arg) =>
|
||||
let val prAction = prAction showTerminal
|
||||
val action = LrTable.action table
|
||||
val goto = LrTable.goto table
|
||||
fun parseStep(args as
|
||||
(lexPair as (TOKEN (terminal, value as (_,leftPos,_)),
|
||||
lexer
|
||||
),
|
||||
stack as (state,_) :: _,
|
||||
queue)) =
|
||||
let val nextAction = action (state,terminal)
|
||||
val _ = if DEBUG1 then prAction(stack,lexPair,nextAction)
|
||||
else ()
|
||||
in case nextAction
|
||||
of SHIFT s =>
|
||||
let val newStack = (s,value) :: stack
|
||||
val newLexPair = Stream.get lexer
|
||||
val (_,newQueue) =Fifo.get(Fifo.put((newStack,newLexPair),
|
||||
queue))
|
||||
in parseStep(newLexPair,(s,value)::stack,newQueue)
|
||||
end
|
||||
| REDUCE i =>
|
||||
(case saction(i,leftPos,stack,arg)
|
||||
of (nonterm,value,stack as (state,_) :: _) =>
|
||||
parseStep(lexPair,(goto(state,nonterm),value)::stack,
|
||||
queue)
|
||||
| _ => raise (ParseImpossible 197))
|
||||
| ERROR => parseStep(fixError args)
|
||||
| ACCEPT =>
|
||||
(case stack
|
||||
of (_,(topvalue,_,_)) :: _ =>
|
||||
let val (token,restLexer) = lexPair
|
||||
in (topvalue,Stream.cons(token,restLexer))
|
||||
end
|
||||
| _ => raise (ParseImpossible 202))
|
||||
end
|
||||
| parseStep _ = raise (ParseImpossible 204)
|
||||
in parseStep
|
||||
end
|
||||
|
||||
(* distanceParse: parse until n tokens are shifted, or accept or
|
||||
error are encountered. Takes a table, showTerminal function, and
|
||||
semantic action function. Returns a parser which takes a lexPair
|
||||
(lex result * lexer), a state stack, a queue, and a distance
|
||||
(must be > 0) to parse. The parser returns a new lex-value, a stack
|
||||
with the nth token shifted on top, a queue, a distance, and action
|
||||
option. *)
|
||||
|
||||
val distanceParse =
|
||||
fn (table,showTerminal,saction,arg) =>
|
||||
let val prAction = prAction showTerminal
|
||||
val action = LrTable.action table
|
||||
val goto = LrTable.goto table
|
||||
fun parseStep(lexPair,stack,queue,0) = (lexPair,stack,queue,0,NONE)
|
||||
| parseStep(lexPair as (TOKEN (terminal, value as (_,leftPos,_)),
|
||||
lexer
|
||||
),
|
||||
stack as (state,_) :: _,
|
||||
queue,distance) =
|
||||
let val nextAction = action(state,terminal)
|
||||
val _ = if DEBUG1 then prAction(stack,lexPair,nextAction)
|
||||
else ()
|
||||
in case nextAction
|
||||
of SHIFT s =>
|
||||
let val newStack = (s,value) :: stack
|
||||
val newLexPair = Stream.get lexer
|
||||
in parseStep(newLexPair,(s,value)::stack,
|
||||
Fifo.put((newStack,newLexPair),queue),distance-1)
|
||||
end
|
||||
| REDUCE i =>
|
||||
(case saction(i,leftPos,stack,arg)
|
||||
of (nonterm,value,stack as (state,_) :: _) =>
|
||||
parseStep(lexPair,(goto(state,nonterm),value)::stack,
|
||||
queue,distance)
|
||||
| _ => raise (ParseImpossible 240))
|
||||
| ERROR => (lexPair,stack,queue,distance,SOME nextAction)
|
||||
| ACCEPT => (lexPair,stack,queue,distance,SOME nextAction)
|
||||
end
|
||||
| parseStep _ = raise (ParseImpossible 242)
|
||||
in parseStep : ('_a,'_b) distanceParse
|
||||
end
|
||||
|
||||
(* mkFixError: function to create fixError function which adjusts parser state
|
||||
so that parse may continue in the presence of an error *)
|
||||
|
||||
fun mkFixError({is_keyword,terms,errtermvalue,
|
||||
preferred_change,noShift,
|
||||
showTerminal,error,...} : ('_a,'_b) ecRecord,
|
||||
distanceParse : ('_a,'_b) distanceParse,
|
||||
minAdvance,maxAdvance)
|
||||
|
||||
(lexv as (TOKEN (term,value as (_,leftPos,_)),_),stack,queue) =
|
||||
let val _ = if DEBUG2 then
|
||||
error("syntax error found at " ^ (showTerminal term),
|
||||
leftPos,leftPos)
|
||||
else ()
|
||||
|
||||
fun tokAt(t,p) = TOKEN(t,(errtermvalue t,p,p))
|
||||
|
||||
val minDelta = 3
|
||||
|
||||
(* pull all the state * lexv elements from the queue *)
|
||||
|
||||
val stateList =
|
||||
let fun f q = let val (elem,newQueue) = Fifo.get q
|
||||
in elem :: (f newQueue)
|
||||
end handle Fifo.Empty => nil
|
||||
in f queue
|
||||
end
|
||||
|
||||
(* now number elements of stateList, giving distance from
|
||||
error token *)
|
||||
|
||||
val (_, numStateList) =
|
||||
List.foldr (fn (a,(num,r)) => (num+1,(a,num)::r)) (0, []) stateList
|
||||
|
||||
(* Represent the set of potential changes as a linked list.
|
||||
|
||||
Values of datatype Change hold information about a potential change.
|
||||
|
||||
oper = oper to be applied
|
||||
pos = the # of the element in stateList that would be altered.
|
||||
distance = the number of tokens beyond the error token which the
|
||||
change allows us to parse.
|
||||
new = new terminal * value pair at that point
|
||||
orig = original terminal * value pair at the point being changed.
|
||||
*)
|
||||
|
||||
datatype ('a,'b) change = CHANGE of
|
||||
{pos : int, distance : int, leftPos: 'b, rightPos: 'b,
|
||||
new : ('a,'b) lexv list, orig : ('a,'b) lexv list}
|
||||
|
||||
|
||||
val showTerms = concat o map (fn TOKEN(t,_) => " " ^ showTerminal t)
|
||||
|
||||
val printChange = fn c =>
|
||||
let val CHANGE {distance,new,orig,pos,...} = c
|
||||
in (print ("{distance= " ^ (Int.toString distance));
|
||||
print (",orig ="); print(showTerms orig);
|
||||
print (",new ="); print(showTerms new);
|
||||
print (",pos= " ^ (Int.toString pos));
|
||||
print "}\n")
|
||||
end
|
||||
|
||||
val printChangeList = app printChange
|
||||
|
||||
(* parse: given a lexPair, a stack, and the distance from the error
|
||||
token, return the distance past the error token that we are able to parse.*)
|
||||
|
||||
fun parse (lexPair,stack,queuePos : int) =
|
||||
case distanceParse(lexPair,stack,Fifo.empty,queuePos+maxAdvance+1)
|
||||
of (_,_,_,distance,SOME ACCEPT) =>
|
||||
if maxAdvance-distance-1 >= 0
|
||||
then maxAdvance
|
||||
else maxAdvance-distance-1
|
||||
| (_,_,_,distance,_) => maxAdvance - distance - 1
|
||||
|
||||
(* catList: concatenate results of scanning list *)
|
||||
|
||||
fun catList l f = List.foldr (fn(a,r)=> f a @ r) [] l
|
||||
|
||||
fun keywordsDelta new = if List.exists (fn(TOKEN(t,_))=>is_keyword t) new
|
||||
then minDelta else 0
|
||||
|
||||
fun tryChange{lex,stack,pos,leftPos,rightPos,orig,new} =
|
||||
let val lex' = List.foldr (fn (t',p)=>(t',Stream.cons p)) lex new
|
||||
val distance = parse(lex',stack,pos+length new-length orig)
|
||||
in if distance >= minAdvance + keywordsDelta new
|
||||
then [CHANGE{pos=pos,leftPos=leftPos,rightPos=rightPos,
|
||||
distance=distance,orig=orig,new=new}]
|
||||
else []
|
||||
end
|
||||
|
||||
|
||||
(* tryDelete: Try to delete n terminals.
|
||||
Return single-element [success] or nil.
|
||||
Do not delete unshiftable terminals. *)
|
||||
|
||||
|
||||
fun tryDelete n ((stack,lexPair as (TOKEN(term,(_,l,r)),_)),qPos) =
|
||||
let fun del(0,accum,left,right,lexPair) =
|
||||
tryChange{lex=lexPair,stack=stack,
|
||||
pos=qPos,leftPos=left,rightPos=right,
|
||||
orig=rev accum, new=[]}
|
||||
| del(n,accum,left,right,(tok as TOKEN(term,(_,_,r)),lexer)) =
|
||||
if noShift term then []
|
||||
else del(n-1,tok::accum,left,r,Stream.get lexer)
|
||||
in del(n,[],l,r,lexPair)
|
||||
end
|
||||
|
||||
(* tryInsert: try to insert tokens before the current terminal;
|
||||
return a list of the successes *)
|
||||
|
||||
fun tryInsert((stack,lexPair as (TOKEN(_,(_,l,_)),_)),queuePos) =
|
||||
catList terms (fn t =>
|
||||
tryChange{lex=lexPair,stack=stack,
|
||||
pos=queuePos,orig=[],new=[tokAt(t,l)],
|
||||
leftPos=l,rightPos=l})
|
||||
|
||||
(* trySubst: try to substitute tokens for the current terminal;
|
||||
return a list of the successes *)
|
||||
|
||||
fun trySubst ((stack,lexPair as (orig as TOKEN (term,(_,l,r)),lexer)),
|
||||
queuePos) =
|
||||
if noShift term then []
|
||||
else
|
||||
catList terms (fn t =>
|
||||
tryChange{lex=Stream.get lexer,stack=stack,
|
||||
pos=queuePos,
|
||||
leftPos=l,rightPos=r,orig=[orig],
|
||||
new=[tokAt(t,r)]})
|
||||
|
||||
(* do_delete(toks,lexPair) tries to delete tokens "toks" from "lexPair".
|
||||
If it succeeds, returns SOME(toks',l,r,lp), where
|
||||
toks' is the actual tokens (with positions and values) deleted,
|
||||
(l,r) are the (leftmost,rightmost) position of toks',
|
||||
lp is what remains of the stream after deletion
|
||||
*)
|
||||
fun do_delete(nil,lp as (TOKEN(_,(_,l,_)),_)) = SOME(nil,l,l,lp)
|
||||
| do_delete([t],(tok as TOKEN(t',(_,l,r)),lp')) =
|
||||
if eqT (t, t')
|
||||
then SOME([tok],l,r,Stream.get lp')
|
||||
else NONE
|
||||
| do_delete(t::rest,(tok as TOKEN(t',(_,l,r)),lp')) =
|
||||
if eqT (t,t')
|
||||
then case do_delete(rest,Stream.get lp')
|
||||
of SOME(deleted,l',r',lp'') =>
|
||||
SOME(tok::deleted,l,r',lp'')
|
||||
| NONE => NONE
|
||||
else NONE
|
||||
|
||||
fun tryPreferred((stack,lexPair),queuePos) =
|
||||
catList preferred_change (fn (delete,insert) =>
|
||||
if List.exists noShift delete then [] (* should give warning at
|
||||
parser-generation time *)
|
||||
else case do_delete(delete,lexPair)
|
||||
of SOME(deleted,l,r,lp) =>
|
||||
tryChange{lex=lp,stack=stack,pos=queuePos,
|
||||
leftPos=l,rightPos=r,orig=deleted,
|
||||
new=map (fn t=>(tokAt(t,r))) insert}
|
||||
| NONE => [])
|
||||
|
||||
val changes = catList numStateList tryPreferred @
|
||||
catList numStateList tryInsert @
|
||||
catList numStateList trySubst @
|
||||
catList numStateList (tryDelete 1) @
|
||||
catList numStateList (tryDelete 2) @
|
||||
catList numStateList (tryDelete 3)
|
||||
|
||||
val findMaxDist = fn l =>
|
||||
foldr (fn (CHANGE {distance,...},high) => Int.max(distance,high)) 0 l
|
||||
|
||||
(* maxDist: max distance past error taken that we could parse *)
|
||||
|
||||
val maxDist = findMaxDist changes
|
||||
|
||||
(* remove changes which did not parse maxDist tokens past the error token *)
|
||||
|
||||
val changes = catList changes
|
||||
(fn(c as CHANGE{distance,...}) =>
|
||||
if distance=maxDist then [c] else [])
|
||||
|
||||
in case changes
|
||||
of (l as change :: _) =>
|
||||
let fun print_msg (CHANGE {new,orig,leftPos,rightPos,...}) =
|
||||
let val s =
|
||||
case (orig,new)
|
||||
of (_::_,[]) => "deleting " ^ (showTerms orig)
|
||||
| ([],_::_) => "inserting " ^ (showTerms new)
|
||||
| _ => "replacing " ^ (showTerms orig) ^
|
||||
" with " ^ (showTerms new)
|
||||
in error ("syntax error: " ^ s,leftPos,rightPos)
|
||||
end
|
||||
|
||||
val _ =
|
||||
(if length l > 1 andalso DEBUG2 then
|
||||
(print "multiple fixes possible; could fix it by:\n";
|
||||
app print_msg l;
|
||||
print "chosen correction:\n")
|
||||
else ();
|
||||
print_msg change)
|
||||
|
||||
(* findNth: find nth queue entry from the error
|
||||
entry. Returns the Nth queue entry and the portion of
|
||||
the queue from the beginning to the nth-1 entry. The
|
||||
error entry is at the end of the queue.
|
||||
|
||||
Examples:
|
||||
|
||||
queue = a b c d e
|
||||
findNth 0 = (e,a b c d)
|
||||
findNth 1 = (d,a b c)
|
||||
*)
|
||||
|
||||
val findNth = fn n =>
|
||||
let fun f (h::t,0) = (h,rev t)
|
||||
| f (h::t,n) = f(t,n-1)
|
||||
| f (nil,_) = let exception FindNth
|
||||
in raise FindNth
|
||||
end
|
||||
in f (rev stateList,n)
|
||||
end
|
||||
|
||||
val CHANGE {pos,orig,new,...} = change
|
||||
val (last,queueFront) = findNth pos
|
||||
val (stack,lexPair) = last
|
||||
|
||||
val lp1 = foldl(fn (_,(_,r)) => Stream.get r) lexPair orig
|
||||
val lp2 = foldr(fn(t,r)=>(t,Stream.cons r)) lp1 new
|
||||
|
||||
val restQueue =
|
||||
Fifo.put((stack,lp2),
|
||||
foldl Fifo.put Fifo.empty queueFront)
|
||||
|
||||
val (lexPair,stack,queue,_,_) =
|
||||
distanceParse(lp2,stack,restQueue,pos)
|
||||
|
||||
in (lexPair,stack,queue)
|
||||
end
|
||||
| nil => (error("syntax error found at " ^ (showTerminal term),
|
||||
leftPos,leftPos); raise ParseError)
|
||||
end
|
||||
|
||||
val parse = fn {arg,table,lexer,saction,void,lookahead,
|
||||
ec=ec as {showTerminal,...} : ('_a,'_b) ecRecord} =>
|
||||
let val distance = 15 (* defer distance tokens *)
|
||||
val minAdvance = 1 (* must parse at least 1 token past error *)
|
||||
val maxAdvance = Int.max(lookahead,0)(* max distance for parse check *)
|
||||
val lexPair = Stream.get lexer
|
||||
val (TOKEN (_,(_,leftPos,_)),_) = lexPair
|
||||
val startStack = [(initialState table,(void,leftPos,leftPos))]
|
||||
val startQueue = Fifo.put((startStack,lexPair),Fifo.empty)
|
||||
val distanceParse = distanceParse(table,showTerminal,saction,arg)
|
||||
val fixError = mkFixError(ec,distanceParse,minAdvance,maxAdvance)
|
||||
val ssParse = ssParse(table,showTerminal,saction,fixError,arg)
|
||||
fun loop (lexPair,stack,queue,_,SOME ACCEPT) =
|
||||
ssParse(lexPair,stack,queue)
|
||||
| loop (lexPair,stack,queue,0,_) = ssParse(lexPair,stack,queue)
|
||||
| loop (lexPair,stack,queue,distance,SOME ERROR) =
|
||||
let val (lexPair,stack,queue) = fixError(lexPair,stack,queue)
|
||||
in loop (distanceParse(lexPair,stack,queue,distance))
|
||||
end
|
||||
| loop _ = let exception ParseInternal
|
||||
in raise ParseInternal
|
||||
end
|
||||
in loop (distanceParse(lexPair,startStack,startQueue,distance))
|
||||
end
|
||||
end;
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
(******************************************************************************
|
||||
* STANDARD ML OF NEW JERSEY COPYRIGHT NOTICE, LICENSE AND DISCLAIMER.
|
||||
*
|
||||
* Copyright (c) 1989-2002 by Lucent Technologies
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software and its
|
||||
* documentation for any purpose and without fee is hereby granted,
|
||||
* provided that the above copyright notice appear in all copies and that
|
||||
* both the copyright notice and this permission notice and warranty
|
||||
* disclaimer appear in supporting documentation, and that the name of
|
||||
* Lucent Technologies, Bell Labs or any Lucent entity not be used in
|
||||
* advertising or publicity pertaining to distribution of the software
|
||||
* without specific, written prior permission.
|
||||
*
|
||||
* Lucent disclaims all warranties with regard to this software,
|
||||
* including all implied warranties of merchantability and fitness. In no
|
||||
* event shall Lucent be liable for any special, indirect or
|
||||
* consequential damages or any damages whatsoever resulting from loss of
|
||||
* use, data or profits, whether in an action of contract, negligence or
|
||||
* other tortious action, arising out of or in connection with the use
|
||||
* or performance of this software.
|
||||
******************************************************************************)
|
||||
(* $Id: root.sml 6662 2007-07-04 06:41:30Z brucker $ *)
|
||||
|
||||
use "base.sig";
|
||||
use "join.sml";
|
||||
use "lrtable.sml";
|
||||
use "stream.sml";
|
||||
use "parser2.sml";
|
|
@ -0,0 +1,43 @@
|
|||
(******************************************************************************
|
||||
* STANDARD ML OF NEW JERSEY COPYRIGHT NOTICE, LICENSE AND DISCLAIMER.
|
||||
*
|
||||
* Copyright (c) 1989-2002 by Lucent Technologies
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software and its
|
||||
* documentation for any purpose and without fee is hereby granted,
|
||||
* provided that the above copyright notice appear in all copies and that
|
||||
* both the copyright notice and this permission notice and warranty
|
||||
* disclaimer appear in supporting documentation, and that the name of
|
||||
* Lucent Technologies, Bell Labs or any Lucent entity not be used in
|
||||
* advertising or publicity pertaining to distribution of the software
|
||||
* without specific, written prior permission.
|
||||
*
|
||||
* Lucent disclaims all warranties with regard to this software,
|
||||
* including all implied warranties of merchantability and fitness. In no
|
||||
* event shall Lucent be liable for any special, indirect or
|
||||
* consequential damages or any damages whatsoever resulting from loss of
|
||||
* use, data or profits, whether in an action of contract, negligence or
|
||||
* other tortious action, arising out of or in connection with the use
|
||||
* or performance of this software.
|
||||
******************************************************************************)
|
||||
(* $Id: stream.sml 6662 2007-07-04 06:41:30Z brucker $ *)
|
||||
|
||||
(* ML-Yacc Parser Generator (c) 1989 Andrew W. Appel, David R. Tarditi *)
|
||||
|
||||
(* Stream: a structure implementing a lazy stream. The signature STREAM
|
||||
is found in base.sig *)
|
||||
|
||||
structure Stream :> STREAM =
|
||||
struct
|
||||
datatype 'a str = EVAL of 'a * 'a str ref | UNEVAL of (unit->'a)
|
||||
|
||||
type 'a stream = 'a str ref
|
||||
|
||||
fun get(ref(EVAL t)) = t
|
||||
| get(s as ref(UNEVAL f)) =
|
||||
let val t = (f(), ref(UNEVAL f)) in s := EVAL t; t end
|
||||
|
||||
fun streamify f = ref(UNEVAL f)
|
||||
fun cons(a,s) = ref(EVAL(a,s))
|
||||
|
||||
end;
|
|
@ -0,0 +1,208 @@
|
|||
(*****************************************************************************
|
||||
* Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL
|
||||
*
|
||||
* ofmc-fp.grm ---
|
||||
* This file is part of Isabelle-OFMC.
|
||||
*
|
||||
* Copyright (c) 2009 Achim D. Brucker, Germany
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* * Neither the name of the copyright holders nor the names of its
|
||||
* contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
******************************************************************************)
|
||||
(* $Id: ofmc-fp.grm 901 2009-11-01 17:12:18Z brucker $ *)
|
||||
|
||||
|
||||
open OfmcFp
|
||||
|
||||
fun rmOuterOp (Operator(_,[msg])) = msg
|
||||
| rmOuterOp s = s
|
||||
|
||||
%%
|
||||
|
||||
%eop EOF
|
||||
|
||||
%left TMETAIMPLIES
|
||||
|
||||
%name OfmcFpParser
|
||||
|
||||
%term EOF
|
||||
| SIMPLE_NAME of string
|
||||
| TABSTRACTION of string
|
||||
| TATTACK of string
|
||||
| TARROW of string
|
||||
| TMINUS of string
|
||||
| TCAT of string
|
||||
| TCBRACKET of string
|
||||
| TCOLON of string
|
||||
| TWHITESPACE of string
|
||||
| TEQ of string
|
||||
| TNEQ of string
|
||||
| TBAR of string
|
||||
| TCOMMA of string
|
||||
| TCPAREN of string
|
||||
| TCRYPT of string
|
||||
| TQUOTE of string
|
||||
| TEXP of string
|
||||
| TFACT of string
|
||||
| TFIXEDPOINT of string
|
||||
| TFPState of string
|
||||
| TIKNOWS of string
|
||||
| TINITIAL of string
|
||||
| TINV of string
|
||||
| TKNOWLEDGE of string
|
||||
| TMETAIMPLIES of string
|
||||
| TOBRACKET of string
|
||||
| TOPAREN of string
|
||||
| TPROTOCOL of string
|
||||
| TBACKEND of string
|
||||
| TREQUEST of string
|
||||
| TRULES of string
|
||||
| TSCRYPT of string
|
||||
| TSECRET of string
|
||||
| TSECSTATE of string
|
||||
| TSECTION of string
|
||||
| TSEMICOLON of string
|
||||
| TSTATE of string
|
||||
| TSTEP of string
|
||||
| TTYPES of string
|
||||
| TWITNESS of string
|
||||
| TXOR of string
|
||||
|
||||
%nonterm START of ofmc_fp
|
||||
| ofmc_fp of ofmc_fp
|
||||
| simple_name of string
|
||||
| role of string
|
||||
| factname of string
|
||||
| msglist of Msg list
|
||||
| msg of Msg
|
||||
| knowledge of (string * Fact) list
|
||||
| facts of Fact list
|
||||
| fact of Fact
|
||||
| nfacts of Fact list
|
||||
| nfact of Fact
|
||||
| rules of Rule list
|
||||
| abstractions of (Msg * Msg) list
|
||||
| typname of string
|
||||
| typnames of string list
|
||||
| simple_names of string
|
||||
| typ of string * (string list)
|
||||
| typlist of (string * (string list)) list
|
||||
| types of (string * (string list)) list
|
||||
|
||||
%pos (int * int * int)
|
||||
|
||||
%noshift EOF
|
||||
|
||||
%%
|
||||
|
||||
START: ofmc_fp (ofmc_fp)
|
||||
|
||||
ofmc_fp: TPROTOCOL TCOLON simple_name (update_protocol simple_name empty_ofmc_fp)
|
||||
| TPROTOCOL TCOLON simple_name ofmc_fp (update_protocol simple_name ofmc_fp)
|
||||
| TBACKEND TCOLON simple_names (update_backend simple_names empty_ofmc_fp)
|
||||
| TBACKEND TCOLON simple_names ofmc_fp (update_backend simple_names ofmc_fp)
|
||||
| TTYPES TCOLON types (update_types ((types_of empty_ofmc_fp)@types) empty_ofmc_fp)
|
||||
| TTYPES TCOLON types ofmc_fp (update_types ((types_of ofmc_fp)@types) ofmc_fp)
|
||||
| TSECTION TINITIAL TSECSTATE TCOLON knowledge (update_knowledge knowledge empty_ofmc_fp)
|
||||
| TSECTION TINITIAL TSECSTATE TCOLON knowledge ofmc_fp (update_knowledge knowledge ofmc_fp)
|
||||
| TSECTION TRULES TCOLON rules (update_rules rules empty_ofmc_fp)
|
||||
| TSECTION TRULES TCOLON rules ofmc_fp (update_rules rules ofmc_fp)
|
||||
| TSECTION TFIXEDPOINT TCOLON knowledge (update_fixedpoint knowledge empty_ofmc_fp)
|
||||
| TSECTION TFIXEDPOINT TCOLON knowledge ofmc_fp (update_fixedpoint knowledge ofmc_fp)
|
||||
| TSECTION TABSTRACTION TCOLON abstractions (update_abstractions ((abstractions_of empty_ofmc_fp )@abstractions) empty_ofmc_fp)
|
||||
| TSECTION TABSTRACTION TCOLON (update_abstractions ((abstractions_of empty_ofmc_fp )@[]) empty_ofmc_fp)
|
||||
| TSECTION TABSTRACTION TCOLON abstractions ofmc_fp (update_abstractions ((abstractions_of ofmc_fp)@abstractions) ofmc_fp)
|
||||
|
||||
rules: TSTEP TCOLON facts TMETAIMPLIES facts ([(NONE, facts1, facts2)])
|
||||
| TSTEP TCOLON facts TMETAIMPLIES facts rules ((NONE, facts1, facts2)::rules)
|
||||
| TSTEP TCOLON facts TBAR nfacts TMETAIMPLIES facts ([(NONE, facts1@nfacts, facts)])
|
||||
| TSTEP TCOLON facts TBAR nfacts TMETAIMPLIES facts rules ((NONE, facts1@nfacts, facts)::rules)
|
||||
| TSTEP simple_name TCOLON facts TMETAIMPLIES facts ([(SOME simple_name, facts1, facts2)])
|
||||
| TSTEP simple_name TCOLON facts TMETAIMPLIES facts rules ((SOME simple_name, facts1, facts2)::rules)
|
||||
| TSTEP simple_name TCOLON facts TBAR nfacts TMETAIMPLIES facts ([(SOME simple_name, facts1@nfacts, facts2)])
|
||||
| TSTEP simple_name TCOLON facts TBAR nfacts TMETAIMPLIES facts rules ((SOME simple_name, facts1@nfacts, facts2)::rules)
|
||||
|
||||
knowledge: factname TCOLON fact TSEMICOLON ([(factname, fact)])
|
||||
| factname TCOLON fact TSEMICOLON knowledge ((factname, fact)::(knowledge))
|
||||
|
||||
facts: fact ([fact])
|
||||
| fact TSEMICOLON facts (fact::facts)
|
||||
|
||||
fact: TSTATE TOPAREN role TCOMMA TOBRACKET msglist TCBRACKET TCPAREN (State(role, msglist))
|
||||
| TIKNOWS TOPAREN msg TCPAREN (Iknows(msg))
|
||||
| TATTACK TOPAREN msg TCPAREN (Attack(msg))
|
||||
| TSECRET TOPAREN msglist TCPAREN (Secret(msglist))
|
||||
| TWITNESS TOPAREN msglist TCPAREN (Witness(msglist))
|
||||
| TREQUEST TOPAREN msglist TCPAREN (Request(msglist))
|
||||
|
||||
nfacts: nfact ([nfact])
|
||||
| nfact TSEMICOLON nfacts (nfact::nfacts)
|
||||
|
||||
nfact: msg TNEQ msg (NotEqual(msg1,msg2))
|
||||
|
||||
|
||||
msglist: msg ([msg])
|
||||
| msg TCOMMA msglist (msg::msglist)
|
||||
|
||||
msg: SIMPLE_NAME (Atom SIMPLE_NAME)
|
||||
| SIMPLE_NAME TOPAREN msglist TCPAREN (Operator(SIMPLE_NAME,msglist))
|
||||
| SIMPLE_NAME msg (Operator(SIMPLE_NAME,[msg]))
|
||||
| TOPAREN msg TCPAREN (msg)
|
||||
|
||||
role: SIMPLE_NAME (SIMPLE_NAME)
|
||||
|
||||
factname: SIMPLE_NAME (SIMPLE_NAME)
|
||||
|
||||
simple_name:SIMPLE_NAME (SIMPLE_NAME)
|
||||
|
||||
abstractions: msg TARROW msg ([(rmOuterOp msg2,msg1)])
|
||||
| msg TARROW msg TSEMICOLON abstractions ((rmOuterOp msg2,msg1)::abstractions)
|
||||
|
||||
types: TOBRACKET typlist TCBRACKET (typlist)
|
||||
|
||||
typlist: typ ([typ])
|
||||
| typ TCOMMA typlist (typ::typlist)
|
||||
|
||||
typ: TOPAREN SIMPLE_NAME TCOMMA TOBRACKET typnames TCBRACKET TCPAREN ((SIMPLE_NAME,typnames))
|
||||
| TOPAREN SIMPLE_NAME SIMPLE_NAME SIMPLE_NAME TCOMMA TOBRACKET typnames TCBRACKET TCPAREN ((SIMPLE_NAME,typnames))
|
||||
| TOPAREN SIMPLE_NAME TCOMMA TOBRACKET TCBRACKET TCPAREN ((SIMPLE_NAME,[]))
|
||||
| TOPAREN SIMPLE_NAME SIMPLE_NAME SIMPLE_NAME TCOMMA TOBRACKET TCBRACKET TCPAREN ((SIMPLE_NAME,[]))
|
||||
|
||||
|
||||
|
||||
typnames: typname ([typname])
|
||||
| typname TCOMMA typnames (typname::typnames)
|
||||
|
||||
simple_names: simple_name (simple_name)
|
||||
| simple_name simple_names (simple_name^" "^simple_names)
|
||||
| simple_name TMINUS simple_names (simple_name^" "^simple_names)
|
||||
|
||||
typname: TQUOTE SIMPLE_NAME TQUOTE (SIMPLE_NAME)
|
||||
|
|
@ -0,0 +1,54 @@
|
|||
signature OfmcFpParser_TOKENS =
|
||||
sig
|
||||
type ('a,'b) token
|
||||
type svalue
|
||||
val TXOR: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TWITNESS: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TTYPES: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TSTEP: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TSTATE: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TSEMICOLON: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TSECTION: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TSECSTATE: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TSECRET: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TSCRYPT: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TRULES: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TREQUEST: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TBACKEND: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TPROTOCOL: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TOPAREN: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TOBRACKET: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TMETAIMPLIES: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TKNOWLEDGE: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TINV: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TINITIAL: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TIKNOWS: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TFPState: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TFIXEDPOINT: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TFACT: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TEXP: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TQUOTE: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TCRYPT: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TCPAREN: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TCOMMA: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TBAR: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TNEQ: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TEQ: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TWHITESPACE: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TCOLON: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TCBRACKET: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TCAT: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TMINUS: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TARROW: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TATTACK: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val TABSTRACTION: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val SIMPLE_NAME: (string) * 'a * 'a -> (svalue,'a) token
|
||||
val EOF: 'a * 'a -> (svalue,'a) token
|
||||
end
|
||||
signature OfmcFpParser_LRVALS=
|
||||
sig
|
||||
structure Tokens : OfmcFpParser_TOKENS
|
||||
structure ParserData:PARSER_DATA
|
||||
sharing type ParserData.Token.token = Tokens.token
|
||||
sharing type ParserData.svalue = Tokens.svalue
|
||||
end
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,131 @@
|
|||
(*****************************************************************************
|
||||
* Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL
|
||||
*
|
||||
* ofmc-fp.lex ---
|
||||
* This file is part of Isabelle-OFMC.
|
||||
*
|
||||
* Copyright (c) 2009 Achim D. Brucker, Germany
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* * Neither the name of the copyright holders nor the names of its
|
||||
* contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
******************************************************************************)
|
||||
(* $Id: ofmc-fp.lex 869 2009-10-30 10:36:14Z brucker $ *)
|
||||
|
||||
structure Tokens = Tokens
|
||||
|
||||
type pos = int * int * int
|
||||
type svalue = Tokens.svalue
|
||||
|
||||
type ('a,'b) token = ('a,'b) Tokens.token
|
||||
type lexresult= (svalue,pos) token
|
||||
|
||||
|
||||
val pos = ref (0,0,0)
|
||||
|
||||
fun eof () = Tokens.EOF((!pos,!pos))
|
||||
fun error (e,p : (int * int * int),_) = TextIO.output (TextIO.stdOut,
|
||||
String.concat[
|
||||
"line ", (Int.toString ((#1 p)+1)), "/",
|
||||
(Int.toString (#2 p - #3 p)),": ", e, "\n"
|
||||
])
|
||||
|
||||
fun inputPos yypos = ((#1 (!pos), yypos - (#3(!pos)), (#3 (!pos))),
|
||||
(#1 (!pos), yypos - (#3(!pos)), (#3 (!pos))))
|
||||
fun inputPos_half yypos = (#1 (!pos), yypos - (#3(!pos)), (#3 (!pos)))
|
||||
|
||||
|
||||
%%
|
||||
%header (functor OfmcFpParserLexFun(structure Tokens: OfmcFpParser_TOKENS));
|
||||
alpha=[A-Za-z_];
|
||||
digit=[0-9];
|
||||
ws = [\ \t];
|
||||
%%
|
||||
|
||||
\n => (pos := ((#1 (!pos)) + 1, yypos - (#3(!pos)),yypos ); lex());
|
||||
|
||||
"(%)[^\n]*\n" => (pos := ((#1 (!pos)) + 1, yypos - (#3(!pos)),yypos ); lex());
|
||||
|
||||
"/*""/"*([^*/]|[^*]"/"|"*"[^/])*"*"*"*/" => (lex());
|
||||
|
||||
"(*""("*([^*/]|[^*]"("|"*"[^/])*"*"*"*)" => (lex());
|
||||
|
||||
{ws}+ => (pos := (#1 (!pos), yypos - (#3(!pos)), (#3 (!pos))); lex());
|
||||
|
||||
|
||||
"-" => (Tokens.TMINUS(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"->" => (Tokens.TARROW(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
":" => (Tokens.TCOLON(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"=" => (Tokens.TEQ(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"/=" => (Tokens.TNEQ(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"|" => (Tokens.TBAR(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"\"" => (Tokens.TQUOTE(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"," => (Tokens.TCOMMA(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
";" => (Tokens.TSEMICOLON(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"(" => (Tokens.TOPAREN(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
")" => (Tokens.TCPAREN(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"[" => (Tokens.TOBRACKET(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"]" => (Tokens.TCBRACKET(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"=>" => (Tokens.TMETAIMPLIES(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"section" => (Tokens.TSECTION(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"rules" => (Tokens.TRULES(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"initial" => (Tokens.TINITIAL(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"state" => (Tokens.TSECSTATE(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"fixedpoint" => (Tokens.TFIXEDPOINT(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"abstraction" => (Tokens.TABSTRACTION(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"Protocol" => (Tokens.TPROTOCOL(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"Backend" => (Tokens.TBACKEND(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"Types" => (Tokens.TTYPES(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"Knowledge" => (Tokens.TKNOWLEDGE(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"Fixed-point" => (Tokens.TFIXEDPOINT(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"Abstraction" => (Tokens.TABSTRACTION(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"State" => (Tokens.TSTATE(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"FPState" => (Tokens.TFPState(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"iknows" => (Tokens.TIKNOWS(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"attack" => (Tokens.TATTACK(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"witness" => (Tokens.TWITNESS(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"request" => (Tokens.TREQUEST(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"wrequest" => (Tokens.TREQUEST(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"secret" => (Tokens.TSECRET(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"Fact" => (Tokens.TFACT(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"Crypt" => (Tokens.TCRYPT(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"step" => (Tokens.TSTEP(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"Scrypt" => (Tokens.TSCRYPT(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"Cat" => (Tokens.TCAT(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"Inv" => (Tokens.TINV(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"Exp" => (Tokens.TEXP(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
"Xor" => (Tokens.TXOR(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
|
||||
(_|{alpha}|{digit})+ => (Tokens.SIMPLE_NAME(yytext,inputPos_half yypos,inputPos_half yypos));
|
||||
|
||||
. => (error ("ignoring bad character "^yytext,
|
||||
((#1 (!pos), yypos - (#3(!pos)), (#3 (!pos)))),
|
||||
((#1 (!pos), yypos - (#3(!pos)), (#3 (!pos)))));
|
||||
lex());
|
||||
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,137 @@
|
|||
(*****************************************************************************
|
||||
* Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL
|
||||
*
|
||||
* ofmc_abstraction.sml ---
|
||||
* This file is part of Isabelle-OFMC.
|
||||
*
|
||||
* Copyright (c) 2009 Achim D. Brucker, Germany
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* * Neither the name of the copyright holders nor the names of its
|
||||
* contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
******************************************************************************)
|
||||
(* $Id: ofmc_abstraction.sml 929 2009-11-01 22:37:06Z brucker $ *)
|
||||
|
||||
structure ofmc_abstraction =
|
||||
struct
|
||||
|
||||
open ofmc_connector
|
||||
open OfmcFp
|
||||
|
||||
datatype CMsg = CVariable of string * string
|
||||
| COperator of string * string * CMsg list
|
||||
| Abstraction of CMsg * CMsg
|
||||
|
||||
datatype CFact = CState of string * CMsg list
|
||||
| CIknows of CMsg
|
||||
| CAttack of CMsg
|
||||
| CWitness of CMsg list
|
||||
| CRequest of CMsg list
|
||||
| CSecret of CMsg list
|
||||
| CFact of string * CMsg
|
||||
| CNotEqual of CMsg * CMsg
|
||||
|
||||
exception error of string
|
||||
|
||||
|
||||
fun mk_unique [] = []
|
||||
| mk_unique (x::xs) = if (List.exists (fn e => e = x) xs) then (mk_unique xs) else (x::(mk_unique xs))
|
||||
|
||||
|
||||
fun type_abstraction ofmcfp t =
|
||||
let
|
||||
val abs = abstractions_of ofmcfp
|
||||
val types = sel_types_of t ofmcfp
|
||||
|
||||
fun decl_of (Atom a, Atom a') = "\""^a^"\" \"nat\""
|
||||
| decl_of (Operator (opname,_), Atom a) = "\""^opname^"\" \"Msg\" \"nat\""
|
||||
|
||||
fun is_t (_,Atom a) = if (List.exists (fn n => (n=a)) types) then true else false
|
||||
| is_t (_,_) = false
|
||||
|
||||
fun name_of (Atom n, _ ) = n
|
||||
| name_of (Operator (n,_), _) = n
|
||||
|
||||
fun is_not_abs s = if (List.exists (fn a => ((name_of a) =s)) abs) then false else true
|
||||
|
||||
val abs_t = List.filter is_t abs
|
||||
|
||||
fun is_not_t n = if (List.exists (fn a => (name_of a = n)) abs_t)
|
||||
then false else true
|
||||
|
||||
val abs_nott = List.filter is_not_t types
|
||||
|
||||
in
|
||||
case t of
|
||||
"Function" => mk_unique (map (fn x => "\""^x^"\" \"Msg\"") (List.filter is_not_abs types))
|
||||
| "Number" => mk_unique ((map decl_of abs_t)@(map (fn a => "\""^(a)^"\"" ) abs_nott))
|
||||
| _ => mk_unique ((map decl_of abs_t))
|
||||
end
|
||||
|
||||
|
||||
|
||||
fun check_abstraction ofmcfp s =
|
||||
let
|
||||
fun name_of (Operator(n,_)) = if (String.isPrefix "__" n)
|
||||
then String.substring(n,2,(String.size n)-2)
|
||||
else n
|
||||
| name_of (Atom (n)) = if (String.isPrefix "__" n)
|
||||
then String.substring(n,2,(String.size n)-2)
|
||||
else n
|
||||
val abstractions = List.filter (fn (a,b) => (name_of a) = s) (abstractions_of ofmcfp)
|
||||
in
|
||||
case abstractions of
|
||||
[] => NONE
|
||||
| ((a,b)::xs) => SOME ("Abs_"^(name_of b))
|
||||
end
|
||||
|
||||
|
||||
fun deabstractMsg abstractions (Atom s) = (case check_abstraction abstractions s of
|
||||
NONE => CVariable(s,"")
|
||||
| SOME a => Abstraction(COperator(s,"",[]),CVariable(a,"")))
|
||||
| deabstractMsg abstractions (Operator(s,ms)) = (case check_abstraction abstractions s of
|
||||
NONE => COperator(s,"", map (deabstractMsg abstractions) ms)
|
||||
| SOME a => Abstraction(COperator(s,"", map (deabstractMsg abstractions) ms),
|
||||
CVariable(a,"")))
|
||||
|
||||
fun deabstractFact abstractions (State (n,ms)) = (CState (n, map (deabstractMsg abstractions) ms))
|
||||
| deabstractFact abstractions (Iknows m) = (CIknows (deabstractMsg abstractions m))
|
||||
| deabstractFact abstractions (Attack m) = (CAttack (deabstractMsg abstractions m))
|
||||
| deabstractFact abstractions (Witness ms) = (CWitness (map (deabstractMsg abstractions) ms))
|
||||
| deabstractFact abstractions (Request ms) = (CRequest (map (deabstractMsg abstractions) ms))
|
||||
| deabstractFact abstractions (Secret ms) = (CSecret (map (deabstractMsg abstractions) ms))
|
||||
| deabstractFact abstractions (Fact (n,m)) = (CFact (n, deabstractMsg abstractions m))
|
||||
| deabstractFact abstractions (NotEqual (n,m)) = (CNotEqual (deabstractMsg abstractions n, deabstractMsg abstractions m))
|
||||
| deabstractFact _ _ = raise (error "unknown abstract in deabstractFAct")
|
||||
|
||||
end
|
||||
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,138 @@
|
|||
(*****************************************************************************
|
||||
* Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL
|
||||
*
|
||||
* ofmc_connector.sml ---
|
||||
* This file is part of Isabelle-OFMC.
|
||||
*
|
||||
* Copyright (c) 2009 Achim D. Brucker, Germany
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* * Neither the name of the copyright holders nor the names of its
|
||||
* contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
******************************************************************************)
|
||||
(* $Id: ofmc_connector.sml 903 2009-11-01 19:05:11Z brucker $ *)
|
||||
|
||||
signature OFMC_CONNECTOR =
|
||||
sig
|
||||
val ofmc_home: unit -> string
|
||||
val ofmc: string
|
||||
val wauth: bool ref
|
||||
(* val generate_fp : string -> theory -> theory *)
|
||||
val parseOfmcFpOutput: string -> OfmcFp.ofmc_fp
|
||||
val parseOfmcFpFile: string -> OfmcFp.ofmc_fp
|
||||
val parseAnBFile: string -> OfmcFp.ofmc_fp
|
||||
end
|
||||
|
||||
structure ofmc_connector :> OFMC_CONNECTOR =
|
||||
struct
|
||||
|
||||
|
||||
structure OfmcFpParserLrVals =
|
||||
OfmcFpParserLrValsFun(structure Token = LrParser.Token)
|
||||
|
||||
structure OfmcFpParserLex =
|
||||
OfmcFpParserLexFun(structure Tokens = OfmcFpParserLrVals.Tokens)
|
||||
|
||||
structure OfmcFpParserParser = Join(structure LrParser = LrParser
|
||||
structure ParserData = OfmcFpParserLrVals.ParserData
|
||||
structure Lex = OfmcFpParserLex)
|
||||
|
||||
val ofmc = "ofmc"
|
||||
val wauth = ref false
|
||||
|
||||
fun ofmc_home () = case OS.Process.getEnv "OFMC_HOME" of
|
||||
SOME p => p^"/bin"
|
||||
| NONE => ""
|
||||
|
||||
fun invoke lexstream =
|
||||
let fun print_error (s,i:(int * int * int),_) =
|
||||
TextIO.output(TextIO.stdOut,
|
||||
"Error, line .... " ^ (Int.toString (#1 i)) ^"."
|
||||
^(Int.toString (#2 i ))^ ", " ^ s ^ "\n")
|
||||
in
|
||||
OfmcFpParserParser.parse(0,lexstream,print_error,())
|
||||
end
|
||||
|
||||
fun parseOfmcFpFile ofmc_output_file =
|
||||
let
|
||||
val infile = TextIO.openIn ofmc_output_file
|
||||
val lexer = OfmcFpParserParser.makeLexer (fn _ => case ((TextIO.inputLine) infile) of
|
||||
SOME s => s
|
||||
| NONE => "")
|
||||
val dummyEOF = OfmcFpParserLrVals.Tokens.EOF((0,0,0),(0,0,0))
|
||||
fun loop lexer =
|
||||
let
|
||||
val _ = (OfmcFpParserLex.UserDeclarations.pos := (0,0,0);())
|
||||
val (res,lexer) = invoke lexer
|
||||
val (nextToken,lexer) = OfmcFpParserParser.Stream.get lexer
|
||||
in
|
||||
if OfmcFpParserParser.sameToken(nextToken,dummyEOF)
|
||||
then ((),res)
|
||||
else loop lexer
|
||||
end
|
||||
in
|
||||
(#2(loop lexer))
|
||||
end
|
||||
|
||||
fun parseOfmcFpOutput ofmc_output=
|
||||
let
|
||||
val line = ref ofmc_output
|
||||
fun readString _ = let val f = !line val _ = (line := "") in f end
|
||||
val lexer = OfmcFpParserParser.makeLexer (readString)
|
||||
val dummyEOF = OfmcFpParserLrVals.Tokens.EOF((0,0,0),(0,0,0))
|
||||
fun loop lexer =
|
||||
let
|
||||
val _ = (OfmcFpParserLex.UserDeclarations.pos := (0,0,0);())
|
||||
val (res,lexer) = invoke lexer
|
||||
val (nextToken,lexer) = OfmcFpParserParser.Stream.get lexer
|
||||
in
|
||||
if OfmcFpParserParser.sameToken(nextToken,dummyEOF)
|
||||
then ((),res)
|
||||
else loop lexer
|
||||
end
|
||||
in
|
||||
(#2(loop lexer))
|
||||
end
|
||||
|
||||
fun parseAnBFile filename =
|
||||
let
|
||||
val cmd = if !wauth
|
||||
then (ofmc_home())^ofmc^" "^filename^" -wauth -ot Isa"
|
||||
else (ofmc_home())^ofmc^" "^filename^" -ot Isa"
|
||||
|
||||
val tmpFile = OS.FileSys.tmpName ()
|
||||
val ofmcStatus = OS.Process.system(cmd^" > "^tmpFile)
|
||||
val ofmcOutput = parseOfmcFpFile tmpFile
|
||||
handle e => (OS.FileSys.remove tmpFile; raise e)
|
||||
val _ = OS.FileSys.remove tmpFile
|
||||
in
|
||||
OfmcFp.update_source filename ofmcOutput
|
||||
end
|
||||
|
||||
end
|
|
@ -0,0 +1,70 @@
|
|||
(*****************************************************************************
|
||||
* Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL
|
||||
*
|
||||
* ofmc_encoder.sml ---
|
||||
* This file is part of Isabelle-OFMC.
|
||||
*
|
||||
* Copyright (c) 2009 Achim D. Brucker, Germany
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* * Neither the name of the copyright holders nor the names of its
|
||||
* contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
******************************************************************************)
|
||||
(* $Id: ofmc_encoder.sml 450 2009-02-02 08:59:41Z brucker $ *)
|
||||
|
||||
signature OFMC_ENCODER =
|
||||
sig
|
||||
val encode_ofmc : OfmcFp.ofmc_fp -> theory -> theory
|
||||
val ofmcFpTerm_to_term: OfmcFp.ofmc_fp -> term
|
||||
end
|
||||
|
||||
|
||||
structure ofmc_encoder =
|
||||
struct
|
||||
|
||||
open ofmc_connector
|
||||
open OfmcFp
|
||||
open ofmc_abstraction
|
||||
|
||||
fun encode_ofmc abstractions thy =
|
||||
let
|
||||
val _ = warning "Defining Protocol"
|
||||
val _ = warning "Defining Fixpoint"
|
||||
in
|
||||
thy
|
||||
end
|
||||
|
||||
|
||||
fun ofmcFpTerm_to_term (CVariable (n,t)) = Free(n,dummyT)
|
||||
| ofmcFpTerm_to_term (COperator(n,t,ms)) = (Const(n,dummyT)$(foldr1 (op $) (map ofmcFpTerm_to_term ms)))
|
||||
|
||||
|
||||
|
||||
end
|
||||
|
|
@ -0,0 +1,489 @@
|
|||
(*****************************************************************************
|
||||
* Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL
|
||||
*
|
||||
* ofmc_thygen.sml ---
|
||||
* This file is part of Isabelle-OFMC.
|
||||
*
|
||||
* Copyright (c) 2009 Achim D. Brucker, Germany
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* * Neither the name of the copyright holders nor the names of its
|
||||
* contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
******************************************************************************)
|
||||
(* $Id: ofmc_thygen.sml 937 2009-11-02 05:21:07Z brucker $ *)
|
||||
signature OFMC_ENCODER =
|
||||
sig
|
||||
val ofmc_thygen: OfmcFp.ofmc_fp -> unit
|
||||
val ofmc_thygenAnB: string -> unit
|
||||
val main: string * string list -> unit
|
||||
end
|
||||
|
||||
structure ofmc_thygen =
|
||||
struct
|
||||
|
||||
val varcnt = ref ~1
|
||||
val noproof = ref false
|
||||
val version = "0.1"
|
||||
|
||||
fun varcount () = ((varcnt := !varcnt + 1); Int.toString(!varcnt))
|
||||
fun reset_varcount () = ((varcnt := ~1);())
|
||||
|
||||
|
||||
open ofmc_abstraction
|
||||
|
||||
|
||||
fun gen_header ofmcfp =
|
||||
let
|
||||
val protocol = protocol_of ofmcfp
|
||||
fun filename f = let
|
||||
val filename = (hd o List.rev o (String.tokens (fn c => ( c = #"/") orelse (c = #"\\")))) f
|
||||
in
|
||||
if (String.isSubstring ".AnB" filename)
|
||||
then String.substring(filename,0,(String.size filename) -4)
|
||||
else filename
|
||||
end
|
||||
in
|
||||
"header {* Analysing "^(protocol)^" *}\n"
|
||||
^"(* *********************************** \n"
|
||||
^" This file is automatically generated from the AnB file \""
|
||||
^(source_of ofmcfp)^"\".\n"
|
||||
^" Backend: "^(backend_of ofmcfp)^"\n"
|
||||
^"************************************ *)\n\n"
|
||||
^"theory"^"\n"
|
||||
^" \""
|
||||
^(if source_of ofmcfp = ""
|
||||
then protocol
|
||||
else filename (source_of ofmcfp) )
|
||||
^"\"\n"
|
||||
^" imports"^"\n"
|
||||
^" ofmc"^"\n"
|
||||
^"begin"^"\n\n"
|
||||
end
|
||||
|
||||
|
||||
|
||||
|
||||
fun gen_datatype ofmcfp =
|
||||
let
|
||||
fun mk_unique [] = []
|
||||
| mk_unique (x::xs) = if (List.exists (fn e => e = x) xs) then (mk_unique xs) else (x::(mk_unique xs))
|
||||
|
||||
val types = types_of ofmcfp
|
||||
|
||||
val agents = sel_types_of "Agent" ofmcfp
|
||||
val purposes = sel_types_of "Purpose" ofmcfp
|
||||
|
||||
val numbers = sel_types_of "Number" ofmcfp
|
||||
val functions = sel_types_of "Function" ofmcfp
|
||||
val symkeys = sel_types_of "SymmetricKey" ofmcfp
|
||||
|
||||
fun types2string conv [] = "\n"
|
||||
| types2string conv [x] = (conv x)
|
||||
| types2string conv (x::xs) = (conv x)^" | "^(types2string conv xs)
|
||||
|
||||
val purposes = mk_unique (purposes@(map (fn x => "purpose"^x) numbers))
|
||||
in
|
||||
"datatype Role = "^(types2string (fn r => "r"^r) agents)^"\n\n"
|
||||
^(if purposes = []
|
||||
then "datatype Purpose = purpose\n"
|
||||
else "datatype Purpose = "^(types2string (fn x => x) purposes)^"\n")
|
||||
^"datatype Agent = honest nat\n"
|
||||
^" | dishonest nat\n\n"
|
||||
|
||||
^"datatype Nonce = "^(types2string (fn x => x^"\n") (type_abstraction ofmcfp "Number"))
|
||||
^" and Msg = Nonce \"Nonce\" \n"
|
||||
^" | Agent \"Agent\" \n"
|
||||
^" | Purpose \"Purpose\"\n"
|
||||
^" | pair \"Msg*Msg\" \n"
|
||||
^" | scrypt \"Msg*Msg\" \n"
|
||||
^" | crypt \"Msg*Msg\" \n"
|
||||
^" | inv \"Msg\" \n"
|
||||
^" | SID \"nat\" \n"
|
||||
^" | Step \"nat\" \n"
|
||||
^" | authentication \n"
|
||||
^" | secrecy \n"
|
||||
^"(* SymKeys *)\n"
|
||||
^" | SymKey \"Msg\"\n"
|
||||
^(if (type_abstraction ofmcfp "SymmetricKey") = [] then ""
|
||||
else (" | "^(types2string (fn x => x) (type_abstraction ofmcfp "SymmetricKey"))^"\n"))
|
||||
^"(* Functions *)\n"
|
||||
^(if (type_abstraction ofmcfp "Function") = [] then ""
|
||||
else " | "^(types2string (fn x => x) (type_abstraction ofmcfp "Function"))^"\n")
|
||||
(* else " | "^(types2string (fn x => x^" \"Msg\"") functions)^"\n") *)
|
||||
^"\n"
|
||||
^" datatype Fact = Iknows Msg\n"
|
||||
^" | State \"Role * (Msg list)\"\n"
|
||||
^" | Secret \"Msg * Msg\"\n"
|
||||
^" | Attack \"Msg\"\n"
|
||||
^" | Witness \"Msg * Msg * Msg * Msg\"\n"
|
||||
^" | Request \"Msg * Msg * Msg * Msg * Msg\"\n\n\n"
|
||||
end
|
||||
|
||||
|
||||
fun is_literal ofmcfp (CVariable(n,t)) = let
|
||||
val types = types_of ofmcfp
|
||||
val wo_agents = (List.filter (fn (a,b) => a <> "Agent") types)
|
||||
val constants = List.concat (map (fn t => #2 t) wo_agents)
|
||||
in
|
||||
if Int.fromString n = NONE
|
||||
then if ((List.exists (fn n' => n = n') constants )
|
||||
orelse n="ni")
|
||||
then true
|
||||
else false
|
||||
else true
|
||||
end
|
||||
|
||||
fun collect_msgvars ofmcfp (CVariable(n,t)) = if is_literal ofmcfp (CVariable(n,t))
|
||||
then []
|
||||
else [CVariable(n,t)]
|
||||
| collect_msgvars ofmcfp (COperator(n,t,ms)) = List.concat (map (collect_msgvars ofmcfp) ms)
|
||||
| collect_msgvars ofmcfp (Abstraction(m,a)) = (collect_msgvars ofmcfp m)@(collect_msgvars ofmcfp a)
|
||||
|
||||
fun collect_vars ofmcfp (CState (s,ms)) = List.concat (map (collect_msgvars ofmcfp) ms)
|
||||
| collect_vars ofmcfp (CIknows m) = collect_msgvars ofmcfp m
|
||||
| collect_vars ofmcfp (CAttack m) = collect_msgvars ofmcfp m
|
||||
| collect_vars ofmcfp (CWitness ms) = List.concat (map (collect_msgvars ofmcfp) ms)
|
||||
| collect_vars ofmcfp (CRequest ms) = List.concat (map (collect_msgvars ofmcfp) ms)
|
||||
| collect_vars ofmcfp (CSecret ms) = List.concat (map (collect_msgvars ofmcfp) ms)
|
||||
| collect_vars ofmcfp (CFact (s,m)) = collect_msgvars ofmcfp m
|
||||
|
||||
|
||||
|
||||
fun string_of_cmsg (CVariable (s,t)) = s
|
||||
| string_of_cmsg (COperator (s,t,[])) = s
|
||||
| string_of_cmsg (COperator (s,t,ms)) = s^"("^(string_of_cmsg_list ms)^")"
|
||||
| string_of_cmsg (Abstraction (m,n)) = "("^(string_of_cmsg m)^" "^(string_of_cmsg n)^")"
|
||||
|
||||
and string_of_cmsg_list [] = ""
|
||||
| string_of_cmsg_list [m] = string_of_cmsg m
|
||||
| string_of_cmsg_list (m::ms) = (string_of_cmsg m)^", "^(string_of_cmsg_list ms)
|
||||
|
||||
fun gen_exists [] = ""
|
||||
| gen_exists xs = "? "^(String.concat (map (fn f => string_of_cmsg f^" ") xs))^". \n "
|
||||
|
||||
|
||||
fun string_of_cfact ofmcfp (CState (s,ms)) = "State("^s^", ["^(string_of_cmsg_list ms)^"] )"
|
||||
| string_of_cfact ofmcfp (CIknows m) = "Iknows("^(string_of_cmsg m)^")"
|
||||
| string_of_cfact ofmcfp (CAttack m) = "Attack("^(string_of_cmsg m)^")"
|
||||
| string_of_cfact ofmcfp (CWitness ms) = "Witness("^(string_of_cmsg_list ms)^")"
|
||||
| string_of_cfact ofmcfp (CRequest ms) = "Request("^(string_of_cmsg_list ms)^")"
|
||||
| string_of_cfact ofmdfp (CSecret ms) = "Secret("^(string_of_cmsg_list ms)^")"
|
||||
| string_of_cfact ofmdfp (CFact (s,m)) = "Fact("^s^", "^(string_of_cmsg m)^")"
|
||||
| string_of_cfact ofmcfp (CNotEqual (n,m)) = "~ ( "^(gen_exists (collect_msgvars ofmcfp m))
|
||||
^(string_of_cmsg n)^" = "^(string_of_cmsg m)^")"
|
||||
|
||||
|
||||
|
||||
fun gen_inductive ofmcfp =
|
||||
let
|
||||
val protocol = protocol_of ofmcfp
|
||||
fun gen_knowledge ((k:(string * Fact))::ks) =
|
||||
let
|
||||
val protocol = protocol_of ofmcfp
|
||||
fun string_of_initrule (k:(string * Fact)) = ((#1 k)^": \"[ "
|
||||
^(string_of_cfact ofmcfp (deabstractFact ofmcfp (#2 k)))
|
||||
^"] : "^protocol^"\"\n")
|
||||
in
|
||||
" "^(string_of_initrule k)
|
||||
^(String.concat (map (fn k => " | "^(string_of_initrule k)) ks))
|
||||
end
|
||||
|
||||
fun gen_rules rules =
|
||||
let
|
||||
val protocol = protocol_of ofmcfp
|
||||
fun string_of_rule (r:Rule) =
|
||||
let
|
||||
val name = case (#1 r) of NONE => "" | SOME s => (s^": ")
|
||||
fun to_string (CNotEqual (n,m)) = ";\n "^(string_of_cfact ofmcfp (CNotEqual (n,m)))
|
||||
| to_string f = ";\n "^(string_of_cfact ofmcfp f)^" : (set t)"
|
||||
in
|
||||
name^" \"[| t :"^protocol
|
||||
^(String.concat (map (fn k => to_string (deabstractFact ofmcfp k)) ((#2 r)) ) )
|
||||
^ "|] \n ==> \n("
|
||||
^(String.concat (map (fn k => "("^(string_of_cfact ofmcfp (deabstractFact ofmcfp k))^")\n #") ((#3 r))))
|
||||
^ "t) : "^protocol^"\"\n"
|
||||
end
|
||||
in
|
||||
(String.concat (map (fn k => " | "^(string_of_rule k)) rules))
|
||||
end
|
||||
in
|
||||
"inductive_set\n"
|
||||
^" "^protocol^"::\"Fact list set\"\n"
|
||||
^"where\n"
|
||||
^(gen_knowledge (knowledge_of ofmcfp))
|
||||
^(gen_rules (rules_of ofmcfp))
|
||||
end
|
||||
|
||||
|
||||
fun gen_fp ofmcfp =
|
||||
let
|
||||
val protocol = protocol_of ofmcfp
|
||||
val protocolFp = protocol^"_fp"
|
||||
val inner_quantification = false
|
||||
|
||||
|
||||
fun mk_msgvars_unique (CVariable(n,t)) = if is_literal ofmcfp (CVariable(n,t))
|
||||
then (CVariable(n,t))
|
||||
else (CVariable(n^(varcount()),t))
|
||||
| mk_msgvars_unique (COperator(n,t,ms)) = (COperator(n,t, map mk_msgvars_unique ms))
|
||||
| mk_msgvars_unique (Abstraction(m,a)) = (Abstraction(mk_msgvars_unique m,
|
||||
mk_msgvars_unique a))
|
||||
|
||||
|
||||
fun mk_msgvars_unique' v (CVariable(n,t)) = if is_literal ofmcfp (CVariable(n,t))
|
||||
then (CVariable(n,t))
|
||||
else
|
||||
if (v=(CVariable(n,t)))
|
||||
then (CVariable(n^(varcount()),t))
|
||||
else (CVariable(n,t))
|
||||
|
||||
|
||||
|
||||
| mk_msgvars_unique' v (COperator(n,t,ms)) = (COperator(n,t, map (mk_msgvars_unique' v) ms))
|
||||
| mk_msgvars_unique' v (Abstraction(m,a)) = (Abstraction(mk_msgvars_unique' v m,
|
||||
mk_msgvars_unique' v a))
|
||||
|
||||
|
||||
fun mk_vars_unique (CState (s,ms)) = (CState (s, map mk_msgvars_unique ms))
|
||||
| mk_vars_unique (CIknows m) = (CIknows (mk_msgvars_unique m) )
|
||||
| mk_vars_unique (CAttack m) = (CAttack (mk_msgvars_unique m))
|
||||
| mk_vars_unique (CWitness ms) = (CWitness (map mk_msgvars_unique ms))
|
||||
| mk_vars_unique (CRequest ms) = (CRequest (map mk_msgvars_unique ms))
|
||||
| mk_vars_unique (CSecret ms) = (CSecret (map mk_msgvars_unique ms))
|
||||
| mk_vars_unique (CFact (s,m)) = (CFact (s,mk_msgvars_unique m))
|
||||
|
||||
fun mk_vars_unique' v (CState (s,ms)) = (CState (s, map (mk_msgvars_unique' v) ms))
|
||||
| mk_vars_unique' v (CIknows m) = (CIknows (mk_msgvars_unique' v m) )
|
||||
| mk_vars_unique' v (CAttack m) = (CAttack (mk_msgvars_unique' v m))
|
||||
| mk_vars_unique' v (CWitness ms) = (CWitness (map (mk_msgvars_unique' v) ms))
|
||||
| mk_vars_unique' v (CRequest ms) = (CRequest (map (mk_msgvars_unique' v) ms))
|
||||
| mk_vars_unique' v (CSecret ms) = (CSecret (map (mk_msgvars_unique' v) ms))
|
||||
| mk_vars_unique' v (CFact (s,m)) = (CFact (s,mk_msgvars_unique' v m))
|
||||
|
||||
|
||||
|
||||
|
||||
val facts = (((knowledge_of ofmcfp)@(fixedpoint_of ofmcfp)))
|
||||
|
||||
fun string_of_fp_fact ofmcfp (n,f) =
|
||||
let
|
||||
val _ = reset_varcount()
|
||||
val cf = mk_vars_unique (deabstractFact ofmcfp f)
|
||||
in
|
||||
(gen_exists (collect_vars ofmcfp cf))
|
||||
^ "m = "
|
||||
^(string_of_cfact ofmcfp cf)
|
||||
end
|
||||
|
||||
fun string_of_fp_fact' ofmcfp (n,f) = "m = "^(string_of_cfact ofmcfp f)
|
||||
|
||||
|
||||
fun mk_outer_exists facts =
|
||||
let
|
||||
fun toSet [] = []
|
||||
| toSet (x::xs) = if List.exists (fn e => x = e) xs
|
||||
then toSet xs
|
||||
else x::(toSet xs)
|
||||
fun vars_of facts = toSet (List.concat(map (fn (n,f) => collect_vars ofmcfp f) facts))
|
||||
val vars = vars_of facts
|
||||
fun mk_v_unique [] (n,f) = (n,f)
|
||||
| mk_v_unique (v::vs) (n,f) = let
|
||||
val _ = reset_varcount()
|
||||
in
|
||||
mk_v_unique vs (n,mk_vars_unique' v f)
|
||||
end
|
||||
val ufacts = map (mk_v_unique vars) facts
|
||||
val uvars = vars_of ufacts
|
||||
in
|
||||
(uvars, ufacts)
|
||||
end
|
||||
val cfacts = map (fn (n,f) => (n,deabstractFact ofmcfp f)) facts
|
||||
|
||||
val outer_ex = mk_outer_exists cfacts
|
||||
in
|
||||
if inner_quantification
|
||||
then
|
||||
( "constdefs"
|
||||
^" "^protocolFp^"::\"Fact set\""
|
||||
^"\""^protocolFp^" == {m. (\n"
|
||||
^" ("^(string_of_fp_fact ofmcfp (hd facts)^")\n")
|
||||
^(String.concat (map (fn f => " | ("^(string_of_fp_fact ofmcfp f)^")\n") (tl facts) ))
|
||||
^")}\"\n")
|
||||
else
|
||||
( "constdefs"
|
||||
^" "^protocolFp^"::\"Fact set\""
|
||||
^"\""^protocolFp^" == {m. ( ? "^(String.concat (map (fn f => string_of_cmsg f^" ") (#1 outer_ex )))^".\n"
|
||||
^" ("^(string_of_fp_fact' ofmcfp (hd (#2 outer_ex ))^")\n")
|
||||
^(String.concat (map (fn f => " | ("^(string_of_fp_fact' ofmcfp f)^")\n") (tl (#2 outer_ex )) ))
|
||||
^")}\"\n")
|
||||
end
|
||||
|
||||
|
||||
fun gen_no_attack ofmcfp =
|
||||
let
|
||||
val protocol = (protocol_of ofmcfp)
|
||||
in
|
||||
"lemma fp_attack_free: \"~ (Attack m : "^protocol^"_fp)\"\n"
|
||||
^" by(simp only: "^protocol^"_fp_def, simp only: set2pred, simp, auto?)+\n\n"
|
||||
end
|
||||
|
||||
fun gen_over_approx_auto ofmcfp =
|
||||
let
|
||||
val protocol = protocol_of ofmcfp
|
||||
in
|
||||
"lemma over_approx: \"t : "^protocol^" ==> (set t) <= "^protocol^"_fp\"\n"
|
||||
^" apply(rule "^protocol^".induct, simp_all, safe)\n"
|
||||
^" apply(propagate_fp, simp add: "^protocol^"_fp_def, simp only: set2pred, simp, auto?)+\n"
|
||||
^"done\n\n"
|
||||
end
|
||||
|
||||
fun gen_over_approx ofmcfp =
|
||||
let
|
||||
val protocol = protocol_of ofmcfp
|
||||
val rulenames = (map (#1) (knowledge_of ofmcfp))@(map (Option.valOf o #1) (rules_of ofmcfp))
|
||||
fun gen_cuts rn = " apply(propagate_fp, cut_tac "^rn^", (assumption | simp)+)\n"
|
||||
in
|
||||
"lemma over_approx: \"t : "^protocol^" ==> (set t) <= "^protocol^"_fp\"\n"
|
||||
^" apply(rule "^protocol^".induct, simp_all)\n"
|
||||
^(String.concat (map gen_cuts rulenames))
|
||||
^"done\n\n"
|
||||
end
|
||||
|
||||
|
||||
|
||||
fun checkfp ofmcfp =
|
||||
let
|
||||
val protocol = protocol_of ofmcfp
|
||||
fun check_knowledge (k:(string * Fact)) =
|
||||
let
|
||||
val protocol = protocol_of ofmcfp
|
||||
fun string_of_initrule (k:(string * Fact)) = ((#1 k)^": \""
|
||||
^(string_of_cfact ofmcfp (deabstractFact ofmcfp (#2 k)))
|
||||
^" : "^protocol^"_fp\"\n")
|
||||
in
|
||||
"lemma "^(string_of_initrule k)
|
||||
^"by(simp only: "^protocol^"_fp_def, simp only: set2pred, simp, auto?)+\n\n"
|
||||
end
|
||||
|
||||
(*
|
||||
fun string_of_rule (r:Rule) =
|
||||
let
|
||||
val name = case (#1 r) of NONE => "" | SOME s => (s^": ")
|
||||
fun to_string (CNotEqual (n,m)) = ";\n "^(string_of_cfact (CNotEqual (n,m)))
|
||||
| to_string f = ";\n "^(string_of_cfact f)^" : (set t)"
|
||||
in
|
||||
name^" \"[| t :"^protocol
|
||||
^(String.concat (map (fn k => to_string (deabstractFact ofmcfp k)) ((#2 r)) ) )
|
||||
^ "|] \n ==> \n("
|
||||
^(String.concat (map (fn k => "("^(string_of_cfact (deabstractFact ofmcfp k))^")\n #") ((#3 r))))
|
||||
^ "t) : "^protocol^"\"\n"
|
||||
end
|
||||
*)
|
||||
|
||||
fun check_rules (r:Rule) =
|
||||
let
|
||||
val protocol = protocol_of ofmcfp
|
||||
val name = case (#1 r) of NONE => ":" | SOME s => (s^": ")
|
||||
fun to_string (CNotEqual (n,m)) = (string_of_cfact ofmcfp (CNotEqual (n,m)))
|
||||
| to_string f = (string_of_cfact ofmcfp f)^" : "^protocol^"_fp"
|
||||
|
||||
in
|
||||
"lemma "^name^" \"[| "
|
||||
^(String.concat (map (fn k => "\n "^(to_string (deabstractFact ofmcfp k))) ([hd (#2 r)]) ) )
|
||||
^(String.concat (map (fn k => ";\n "^(to_string (deabstractFact ofmcfp k))) (tl (#2 r)) ) )
|
||||
^ "|] \n ==> "
|
||||
^(String.concat (map (fn k => "\n ("^(to_string (deabstractFact ofmcfp k))^")") ([hd (#3 r)])))
|
||||
^(String.concat (map (fn k => " &\n ("^(to_string (deabstractFact ofmcfp k))^")") (tl (#3 r))))
|
||||
^ "\"\n"
|
||||
^"by(simp only: "^protocol^"_fp_def, simp only: set2pred, simp, auto?)+\n\n"
|
||||
end
|
||||
in
|
||||
(String.concat (map check_knowledge (knowledge_of ofmcfp)))
|
||||
^(String.concat (map check_rules (rules_of ofmcfp)))
|
||||
end
|
||||
|
||||
|
||||
fun ofmc_thygen ofmcfp =
|
||||
let
|
||||
val protocol = protocol_of ofmcfp
|
||||
val _ = print (gen_header ofmcfp)
|
||||
val _ = print ("\n\nsection {* Protocol Model ("^protocol^") *}\n")
|
||||
val _ = print (gen_datatype ofmcfp)
|
||||
val _ = print ("\n\nsection {* Inductive Protocol Definition ("^protocol^") *}\n")
|
||||
val _ = print (gen_inductive ofmcfp)
|
||||
val _ = print ("\n\nsection {* Fixed-point Definition ("^protocol^") *}\n")
|
||||
val _ = print (gen_fp ofmcfp)
|
||||
val _ = if !noproof then ()
|
||||
else (print ("\n\nsection {* Checking Fixed-point ("^protocol^") *}\n");
|
||||
print (gen_no_attack ofmcfp);
|
||||
print (checkfp ofmcfp);
|
||||
print ("\n\nsection {* Security Proof(s) ("^protocol^") *}\n");
|
||||
print (gen_over_approx ofmcfp))
|
||||
(* val _ = print ("(* Alternatively, the following script provides an non-modular\n")
|
||||
val _ = print (" way for proving the over-approximation direclty:\n\n")
|
||||
val _ = print (gen_over_approx_auto ofmcfp)
|
||||
val _ = print ("*)\n")
|
||||
*)
|
||||
val _ = print ("\n\nend (* theory *)\n")
|
||||
in () end
|
||||
|
||||
val ofmc_thygenAnB = ofmc_thygen o ofmc_connector.parseAnBFile
|
||||
|
||||
fun print_usage name = let
|
||||
val _ = print("\n")
|
||||
val _ = print("usage: "^name^" [args] <anb-specification>\n")
|
||||
val _ = print(name^", version "^version^"\n")
|
||||
val _ = print("\n")
|
||||
val _ = print(" --wauth\n")
|
||||
val _ = print(" --noproofs\n")
|
||||
val _ = print("\n")
|
||||
in
|
||||
()
|
||||
end
|
||||
|
||||
fun main (name:string,args:(string list)) =
|
||||
let
|
||||
val prgName = (hd o rev) (String.fields (fn s => s = #"/" orelse s = #"\\") name)
|
||||
in
|
||||
(
|
||||
case (prgName,args) of
|
||||
(n, []) => print_usage name
|
||||
| (n, "--noproof"::ar) => (noproof := true ; main(name, ar))
|
||||
| (n, "--wauth"::ar) => (ofmc_connector.wauth := true ; main(name, ar))
|
||||
| (n, [file]) => if String.isPrefix "-" file
|
||||
then print_usage name
|
||||
else ofmc_thygenAnB file
|
||||
| (_,_) => print_usage name
|
||||
)
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
|
||||
val _ = ofmc_thygen.main(CommandLine.name(), CommandLine.arguments())
|
|
@ -0,0 +1,117 @@
|
|||
(*****************************************************************************
|
||||
* Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL
|
||||
*
|
||||
* ofmcfp.sml ---
|
||||
* This file is part of Isabelle-OFMC.
|
||||
*
|
||||
* Copyright (c) 2009 Achim D. Brucker, Germany
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* * Neither the name of the copyright holders nor the names of its
|
||||
* contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
******************************************************************************)
|
||||
(* $Id: ofmcfp.sml 890 2009-10-31 21:34:17Z brucker $ *)
|
||||
|
||||
|
||||
structure OfmcFp = struct
|
||||
|
||||
(*
|
||||
datatype Operator = Crypt | Scrypt | Cat | Inv
|
||||
*)
|
||||
|
||||
datatype Msg = Atom of string
|
||||
| Operator of string * Msg list
|
||||
|
||||
type MsgPat = (Msg * Msg)
|
||||
type ProtocolState = MsgPat list
|
||||
|
||||
datatype Fact = State of string * Msg list
|
||||
| FPState of string * Msg
|
||||
| Iknows of Msg
|
||||
| Attack of Msg
|
||||
| Witness of Msg list
|
||||
| Request of Msg list
|
||||
| Secret of Msg list
|
||||
| Fact of string * Msg
|
||||
| NotEqual of (Msg * Msg)
|
||||
|
||||
type Rule = (string option * Fact list * Fact list)
|
||||
|
||||
|
||||
type ofmc_fp = {
|
||||
Protocol: string,
|
||||
Backend: string,
|
||||
Types: (string * (string list)) list,
|
||||
Rules: Rule list,
|
||||
Knowledge: (string * Fact) list,
|
||||
FixedPoint: (string * Fact) list,
|
||||
Abstractions : (Msg * Msg) list,
|
||||
Source : string
|
||||
}
|
||||
|
||||
|
||||
val empty_ofmc_fp = {Backend="", Protocol="", Types = [("Number",["NI"])], Rules = [], Knowledge=[], FixedPoint=[],
|
||||
Abstractions=[(Atom "ni",Atom "NI")], Source=""}:ofmc_fp
|
||||
(* Abstractions=[(Atom "purpose",Atom "PURPOSE"),(Atom "ni",Atom "NI")], Source=""}:ofmc_fp *)
|
||||
|
||||
fun update_protocol protocol ({Backend=backend, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source, ...}:ofmc_fp)
|
||||
= ({Protocol=protocol, Backend=backend, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source}:ofmc_fp)
|
||||
fun update_backend backend ({Protocol=protocol, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source, ...}:ofmc_fp)
|
||||
= ({Protocol=protocol, Backend=backend, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source}:ofmc_fp)
|
||||
fun update_types types ({Backend=backend, Protocol=protocol, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source, ...}:ofmc_fp)
|
||||
= ({Protocol=protocol, Backend=backend, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source}:ofmc_fp)
|
||||
fun update_rules rules ({Backend=backend, Protocol=protocol, Types=types, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source, ...}:ofmc_fp)
|
||||
= ({Protocol=protocol, Backend=backend, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source}:ofmc_fp)
|
||||
fun update_knowledge knowledge ({Backend=backend, Protocol=protocol, Types=types, Rules=rules, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source, ...}:ofmc_fp)
|
||||
= ({Protocol=protocol, Backend=backend, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source}:ofmc_fp)
|
||||
fun update_fixedpoint fixedpoint ({Backend=backend, Protocol=protocol, Types=types, Rules=rules, Knowledge = knowledge, Abstractions=abstractions,Source=source, ...}:ofmc_fp)
|
||||
= ({Protocol=protocol, Backend=backend, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source}:ofmc_fp)
|
||||
fun update_abstractions abstractions ({Backend=backend, Protocol=protocol, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint,Source=source, ...}:ofmc_fp)
|
||||
= ({Protocol=protocol, Backend=backend, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source}:ofmc_fp)
|
||||
fun update_source source ({Backend=backend, Protocol=protocol, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint,Abstractions=abstractions, ...}:ofmc_fp)
|
||||
= ({Protocol=protocol, Backend=backend, Types=types, Rules=rules, Knowledge = knowledge, FixedPoint=fixedpoint, Abstractions=abstractions,Source=source}:ofmc_fp)
|
||||
|
||||
|
||||
fun mk_unique [] = []
|
||||
| mk_unique (x::xs) = if (List.exists (fn e => e = x) xs) then (mk_unique xs) else (x::(mk_unique xs))
|
||||
|
||||
|
||||
fun backend_of (ofmcfp:ofmc_fp) = case #Backend ofmcfp of "" => "unknown" | s => s
|
||||
fun protocol_of (ofmcfp:ofmc_fp) = case #Protocol ofmcfp of "" => "protocol" | s => s
|
||||
fun knowledge_of (ofmcfp:ofmc_fp) = #Knowledge ofmcfp
|
||||
fun rules_of (ofmcfp:ofmc_fp) = #Rules ofmcfp
|
||||
fun types_of (ofmcfp:ofmc_fp) = #Types ofmcfp
|
||||
fun sel_types_of t (ofmcfp:ofmc_fp) = mk_unique (List.concat (map #2 (List.filter (fn (a,b) => a = t) (#Types ofmcfp))))
|
||||
|
||||
fun fixedpoint_of (ofmcfp:ofmc_fp) = #FixedPoint ofmcfp
|
||||
fun abstractions_of (ofmcfp:ofmc_fp) = #Abstractions ofmcfp
|
||||
fun source_of (ofmcfp:ofmc_fp) = #Source ofmcfp
|
||||
|
||||
end
|
||||
|
|
@ -0,0 +1,57 @@
|
|||
(*****************************************************************************
|
||||
* Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL
|
||||
*
|
||||
* root.sml ---
|
||||
* This file is part of Isabelle-OFMC.
|
||||
*
|
||||
* Copyright (c) 2009 Achim D. Brucker, Germany
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* * Neither the name of the copyright holders nor the names of its
|
||||
* contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
******************************************************************************)
|
||||
(* $Id: root.sml 450 2009-02-02 08:59:41Z brucker $ *)
|
||||
|
||||
|
||||
val ord = Char.ord;
|
||||
val chr = Char.chr;
|
||||
val print = TextIO.print ;
|
||||
|
||||
OS.FileSys.chDir "ml-yacc-lib";
|
||||
use "root.sml";
|
||||
OS.FileSys.chDir "..";
|
||||
|
||||
|
||||
use "ofmcfp.sml";
|
||||
use "ofmc-fp.grm.sig";
|
||||
use "ofmc-fp.lex.sml";
|
||||
use "ofmc-fp.grm.sml";
|
||||
use "ofmc_connector.sml";
|
||||
use "ofmc_abstraction.sml";
|
||||
use "ofmc_encoder.sml";
|
|
@ -0,0 +1,148 @@
|
|||
(*****************************************************************************
|
||||
* Isabelle-OFMC --- Connecting OFMC and Isabelle/HOL
|
||||
*
|
||||
* config.sml.in --- main configuration file for Isabelle-OFMC
|
||||
* This file is part of Isabelle-OFMC.
|
||||
*
|
||||
* Copyright (c) 2009 Achim D. Brucker, Germany
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are
|
||||
* met:
|
||||
*
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* * Redistributions in binary form must reproduce the above
|
||||
* copyright notice, this list of conditions and the following
|
||||
* disclaimer in the documentation and/or other materials provided
|
||||
* with the distribution.
|
||||
*
|
||||
* * Neither the name of the copyright holders nor the names of its
|
||||
* contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
******************************************************************************)
|
||||
(* $Id: ofmc.thy 935 2009-11-02 00:02:50Z brucker $ *)
|
||||
|
||||
|
||||
theory
|
||||
ofmc
|
||||
imports
|
||||
Main
|
||||
(* uses
|
||||
"kernel_ext/isabelle2009_kernel_patch.ML"
|
||||
(* "kernel_ext/ProofObligationMgr2008.sml" *)
|
||||
*)
|
||||
begin
|
||||
|
||||
|
||||
section {* Auxiliary Lemmata *}
|
||||
|
||||
lemma set2pred: " x \<in> {m . P(m)} \<equiv> P(x)"
|
||||
by(auto)
|
||||
|
||||
section {* Proof Obligation Manager Configuration *}
|
||||
|
||||
|
||||
section {* Isabelle/ofmc Specific Tactics *}
|
||||
|
||||
(*
|
||||
|
||||
|
||||
setup {*
|
||||
Method.add_method ("propagate_fp_cterm",
|
||||
let
|
||||
fun propagate_fp_tac ctxt facts =
|
||||
let
|
||||
val thy = ProofContext.theory_of ctxt
|
||||
fun m_tac thm =
|
||||
let
|
||||
fun collect_facts (((Const ("op :",_))$(t)$(Const("List.set",_)$_))) = [t]
|
||||
| collect_facts (t1$t2) = ((collect_facts t1)@(collect_facts t2))
|
||||
| collect_facts (Abs (_,_,t)) = collect_facts t
|
||||
| collect_facts _ = []
|
||||
val cand = collect_facts (hd(prems_of(thm)))
|
||||
fun subst v t = let
|
||||
val _ = warning ("substituting "^(Syntax.string_of_term ctxt t))
|
||||
in
|
||||
(Thm.cterm_of thy (Var((v,0),type_of t)),
|
||||
Thm.cterm_of thy t)
|
||||
end
|
||||
val _ = warning ("Candidates found:")
|
||||
val _ = map (fn p => warning (" "^(Syntax.string_of_term ctxt p)
|
||||
)) cand
|
||||
|
||||
fun foo [f] = (forw_terminst_tac [] [subst "c" f] (instantiate' [SOME (ctyp_of thy (type_of f))] [] (PureThy.get_thm thy "subsetD")) 1)
|
||||
THEN (simp_tac HOL_ss 1)
|
||||
| foo (f::facts) = foo [f] THEN (foo facts)
|
||||
| foo [] = all_tac
|
||||
in
|
||||
(foo cand) thm
|
||||
end
|
||||
in
|
||||
m_tac
|
||||
end
|
||||
in
|
||||
Method.ctxt_args (fn ctxt => Method.METHOD (fn facts => propagate_fp_tac ctxt facts))
|
||||
end,
|
||||
"propagate fixed-point")
|
||||
*})
|
||||
|
||||
*)
|
||||
|
||||
|
||||
setup {*
|
||||
Method.add_method("propagate_fp",
|
||||
let
|
||||
fun propagate_fp_tac_str ctxt facts =
|
||||
let
|
||||
val thy = ProofContext.theory_of ctxt
|
||||
fun m_tac thm =
|
||||
let
|
||||
fun replace_bounded b (t1$t2) = (replace_bounded b t1)$(replace_bounded b t2)
|
||||
| replace_bounded b (Bound c) = Free(List.nth (b,(List.length b) - c -1))
|
||||
| replace_bounded _ t = t
|
||||
|
||||
fun collect_facts b (((Const ("op :",_))$(t)$(Const("List.set",_)$_))) = [replace_bounded b t]
|
||||
| collect_facts b (t1$t2) = ((collect_facts b t1)@(collect_facts b t2))
|
||||
| collect_facts b (Abs (n,ty,t)) = collect_facts (b@[(n,ty)]) t
|
||||
| collect_facts _ _ = []
|
||||
fun to_string f = (PrintMode.setmp [] Display.string_of_cterm (cterm_of thy f))
|
||||
val cand = case prems_of(thm) of
|
||||
[] => []
|
||||
| (p::ps) => collect_facts [] p
|
||||
(* val _ = warning "Candiates are"
|
||||
val _ = map (fn s => warning (Syntax.string_of_term ctxt s)) cand *)
|
||||
(* fun foo [f] = (forw_inst_tac ctxt [("c", to_string f )] (PureThy.get_thm thy "subsetD") 1) *)
|
||||
fun foo [f] = (forw_inst_tac ctxt [(("c",0), to_string f )] (PureThy.get_thm thy "subsetD") 1)
|
||||
THEN (simp_tac HOL_ss 1)
|
||||
| foo (f::facts) = foo [f] THEN (foo facts)
|
||||
| foo [] = all_tac
|
||||
in
|
||||
(foo cand) thm
|
||||
end
|
||||
in
|
||||
m_tac
|
||||
end
|
||||
in
|
||||
Method.ctxt_args (fn ctxt => Method.METHOD (fn facts => propagate_fp_tac_str ctxt facts))
|
||||
end
|
||||
,"propagate fixed-point")
|
||||
*}
|
||||
|
||||
|
||||
end
|
Reference in New Issue