(herald "Needham-Schroeder Public-Key Protocol" (comment "This protocol contains a man-in-the-middle" "attack discovered by Galvin Lowe.")) (comment "CPSA 3.4.0") (comment "All input read from ns.scm") (defprotocol ns basic (defrole init (vars (a b name) (n1 n2 text)) (trace (send (enc n1 a (pubk b))) (recv (enc n1 n2 (pubk a))) (send (enc n2 (pubk b))))) (defrole resp (vars (b a name) (n2 n1 text)) (trace (recv (enc n1 a (pubk b))) (send (enc n1 n2 (pubk a))) (recv (enc n2 (pubk b))))) (comment "Needham-Schroeder")) (defskeleton ns (vars (n1 n2 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (non-orig (privk a) (privk b)) (uniq-orig n1) (comment "Initiator point-of-view") (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 (pubk a))) (send (enc n2 (pubk b))))) (label 0) (unrealized (0 1)) (origs (n1 (0 0))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n1 n2 n2-0 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (defstrand resp 2 (n2 n2-0) (n1 n1) (b b) (a a)) (precedes ((0 0) (1 0)) ((1 1) (0 1))) (non-orig (privk a) (privk b)) (uniq-orig n1) (operation nonce-test (added-strand resp 2) n1 (0 1) (enc n1 a (pubk b))) (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 (pubk a))) (send (enc n2 (pubk b)))) ((recv (enc n1 a (pubk b))) (send (enc n1 n2-0 (pubk a))))) (label 1) (parent 0) (unrealized (0 1)) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n1 n2 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (defstrand resp 2 (n2 n2) (n1 n1) (b b) (a a)) (precedes ((0 0) (1 0)) ((1 1) (0 1))) (non-orig (privk a) (privk b)) (uniq-orig n1) (operation nonce-test (contracted (n2-0 n2)) n1 (0 1) (enc n1 n2 (pubk a)) (enc n1 a (pubk b))) (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 (pubk a))) (send (enc n2 (pubk b)))) ((recv (enc n1 a (pubk b))) (send (enc n1 n2 (pubk a))))) (label 2) (parent 1) (unrealized) (shape) (maps ((0) ((a a) (b b) (n1 n1) (n2 n2)))) (origs (n1 (0 0)))) (comment "Nothing left to do") (defprotocol ns basic (defrole init (vars (a b name) (n1 n2 text)) (trace (send (enc n1 a (pubk b))) (recv (enc n1 n2 (pubk a))) (send (enc n2 (pubk b))))) (defrole resp (vars (b a name) (n2 n1 text)) (trace (recv (enc n1 a (pubk b))) (send (enc n1 n2 (pubk a))) (recv (enc n2 (pubk b))))) (comment "Needham-Schroeder")) (defskeleton ns (vars (n2 n1 text) (a b name)) (defstrand resp 3 (n2 n2) (n1 n1) (b b) (a a)) (non-orig (privk a) (privk b)) (uniq-orig n2) (comment "Responder point-of-view") (traces ((recv (enc n1 a (pubk b))) (send (enc n1 n2 (pubk a))) (recv (enc n2 (pubk b))))) (label 3) (unrealized (0 2)) (origs (n2 (0 1))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n2 n1 text) (a b b-0 name)) (defstrand resp 3 (n2 n2) (n1 n1) (b b) (a a)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b-0)) (precedes ((0 1) (1 1)) ((1 2) (0 2))) (non-orig (privk a) (privk b)) (uniq-orig n2) (operation nonce-test (added-strand init 3) n2 (0 2) (enc n1 n2 (pubk a))) (traces ((recv (enc n1 a (pubk b))) (send (enc n1 n2 (pubk a))) (recv (enc n2 (pubk b)))) ((send (enc n1 a (pubk b-0))) (recv (enc n1 n2 (pubk a))) (send (enc n2 (pubk b-0))))) (label 4) (parent 3) (unrealized) (shape) (maps ((0) ((a a) (b b) (n2 n2) (n1 n1)))) (origs (n2 (0 1)))) (comment "Nothing left to do")