(herald "ALternate Needham-Schroeder Public-Key Protocol Variants") (comment "CPSA 4.4.7") (comment "All input read from tst/ns-unrebinding.scm") (defprotocol ns basic (defrole init (vars (a b name) (n1 n2 text)) (trace (send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b))))) (defrole resp (vars (b a name) (n2 n1 text)) (trace (recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a))) (recv (enc n2 (pubk b))))) (defgenrule neqRl_indx (forall ((x indx)) (implies (fact neq x x) (false)))) (defgenrule neqRl_strd (forall ((x strd)) (implies (fact neq x x) (false)))) (defgenrule neqRl_mesg (forall ((x mesg)) (implies (fact neq x x) (false)))) (comment "Needham-Schroeder with no role origination assumptions")) (defskeleton ns (vars (n1 n2 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (non-orig (privk a) (privk b)) (uniq-orig n1) (comment "Initiator point-of-view") (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b))))) (label 0) (unrealized (0 1)) (maps ((0) ((a a) (b b) (n1 n1) (n2 n2)))) (origs (n1 (0 0))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n1 n2 n2-0 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (defstrand resp 2 (n2 n2-0) (n1 n1) (b b) (a a)) (precedes ((0 0) (1 0)) ((1 1) (0 1))) (non-orig (privk a) (privk b)) (uniq-orig n1) (comment "Initiator point-of-view") (operation nonce-test (added-strand resp 2) n1 (0 1) (enc n1 a (pubk b))) (strand-map 0) (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((recv (enc n1 a (pubk b))) (send (enc n1 n2-0 b (pubk a))))) (label 1) (parent 0) (unrealized (0 1)) (maps ((0) ((a a) (b b) (n1 n1) (n2 n2)))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n1 n2 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (defstrand resp 2 (n2 n2) (n1 n1) (b b) (a a)) (precedes ((0 0) (1 0)) ((1 1) (0 1))) (non-orig (privk a) (privk b)) (uniq-orig n1) (comment "Initiator point-of-view") (operation nonce-test (contracted (n2-0 n2)) n1 (0 1) (enc n1 a (pubk b)) (enc n1 n2 b (pubk a))) (strand-map 0 1) (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a))))) (label 2) (parent 1) (realized) (shape) (maps ((0) ((a a) (b b) (n1 n1) (n2 n2)))) (origs (n1 (0 0)))) (comment "Nothing left to do") (defprotocol ns basic (defrole init (vars (a b name) (n1 n2 text)) (trace (send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b))))) (defrole resp (vars (b a name) (n2 n1 text)) (trace (recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a))) (recv (enc n2 (pubk b))))) (defgenrule neqRl_indx (forall ((x indx)) (implies (fact neq x x) (false)))) (defgenrule neqRl_strd (forall ((x strd)) (implies (fact neq x x) (false)))) (defgenrule neqRl_mesg (forall ((x mesg)) (implies (fact neq x x) (false)))) (comment "Needham-Schroeder with no role origination assumptions")) (defskeleton ns (vars (n1 n2 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (non-orig (privk a) (privk b)) (uniq-orig n1) (facts (rel n1 n1)) (comment "Initiator point-of-view") (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b))))) (label 3) (unrealized (0 1)) (maps ((0) ((a a) (b b) (n1 n1) (n2 n2)))) (origs (n1 (0 0))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n1 n2 n2-0 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (defstrand resp 2 (n2 n2-0) (n1 n1) (b b) (a a)) (precedes ((0 0) (1 0)) ((1 1) (0 1))) (non-orig (privk a) (privk b)) (uniq-orig n1) (facts (rel n1 n1)) (comment "Initiator point-of-view") (operation nonce-test (added-strand resp 2) n1 (0 1) (enc n1 a (pubk b))) (strand-map 0) (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((recv (enc n1 a (pubk b))) (send (enc n1 n2-0 b (pubk a))))) (label 4) (parent 3) (unrealized (0 1)) (maps ((0) ((a a) (b b) (n1 n1) (n2 n2)))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n1 n2 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (defstrand resp 2 (n2 n2) (n1 n1) (b b) (a a)) (precedes ((0 0) (1 0)) ((1 1) (0 1))) (non-orig (privk a) (privk b)) (uniq-orig n1) (facts (rel n1 n1)) (comment "Initiator point-of-view") (operation nonce-test (contracted (n2-0 n2)) n1 (0 1) (enc n1 a (pubk b)) (enc n1 n2 b (pubk a))) (strand-map 0 1) (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a))))) (label 5) (parent 4) (realized) (shape) (maps ((0) ((a a) (b b) (n1 n1) (n2 n2)))) (origs (n1 (0 0)))) (comment "Nothing left to do") (defprotocol ns basic (defrole init (vars (a b name) (n1 n2 text)) (trace (send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b))))) (defrole resp (vars (b a name) (n2 n1 text)) (trace (recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a))) (recv (enc n2 (pubk b))))) (defgenrule neqRl_indx (forall ((x indx)) (implies (fact neq x x) (false)))) (defgenrule neqRl_strd (forall ((x strd)) (implies (fact neq x x) (false)))) (defgenrule neqRl_mesg (forall ((x mesg)) (implies (fact neq x x) (false)))) (comment "Needham-Schroeder with no role origination assumptions")) (defskeleton ns (vars (n1 n2 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (non-orig (privk b)) (uniq-orig n1) (comment "Initiator point-of-view") (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b))))) (label 6) (unrealized (0 1)) (maps ((0) ((a a) (b b) (n1 n1) (n2 n2)))) (origs (n1 (0 0))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n1 n2 n2-0 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (defstrand resp 2 (n2 n2-0) (n1 n1) (b b) (a a)) (precedes ((0 0) (1 0)) ((1 1) (0 1))) (non-orig (privk b)) (uniq-orig n1) (comment "Initiator point-of-view") (operation nonce-test (added-strand resp 2) n1 (0 1) (enc n1 a (pubk b))) (strand-map 0) (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((recv (enc n1 a (pubk b))) (send (enc n1 n2-0 b (pubk a))))) (label 7) (parent 6) (realized) (shape) (maps ((0) ((a a) (b b) (n1 n1) (n2 n2)))) (origs (n1 (0 0)))) (comment "Nothing left to do") (defprotocol ns basic (defrole init (vars (a b name) (n1 n2 text)) (trace (send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b))))) (defrole resp (vars (b a name) (n2 n1 text)) (trace (recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a))) (recv (enc n2 (pubk b))))) (defgenrule neqRl_indx (forall ((x indx)) (implies (fact neq x x) (false)))) (defgenrule neqRl_strd (forall ((x strd)) (implies (fact neq x x) (false)))) (defgenrule neqRl_mesg (forall ((x mesg)) (implies (fact neq x x) (false)))) (comment "Needham-Schroeder with no role origination assumptions")) (defskeleton ns (vars (n1 n2 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (deflistener n1) (non-orig (privk a) (privk b)) (uniq-orig n1) (comment "Initiator point-of-view") (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((recv n1) (send n1))) (label 8) (unrealized (0 1) (1 0)) (preskeleton) (maps ((0 1) ((a a) (b b) (n1 n1) (n2 n2)))) (origs (n1 (0 0))) (comment "Not a skeleton")) (defskeleton ns (vars (n1 n2 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (deflistener n1) (precedes ((0 0) (1 0))) (non-orig (privk a) (privk b)) (uniq-orig n1) (comment "Initiator point-of-view") (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((recv n1) (send n1))) (label 9) (parent 8) (unrealized (0 1) (1 0)) (maps ((0 1) ((a a) (b b) (n1 n1) (n2 n2)))) (origs (n1 (0 0))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n1 n2 n2-0 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (deflistener n1) (defstrand resp 2 (n2 n2-0) (n1 n1) (b b) (a a)) (precedes ((0 0) (2 0)) ((2 1) (1 0))) (non-orig (privk a) (privk b)) (uniq-orig n1) (comment "Initiator point-of-view") (operation nonce-test (added-strand resp 2) n1 (1 0) (enc n1 a (pubk b))) (strand-map 0 1) (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((recv n1) (send n1)) ((recv (enc n1 a (pubk b))) (send (enc n1 n2-0 b (pubk a))))) (label 10) (parent 9) (unrealized (0 1) (1 0)) (maps ((0 1) ((a a) (b b) (n1 n1) (n2 n2)))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n2 text) (a b name)) (defstrand init 3 (n1 n2) (n2 n2) (a a) (b b)) (deflistener n2) (defstrand resp 2 (n2 n2) (n1 n2) (b b) (a a)) (precedes ((0 0) (2 0)) ((0 2) (1 0)) ((2 1) (1 0))) (non-orig (privk a) (privk b)) (uniq-orig n2) (comment "Initiator point-of-view") (operation nonce-test (displaced 3 0 init 3) n2-0 (1 0) (enc n2-0 a (pubk b)) (enc n2-0 n2-0 b (pubk a))) (strand-map 0 1 2) (traces ((send (enc n2 a (pubk b))) (recv (enc n2 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((recv n2) (send n2)) ((recv (enc n2 a (pubk b))) (send (enc n2 n2 b (pubk a))))) (label 11) (parent 10) (unrealized (0 1) (1 0)) (maps ((0 1) ((a a) (b b) (n1 n2) (n2 n2)))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n2 n2-0 text) (a b name)) (defstrand init 3 (n1 n2) (n2 n2) (a a) (b b)) (deflistener n2) (defstrand resp 2 (n2 n2) (n1 n2) (b b) (a a)) (defstrand resp 2 (n2 n2-0) (n1 n2) (b b) (a a)) (precedes ((0 0) (2 0)) ((0 0) (3 0)) ((0 2) (1 0)) ((2 1) (1 0)) ((3 1) (1 0))) (non-orig (privk a) (privk b)) (uniq-orig n2) (comment "Initiator point-of-view") (operation nonce-test (added-strand resp 2) n2 (1 0) (enc n2 (pubk b)) (enc n2 a (pubk b)) (enc n2 n2 b (pubk a))) (strand-map 0 1 2) (traces ((send (enc n2 a (pubk b))) (recv (enc n2 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((recv n2) (send n2)) ((recv (enc n2 a (pubk b))) (send (enc n2 n2 b (pubk a)))) ((recv (enc n2 a (pubk b))) (send (enc n2 n2-0 b (pubk a))))) (label 12) (parent 11) (unrealized (0 1) (1 0)) (dead) (maps ((0 1) ((a a) (b b) (n1 n2) (n2 n2)))) (comment "empty cohort")) (comment "Nothing left to do") (defprotocol ns basic (defrole init (vars (a b name) (n1 n2 text)) (trace (send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b))))) (defrole resp (vars (b a name) (n2 n1 text)) (trace (recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a))) (recv (enc n2 (pubk b))))) (defgenrule neqRl_indx (forall ((x indx)) (implies (fact neq x x) (false)))) (defgenrule neqRl_strd (forall ((x strd)) (implies (fact neq x x) (false)))) (defgenrule neqRl_mesg (forall ((x mesg)) (implies (fact neq x x) (false)))) (comment "Needham-Schroeder with no role origination assumptions")) (defskeleton ns (vars (n1 n1-0 n2 n2-0 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (defstrand init 3 (n1 n1-0) (n2 n2-0) (a a) (b b)) (non-orig (privk a) (privk b)) (uniq-orig n1 n1-0) (comment "Double initiator point-of-view") (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((send (enc n1-0 a (pubk b))) (recv (enc n1-0 n2-0 b (pubk a))) (send (enc n2-0 (pubk b))))) (label 13) (unrealized (0 1) (1 1)) (maps ((0 1) ((a a) (b b) (n1 n1) (n1-0 n1-0) (n2 n2) (n2-0 n2-0)))) (origs (n1 (0 0)) (n1-0 (1 0))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n1 n2 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (non-orig (privk a) (privk b)) (uniq-orig n1) (comment "Double initiator point-of-view") (operation collapsed 1 0) (strand-map 0 0) (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b))))) (label 14) (parent 13) (unrealized (0 1)) (maps ((0 0) ((a a) (b b) (n1 n1) (n1-0 n1) (n2 n2) (n2-0 n2)))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n1 n1-0 n2 n2-0 n2-1 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (defstrand init 3 (n1 n1-0) (n2 n2-0) (a a) (b b)) (defstrand resp 2 (n2 n2-1) (n1 n1-0) (b b) (a a)) (precedes ((1 0) (2 0)) ((2 1) (1 1))) (non-orig (privk a) (privk b)) (uniq-orig n1 n1-0) (comment "Double initiator point-of-view") (operation nonce-test (added-strand resp 2) n1-0 (1 1) (enc n1-0 a (pubk b))) (strand-map 0 1) (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((send (enc n1-0 a (pubk b))) (recv (enc n1-0 n2-0 b (pubk a))) (send (enc n2-0 (pubk b)))) ((recv (enc n1-0 a (pubk b))) (send (enc n1-0 n2-1 b (pubk a))))) (label 15) (parent 13) (unrealized (0 1) (1 1)) (maps ((0 1) ((a a) (b b) (n1 n1) (n1-0 n1-0) (n2 n2) (n2-0 n2-0)))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n1 n2 n2-0 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (defstrand resp 2 (n2 n2-0) (n1 n1) (b b) (a a)) (precedes ((0 0) (1 0)) ((1 1) (0 1))) (non-orig (privk a) (privk b)) (uniq-orig n1) (comment "Double initiator point-of-view") (operation nonce-test (added-strand resp 2) n1 (0 1) (enc n1 a (pubk b))) (strand-map 0) (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((recv (enc n1 a (pubk b))) (send (enc n1 n2-0 b (pubk a))))) (label 16) (parent 14) (unrealized (0 1)) (maps ((0 0) ((a a) (b b) (n1 n1) (n1-0 n1) (n2 n2) (n2-0 n2)))) (origs (n1 (0 0))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n1 n1-0 n2 n2-0 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (defstrand init 3 (n1 n1-0) (n2 n2-0) (a a) (b b)) (defstrand resp 2 (n2 n2-0) (n1 n1-0) (b b) (a a)) (precedes ((1 0) (2 0)) ((2 1) (1 1))) (non-orig (privk a) (privk b)) (uniq-orig n1 n1-0) (comment "Double initiator point-of-view") (operation nonce-test (contracted (n2-1 n2-0)) n1-0 (1 1) (enc n1-0 a (pubk b)) (enc n1-0 n2-0 b (pubk a))) (strand-map 0 1 2) (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((send (enc n1-0 a (pubk b))) (recv (enc n1-0 n2-0 b (pubk a))) (send (enc n2-0 (pubk b)))) ((recv (enc n1-0 a (pubk b))) (send (enc n1-0 n2-0 b (pubk a))))) (label 17) (parent 15) (unrealized (0 1)) (maps ((0 1) ((a a) (b b) (n1 n1) (n1-0 n1-0) (n2 n2) (n2-0 n2-0)))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n1 n2 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (defstrand resp 2 (n2 n2) (n1 n1) (b b) (a a)) (precedes ((0 0) (1 0)) ((1 1) (0 1))) (non-orig (privk a) (privk b)) (uniq-orig n1) (comment "Double initiator point-of-view") (operation nonce-test (contracted (n2-0 n2)) n1 (0 1) (enc n1 a (pubk b)) (enc n1 n2 b (pubk a))) (strand-map 0 1) (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a))))) (label 18) (parent 16) (realized) (shape) (maps ((0 0) ((a a) (b b) (n1 n1) (n1-0 n1) (n2 n2) (n2-0 n2)))) (origs (n1 (0 0)))) (defskeleton ns (vars (n1 n1-0 n2 n2-0 n2-1 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (defstrand init 3 (n1 n1-0) (n2 n2-0) (a a) (b b)) (defstrand resp 2 (n2 n2-0) (n1 n1-0) (b b) (a a)) (defstrand resp 2 (n2 n2-1) (n1 n1) (b b) (a a)) (precedes ((0 0) (3 0)) ((1 0) (2 0)) ((2 1) (1 1)) ((3 1) (0 1))) (non-orig (privk a) (privk b)) (uniq-orig n1 n1-0) (comment "Double initiator point-of-view") (operation nonce-test (added-strand resp 2) n1 (0 1) (enc n1 a (pubk b))) (strand-map 0 1 2) (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((send (enc n1-0 a (pubk b))) (recv (enc n1-0 n2-0 b (pubk a))) (send (enc n2-0 (pubk b)))) ((recv (enc n1-0 a (pubk b))) (send (enc n1-0 n2-0 b (pubk a)))) ((recv (enc n1 a (pubk b))) (send (enc n1 n2-1 b (pubk a))))) (label 19) (parent 17) (unrealized (0 1)) (maps ((0 1) ((a a) (b b) (n1 n1) (n1-0 n1-0) (n2 n2) (n2-0 n2-0)))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n1 n1-0 n2 n2-0 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2-0) (a a) (b b)) (defstrand init 3 (n1 n1-0) (n2 n2) (a a) (b b)) (defstrand resp 2 (n2 n2) (n1 n1-0) (b b) (a a)) (defstrand resp 2 (n2 n2-0) (n1 n1) (b b) (a a)) (precedes ((0 0) (3 0)) ((1 0) (2 0)) ((2 1) (1 1)) ((3 1) (0 1))) (non-orig (privk a) (privk b)) (uniq-orig n1 n1-0) (comment "Double initiator point-of-view") (operation nonce-test (contracted (n2-1 n2-0)) n1 (0 1) (enc n1 a (pubk b)) (enc n1 n2-0 b (pubk a))) (strand-map 0 1 2 3) (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2-0 b (pubk a))) (send (enc n2-0 (pubk b)))) ((send (enc n1-0 a (pubk b))) (recv (enc n1-0 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((recv (enc n1-0 a (pubk b))) (send (enc n1-0 n2 b (pubk a)))) ((recv (enc n1 a (pubk b))) (send (enc n1 n2-0 b (pubk a))))) (label 20) (parent 19) (realized) (shape) (maps ((0 1) ((a a) (b b) (n1 n1) (n1-0 n1-0) (n2 n2-0) (n2-0 n2)))) (origs (n1 (0 0)) (n1-0 (1 0)))) (comment "Nothing left to do") (defprotocol ns basic (defrole init (vars (a b name) (n1 n2 text)) (trace (send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b))))) (defrole resp (vars (b a name) (n2 n1 text)) (trace (recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a))) (recv (enc n2 (pubk b))))) (defgenrule neqRl_indx (forall ((x indx)) (implies (fact neq x x) (false)))) (defgenrule neqRl_strd (forall ((x strd)) (implies (fact neq x x) (false)))) (defgenrule neqRl_mesg (forall ((x mesg)) (implies (fact neq x x) (false)))) (comment "Needham-Schroeder with no role origination assumptions")) (defskeleton ns (vars (n1 n2 n2-0 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (defstrand init 3 (n1 n1) (n2 n2-0) (a a) (b b)) (non-orig (privk a) (privk b)) (uniq-orig n1) (comment "Double initiator point-of-view, same nonce") (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((send (enc n1 a (pubk b))) (recv (enc n1 n2-0 b (pubk a))) (send (enc n2-0 (pubk b))))) (label 21) (realized) (preskeleton) (maps ((0 1) ((a a) (b b) (n1 n1) (n2 n2) (n2-0 n2-0)))) (origs (n1 (1 0)) (n1 (0 0))) (comment "Not a skeleton")) (defskeleton ns (vars (n1 n2 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (non-orig (privk a) (privk b)) (uniq-orig n1) (comment "Double initiator point-of-view, same nonce") (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b))))) (label 22) (parent 21) (unrealized (0 1)) (maps ((0 0) ((a a) (b b) (n1 n1) (n2 n2) (n2-0 n2)))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n1 n2 n2-0 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (defstrand resp 2 (n2 n2-0) (n1 n1) (b b) (a a)) (precedes ((0 0) (1 0)) ((1 1) (0 1))) (non-orig (privk a) (privk b)) (uniq-orig n1) (comment "Double initiator point-of-view, same nonce") (operation nonce-test (added-strand resp 2) n1 (0 1) (enc n1 a (pubk b))) (strand-map 0) (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((recv (enc n1 a (pubk b))) (send (enc n1 n2-0 b (pubk a))))) (label 23) (parent 22) (unrealized (0 1)) (maps ((0 0) ((a a) (b b) (n1 n1) (n2 n2) (n2-0 n2)))) (origs (n1 (0 0))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n1 n2 text) (a b name)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (defstrand resp 2 (n2 n2) (n1 n1) (b b) (a a)) (precedes ((0 0) (1 0)) ((1 1) (0 1))) (non-orig (privk a) (privk b)) (uniq-orig n1) (comment "Double initiator point-of-view, same nonce") (operation nonce-test (contracted (n2-0 n2)) n1 (0 1) (enc n1 a (pubk b)) (enc n1 n2 b (pubk a))) (strand-map 0 1) (traces ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b)))) ((recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a))))) (label 24) (parent 23) (realized) (shape) (maps ((0 0) ((a a) (b b) (n1 n1) (n2 n2) (n2-0 n2)))) (origs (n1 (0 0)))) (comment "Nothing left to do") (defprotocol ns basic (defrole init (vars (a b name) (n1 n2 text)) (trace (send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b))))) (defrole resp (vars (b a name) (n2 n1 text)) (trace (recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a))) (recv (enc n2 (pubk b))))) (defgenrule neqRl_indx (forall ((x indx)) (implies (fact neq x x) (false)))) (defgenrule neqRl_strd (forall ((x strd)) (implies (fact neq x x) (false)))) (defgenrule neqRl_mesg (forall ((x mesg)) (implies (fact neq x x) (false)))) (comment "Needham-Schroeder with no role origination assumptions")) (defskeleton ns (vars (n2 n1 text) (a b name)) (defstrand resp 3 (n2 n2) (n1 n1) (b b) (a a)) (non-orig (privk a)) (uniq-orig n2) (comment "Responder point-of-view") (traces ((recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a))) (recv (enc n2 (pubk b))))) (label 25) (unrealized (0 2)) (maps ((0) ((a a) (n2 n2) (b b) (n1 n1)))) (origs (n2 (0 1))) (comment "1 in cohort - 1 not yet seen")) (defskeleton ns (vars (n2 n1 text) (a b name)) (defstrand resp 3 (n2 n2) (n1 n1) (b b) (a a)) (defstrand init 3 (n1 n1) (n2 n2) (a a) (b b)) (precedes ((0 1) (1 1)) ((1 2) (0 2))) (non-orig (privk a)) (uniq-orig n2) (comment "Responder point-of-view") (operation nonce-test (added-strand init 3) n2 (0 2) (enc n1 n2 b (pubk a))) (strand-map 0) (traces ((recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a))) (recv (enc n2 (pubk b)))) ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a))) (send (enc n2 (pubk b))))) (label 26) (parent 25) (realized) (shape) (maps ((0) ((a a) (n2 n2) (b b) (n1 n1)))) (origs (n2 (0 1)))) (comment "Nothing left to do")