diff --git a/Vagrant Files/Vagrantfile b/Vagrant Files/Vagrantfile
new file mode 100644
index 0000000000000000000000000000000000000000..7283a2b550a2c7df1d18d220b6f7de5befa2b1bf
--- /dev/null
+++ b/Vagrant Files/Vagrantfile
@@ -0,0 +1,73 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+ # The most common configuration options are documented and commented below.
+ # For a complete reference, please see the online documentation at
+ # https://docs.vagrantup.com.
+
+ # Every Vagrant development environment requires a box. You can search for
+ # boxes at https://vagrantcloud.com/search.
+ config.vm.box = "peru/ubuntu-18.04-desktop-amd64"
+ config.vm.box_version = "20200401.01"
+
+ # Disable automatic box update checking. If you disable this, then
+ # boxes will only be checked for updates when the user runs
+ # `vagrant box outdated`. This is not recommended.
+ # config.vm.box_check_update = false
+
+ # Create a forwarded port mapping which allows access to a specific port
+ # within the machine from a port on the host machine. In the example below,
+ # accessing "localhost:8080" will access port 80 on the guest machine.
+ # NOTE: This will enable public access to the opened port
+ # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+ # Create a forwarded port mapping which allows access to a specific port
+ # within the machine from a port on the host machine and only allow access
+ # via 127.0.0.1 to disable public access
+ # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+ # Create a private network, which allows host-only access to the machine
+ # using a specific IP.
+ # config.vm.network "private_network", ip: "192.168.33.10"
+
+ # Create a public network, which generally matched to bridged network.
+ # Bridged networks make the machine appear as another physical device on
+ # your network.
+ # config.vm.network "public_network"
+
+ # Share an additional folder to the guest VM. The first argument is
+ # the path on the host to the actual folder. The second argument is
+ # the path on the guest to mount the folder. And the optional third
+ # argument is a set of non-required options.
+ # config.vm.synced_folder "../data", "/vagrant_data"
+
+ # Provider-specific configuration so you can fine-tune various
+ # backing providers for Vagrant. These expose provider-specific options.
+ # Example for VirtualBox:
+ #
+ config.vm.provider "virtualbox" do |vb|
+ # # Display the VirtualBox GUI when booting the machine
+ vb.gui = true
+ vb.memory = "1024"
+ vb.name = "ubuntudesktopscyther"
+ vb.customize ["modifyvm", :id, "--vram", "256"]
+
+ end
+ #
+ # View the documentation for the provider you are using for more
+ # information on available options.
+
+ # Enable provisioning with a shell script. Additional provisioners such as
+ # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+ # documentation for more information about their specific syntax and use.
+ config.vm.provision "file", source: "files", destination: "/home/vagrant"
+ config.vm.provision "shell", path: "scyther.sh"
+ # apt-get update
+ # apt-get install -y apache2
+ # SHELL
+end
diff --git a/Vagrant Files/files/scyther/.gitignore b/Vagrant Files/files/scyther/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..e62e34e713e6c72fd0faa6b6736afbdf158ea136
--- /dev/null
+++ b/Vagrant Files/files/scyther/.gitignore
@@ -0,0 +1,4 @@
+*.pyc
+progressbar.py
+Cache
+Cache-OLD
diff --git a/Vagrant Files/files/scyther/Changelog.txt b/Vagrant Files/files/scyther/Changelog.txt
new file mode 100644
index 0000000000000000000000000000000000000000..b2af59b55e9f31e3961cde5412d36f29819754b6
--- /dev/null
+++ b/Vagrant Files/files/scyther/Changelog.txt
@@ -0,0 +1,159 @@
+Scyther changelog
+===============================
+
+Scyther 1.1.2
+-------------------------------
+
+Minor:
+
+ * Updated installation instructions.
+ * Updated 'ffgg' protocol generator for new conventions.
+ * Windows users recently had to manually set the Graphviz path. Added a
+ hack to avoid this inconvenience in most (but not all) cases.
+ * Minor manual update.
+
+Bug fixes:
+
+ * [Bugfix] Reverted use of shlex. This breaks the "abort backend
+ thread" functionality again, but it was causing too much trouble on
+ Windows.
+
+Scyther 1.1.1
+-------------------------------
+
+This is mostly a bugfix release.
+
+New features:
+
+ * [Language] Weakagree and Alive claims now also allow for an optional role
+ parameter, which can be useful for protocols with more than two roles.
+ * [Misc] Added Python script to dump attack outputs for large sets of files.
+ * [Gui] Canceling verification now also kills back-end thread.
+
+Regression fixes:
+
+ * [Regression-fix] Reintroduced option for specifying alternative PKI.
+
+Bug fixes:
+
+ * [Bugfix] Fixed rare bug in some cases where hashes were used as symmetric keys.
+ * [Bugfix] Invoking Scyther scripts from non-standard directories or using symlinks should work consistently now.
+ * [Bugfix] Improving compatibility with recent versions of Graphviz (>2.26)
+
+Scyther 1.1
+-------------------------------
+
+Major new features:
+
+ * [Language] Added support for `macro Term1 = Term2;` definitions, which greatly
+ simplifies many specifications.
+ * [Language] Added support for `match(T1,T2);` events in roles, which
+ can be used for e.g. a straightforward modeling of delayed decryption.
+ * [Language] Added support for `not match(T1,T2);` events in roles.
+ This can be useful for, e.g., modeling protocol restrictions (such as
+ `A != B`).
+ * [Language] Added support for `option "COMMANDLINE_OPTIONS";` in
+ specifications. This provides full access to the command-line options
+ of the Scyther backend to the protocol specifications. An example of
+ its use is `option "--one-role-per-agent";`.
+ * [Mac OS X] Dropped support for PPC in Scyther distributions, only
+ supporting Intel for now. Note that installing from source may still
+ work fine with a minor tweak to the build script.
+
+Additional protocol models:
+
+See <http://www.cs.ox.ac.uk/people/cas.cremers/tools/protocols.html> for a
+more high-level overview of selected protocol models.
+
+ * IEEE 802.16e/WIMAX: PKMv2rsa and variants
+ * IKEv1 and IKEv2 protocol suites
+
+Other new features:
+
+ * `SCYTHERCACHEDIR` environment variable can be set to override the
+ internal cache path.
+ * [Backend] The command-line tool now supports the option
+ `--one-role-per-agent`. This disallows agents from performing more than
+ one role in a single trace. This effectively partitions the agents into
+ role sets, i.e., each role can only be performed by agents from one of
+ these sets.
+ * [Documentation] Added the first incomplete version of the new manual.
+
+There are also various minor bugfixes and installation improvements.
+
+Scyther 1.0
+-------------------------------
+
+Major new features:
+
+ * [Language] Support for weak agreement
+ * [Language] Support for non-injective data agreement through `Commit`
+ and `Running` signals.
+
+Bugfixes:
+
+ * Python 2.5 has integrated (c)elementtree into the core.
+ Unfortunaly, this broke our previous import attempts. This has now
+ been fixed.
+
+Scyther 1.0-beta7.1
+-------------------------------
+
+Bugfixes:
+
+ * Windows Vista fix broke Windows XP support.
+
+Scyther 1.0-beta7
+-------------------------------
+
+Bugfixes:
+
+ * Windows Vista causes a number of problems. The biggest problem
+ is now fixed, which is the bad implementation of the tmpfile() C
+ function, causing no attack output, for which there is a
+ workaround now.
+
+Scyther 1.0-beta6
+-------------------------------
+
+Major new features:
+
+ * [Gui] Added Mac support (added universal binary)
+ * [Gui] Switched to Scintilla editor component, providing undo
+ and line numbering, and highlighting of error lines.
+
+Other new features:
+
+ * [Backend] Scyther now detects when a recv event cannot match
+ with a send event. This significantly helps in reducing errors
+ in the protocol descriptions.
+ * [Language] Added claim parameter for Reachable claim;
+ Reachable,R means that role R should be trusted (as well as the
+ actor), but not any other role. This can be useful for showing
+ stronger authentication properties of protocols with more than
+ two parties.
+ * [Backend] Added '--max-of-role=N' switch (to narrow scenarios)
+ * [Backend] Added '--scan-claims' switch (allows for retrieving
+ a list of claims)
+ * [Scripting] Added 'verifyOne' and 'scanClaims' methods to
+ Scyther object, to help with singular claim testing.
+
+ Bugfixes:
+
+ * [Scripting] Fixed bug in python interface backend (e.g. with mpa.py)
+
+Scyther 1.0-beta5
+-------------------------------
+
+ * Change of switch semantics. '--max-attacks=N' now defines the
+ maximum number of attacks per claim. Previously this was a
+ global maximum for all claims combined.
+ * Improved attack graph output.
+ * added switch '--errors=FILE' to redirect standard error output
+ to a file.
+ * Rewrote parts of the gui code for improved stability.
+
+Scyther 1.0-beta4
+-------------------------------
+
+ * (Changelog starts after the release of Scyther 1.0-beta4)
diff --git a/Vagrant Files/files/scyther/GNU-General-Public-License.txt b/Vagrant Files/files/scyther/GNU-General-Public-License.txt
new file mode 100644
index 0000000000000000000000000000000000000000..d511905c1647a1e311e8b20d5930a37a9c2531cd
--- /dev/null
+++ b/Vagrant Files/files/scyther/GNU-General-Public-License.txt
@@ -0,0 +1,339 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff --git a/Vagrant Files/files/scyther/Gui/About.py b/Vagrant Files/files/scyther/Gui/About.py
new file mode 100644
index 0000000000000000000000000000000000000000..b415c55de04ed388c08c39f3ec0b4a8ce1fe8397
--- /dev/null
+++ b/Vagrant Files/files/scyther/Gui/About.py
@@ -0,0 +1,137 @@
+#!/usr/bin/python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+
+#---------------------------------------------------------------------------
+
+""" Import externals """
+import wx
+import wx.html
+import os.path
+
+#---------------------------------------------------------------------------
+
+""" Import scyther-gui components """
+
+import Scyther
+
+#---------------------------------------------------------------------------
+
+""" Globals """
+
+basedir = ""
+
+#---------------------------------------------------------------------------
+
+def setBaseDir(mybasedir):
+ global basedir
+
+ basedir = mybasedir
+
+#---------------------------------------------------------------------------
+
+class AboutScyther(wx.Dialog):
+ def __init__(self,parent,mybasedir=None):
+
+ from Version import SCYTHER_GUI_VERSION
+ global basedir
+
+ self.text = '''
+<html>
+<body bgcolor="#ffffff">
+<img src="$SPLASH">
+<h5 align="right">Scyther : $VERSION</h5>
+<small>
+ <p>
+ <b>Scyther</b> is an automatic tool for the verification and
+ falsification of security protocols.
+ </p>
+ <p>
+ For news and updates visit the Scyther pages at
+ <a target="_blank" href="http://www.cs.ox.ac.uk/people/cas.cremers/scyther/index.html">
+ http://www.cs.ox.ac.uk/people/cas.cremers/scyther/index.html</a>
+ </p>
+ <h5>License</h5>
+ <p>
+ Scyther : An automatic verifier for security protocols.<br>
+ Copyright (C) 2007-2013 Cas Cremers
+ </p>
+ <p>
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+ </p>
+ <p>
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ </p>
+ <p>
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ </p>
+ <h5>Backend version</h5>
+ <p>
+ $DETAILS
+ </p>
+ <h5>Credits</h5>
+ <p>
+ Cas Cremers (Scyther theory, backend, and main GUI
+ code), Gijs Hollestelle (Python parser for Scyther XML output).
+ </p>
+</small>
+ '''
+
+ if mybasedir:
+ basedir = mybasedir
+
+ # Debugging output of some parameters
+
+ splashdir = os.path.join(basedir,"Images")
+ splashimage = os.path.join(splashdir,"scyther-splash.png")
+ details_html = "Base directory: %s<br>\n" % (basedir)
+ details_html += Scyther.Scyther.GetInfo(html=True)
+
+ self.text = self.text.replace("$SPLASH",splashimage)
+ self.text = self.text.replace("$DETAILS",details_html)
+
+ # version information
+ self.text = self.text.replace("$VERSION", SCYTHER_GUI_VERSION)
+
+ wx.Dialog.__init__(self, parent, -1, 'About Scyther',
+ size=(660,620))
+ html = wx.html.HtmlWindow(self)
+ #if "gtk2" in wx.PlatformInfo:
+ # html.SetStandardFonts()
+ html.SetBorders(10)
+ html.SetPage(self.text)
+ button = wx.Button(self, wx.ID_OK, "Close window")
+
+ sizer = wx.BoxSizer(wx.VERTICAL)
+ sizer.Add(html, 1, wx.EXPAND|wx.ALL,0)
+ sizer.Add(button,0,wx.ALIGN_CENTER|wx.ALL,5)
+
+ self.SetSizer(sizer)
+ self.Layout()
+
+# vim: set ts=4 sw=4 et list lcs=tab\:>-:
diff --git a/Vagrant Files/files/scyther/Gui/Attackwindow.py b/Vagrant Files/files/scyther/Gui/Attackwindow.py
new file mode 100644
index 0000000000000000000000000000000000000000..39b9f063fc5aa1c56184cb14888a77431846bfaf
--- /dev/null
+++ b/Vagrant Files/files/scyther/Gui/Attackwindow.py
@@ -0,0 +1,330 @@
+#!/usr/bin/python
+from __future__ import division # 2.2+-only
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+
+#---------------------------------------------------------------------------
+
+""" Import externals """
+import wx
+import os
+from Misc import *
+
+#---------------------------------------------------------------------------
+
+""" Import scyther-gui components """
+import Icon
+import Preference
+import Error
+
+#---------------------------------------------------------------------------
+try:
+ import Image
+except ImportError:
+ pass
+
+#---------------------------------------------------------------------------
+
+class AttackDisplay(wx.ScrolledWindow):
+ """
+ Display an attack (inside a tab or not)
+ """
+ def __init__(self, daddy, parent, attack):
+
+ self.win = daddy
+ self.attack = attack
+
+ wx.ScrolledWindow.__init__(self,parent,id=-1)
+
+ self.Bind(wx.EVT_SIZE, self.OnSize)
+ self.Image = wx.StaticBitmap(self, -1, wx.EmptyBitmap(1,1))
+ self.box = wx.BoxSizer(wx.VERTICAL)
+ self.box.Add(self.Image,1,wx.ALIGN_CENTER)
+ self.hbox = wx.BoxSizer(wx.HORIZONTAL)
+ self.hbox.Add(self.box,1,wx.ALIGN_CENTER)
+ self.SetSizer(self.hbox)
+
+ self.original = None
+
+ filename = attack.file
+ if attack.filetype == "png":
+ self.original = wx.Image(filename,wx.BITMAP_TYPE_PNG)
+ elif attack.filetype == "ps":
+ # depends on PIL lib
+ try:
+ self.original = Image.open(filename)
+ except:
+ Preference.doNotUsePIL()
+ raise Error.PILError
+ else:
+ print "Unknown file type %s." % (self.filetype)
+
+ # TODO self.Bind(wxSizeEvent
+ self.update(True)
+ self.Fit()
+
+ def OnSize(self,event):
+ self.update(False)
+ event.Skip()
+
+ def update(self,force=True):
+
+ if not force:
+ if not self.win.fit:
+ return
+
+ # This is needed, don't ask me why.
+ self.SetScrollbars(0,0,0,0,0,0)
+
+ (framewidth,frameheight) = self.GetClientSizeTuple()
+ (virtualwidth,virtualheight) = (framewidth,frameheight)
+
+ def makefit(width,height):
+ if self.win.fit:
+ # determine scaling factors for fitting
+ wfactor = float(framewidth) / width
+ hfactor = float(frameheight) / height
+
+ # select smallest factor (so it will fit)
+ if hfactor < wfactor:
+ factor = hfactor
+ else:
+ factor = wfactor
+
+ # apply scaling factor
+ width = width * factor
+ height = height * factor
+ else:
+ factor = 1.0
+
+ return (factor, int(width), int(height))
+
+ if self.attack.filetype == "png":
+ bmp = self.original
+ if not bmp.Ok():
+ bmp = wx.EmptyImage(1,1)
+ else:
+ (originalwidth,originalheight) = (bmp.GetWidth(), bmp.GetHeight())
+ if self.win.fit:
+ (factor, virtualwidth, virtualheight) = makefit(originalwidth,originalheight)
+ bmp = self.original.Scale(virtualwidth,virtualheight)
+ self.Image.SetBitmap(wx.BitmapFromImage(bmp))
+
+ elif self.attack.filetype == "ps":
+ pil = self.original.copy()
+ (originalwidth,originalheight) = pil.size
+ (factor, virtualwidth, virtualheight) = makefit(originalwidth,originalheight)
+ # we really only want antialias when it's smaller
+ if factor < 1.0:
+ pil.thumbnail((virtualwidth,virtualheight),Image.ANTIALIAS)
+ else:
+ pil.thumbnail((virtualwidth,virtualheight))
+
+ image = wx.EmptyImage(pil.size[0],pil.size[1])
+ image.SetData(pil.convert('RGB').tostring())
+ self.Image.SetBitmap(image.ConvertToBitmap())
+
+ else:
+ print "Unknown file type %s." % (self.attack.filetype)
+
+ self.SetVirtualSize((virtualwidth,virtualheight))
+
+ #self.box.SetItemMinSize(self.Image.GetContainingSizer())
+ self.box.Layout()
+
+ step = 20
+ xn = int(virtualwidth // step) + 1
+ yn = int(virtualheight // step) + 1
+ self.SetScrollbars(step,step,xn,yn,0,0)
+
+ """
+ Pop up menu
+ """
+ self.popupmenu = wx.Menu()
+ item = self.popupmenu.Append(-1,"Export image (.png)")
+ self.Bind(wx.EVT_MENU, self.OnExportPng, item)
+ item = self.popupmenu.Append(-1,"Export image (.ps)")
+ self.Bind(wx.EVT_MENU, self.OnExportPs, item)
+ item = self.popupmenu.Append(-1,"Export image (.pdf)")
+ self.Bind(wx.EVT_MENU, self.OnExportPdf, item)
+ item = self.popupmenu.Append(-1,"Export image (.svg)")
+ self.Bind(wx.EVT_MENU, self.OnExportSvg, item)
+ item = self.popupmenu.Append(-1,"Export image (.fig)")
+ self.Bind(wx.EVT_MENU, self.OnExportFig, item)
+ item = self.popupmenu.Append(-1,"Export graphviz data (.dot)")
+ self.Bind(wx.EVT_MENU, self.OnExportDot, item)
+
+ self.Bind(wx.EVT_CONTEXT_MENU, self.OnShowPopup)
+
+ self.Refresh()
+
+ def OnShowPopup(self, event):
+ pos = event.GetPosition()
+ pos = self.Image.ScreenToClient(pos)
+ self.PopupMenu(self.popupmenu, pos)
+
+ def OnPopupItemSelected(self, event):
+ item = self.popupmenu.FindItemById(event.GetId())
+ text = item.GetText()
+ wx.MessageBox("You selected item %s" % text)
+
+ def askUserForFilename(self, **dialogOptions):
+ dialog = wx.FileDialog(self, **dialogOptions)
+ if dialog.ShowModal() == wx.ID_OK:
+ res = "%s/%s" % (dialog.GetDirectory(), dialog.GetFilename())
+ else:
+ res = None
+ dialog.Destroy()
+ return res
+
+ def saveFileName(self, ext):
+ (p,r,l) = self.win.claim.triplet()
+ prefix = "pattern-%s_%s_%s-%s" % (p,r,l,self.attack.id)
+ suggested = "%s.%s" % (prefix,ext)
+ res = self.askUserForFilename(style=wx.SAVE, wildcard="*.%s" % (ext), defaultFile = "%s" % (suggested))
+ return res
+
+ def exportImage(self, type,ext=None):
+ if ext == None:
+ ext = type
+ res = self.saveFileName(ext)
+ if res != None:
+ cmd = "dot -T%s" % (type)
+ cmdpushwrite(cmd,self.attack.scytherDot,res)
+
+ def OnExportPng(self, event):
+ self.exportImage("png")
+
+ def OnExportPs(self, event):
+ self.exportImage("ps")
+
+ def OnExportPdf(self, event):
+ self.exportImage("pdf")
+
+ def OnExportSvg(self, event):
+ self.exportImage("svg")
+
+ def OnExportFig(self, event):
+ self.exportImage("fig")
+
+ def OnExportDot(self, event):
+ res = self.saveFileName("dot")
+ if res != None:
+ fp = open(res,'w')
+ fp.write(self.attack.scytherDot)
+ fp.close()
+
+
+
+
+
+#---------------------------------------------------------------------------
+
+class AttackWindow(wx.Frame):
+ def __init__(self,cl):
+ super(AttackWindow, self).__init__(None, size=(800,800))
+
+ self.claim = cl
+
+ # TODO maybe fitting defaults should come from Preferences.
+ # Now, it is default no even if we have PIL, for performance
+ # reasons.
+ self.fit = False
+
+ self.CreateInteriorWindowComponents()
+
+ Icon.ScytherIcon(self)
+ self.SetTitle()
+
+ def SetTitle(self):
+
+ tstr = self.claim.stateName(len(self.claim.attacks),True)
+ tstr += " for claim %s" % self.claim.id
+ super(AttackWindow, self).SetTitle(tstr)
+
+ def CreateInteriorWindowComponents(self):
+ ''' Create "interior" window components. In this case it is the
+ attack picture. '''
+
+ sizer = wx.BoxSizer(wx.VERTICAL)
+
+ # Make zoom buttons
+ if Preference.usePIL():
+ buttons = wx.BoxSizer(wx.HORIZONTAL)
+ bt = wx.ToggleButton(self,-1,"Fit to window")
+ bt.SetValue(self.fit)
+ buttons.Add(bt,0)
+ self.Bind(wx.EVT_TOGGLEBUTTON, self.OnFit, bt)
+ sizer.Add(buttons, 0, wx.ALIGN_LEFT)
+
+ # Add attacks (possible with tabs)
+ self.displays=[]
+ attacks = self.claim.attacks
+
+ n = len(attacks)
+ if n <= 1:
+ # Just a single window
+ dp = AttackDisplay(self, self, attacks[0])
+ self.displays.append(dp)
+ else:
+ # Multiple tabs
+ dp = wx.Notebook(self,-1)
+ for i in range(0,n):
+ disp = AttackDisplay(self,dp,attacks[i])
+ classname = "%s %i" % (self.claim.stateName(1,True),(i+1))
+ dp.AddPage(disp, classname)
+ self.displays.append(disp)
+
+ sizer.Add(dp, 1, wx.EXPAND,1)
+
+ self.SetSizer(sizer)
+
+ def update(self,force=False):
+ for t in self.displays:
+ t.update(force)
+
+ def OnFit(self,event):
+
+ if self.fit:
+ self.fit = False
+ else:
+ self.fit = True
+ self.update(True)
+
+ def OnRealSize(self):
+
+ self.fit = False
+ self.update(True)
+
+ def OnSize(self):
+ self.Refresh()
+
+ def OnZoom100(self,evt):
+ self.fit = False
+ self.update(True)
+ self.Refresh()
+
+ def OnZoomFit(self,evt):
+ self.fit = True
+ self.update(True)
+ self.Refresh()
+
+#---------------------------------------------------------------------------
+# vim: set ts=4 sw=4 et list lcs=tab\:>-:
diff --git a/Vagrant Files/files/scyther/Gui/Editor.py b/Vagrant Files/files/scyther/Gui/Editor.py
new file mode 100644
index 0000000000000000000000000000000000000000..b3e093fb5099b53dde685058d029fb739d43f4e5
--- /dev/null
+++ b/Vagrant Files/files/scyther/Gui/Editor.py
@@ -0,0 +1,195 @@
+#!/usr/bin/python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+
+#---------------------------------------------------------------------------
+
+""" Import externals """
+import wx
+import string
+
+# Use Scintilla editor?
+useStc = True # It looks nicer!
+#useStc = False # It is sometimes buggy, claims the internet
+
+# Test Scintilla and if it fails, get rid of it
+if useStc:
+ try:
+ from wx.stc import *
+ except:
+ useStc = False
+
+#---------------------------------------------------------------------------
+
+""" Import scyther-gui components """
+
+#---------------------------------------------------------------------------
+
+""" Some constants """
+
+#---------------------------------------------------------------------------
+
+def justNumbers(txt):
+ for x in txt:
+ if not x in string.digits:
+ return False
+ return True
+
+def lineInError(txt):
+ # First option: square braces
+ x1 = txt.find("[")
+ if x1 >= 0:
+ x2 = txt.find("]")
+ if x2 > x1:
+ nrstring = txt[(x1+1):x2]
+ if justNumbers(nrstring):
+ return int(nrstring)
+ # Alternative: ...line x
+ pref = " line "
+ i = txt.find(pref)
+ if i >= 0:
+ i = i + len(pref)
+ j = i
+ while txt[j] in string.digits:
+ j = j+1
+ if j > i:
+ return int(txt[i:j])
+
+ return None
+
+def selectEditor(parent):
+ """
+ Pick an editor (Scintilla or default) and return the object.
+ """
+ if useStc:
+ return EditorStc(parent)
+ else:
+ return EditorNormal(parent)
+
+#---------------------------------------------------------------------------
+
+class Editor(object):
+
+ def __init__(self, parent):
+ # Empty start
+ self.SetText("")
+ self.SetChanged(False)
+
+ def SetText(self):
+ pass
+
+ def SetErrors(self,errors):
+ pass
+
+ def GetChanged(self):
+ """
+ Return true if file was changed
+ """
+ return self.savedtext != self.GetText()
+
+ def SetChanged(self,nowchanged=False):
+ """
+ Set changed status
+ """
+ if nowchanged:
+ self.savedtext = ""
+ else:
+ self.SetSaved()
+
+ def SetSaved(self):
+ self.savedtext = self.GetText()
+
+ def SetOpened(self):
+ self.SetSaved()
+
+#---------------------------------------------------------------------------
+
+class EditorNormal(Editor):
+
+ def __init__(self, parent):
+ self.control = wx.TextCtrl(parent, style=wx.TE_MULTILINE)
+
+ # Call parent
+ Editor.__init__(self,parent)
+
+ def GetText(self):
+ return self.control.GetValue()
+
+ def SetText(self, txt):
+ self.control.SetValue(txt)
+
+#---------------------------------------------------------------------------
+
+class EditorStc(Editor):
+
+ def __init__(self, parent):
+ # Scintilla layout with line numbers
+ self.control = StyledTextCtrl(parent)
+ self.control.SetMarginType(1, STC_MARGIN_NUMBER)
+ self.control.SetMarginWidth(1, 30)
+
+ # Call parent
+ Editor.__init__(self,parent)
+
+ # Set variable for error style
+ self.errorstyle = 5
+ self.control.StyleSetSpec(self.errorstyle, "fore:#FFFF0000,back:#FF0000")
+
+ def GetText(self):
+ return self.control.GetText()
+
+ def SetText(self, txt):
+ self.control.SetText(txt)
+
+ def GetLineCount(self):
+ """ Currently rather stupid, can probably be done more
+ efficiently through some Scintilla function. """
+ txt = self.GetText().splitlines()
+ return len(txt)
+
+ def SetErrorLine(self,line):
+ """
+ Currently this is BROKEN for include commands, as no file names
+ are propagated. To minize the damage, we at least don't try to
+ highlight non-existing names. In the long run of course
+ propagation is the only way to handle this.
+ """
+ if line <= self.GetLineCount():
+ if line > 0:
+ line = line - 1 # Start at 0 in stc, but on screen count is 1
+ pos = self.control.GetLineIndentPosition(line)
+ last = self.control.GetLineEndPosition(line)
+ self.control.StartStyling(pos,31)
+ self.control.SetStyling(last-pos,self.errorstyle)
+
+ def ClearErrors(self):
+ self.control.ClearDocumentStyle()
+
+ def SetErrors(self,errors):
+ if errors:
+ for el in errors:
+ nr = lineInError(el)
+ if nr:
+ self.SetErrorLine(nr)
+ else:
+ self.ClearErrors()
+
+#---------------------------------------------------------------------------
+
diff --git a/Vagrant Files/files/scyther/Gui/Error.py b/Vagrant Files/files/scyther/Gui/Error.py
new file mode 100644
index 0000000000000000000000000000000000000000..6433cf21b2d6f8aac8a0a7205427bddb5bcf9955
--- /dev/null
+++ b/Vagrant Files/files/scyther/Gui/Error.py
@@ -0,0 +1,51 @@
+#!/usr/bin/python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+
+#---------------------------------------------------------------------------
+
+""" Import externals """
+import wx
+import sys
+
+#---------------------------------------------------------------------------
+
+""" Import scyther-gui components """
+
+#---------------------------------------------------------------------------
+
+class PILError (Exception):
+ pass
+
+class NoAttackError(Exception):
+ pass
+
+#---------------------------------------------------------------------------
+
+def ShowAndReturn(text):
+ title = "Error"
+ dlg = wx.MessageDialog(None, text, title, wx.ID_OK | wx.ICON_ERROR)
+ result = dlg.ShowModal()
+ dlg.Destroy()
+
+def ShowAndExit(text):
+ ShowAndReturn(text)
+ sys.exit()
+
diff --git a/Vagrant Files/files/scyther/Gui/Icon.py b/Vagrant Files/files/scyther/Gui/Icon.py
new file mode 100644
index 0000000000000000000000000000000000000000..2f4f26fb6ef913c2ec500ef8edd1ef26623e80ed
--- /dev/null
+++ b/Vagrant Files/files/scyther/Gui/Icon.py
@@ -0,0 +1,52 @@
+#!/usr/bin/python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+
+#---------------------------------------------------------------------------
+
+""" Import externals """
+import wx
+import os.path
+import sys
+
+#---------------------------------------------------------------------------
+
+""" Import scyther-gui components """
+import Misc
+
+#---------------------------------------------------------------------------
+
+def ScytherIcon(window):
+ """ Set a nice Scyther icon """
+ import os,inspect
+
+ # Determine base directory (taking symbolic links into account)
+ cmd_file = os.path.realpath(os.path.abspath(inspect.getfile( inspect.currentframe() )))
+ basedir = os.path.split(cmd_file)[0]
+
+ path = os.path.join(basedir,"Images")
+ iconfile = Misc.mypath(os.path.join(path,"scyther-gui-32.ico"))
+ if os.path.isfile(iconfile):
+ icon = wx.Icon(iconfile,wx.BITMAP_TYPE_ICO)
+ window.SetIcon(icon)
+
+
+#---------------------------------------------------------------------------
+# vim: set ts=4 sw=4 et list lcs=tab\:>-:
diff --git a/Vagrant Files/files/scyther/Gui/Mainwindow.py b/Vagrant Files/files/scyther/Gui/Mainwindow.py
new file mode 100644
index 0000000000000000000000000000000000000000..70ce11232361eea3ca4513710a3ff2d0d64fa651
--- /dev/null
+++ b/Vagrant Files/files/scyther/Gui/Mainwindow.py
@@ -0,0 +1,322 @@
+#!/usr/bin/python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+
+#---------------------------------------------------------------------------
+
+""" Import externals """
+import wx
+import os.path
+
+#---------------------------------------------------------------------------
+
+""" Import scyther-gui components """
+import Settingswindow
+import Scytherthread
+import Icon
+import About
+import Editor
+import Preference
+
+#---------------------------------------------------------------------------
+
+""" Some constants """
+ID_VERIFY = 100
+ID_AUTOVERIFY = 101
+ID_CHARACTERIZE = 102
+ID_CHECK = 103
+
+#---------------------------------------------------------------------------
+
+def MainInitOnce():
+ result = Preference.usePIL() # Makes sure PIL is tested.
+
+class MainWindow(wx.Frame):
+
+ def __init__(self, opts, args):
+ super(MainWindow, self).__init__(None, size=(600,800))
+
+ self.opts = opts
+ self.args = args
+
+ self.dirname = os.path.abspath('.')
+
+ MainInitOnce()
+
+ self.filename = 'noname.spdl'
+ self.filepath = ""
+
+ self.load = False
+
+ # test
+ if opts.test:
+ self.filename = 'scythergui-default.spdl'
+ self.load = True
+
+ # if there is an argument (file), we load it
+ if len(args) > 0:
+ filename = args[0]
+ if filename != '' and os.path.isfile(filename):
+ (self.dirname,self.filename) = os.path.split(filename)
+ self.load = True
+
+ Icon.ScytherIcon(self)
+
+ self.CreateInteriorWindowComponents()
+ self.CreateExteriorWindowComponents()
+
+ aTable = wx.AcceleratorTable([
+ (wx.ACCEL_CTRL, ord('Q'), wx.ID_EXIT),
+ (wx.ACCEL_NORMAL, wx.WXK_F1,
+ ID_VERIFY),
+ (wx.ACCEL_NORMAL, wx.WXK_F2,
+ ID_CHARACTERIZE),
+ (wx.ACCEL_NORMAL, wx.WXK_F5,
+ ID_CHECK),
+ (wx.ACCEL_NORMAL, wx.WXK_F6,
+ ID_AUTOVERIFY),
+ ])
+ self.SetAcceleratorTable(aTable)
+
+ self.claimlist = []
+ self.pnglist = []
+
+ #self.SetTitle(self.title)
+
+ self.firstCommand()
+
+ def CreateInteriorWindowComponents(self):
+ ''' Create "interior" window components. In this case it is just a
+ simple multiline text control. '''
+
+ ## Make zoom buttons
+ #sizer = wx.BoxSizer(wx.VERTICAL)
+ #buttons = wx.BoxSizer(wx.HORIZONTAL)
+ #bt = wx.Button(self,ID_VERIFY)
+ #buttons.Add(bt,0)
+ #self.Bind(wx.EVT_BUTTON, self.OnVerify, bt)
+ #bt = wx.Button(self,ID_CHARACTERIZE)
+ #buttons.Add(bt,0)
+ #self.Bind(wx.EVT_BUTTON, self.OnCharacterize, bt)
+ #sizer.Add(buttons, 0, wx.ALIGN_LEFT)
+
+ # Top: input
+ self.top = wx.Notebook(self,-1)
+ # Editor there
+ self.editor = Editor.selectEditor(self.top)
+
+ if self.load:
+ textfile = open(os.path.join(self.dirname, self.filename), 'r')
+ self.editor.SetText(textfile.read())
+ if self.dirname != "":
+ os.chdir(self.dirname)
+ textfile.close()
+ self.editor.SetOpened()
+
+ self.top.AddPage(self.editor.control,"Protocol description")
+ self.settings = Settingswindow.SettingsWindow(self.top,self)
+ self.top.AddPage(self.settings,"Settings")
+
+ #sizer.Add(self.top,1,wx.EXPAND,1)
+ #self.SetSizer(sizer)
+
+ def CreateExteriorWindowComponents(self):
+ ''' Create "exterior" window components, such as menu and status
+ bar. '''
+ self.CreateMenus()
+ self.SetTitle()
+
+ def CreateMenu(self, bar, name, list):
+
+ fileMenu = wx.Menu()
+ for id, label, helpText, handler in list:
+ if id == None:
+ fileMenu.AppendSeparator()
+ else:
+ item = fileMenu.Append(id, label, helpText)
+ self.Bind(wx.EVT_MENU, handler, item)
+ bar.Append(fileMenu, name) # Add the fileMenu to the MenuBar
+
+
+ def CreateMenus(self):
+ menuBar = wx.MenuBar()
+ self.CreateMenu(menuBar, '&File', [
+ (wx.ID_OPEN, '&Open', 'Open a new file', self.OnOpen),
+ (wx.ID_SAVE, '&Save', 'Save the current file', self.OnSave),
+ (wx.ID_SAVEAS, 'Save &As', 'Save the file under a different name',
+ self.OnSaveAs),
+ (None, None, None, None),
+ (wx.ID_EXIT, 'E&xit\tCTRL-Q', 'Terminate the program',
+ self.OnExit)])
+ self.CreateMenu(menuBar, '&Verify',
+ [(ID_VERIFY, '&Verify protocol\tF1','Verify the protocol in the buffer using Scyther',
+ self.OnVerify) ,
+ (ID_CHARACTERIZE, '&Characterize roles\tF2','TODO' ,
+ self.OnCharacterize) ,
+ (None, None, None, None),
+ ### Disabled for now (given that it is not reliable enough yet)
+ #(ID_CHECK, '&Check protocol\tF5','TODO',
+ # self.OnCheck) ,
+ (ID_AUTOVERIFY, 'Verify &automatic claims\tF6','TODO',
+ self.OnAutoVerify)
+ ])
+ self.CreateMenu(menuBar, '&Help',
+ [(wx.ID_ABOUT, '&About', 'Information about this program',
+ self.OnAbout) ])
+ self.SetMenuBar(menuBar) # Add the menuBar to the Frame
+
+
+ def SetTitle(self):
+ # MainWindow.SetTitle overrides wx.Frame.SetTitle, so we have to
+ # call it using super:
+ super(MainWindow, self).SetTitle('Scyther: %s'%self.filename)
+
+ # Helper methods:
+
+ def defaultFileDialogOptions(self):
+ ''' Return a dictionary with file dialog options that can be
+ used in both the save file dialog as well as in the open
+ file dialog. '''
+ return dict(message='Choose a file', defaultDir=self.dirname,
+ wildcard='*.spdl')
+
+ def askUserForFilename(self, **dialogOptions):
+ dialog = wx.FileDialog(self, **dialogOptions)
+ if dialog.ShowModal() == wx.ID_OK:
+ userProvidedFilename = True
+ self.filepath = dialog.GetPath()
+ (p1,p2) = os.path.split(self.filepath)
+ self.dirname = p1
+ self.filename = p2
+ self.SetTitle() # Update the window title with the new filename
+ else:
+ userProvidedFilename = False
+ dialog.Destroy()
+ return userProvidedFilename
+
+ # Are we dropping a changed file?
+
+ def ConfirmLoss(self,text=None):
+ """
+ Try to drop the current file. If it was changed, try to save
+ (as)
+
+ Returns true after the user seems to be happy either way, false
+ if we need to cancel this.
+ """
+ if self.editor.GetChanged():
+ # File changed, we need to confirm this
+ title = "Unsaved changes"
+ if text:
+ title = "%s - " + title
+ txt = "The protocol file '%s' has been modified.\n\n" % (self.filename)
+ txt = txt + "Do you want to"
+ txt = txt + " save your changes (Yes)"
+ txt = txt + " or"
+ txt = txt + " discard them (No)"
+ txt = txt + "?"
+ dialog = wx.MessageDialog(self,txt,title,wx.YES_NO | wx.CANCEL | wx.ICON_EXCLAMATION)
+ result = dialog.ShowModal()
+ dialog.Destroy()
+ if result == wx.ID_NO:
+ # Drop changes
+ return True
+ elif result == wx.ID_YES:
+ # First save(as)!
+ if self.OnSaveAs(None):
+ # Succeeded, we can continue with the operation
+ return True
+ else:
+ # Save did not succeed
+ return False
+ else:
+ # Assume cancel (wx.ID_CANCEL) otherwise
+ return False
+ else:
+ # File was not changed, so we can just proceed
+ return True
+
+ # Event handlers
+
+ def OnAbout(self, event):
+ dlg = About.AboutScyther(self)
+ dlg.ShowModal()
+ dlg.Destroy()
+
+ def OnExit(self, event):
+ if self.ConfirmLoss("Exit"):
+ self.Close() # Close the main window.
+ return True
+ return False
+
+ def OnSave(self, event):
+ textfile = open(os.path.join(self.dirname, self.filename), 'w')
+ textfile.write(self.editor.GetText())
+ textfile.close()
+ self.editor.SetSaved()
+ return True
+
+ def OnOpen(self, event):
+ if self.ConfirmLoss("Open"):
+ if self.askUserForFilename(style=wx.OPEN,
+ **self.defaultFileDialogOptions()):
+ textfile = open(os.path.join(self.dirname, self.filename), 'r')
+ self.editor.SetText(textfile.read())
+ textfile.close()
+ self.editor.SetOpened()
+ return True
+ return False
+
+ def OnSaveAs(self, event):
+ if self.askUserForFilename(defaultFile=self.filename, style=wx.SAVE,
+ **self.defaultFileDialogOptions()):
+ self.OnSave(event)
+ os.chdir(self.dirname)
+ return True
+ return False
+
+ def RunScyther(self, mode):
+ # Clear errors before verification
+ self.editor.SetErrors(None)
+ # Verify spdl
+ spdl = self.editor.GetText()
+ s = Scytherthread.ScytherRun(self,mode,spdl,self.editor.SetErrors)
+
+ def OnVerify(self, event):
+ self.RunScyther("verify")
+
+ def OnAutoVerify(self, event):
+ self.RunScyther("autoverify")
+
+ def OnCharacterize(self, event):
+ self.RunScyther("characterize")
+
+ def OnCheck(self, event):
+ self.RunScyther("check")
+
+ def firstCommand(self):
+ if self.opts.command:
+ # Trigger a command automatically
+ self.Show(True)
+ self.RunScyther(self.opts.command)
+
+
+#---------------------------------------------------------------------------
+# vim: set ts=4 sw=4 et list lcs=tab\:>-:
diff --git a/Vagrant Files/files/scyther/Gui/Makeimage.py b/Vagrant Files/files/scyther/Gui/Makeimage.py
new file mode 100644
index 0000000000000000000000000000000000000000..220996f53dcfdf06300afe2c41a103b4cd9ee33d
--- /dev/null
+++ b/Vagrant Files/files/scyther/Gui/Makeimage.py
@@ -0,0 +1,180 @@
+#!/usr/bin/python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+
+#---------------------------------------------------------------------------
+
+""" Import externals """
+import wx
+import os
+import sys
+from subprocess import Popen, PIPE
+
+#---------------------------------------------------------------------------
+
+""" Import scyther components """
+from Scyther import Misc as MiscScyther
+from Scyther import FindDot
+
+""" Import scyther-gui components """
+import Temporary
+import Preference
+
+#---------------------------------------------------------------------------
+try:
+ import Image
+except ImportError:
+ pass
+#---------------------------------------------------------------------------
+
+
+def writeGraph(attackthread,txt,fp):
+
+ EDGE = 0
+ NODE = 1
+ DEFAULT = 2
+ ALL = 3
+
+ def graphLine(txt):
+ fp.write("\t%s;\n" % (txt))
+
+ def setAttr(atxt,EdgeNodeDefAll=ALL):
+ if EdgeNodeDefAll == ALL:
+ setAttr(atxt,EDGE)
+ setAttr(atxt,NODE)
+ setAttr(atxt,DEFAULT)
+ else:
+ if EdgeNodeDefAll == EDGE:
+ edge = "edge"
+ elif EdgeNodeDefAll == NODE:
+ edge = "node"
+ else:
+ graphLine("%s" % atxt)
+ return
+ graphLine("%s [%s]" % (edge,atxt))
+
+ if sys.platform.startswith("darwin"):
+ attackthread.fontname = "Helvetica"
+ elif sys.platform.startswith("win"):
+ attackthread.fontname = "Courier"
+ else:
+ #font = wx.Font(9,wx.SWISS,wx.NORMAL,wx.NORMAL)
+ #attackthread.fontname = font.GetFaceName()
+ attackthread.fontname = "\"Helvetica\""
+
+ # write all graph lines but add layout modifiers
+ for l in txt.splitlines():
+ fp.write(l)
+ if l.startswith("digraph"):
+ # Write additional stuff for this graph
+ #
+ # [CC][x] This dpi setting messed up quite a bit
+ #graphLine("dpi=96")
+ graphLine("rankdir=TB")
+ #graphLine("nodesep=0.1")
+ #graphLine("ranksep=0.001")
+ #graphLine("mindist=0.1")
+
+ # Set fontname
+ if attackthread.fontname:
+ fontstring = "fontname=%s" % (attackthread.fontname)
+ setAttr(fontstring)
+
+ # Stupid Mac <> Graphviz bug fix
+ if (sys.platform.startswith("mac")) or (sys.platform.startswith("darwin")):
+ # Note that dot on Mac cannot find the fonts by default,
+ # and we have to set them accordingly.
+ os.environ["DOTFONTPATH"]="~/Library/Fonts:/Library/Fonts:/System/Library/Fonts"
+
+ # Select font size
+ if attackthread.parent and attackthread.parent.mainwin:
+ fontsize = attackthread.parent.mainwin.settings.fontsize
+ setAttr("fontsize=%s" % fontsize)
+ #setAttr("height=\"0.1\"",NODE)
+ #setAttr("width=\"1.0\"",NODE)
+ #setAttr("margin=\"0.3,0.03\"",NODE)
+
+
+def makeImageDot(dotdata,attackthread=None):
+ """ create image for this particular dot data """
+
+ if Preference.usePIL():
+ # If we have the PIL library, we can do postscript! great
+ # stuff.
+ type = "ps"
+ ext = ".ps"
+ else:
+ # Ye olde pnge file
+ type = "png"
+ ext = ".png"
+
+ # Retrieve dot command path
+ dotcommand = FindDot.findDot()
+
+ # command to write to temporary file
+ (fd2,fpname2) = Temporary.tempcleaned(ext)
+ f = os.fdopen(fd2,'w')
+
+ # Set up command
+ cmd = "%s -T%s" % (dotcommand,type)
+
+ # execute command
+ p = Popen(cmd, shell=True, stdin=PIPE, stdout=PIPE)
+
+
+ if attackthread:
+ writeGraph(attackthread,dotdata,p.stdin)
+ else:
+ p.stdin.write(dotdata)
+
+ p.stdin.close()
+
+ for l in p.stdout.read():
+ f.write(l)
+
+ p.stdout.close()
+ f.flush()
+ f.close()
+
+ return (fpname2, type)
+
+
+def makeImage(attack,attackthread=None):
+ """ create image for this particular attack """
+
+ """ This should clearly be a method of 'attack' """
+
+ (name,type) = makeImageDot(attack.scytherDot,attackthread)
+ # if this is done, store and report
+ attack.file = name
+ attack.filetype = type
+
+
+def testImage():
+ """
+ We generate a postscript file from a dot file, and see what happens.
+ """
+
+ dotdata = "digraph X {\nA->B;\n}\n"
+ (filename,filetype) = makeImageDot(dotdata)
+ testimage = Image.open(filename)
+
+#---------------------------------------------------------------------------
+# vim: set ts=4 sw=4 et list lcs=tab\:>-:
diff --git a/Vagrant Files/files/scyther/Gui/Misc.py b/Vagrant Files/files/scyther/Gui/Misc.py
new file mode 100644
index 0000000000000000000000000000000000000000..f255124b901660b5cef3c81de99fd6931092982a
--- /dev/null
+++ b/Vagrant Files/files/scyther/Gui/Misc.py
@@ -0,0 +1,90 @@
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+#
+# Misc.py
+# Various helper functions
+
+#---------------------------------------------------------------------------
+
+""" Import externals """
+import os.path
+from subprocess import Popen,PIPE
+
+#---------------------------------------------------------------------------
+
+def confirm(question):
+ answer = ''
+ while answer not in ('y','n'):
+ print question,
+ answer = raw_input().lower()
+ return answer == 'y'
+
+def exists(func,list):
+ return len(filter(func,list)) > 0
+
+def forall(func,list):
+ return len(filter(func,list)) == len(list)
+
+def uniq(li):
+ result = []
+ for elem in li:
+ if (not elem in result):
+ result.append(elem)
+ return result
+
+# Return a sorted copy of a list
+def sorted(li):
+ result = li[:]
+ result.sort()
+ return result
+
+
+# path
+def mypath(file):
+ """ Construct a file path relative to the scyther-gui main directory
+ """
+ import os, inspect
+
+ # Determine base directory (taking symbolic links into account)
+ cmd_file = os.path.realpath(os.path.abspath(inspect.getfile( inspect.currentframe() )))
+ basedir = os.path.split(cmd_file)[0]
+ return os.path.join(basedir,file)
+
+# commands: push data in, get fp.write out
+def cmdpushwrite(cmd,data,fname):
+ """
+ Feed stdin data to cmd, write the output to a freshly created file
+ 'fname'. The file is flushed and closed at the end.
+ """
+ fp = open(fname,'w')
+ # execute command
+ p = Popen(cmd, shell=True, stdin=PIPE, stdout=PIPE)
+ (cin,cout) = (p.stdin, p.stdout)
+
+ cin.write(data)
+ cin.close()
+ for l in cout.read():
+ fp.write(l)
+ cout.close()
+ fp.flush()
+ fp.close()
+
+#---------------------------------------------------------------------------
+# vim: set ts=4 sw=4 et list lcs=tab\:>-:
diff --git a/Vagrant Files/files/scyther/Gui/Preference.py b/Vagrant Files/files/scyther/Gui/Preference.py
new file mode 100644
index 0000000000000000000000000000000000000000..90db53190cdd49151202d90e6dd9b73ef9e200db
--- /dev/null
+++ b/Vagrant Files/files/scyther/Gui/Preference.py
@@ -0,0 +1,240 @@
+#!/usr/bin/python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+
+"""
+ Preferences window and logic for saving and loading such things.
+ Thus, some default things can be set here.
+
+ init loads stuff
+ save save the settings after some changes
+ set(k,v)
+ get(k)
+
+ Currently used:
+
+ match
+ maxruns
+ scytheroptions
+ bindir where the scyther executables reside
+ splashscreen 0/1
+"""
+
+#---------------------------------------------------------------------------
+
+""" Import externals """
+
+import wx
+import os.path
+import sys
+from time import localtime,strftime
+
+#---------------------------------------------------------------------------
+
+""" Import scyther-gui components """
+import Makeimage
+
+#---------------------------------------------------------------------------
+
+""" Globals """
+# Do we have the Python Imaging library?
+havePIL = True
+testPILOkay = None
+try:
+ import Image
+except ImportError:
+ havePIL = False
+
+""" Locations of preferences. The last one is supposedly writable. """
+prefname = "scythergui-config"
+preflocs = []
+
+#---------------------------------------------------------------------------
+
+def usePIL():
+ """
+ Determine whether or not we should use the PIL library
+ """
+ global havePIL, testPILOkay
+
+ if not havePIL:
+ return False
+
+ # Only if we have it, and it is windows.
+ if not sys.platform.startswith("lin"):
+ return False
+
+ # Seems fine. But did we already test it?
+ if testPILOkay != None:
+ return testPILOkay
+
+ # Test the usage
+ testPILOkay = True
+ testPILOkay = testPIL()
+ return testPILOkay
+
+def doNotUsePIL():
+ """
+ Disable
+ """
+ global havePIL
+
+ havePIL = False
+
+
+def testPIL():
+ """
+ Test whether PIL works as we want it.
+
+ We generate a postscript file from a dot file, and see what happens.
+ """
+
+ # depends on PIL lib
+ okay = True
+ try:
+ Makeimage.testImage()
+ # PIL seems fine
+ except:
+ # PIL broke
+ doNotUsePIL()
+ okay = False
+
+ return okay
+
+
+#---------------------------------------------------------------------------
+
+class Preferences(dict):
+
+ def setDict(self,d):
+ """
+ Copy dict into self.
+ """
+ for x in d.keys():
+ self[x] = d[x]
+
+ def parse(self,line):
+ line = line.strip()
+
+ """ Skip comments """
+ if not line.startswith("#"):
+ split = line.find("=")
+ if split != -1:
+ key = line[:split].strip()
+ data = line[(split+1):]
+ self[key] = data.decode("string_escape")
+ #print "Read %s=%s" % (key,self[key])
+
+ def load(self,file=""):
+ if file == None:
+ self["test1"] = "Dit is met een ' en een \", en dan\nde eerste dinges"
+ self["test2"] = "En dit de tweede"
+ elif file == "":
+ """
+ Test default locations
+ """
+ for f in preflocs:
+ self.load(os.path.join(f,prefname))
+
+ else:
+ """
+ Read this file
+ """
+ if os.path.isfile(file):
+ fp = open(file,"r")
+ for l in fp.readlines():
+ self.parse(l)
+ fp.close()
+
+ def show(self):
+ print "Preferences:"
+ for k in self.keys():
+ print "%s=%s" % (k, self[k])
+
+ def save(self):
+
+ print "Saving preferences"
+ prefpath = preflocs[-1]
+ if not os.access(prefpath,os.W_OK):
+ os.makedirs(prefpath)
+ savename = os.path.join(prefpath,prefname)
+ fp = open(savename,"w")
+
+ fp.write("# Scyther-gui configuration file.\n#\n")
+ date = strftime("%c",localtime())
+ fp.write("# Last written on %s\n" % (date))
+ fp.write("# Do not edit - any changes will be overwritten by Scyther-gui\n\n")
+
+ l = list(self.keys())
+ l.sort()
+ for k in l:
+ fp.write("%s=%s\n" % (k, self[k].encode("string_escape")))
+
+ fp.close()
+
+def init():
+ """
+ Load the preferences from a file, if possible
+ """
+ global prefs,preflocs
+
+ sp = wx.StandardPaths.Get()
+ confdir = sp.GetConfigDir()
+ confdir += "/scyther"
+ #print confdir
+ userconfdir = sp.GetUserConfigDir()
+ userconfdir += "/"
+ if sys.platform.startswith("lin"):
+ userconfdir += "."
+ userconfdir += "scyther"
+ #print userconfdir
+
+ preflocs = [confdir,userconfdir]
+
+ prefs = Preferences()
+ prefs.load("")
+
+
+def get(key,alt=None):
+ global prefs
+
+ if key in prefs.keys():
+ return prefs[key]
+ else:
+ return alt
+
+def getkeys():
+ global prefs
+
+ return prefs.keys()
+
+def set(key,value):
+ global prefs
+
+ prefs[key]=value
+ return
+
+def save():
+ global prefs
+
+ prefs.save()
+
+#---------------------------------------------------------------------------
+# vim: set ts=4 sw=4 et list lcs=tab\:>-:
diff --git a/Vagrant Files/files/scyther/Gui/Scytherthread.py b/Vagrant Files/files/scyther/Gui/Scytherthread.py
new file mode 100644
index 0000000000000000000000000000000000000000..2cd5d1aaa51cbce8fbf1f55e8149363e2dde61a0
--- /dev/null
+++ b/Vagrant Files/files/scyther/Gui/Scytherthread.py
@@ -0,0 +1,543 @@
+#!/usr/bin/python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+
+#---------------------------------------------------------------------------
+
+""" Import externals """
+import wx
+import threading
+
+#---------------------------------------------------------------------------
+
+""" Import scyther components """
+import Scyther.Scyther
+import Scyther.Error
+from Scyther.Misc import *
+
+""" Import scyther-gui components """
+import Preference
+import Attackwindow
+import Icon
+import Error
+import Makeimage
+
+#---------------------------------------------------------------------------
+if Preference.havePIL:
+ import Image
+#---------------------------------------------------------------------------
+
+class ScytherThread(threading.Thread):
+ """
+ Apply Scyther algorithm to input and retrieve results
+ """
+
+ # Override Thread's __init__ method to accept the parameters needed:
+ def __init__ ( self, spdl, options="", callback=None, mode=None ):
+
+ self.spdl = spdl
+ self.options = options
+ self.callback = callback
+ self.mode = mode
+ self.popenList = []
+ threading.Thread.__init__ ( self )
+
+ def storePopen(self,p):
+ self.popenList.append(p)
+
+ def cleanExit(self):
+ # Cleanup of spawned processes
+ for index,p in enumerate(self.popenList):
+ try:
+ p.kill()
+ except:
+ pass
+ self.popenList = []
+
+ def run(self):
+
+ (scyther, claims, summary) = self.claimResults()
+
+ # Results are done (claimstatus can be reported)
+ if self.callback:
+ wx.CallAfter(self.callback, scyther, claims, summary)
+
+ def claimFixViewOne(self,claims):
+ """
+ This is a stupid hack as long as switches.useAttackBuffer in
+ Scyther C code is false. It is currently false because Windows
+ VISTA screwed up the standard C function tmpfile() (It's in a
+ directory to which normal users cannot write...)
+ """
+ # TODO Notice the stupid default setting too ('2') which is
+ # needed here. This really needs cleanup.
+ if int(Preference.get('prune','2')) != 0:
+ if claims:
+ for cl in claims:
+ if len(cl.attacks) > 1:
+ # Fix it such that by default, only the best attack is
+ # shown, unless we are in characterize or check mode
+ # TODO [X] [CC] make switch-dependant.
+ if not self.mode in ["characterize","check"]:
+ cl.attacks = [cl.attacks[-1]]
+ """ Cutting invalidates exactness of attack/behaviour counts """
+ cl.complete = False
+
+ return claims
+
+ def claimResults(self):
+ """ Convert spdl to result (using Scyther)
+ """
+
+ scyther = Scyther.Scyther.Scyther()
+
+ scyther.options = self.options
+ scyther.setInput(self.spdl)
+
+ # verification start
+ try:
+ claims = scyther.verify(storePopen=self.storePopen)
+ except Scyther.Error.ScytherError, el:
+ claims = None
+ pass
+
+ summary = str(scyther)
+
+ claims = self.claimFixViewOne(claims)
+
+ return (scyther, claims, summary)
+
+#---------------------------------------------------------------------------
+
+class AttackThread(threading.Thread):
+
+ """ This is a thread because it computes images from stuff in the
+ background """
+
+ # Override Thread's __init__ method to accept the parameters needed:
+ def __init__ ( self, parent, resultwin, callbackclaim=None,callbackattack=None,callbackdone=None ):
+
+ self.parent = parent
+ self.resultwin = resultwin
+ self.callbackclaim = callbackclaim
+ self.callbackattack = callbackattack
+ self.callbackdone = callbackdone
+ self.totalattacks = 0
+ for cl in self.parent.claims:
+ for attack in cl.attacks:
+ self.totalattacks += 1
+
+ threading.Thread.__init__ ( self )
+
+ def run(self):
+
+ # create the images in the background
+ # when the images of a claim are done, callback is called with
+ # the claim
+ self.makeImages()
+
+ def makeImages(self):
+ """ create images """
+
+ done = 0
+ for cl in self.parent.claims:
+ for attack in cl.attacks:
+ Makeimage.makeImage(attack,self)
+ done += 1
+ if self.callbackattack:
+ wx.CallAfter(self.callbackattack,attack,self.totalattacks,done)
+ if self.callbackclaim:
+ wx.CallAfter(self.callbackclaim,cl)
+ if self.callbackdone:
+ wx.CallAfter(self.callbackdone)
+
+
+#---------------------------------------------------------------------------
+
+class VerificationWindow(wx.Dialog):
+ def __init__(
+ self, parent, title, pos=wx.DefaultPosition, size=wx.DefaultSize,
+ style=wx.DEFAULT_DIALOG_STYLE
+ ):
+
+ wx.Dialog.__init__(self,parent,-1,title,pos,size,style)
+
+ sizer = wx.BoxSizer(wx.VERTICAL)
+
+ label = wx.StaticText(self, -1, "Verifying protocol description")
+ sizer.Add(label, 0, wx.ALIGN_CENTRE|wx.ALL, 5)
+
+ line = wx.StaticLine(self, -1, size=(20,-1), style=wx.LI_HORIZONTAL)
+ sizer.Add(line, 0, wx.GROW|wx.ALIGN_CENTER_VERTICAL|wx.RIGHT|wx.TOP, 5)
+
+ btnsizer = wx.StdDialogButtonSizer()
+
+ btn = wx.Button(self, wx.ID_CANCEL)
+ btnsizer.AddButton(btn)
+ btnsizer.Realize()
+
+ sizer.Add(btnsizer, 0, wx.ALIGN_CENTER_VERTICAL|wx.ALL|wx.ALIGN_CENTER, 5)
+
+ self.SetSizer(sizer)
+ sizer.Fit(self)
+
+ self.Center()
+ self.Show(True)
+
+#---------------------------------------------------------------------------
+
+class ErrorWindow(wx.Dialog):
+ def __init__(
+ self, parent, title, pos=wx.DefaultPosition, size=wx.DefaultSize,
+ style=wx.DEFAULT_DIALOG_STYLE,errors=[]
+ ):
+
+ wx.Dialog.__init__(self,parent,-1,title,pos,size,style)
+
+ sizer = wx.BoxSizer(wx.VERTICAL)
+
+ label = wx.StaticText(self, -1, "Errors")
+ sizer.Add(label, 0, wx.ALIGN_LEFT|wx.ALL, 5)
+
+ line = wx.StaticLine(self, -1, size=(20,-1), style=wx.LI_HORIZONTAL)
+ sizer.Add(line, 0, wx.GROW|wx.ALIGN_CENTER_VERTICAL|wx.RIGHT|wx.TOP, 5)
+
+ etxt = ""
+ prefix = "error: "
+ for er in errors:
+ if er.startswith(prefix):
+ er = er[len(prefix):]
+ etxt = etxt + "%s\n" % (er)
+
+ label = wx.StaticText(self, -1, etxt)
+ sizer.Add(label, 0, wx.ALIGN_LEFT|wx.ALL, 5)
+
+ line = wx.StaticLine(self, -1, size=(20,-1), style=wx.LI_HORIZONTAL)
+ sizer.Add(line, 0, wx.GROW|wx.ALIGN_CENTER_VERTICAL|wx.RIGHT|wx.TOP, 5)
+
+ btnsizer = wx.StdDialogButtonSizer()
+
+ btn = wx.Button(self, wx.ID_OK)
+ btnsizer.AddButton(btn)
+ btnsizer.Realize()
+
+ sizer.Add(btnsizer, 0, wx.ALIGN_CENTER_VERTICAL|wx.ALL|wx.ALIGN_CENTER, 5)
+
+ self.SetSizer(sizer)
+ sizer.Fit(self)
+
+#---------------------------------------------------------------------------
+
+class ResultWindow(wx.Frame):
+
+ """
+ Displays the claims status and contains buttons to show the actual
+ attack graphs
+ """
+
+ def __init__(
+ self, parent, parentwindow, title, pos=wx.DefaultPosition, size=wx.DefaultSize,
+ style=wx.DEFAULT_DIALOG_STYLE
+ ):
+
+ wx.Frame.__init__(self,parentwindow,-1,title,pos,size,style)
+
+ Icon.ScytherIcon(self)
+
+ self.parent = parent
+ self.thread = None
+ self.Bind(wx.EVT_CLOSE, self.onCloseWindow)
+
+ self.CreateStatusBar()
+ self.BuildTable()
+
+ def onViewButton(self,evt):
+ btn = evt.GetEventObject()
+ try:
+ w = Attackwindow.AttackWindow(btn.claim)
+ w.Show(True)
+ except Error.PILError:
+ Error.ShowAndReturn("Problem with PIL imaging library: disabled zooming. Please retry to verify the protocol again.")
+ self.onCloseWindow(None)
+
+ def onCloseWindow(self,evt):
+ """ TODO we should kill self.thread """
+
+ # Clean up
+ self.parent.claims = None
+
+ self.Destroy()
+
+ def BuildTable(self):
+ # Now continue with the normal construction of the dialog
+ # contents
+
+ # For these claims...
+ claims = self.parent.claims
+
+ # set up grid
+ self.grid = grid = wx.GridBagSizer(0,0)
+ #self.grid = grid = wx.GridBagSizer(7,1+len(claims))
+
+ def titlebar(x,title,width=1):
+ txt = wx.StaticText(self,-1,title)
+ font = wx.Font(14,wx.FONTFAMILY_DEFAULT,wx.FONTSTYLE_NORMAL,wx.FONTWEIGHT_BOLD)
+ txt.SetFont(font)
+ grid.Add(txt,(0,x),(1,width),wx.ALL,10)
+
+ titlebar(0,"Claim",4)
+ titlebar(4,"Status",2)
+ titlebar(6,"Comments",1)
+
+ self.lastprot = None
+ self.lastrole = None
+ views = 0
+ for index in range(0,len(claims)):
+ views += self.BuildClaim(grid,claims[index],index+1)
+
+ if views > 0:
+ titlebar(7,"Patterns",1)
+
+ self.SetSizer(grid)
+ self.Fit()
+
+ def BuildClaim(self,grid,cl,ypos):
+ # a support function
+ def addtxt(txt,column):
+ txt = txt.replace("-","_") # Strange fix for wx.StaticText as it cuts off the display.
+ grid.Add(wx.StaticText(self,-1,txt),(ypos,column),(1,1),wx.ALIGN_CENTER_VERTICAL|wx.ALL,10)
+
+ n = len(cl.attacks)
+ xpos = 0
+
+ # protocol, role, label
+ prot = str(cl.protocol)
+ showP = False
+ showR = False
+ if prot != self.lastprot:
+ self.lastprot = prot
+ showP = True
+ showR = True
+ role = str(cl.role)
+ if role != self.lastrole:
+ self.lastrole = role
+ showR = True
+ if showP:
+ addtxt(prot,xpos)
+ if showR:
+ addtxt(role,xpos+1)
+ xpos += 2
+
+ # claim id
+ addtxt(str(cl.id),xpos)
+ xpos += 1
+
+ # claim parameters
+ claimdetails = str(cl.claimtype)
+ if cl.parameter:
+ claimdetails += " %s" % (cl.parameter)
+ # Cut off if very very long
+ if len(claimdetails) > 50:
+ claimdetails = claimdetails[:50] + "..."
+ addtxt(claimdetails + " ",xpos)
+ xpos += 1
+
+ # button for ok/fail
+ if None:
+ # old style buttons (but they looked ugly on windows)
+ tsize = (16,16)
+ if cl.okay:
+ bmp = wx.ArtProvider_GetBitmap(wx.ART_TICK_MARK,wx.ART_CMN_DIALOG,tsize)
+ else:
+ bmp = wx.ArtProvider_GetBitmap(wx.ART_CROSS_MARK,wx.ART_CMN_DIALOG,tsize)
+ if not bmp.Ok():
+ bmp = wx.EmptyBitmap(tsize)
+ bmpfield = wx.StaticBitmap(self,-1,bmp)
+ grid.Add(bmpfield,(ypos,xpos),(1,1),wx.ALIGN_CENTER_VERTICAL|wx.ALL,10)
+ else:
+ # new style text control Ok/Fail
+ rankc = cl.getColour()
+ rankt = cl.getOkay()
+ txt = wx.StaticText(self,-1,rankt)
+ font = wx.Font(11,wx.FONTFAMILY_DEFAULT,wx.FONTSTYLE_NORMAL,wx.FONTWEIGHT_BOLD)
+ txt.SetFont(font)
+ txt.SetForegroundColour(rankc)
+ grid.Add(txt,(ypos,xpos),(1,1),wx.ALL,10)
+ xpos += 1
+
+ # verified?
+ vt = cl.getVerified()
+ if vt:
+ addtxt(vt,xpos)
+ xpos += 1
+
+ # remark something
+ addtxt(cl.getComment(),xpos)
+ xpos += 1
+
+ # add view button (enabled later if needed)
+ if n > 0:
+ cl.button = wx.Button(self,-1,"%i %s" % (n,cl.stateName(n)))
+ cl.button.claim = cl
+ grid.Add(cl.button,(ypos,xpos),(1,1),wx.ALIGN_CENTER_VERTICAL|wx.ALL,5)
+ cl.button.Disable()
+ if n > 0:
+ # Aha, something to show
+ self.Bind(wx.EVT_BUTTON, self.onViewButton,cl.button)
+ else:
+ cl.button = None
+ xpos += 1
+
+ # Return 1 if there is a view possible
+ if n > 0:
+ return 1
+ else:
+ return 0
+
+
+#---------------------------------------------------------------------------
+
+class ScytherRun(object):
+
+ def __init__(self,mainwin,mode,spdl,errorcallback=None):
+
+ self.mainwin = mainwin
+ self.mode = mode
+ self.spdl = spdl
+ self.verified = False
+ self.options = mainwin.settings.ScytherArguments(mode)
+ self.errorcallback=errorcallback
+ self.SThread = None
+
+ self.main()
+
+ def closer(self,ev):
+ # Triggered when the window is closed/verification cancelled
+ t = self.SThread
+ if t != None:
+ self.SThread = None
+ t.cleanExit()
+ try:
+ self.verifywin.Destroy()
+ except:
+ pass
+ self.verifywin = None
+ ev.Skip()
+
+ def main(self):
+ """
+ Start process
+ """
+
+ title = "Running Scyther %s process" % self.mode
+ # start the window and show until something happens
+ # if it terminates, this is a cancel, and should also kill the thread. (what happens to a spawned Scyther in that case?)
+ # if the thread terminames, it should close the window normally, and we end up here as well.
+ #val = self.verifywin.ShowModal()
+ self.verifywin = VerificationWindow(self.mainwin,title)
+
+ # Check sanity of Scyther thing here (as opposed to the thread)
+ # which makes error reporting somewhat easier
+ try:
+ Scyther.Scyther.Check()
+ except Scyther.Error.BinaryError, e:
+ # e.file is the supposed location of the binary
+ text = "Could not find Scyther binary at\n%s" % (e.file)
+ Error.ShowAndExit(text)
+
+ # start the thread
+ self.verifywin.SetCursor(wx.StockCursor(wx.CURSOR_WAIT))
+ self.verifywin.Bind(wx.EVT_CLOSE, self.closer)
+ self.verifywin.Bind(wx.EVT_WINDOW_DESTROY, self.closer)
+ self.verifywin.Bind(wx.EVT_BUTTON, self.closer, id=wx.ID_CANCEL)
+
+ self.SThread = ScytherThread(self.spdl, self.options, self.verificationDone, self.mode)
+ self.SThread.start()
+
+ # after verification, we proceed to the callback below...
+
+ def verificationDone(self, scyther, claims, summary):
+ """
+ This is where we end up after a callback from the thread, stating that verification succeeded.
+ """
+
+ if self.verifywin == None:
+ return
+
+ self.scyther = scyther
+ self.claims = claims
+ self.summary = summary
+
+ self.verified = True
+ self.verifywin.Close()
+
+ # Process the claims
+ if self.scyther.errorcount == 0:
+ self.verificationOkay()
+ else:
+ self.verificationErrors()
+
+ def verificationOkay(self):
+
+ # Great, we verified stuff, progress to the claim report
+ title = "Scyther results : %s" % self.mode
+ self.resultwin = resultwin = ResultWindow(self,self.mainwin,title)
+
+ def attackDone(attack,total,done):
+ if resultwin:
+ txt = "Generating attack graphs (%i of %i done)." % (done,total)
+ resultwin.SetStatusText(txt)
+ #resultwin.Refresh()
+
+ def claimDone(claim):
+ if resultwin:
+ if claim.button and len(claim.attacks) > 0:
+ claim.button.Enable()
+
+ def allDone():
+ if resultwin:
+ resultwin.SetCursor(wx.StockCursor(wx.CURSOR_ARROW))
+ resultwin.SetStatusText("Done.")
+
+ resultwin.Center()
+ resultwin.Show(True)
+ resultwin.SetCursor(wx.StockCursor(wx.CURSOR_ARROWWAIT))
+
+ wx.Yield()
+
+ t = AttackThread(self,resultwin,claimDone,attackDone,allDone)
+ t.start()
+
+ resultwin.thread = t
+
+ def verificationErrors(self):
+ """
+ Verification process generated errors. Show them.
+ """
+
+ if self.errorcallback:
+ self.errorcallback(self.scyther.errors)
+ title = "Scyther errors : %s" % self.mode
+ errorwin = ErrorWindow(self.mainwin,title,errors=self.scyther.errors)
+ errorwin.Center()
+ val = errorwin.ShowModal()
+
+#---------------------------------------------------------------------------
+# vim: set ts=4 sw=4 et list lcs=tab\:>-:
diff --git a/Vagrant Files/files/scyther/Gui/Settingswindow.py b/Vagrant Files/files/scyther/Gui/Settingswindow.py
new file mode 100644
index 0000000000000000000000000000000000000000..5bc5fa96a1f28ae189b80eef982cbb02d9194277
--- /dev/null
+++ b/Vagrant Files/files/scyther/Gui/Settingswindow.py
@@ -0,0 +1,196 @@
+#!/usr/bin/python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+
+#---------------------------------------------------------------------------
+
+""" Import externals """
+import wx
+import sys
+
+#---------------------------------------------------------------------------
+
+""" Import scyther-gui components """
+import Preference
+import Scyther.Claim as Claim
+
+#---------------------------------------------------------------------------
+
+class MyGrid(wx.GridBagSizer):
+
+ def __init__(self,parent):
+ wx.GridBagSizer.__init__(self,hgap=5, vgap=5)
+ self.ypos = 0
+ self.parent = parent
+
+ def stepAdd(self,ctrl,txt):
+ self.Add(txt,(self.ypos,0),flag=wx.ALIGN_LEFT|wx.ALIGN_CENTER_VERTICAL)
+ self.Add(ctrl,(self.ypos,1),flag=wx.ALIGN_LEFT)
+ self.ypos += 1
+
+ def lineAdd(self):
+ return
+ line = wx.StaticLine(self.parent,-1)
+ # Currently it is not expanded, and thus invisible.
+ self.Add(line,pos=(self.ypos,0),span=(1,2),flag=wx.TOP|wx.BOTTOM)
+ self.ypos += 1
+
+ def titleAdd(self,title,firstLine=True):
+ if firstLine:
+ self.lineAdd()
+ self.ypos += 1
+ txt = wx.StaticText(self.parent,-1,title)
+ font = wx.Font(12,wx.FONTFAMILY_DEFAULT,wx.FONTSTYLE_NORMAL,wx.FONTWEIGHT_BOLD)
+ txt.SetFont(font)
+ self.Add(txt,pos=(self.ypos,0),span=(1,2),flag=wx.ALIGN_LEFT)
+ self.ypos += 1
+ self.lineAdd()
+
+#---------------------------------------------------------------------------
+
+class SettingsWindow(wx.Panel):
+
+ def __init__(self,parent,daddy):
+ wx.Panel.__init__(self,parent,-1)
+ self.win = daddy
+
+ # layout the stuff
+ grid = MyGrid(self)
+
+ ### Parameters
+ grid.titleAdd("Verification parameters",False)
+
+ # Bound on the number of runs
+ self.maxruns = int(Preference.get('maxruns','5'))
+ txt = wx.StaticText(self,-1,"Maximum number of runs\n(0 disables bound)")
+ ctrl = wx.SpinCtrl(self, -1, "",style=wx.RIGHT)
+ ctrl.SetRange(0,100)
+ ctrl.SetValue(self.maxruns)
+ self.Bind(wx.EVT_SPINCTRL,self.EvtRuns,ctrl)
+ grid.stepAdd(ctrl,txt)
+
+ # Matchin options
+ self.match = int(Preference.get('match','0'))
+ claimoptions = ['typed matching','find basic type flaws','find all type flaws']
+ r2 = wx.StaticText(self,-1,"Matching type")
+ l2 = self.ch = wx.Choice(self,-1,choices=claimoptions)
+ l2.SetSelection(self.match)
+ self.Bind(wx.EVT_CHOICE,self.EvtMatch,l2)
+ grid.stepAdd(l2,r2)
+
+ ### MISC expert stuff
+ grid.titleAdd("Advanced parameters")
+
+ # Continue after finding the first attack
+ self.prune = int(Preference.get('prune','2'))
+ claimoptions = ['Find all attacks','Find first attack','Find best attack']
+ r8 = wx.StaticText(self,-1,"Search pruning")
+ l8 = self.ch = wx.Choice(self,-1,choices=claimoptions)
+ l8.SetSelection(self.prune)
+ self.Bind(wx.EVT_CHOICE,self.EvtPrune,l8)
+ grid.stepAdd(l8,r8)
+
+ # Bound on the number of patterns
+ self.maxattacks = int(Preference.get('maxattacks','10'))
+ r9 = wx.StaticText(self,-1,"Maximum number of patterns\nper claim")
+ l9 = wx.SpinCtrl(self, -1, "",style=wx.RIGHT)
+ l9.SetRange(0,100)
+ l9.SetValue(self.maxattacks)
+ self.Bind(wx.EVT_SPINCTRL,self.EvtMaxAttacks,l9)
+ grid.stepAdd(l9,r9)
+
+ self.misc = Preference.get('scytheroptions','')
+ r10 = wx.StaticText(self,-1,"Additional backend parameters")
+ l10 = wx.TextCtrl(self,-1,self.misc,size=(200,-1))
+ self.Bind(wx.EVT_TEXT,self.EvtMisc,l10)
+ grid.stepAdd(l10,r10)
+
+ ### Graph output stuff
+ grid.titleAdd("Graph output parameters")
+
+ # Bound on the number of classes/attacks
+ if sys.platform.startswith("lin"):
+ defsize = 14
+ else:
+ defsize = 11
+ self.fontsize = int(Preference.get('fontsize',defsize))
+ txt = wx.StaticText(self,-1,"Attack graph font size\n(in points)")
+ ctrl = wx.SpinCtrl(self, -1, "",style=wx.RIGHT)
+ ctrl.SetRange(6,32)
+ ctrl.SetValue(self.fontsize)
+ self.Bind(wx.EVT_SPINCTRL,self.EvtFontsize,ctrl)
+ grid.stepAdd(ctrl,txt)
+
+ ### Combine
+ grid.lineAdd()
+ self.SetSizer(grid)
+ self.SetAutoLayout(True)
+
+ def EvtMatch(self,evt):
+ self.match = evt.GetInt()
+
+ def EvtRuns(self,evt):
+ self.maxruns = evt.GetInt()
+
+ def EvtFontsize(self,evt):
+ self.fontsize = evt.GetInt()
+
+ def EvtPrune(self,evt):
+ self.prune = evt.GetInt()
+ Preference.set('prune',self.prune)
+
+ def EvtMaxAttacks(self,evt):
+ self.maxattacks = evt.GetInt()
+
+ def EvtMisc(self,evt):
+ self.misc = evt.GetString()
+
+ def ScytherArguments(self,mode):
+ """ Note: constructed strings should have a space at the end to
+ correctly separate the options.
+ """
+
+ tstr = ""
+
+ # Number of runs
+ tstr += "--max-runs=%s " % (str(self.maxruns))
+ # Matching type
+ tstr += "--match=%s " % (str(self.match))
+ # Prune (has to go BEFORE max attacks)
+ tstr += "--prune=%s" % (str(self.prune))
+ # Max attacks/classes
+ if self.maxattacks != 0:
+ tstr += "--max-attacks=%s " % (str(self.maxattacks))
+
+ # Verification type
+ if mode == "check":
+ tstr += "--check "
+ elif mode == "autoverify":
+ tstr += "--auto-claims "
+ elif mode == "characterize":
+ tstr += "--state-space "
+
+ # Anything else?
+ if self.misc != "":
+ tstr += " " + self.misc + " "
+
+ return str(tstr) # turn it into a str (might have been unicode weirdness)
+
+#---------------------------------------------------------------------------
diff --git a/Vagrant Files/files/scyther/Gui/Temporary.py b/Vagrant Files/files/scyther/Gui/Temporary.py
new file mode 100644
index 0000000000000000000000000000000000000000..61c24660cccd0e102bbfe8c6e5ab6e99bf2aaf4c
--- /dev/null
+++ b/Vagrant Files/files/scyther/Gui/Temporary.py
@@ -0,0 +1,64 @@
+#!/usr/bin/python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+
+#---------------------------------------------------------------------------
+
+""" Import externals """
+import os
+import tempfile
+import atexit
+
+#---------------------------------------------------------------------------
+
+""" Local thing (can be done in numerous nicer ways) """
+tempfiles = []
+
+#---------------------------------------------------------------------------
+
+def tempremove(tuple):
+ (fd,fpname) = tuple
+ #os.close(fd)
+ os.remove(fpname)
+
+def cleanupshop():
+ global tempfiles
+
+ for tuple in tempfiles:
+ tempremove(tuple)
+
+def tempcleaned(post=""):
+ global tempfiles
+
+ tuple = tempfile.mkstemp(post,"scyther_")
+ tempfiles.append(tuple)
+ return tuple
+
+def tempcleanearly(tuple):
+ global tempfiles
+
+ tempfiles.remove(tuple)
+ tempremove(tuple)
+
+atexit.register(cleanupshop)
+
+
+#---------------------------------------------------------------------------
+# vim: set ts=4 sw=4 et list lcs=tab\:>-:
diff --git a/Vagrant Files/files/scyther/Gui/Version.py b/Vagrant Files/files/scyther/Gui/Version.py
new file mode 100644
index 0000000000000000000000000000000000000000..d941e4bc6250f0640392ebe13657efc84b5db58d
--- /dev/null
+++ b/Vagrant Files/files/scyther/Gui/Version.py
@@ -0,0 +1 @@
+SCYTHER_GUI_VERSION = "v1.1.3"
diff --git a/Vagrant Files/files/scyther/Gui/__init__.py b/Vagrant Files/files/scyther/Gui/__init__.py
new file mode 100644
index 0000000000000000000000000000000000000000..6995b4393abbd705c22e0f8c76b114dc90728994
--- /dev/null
+++ b/Vagrant Files/files/scyther/Gui/__init__.py
@@ -0,0 +1,19 @@
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
diff --git a/Vagrant Files/files/scyther/INSTALL.md b/Vagrant Files/files/scyther/INSTALL.md
new file mode 100644
index 0000000000000000000000000000000000000000..67f772cc18c8631a32d9a8249a7e018fa842d713
--- /dev/null
+++ b/Vagrant Files/files/scyther/INSTALL.md
@@ -0,0 +1,96 @@
+Installation and usage of the Scyther tool
+==========================================
+
+Download
+--------
+
+Downloads of binary archives of Scyther for all main platforms can be
+found at http://users.ox.ac.uk/~coml0529/scyther/index.html
+
+Requirements
+------------
+
+To be able to use all of Scyther's features, the following three
+dependencies are needed. If you only require the back-end tool (used
+from the command line) then you need only the first.
+
+1. ### The GraphViz library ###
+
+ This library is used by the Scyther tool to draw graphs. It can be
+ freely downloaded from:
+
+ http://www.graphviz.org/
+
+ Download the latest stable release and install it.
+
+
+2. ### Python ###
+
+ Stable releases of the Python interpreter are available from:
+
+ http://www.python.org/download/
+
+ Scyther does not support Python 3. You are therefore recommended to
+ choose the latest production release of Python 2, e.g., Python 2.7.
+
+ * **Mac OS X**
+
+ If the package yields an error when you try to install it,
+ please use the following, in the directory where you downloaded
+ it:
+
+ ```
+ $ sudo installer -pkg graphviz-2.34.0.pkg -target /
+ ```
+
+
+3. ### wxPython libraries ###
+
+ The GUI user interface uses the wxPython libraries.
+
+ http://www.wxpython.org/download.php
+
+ There are many different wxPython packages. You should choose a 32-bit
+ package that matches your Python version (e.g., 2.7). It is
+ recommended to select the unicode version from the stable releases.
+
+ As of writing (May 2013) the following links lead to the appropriate
+ wxPython packages for Python 2.7:
+
+ * **Windows**
+
+ http://downloads.sourceforge.net/wxpython/wxPython2.8-win32-unicode-2.8.12.1-py27.exe
+
+ * **Mac OS X**
+
+ http://downloads.sourceforge.net/wxpython/wxPython2.8-osx-unicode-2.8.12.1-universal-py2.7.dmg
+
+ Note that this package is in an old format and you will probably
+ get a warning "Package is damaged". This can be resolved by:
+
+ ```
+ $ sudo installer -pkg /Volume/.../wxPython2.8-osx-unicode-universal-py2.7.pkg/ -target /
+ ```
+
+ * **Ubuntu/Debian Linux**
+
+ http://wiki.wxpython.org/InstallingOnUbuntuOrDebian
+
+
+Running Scyther
+---------------
+
+Extract the Scyther archive and navigate to the extracted directory.
+
+Start Scyther by executing the file
+
+ scyther-gui.py
+
+in the main directory of the extracted archive.
+
+ * **Mac OS X**
+
+ Right-click the file 'scyther-gui.py' and select "Open with" and
+ then "Python Launcher".
+
+
diff --git a/Vagrant Files/files/scyther/INSTALL.txt b/Vagrant Files/files/scyther/INSTALL.txt
new file mode 100644
index 0000000000000000000000000000000000000000..3662306cdd1be833d6a4401f1e226339766156b1
--- /dev/null
+++ b/Vagrant Files/files/scyther/INSTALL.txt
@@ -0,0 +1,85 @@
+Installation and usage of the Scyther tool
+==========================================
+
+Requirements
+------------
+
+To be able to use Scyther, you need the following three things:
+
+
+1. The GraphViz library.
+
+ This library is used by the Scyther tool to draw graphs. It can be
+ freely downloaded from:
+
+ http://www.graphviz.org/
+
+ Download the latest stable release and install it.
+
+
+
+The graphical user interface of Scyther is written in the Python
+language. Therefore, the GUI requires the following two items:
+
+
+2. Python
+
+ Stable releases of the Python interpreter are available from:
+
+ <a href="http://www.python.org/download/">
+
+ Scyther does not support Python 3. You are therefore recommended to
+ choose the latest production release of Python 2, e.g., Python 2.7.
+
+ Mac OS X:
+ If the package yields an error when you try to install it,
+ please use the following, in the directory where you downloaded
+ it:
+
+ $ sudo installer -pkg graphviz-2.34.0.pkg -target /
+
+
+3. wxPython libraries.
+
+ The GUI user interface uses the wxPython libraries.
+
+ <a href="http://www.wxpython.org/download.php">
+
+ There are many different wxPython packages. You should choose a 32-bit
+ package that matches your Python version (e.g., 2.7). It is
+ recommended to select the unicode version from the stable releases.
+
+ As of writing (May 2013) the following links lead to the appropriate
+ wxPython packages for Python 2.7:
+
+ Windows:
+ <a href="http://downloads.sourceforge.net/wxpython/wxPython2.8-win32-unicode-2.8.12.1-py27.exe">
+
+ Mac OS X:
+ <a href="http://downloads.sourceforge.net/wxpython/wxPython2.8-osx-unicode-2.8.12.1-universal-py2.7.dmg">
+
+ Note that this package is in an old format and you will probably
+ get a warning "Package is damaged". This can be resolved by:
+
+ $ sudo installer -pkg /Volume/.../wxPython2.8-osx-unicode-universal-py2.7.pkg/ -target /
+
+ Ubuntu/Debian Linux:
+ <a href="http://wiki.wxpython.org/InstallingOnUbuntuOrDebian">
+
+
+Running Scyther
+---------------
+
+
+Start Scyther by executing the file
+
+ scyther-gui.py
+
+in the directory where you found this file.
+
+ Mac OS X:
+
+ Right-click the file 'scyther-gui.py' and select "Open with" and
+ then "Python Launcher".
+
+
diff --git a/Vagrant Files/files/scyther/Images/scyther-gui-16.ico b/Vagrant Files/files/scyther/Images/scyther-gui-16.ico
new file mode 100644
index 0000000000000000000000000000000000000000..a92d8228d89417af4cfb8dfc4081c8df0e3a8e73
Binary files /dev/null and b/Vagrant Files/files/scyther/Images/scyther-gui-16.ico differ
diff --git a/Vagrant Files/files/scyther/Images/scyther-gui-32.ico b/Vagrant Files/files/scyther/Images/scyther-gui-32.ico
new file mode 100644
index 0000000000000000000000000000000000000000..b87d7f95499453981808d80573fadbe935c143f7
Binary files /dev/null and b/Vagrant Files/files/scyther/Images/scyther-gui-32.ico differ
diff --git a/Vagrant Files/files/scyther/Images/scyther-gui-64.ico b/Vagrant Files/files/scyther/Images/scyther-gui-64.ico
new file mode 100644
index 0000000000000000000000000000000000000000..2fb682f62d1421d03c3963a78039c7c9519fb730
Binary files /dev/null and b/Vagrant Files/files/scyther/Images/scyther-gui-64.ico differ
diff --git a/Vagrant Files/files/scyther/Images/scyther-icon.svg b/Vagrant Files/files/scyther/Images/scyther-icon.svg
new file mode 100644
index 0000000000000000000000000000000000000000..7586c82e5089e1a42a79a569fc4256f77b0f034c
--- /dev/null
+++ b/Vagrant Files/files/scyther/Images/scyther-icon.svg
@@ -0,0 +1,222 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://web.resource.org/cc/"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:sodipodi="http://inkscape.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ width="841.88977pt"
+ height="595.27557pt"
+ id="svg2"
+ sodipodi:version="0.32"
+ inkscape:version="0.43"
+ version="1.0"
+ sodipodi:docbase="/home/cas/bzr/scyther-gui/images"
+ sodipodi:docname="scyther-icon.svg"
+ inkscape:export-filename="/home/cas/svn/scyther/Design download page Scyther/scyther-icon16.png"
+ inkscape:export-xdpi="1.6494846"
+ inkscape:export-ydpi="1.6494846">
+ <defs
+ id="defs4">
+ <linearGradient
+ id="linearGradient11078">
+ <stop
+ id="stop11080"
+ offset="0"
+ style="stop-color:#000000;stop-opacity:0.57731956;" />
+ <stop
+ style="stop-color:#000000;stop-opacity:0;"
+ offset="0.209216"
+ id="stop11084" />
+ <stop
+ id="stop11086"
+ offset="0.65205503"
+ style="stop-color:#000000;stop-opacity:0.2371134;" />
+ <stop
+ id="stop11082"
+ offset="1"
+ style="stop-color:#000000;stop-opacity:0.67010307;" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient11052">
+ <stop
+ id="stop11054"
+ offset="0"
+ style="stop-color:#000000;stop-opacity:1;" />
+ <stop
+ style="stop-color:#276816;stop-opacity:1;"
+ offset="0.25145975"
+ id="stop11060" />
+ <stop
+ id="stop11066"
+ offset="0.57149941"
+ style="stop-color:#000000;stop-opacity:1;" />
+ <stop
+ id="stop11062"
+ offset="0.57149941"
+ style="stop-color:#010400;stop-opacity:1;" />
+ <stop
+ style="stop-color:#002583;stop-opacity:1;"
+ offset="0.8028897"
+ id="stop11064" />
+ <stop
+ id="stop11056"
+ offset="1"
+ style="stop-color:#000000;stop-opacity:1;" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient11044">
+ <stop
+ style="stop-color:#000000;stop-opacity:1;"
+ offset="0"
+ id="stop11046" />
+ <stop
+ style="stop-color:#000000;stop-opacity:0;"
+ offset="1"
+ id="stop11048" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient7532">
+ <stop
+ id="stop7534"
+ offset="0"
+ style="stop-color:#9e9e9e;stop-opacity:1;" />
+ <stop
+ id="stop7536"
+ offset="1"
+ style="stop-color:#9e9e9e;stop-opacity:0;" />
+ </linearGradient>
+ <linearGradient
+ inkscape:collect="always"
+ xlink:href="#linearGradient11052"
+ id="linearGradient5737"
+ x1="521.7384"
+ y1="589.8822"
+ x2="521.7384"
+ y2="174.88217"
+ gradientUnits="userSpaceOnUse" />
+ <linearGradient
+ inkscape:collect="always"
+ xlink:href="#linearGradient11044"
+ id="linearGradient8364"
+ gradientUnits="userSpaceOnUse"
+ x1="323.7384"
+ y1="278.88214"
+ x2="477.7384"
+ y2="322.88214" />
+ </defs>
+ <sodipodi:namedview
+ id="base"
+ pagecolor="#ffffff"
+ bordercolor="#666666"
+ borderopacity="1.0"
+ inkscape:pageopacity="0.0"
+ inkscape:pageshadow="2"
+ inkscape:zoom="1"
+ inkscape:cx="526.18109"
+ inkscape:cy="372.04724"
+ inkscape:document-units="px"
+ inkscape:current-layer="layer1"
+ showguides="true"
+ inkscape:guide-bbox="true"
+ inkscape:window-width="1280"
+ inkscape:window-height="953"
+ inkscape:window-x="0"
+ inkscape:window-y="0">
+ <sodipodi:guide
+ orientation="horizontal"
+ position="296.88141"
+ id="guide1366" />
+ <sodipodi:guide
+ orientation="horizontal"
+ position="571.88122"
+ id="guide8421" />
+ <sodipodi:guide
+ orientation="vertical"
+ position="206.87725"
+ id="guide8423" />
+ </sodipodi:namedview>
+ <metadata
+ id="metadata7">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <g
+ inkscape:label="Black base"
+ inkscape:groupmode="layer"
+ id="layer1"
+ style="display:inline"
+ sodipodi:insensitive="true">
+ <rect
+ style="opacity:1;fill:url(#linearGradient5737);fill-opacity:1;stroke:#000000;stroke-width:6.73799992;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="rect7546"
+ width="323.44028"
+ height="320.51846"
+ x="194.92915"
+ y="162.62292" />
+ </g>
+ <g
+ inkscape:groupmode="layer"
+ id="layer9"
+ inkscape:label="inner fade"
+ sodipodi:insensitive="true"
+ style="display:inline">
+ <rect
+ style="opacity:1;fill:url(#linearGradient8364);fill-opacity:1;stroke:#000000;stroke-width:6.73799992;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;display:inline"
+ id="rect7489"
+ width="323.44028"
+ height="320.51846"
+ x="194.92915"
+ y="162.62292" />
+ </g>
+ <g
+ inkscape:groupmode="layer"
+ id="layer7"
+ inkscape:label="blacker fades"
+ style="display:inline"
+ sodipodi:insensitive="true" />
+ <g
+ inkscape:groupmode="layer"
+ id="layer4"
+ inkscape:label="white inner"
+ style="display:inline">
+ <path
+ style="font-size:48px;font-style:oblique;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:15.39999962;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:8.60000038;stroke-dasharray:none;stroke-opacity:1;display:inline;font-family:Luxi Serif"
+ d="M 439.625,186.5625 L 228.875,186.96875 L 229,447.625 L 298.46875,447.0625 C 330.87282,446.92031 358.52897,437.28122 380.09375,420.40625 C 401.65809,403.53126 412.43728,382.80494 412.4375,358.21875 C 412.43728,345.47874 408.75517,334.539 401.375,325.375 C 394.57101,316.65817 381.16868,305.92772 361.21875,293.1875 L 346,283.46875 C 335.8349,277.00229 328.44922,270.61422 323.78125,264.34375 C 307.04223,258.53812 294.42062,259.0563 268.875,259.90625 C 278.05518,239.8488 296.11407,242.38722 300.21875,237.3125 C 304.95019,231.46292 305.43096,234.13065 309.84375,229.25 C 321.81701,216.0073 334.34348,209.33336 346.96875,206.0625 C 353.47544,203.07236 360.58299,201.56871 368.3125,201.65625 C 397.62337,201.98826 427.75001,225.34375 427.75,225.34375 L 439.625,186.5625 z "
+ id="path7544"
+ sodipodi:nodetypes="ccccsscccccsscscc" />
+ </g>
+ <g
+ inkscape:groupmode="layer"
+ id="layer8"
+ inkscape:label="upper white"
+ style="display:inline">
+ <path
+ style="font-size:48px;font-style:oblique;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;opacity:1;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:8.89999962;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:8.60000038;stroke-dasharray:none;stroke-opacity:1;display:inline;font-family:Luxi Serif"
+ d="M 439.625,186.5625 L 228.875,186.96875 L 229,447.625 L 298.46875,447.0625 C 330.87282,446.92031 358.52897,437.28122 380.09375,420.40625 C 401.65809,403.53126 412.43728,382.80494 412.4375,358.21875 C 412.43728,345.47874 408.75517,334.539 401.375,325.375 C 394.57101,316.65817 381.16868,305.92772 361.21875,293.1875 L 346,283.46875 C 335.8349,277.00229 328.44922,270.61422 323.78125,264.34375 C 307.04223,258.53812 294.42062,259.0563 268.875,259.90625 C 278.05518,239.8488 296.11407,242.38722 300.21875,237.3125 C 304.95019,231.46292 305.43096,234.13065 309.84375,229.25 C 321.81701,216.0073 334.34348,209.33336 346.96875,206.0625 C 353.47544,203.07236 360.58299,201.56871 368.3125,201.65625 C 397.62337,201.98826 427.75001,225.34375 427.75,225.34375 L 439.625,186.5625 z "
+ id="path6613"
+ sodipodi:nodetypes="ccccsscccccsscscc" />
+ </g>
+ <g
+ inkscape:groupmode="layer"
+ id="layer5"
+ inkscape:label="beak"
+ style="display:inline"
+ sodipodi:insensitive="true" />
+ <g
+ inkscape:groupmode="layer"
+ id="layer3"
+ inkscape:label="cyther"
+ style="display:inline"
+ sodipodi:insensitive="true" />
+</svg>
diff --git a/Vagrant Files/files/scyther/Images/scyther-splash.png b/Vagrant Files/files/scyther/Images/scyther-splash.png
new file mode 100644
index 0000000000000000000000000000000000000000..818997cab57b178f6dd05bd9cf694486ab5f7ada
Binary files /dev/null and b/Vagrant Files/files/scyther/Images/scyther-splash.png differ
diff --git a/Vagrant Files/files/scyther/Protocols/Demo/ns3.spdl b/Vagrant Files/files/scyther/Protocols/Demo/ns3.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..c9235c512a0507ff53b2f98e2215d90166b12a92
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/Demo/ns3.spdl
@@ -0,0 +1,41 @@
+/*
+ * Needham-Schroeder protocol
+ */
+
+// The protocol description
+
+protocol ns3(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+
+ send_1(I,R, {I,ni}pk(R) );
+ recv_2(R,I, {ni,nr}pk(I) );
+ send_3(I,R, {nr}pk(R) );
+
+ claim_i1(I,Secret,ni);
+ claim_i2(I,Secret,nr);
+ claim_i3(I,Niagree);
+ claim_i4(I,Nisynch);
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+
+ recv_1(I,R, {I,ni}pk(R) );
+ send_2(R,I, {ni,nr}pk(I) );
+ recv_3(I,R, {nr}pk(R) );
+
+ claim_r1(R,Secret,ni);
+ claim_r2(R,Secret,nr);
+ claim_r3(R,Niagree);
+ claim_r4(R,Nisynch);
+ }
+}
+
+
+
diff --git a/Vagrant Files/files/scyther/Protocols/Demo/nsl3-broken.spdl b/Vagrant Files/files/scyther/Protocols/Demo/nsl3-broken.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..c635f916f595e1499e7acc617dd26559297b7115
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/Demo/nsl3-broken.spdl
@@ -0,0 +1,40 @@
+/*
+ * Needham-Schroeder-Lowe protocol,
+ * broken version (wrong role name in first message)
+ */
+
+// The protocol description
+
+protocol nsl3-broken(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+
+ send_1(I,R, {R,ni}pk(R) );
+ recv_2(R,I, {ni,nr,R}pk(I) );
+ send_3(I,R, {nr}pk(R) );
+
+ claim_i1(I,Secret,ni);
+ claim_i2(I,Secret,nr);
+ claim_i3(I,Niagree);
+ claim_i4(I,Nisynch);
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+
+ recv_1(I,R, {R,ni}pk(R) );
+ send_2(R,I, {ni,nr,R}pk(I) );
+ recv_3(I,R, {nr}pk(R) );
+
+ claim_r1(R,Secret,ni);
+ claim_r2(R,Secret,nr);
+ claim_r3(R,Niagree);
+ claim_r4(R,Nisynch);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/Demo/nsl3-updated-both.spdl b/Vagrant Files/files/scyther/Protocols/Demo/nsl3-updated-both.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..076166e9ca08f5a37ac872f78777e49f730c4424
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/Demo/nsl3-updated-both.spdl
@@ -0,0 +1,78 @@
+/*
+ * Needham-Schroeder-Lowe protocol,
+ * broken version (wrong role name in first message)
+ */
+
+// The protocol description
+
+protocol nsl3-broken(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+
+ send_1(I,R, {R,ni}pk(R) );
+ recv_2(R,I, {ni,nr,R}pk(I) );
+ send_3(I,R, {nr}pk(R) );
+
+ claim_i1(I,Secret,ni);
+ claim_i2(I,Secret,nr);
+ claim_i3(I,Niagree);
+ claim_i4(I,Nisynch);
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+
+ recv_1(I,R, {R,ni}pk(R) );
+ send_2(R,I, {ni,nr,R}pk(I) );
+ recv_3(I,R, {nr}pk(R) );
+
+ claim_r1(R,Secret,ni);
+ claim_r2(R,Secret,nr);
+ claim_r3(R,Niagree);
+ claim_r4(R,Nisynch);
+ }
+}
+
+/*
+ * Needham-Schroeder-Lowe protocol
+ */
+
+// The protocol description
+
+protocol nsl3(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+
+ send_1(I,R, {I,ni}pk(R) );
+ recv_2(R,I, {ni,nr,R}pk(I) );
+ send_3(I,R, {nr}pk(R) );
+
+ claim_i1(I,Secret,ni);
+ claim_i2(I,Secret,nr);
+ claim_i3(I,Niagree);
+ claim_i4(I,Nisynch);
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+
+ recv_1(I,R, {I,ni}pk(R) );
+ send_2(R,I, {ni,nr,R}pk(I) );
+ recv_3(I,R, {nr}pk(R) );
+
+ claim_r1(R,Secret,ni);
+ claim_r2(R,Secret,nr);
+ claim_r3(R,Niagree);
+ claim_r4(R,Nisynch);
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/Demo/nsl3.spdl b/Vagrant Files/files/scyther/Protocols/Demo/nsl3.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..ebf9031157eca52d3a5bbc72af6f330b30df088d
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/Demo/nsl3.spdl
@@ -0,0 +1,38 @@
+/*
+ * Needham-Schroeder-Lowe protocol
+ */
+
+// The protocol description
+
+protocol nsl3(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+
+ send_1(I,R, {I,ni}pk(R) );
+ recv_2(R,I, {ni,nr,R}pk(I) );
+ send_3(I,R, {nr}pk(R) );
+
+ claim_i1(I,Secret,ni);
+ claim_i2(I,Secret,nr);
+ claim_i3(I,Niagree);
+ claim_i4(I,Nisynch);
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+
+ recv_1(I,R, {I,ni}pk(R) );
+ send_2(R,I, {ni,nr,R}pk(I) );
+ recv_3(I,R, {nr}pk(R) );
+
+ claim_r1(R,Secret,ni);
+ claim_r2(R,Secret,nr);
+ claim_r3(R,Niagree);
+ claim_r4(R,Nisynch);
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IEEE-WIMAX/pkmv2rsa.spdl b/Vagrant Files/files/scyther/Protocols/IEEE-WIMAX/pkmv2rsa.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..73133a7f00fdf1377861d1a55bdf3bf87b27dd0f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IEEE-WIMAX/pkmv2rsa.spdl
@@ -0,0 +1,46 @@
+/*
+ * PKMv2-RSA
+ *
+ * Initial model by: Sjouke Mauw, Sasa Radomirovic (2007)
+ * Model changes: Cas Cremers (Nov 2012)
+ *
+ * Analysed in: "A framework for compositional verification of security protocols"
+ * With S. Andova, K. Gjosteen, S. Mauw, S. Mjolsnes, and S. Radomirovic.
+ * Information and Computation, Special issue on Computer Security:
+ * Foundations and Automated Reasoning, Volume 206, Issues 2-4, pp. 425-459,
+ * Elsevier, 2008.
+ */
+
+// The protocol description
+
+protocol pkmv2rsa(MS,BS)
+{
+ role MS
+ {
+ fresh msrand, said: Nonce;
+ var prepak, bsrand: Nonce;
+
+ send_rsa1(MS,BS, {msrand, said, MS}sk(MS) );
+ recv_rsa2(BS,MS, {msrand, bsrand,{prepak,MS}pk(MS),BS}sk(BS) );
+ send_rsa3(MS,BS, {bsrand}sk(MS) );
+
+ claim_rsai3(MS,Niagree);
+ claim_rsai4(MS,Nisynch);
+ claim_rsai5(MS,SKR,prepak);
+ }
+
+ role BS
+ {
+ var msrand, said: Nonce;
+ fresh prepak, bsrand: Nonce;
+
+ recv_rsa1(MS,BS, {msrand, said, MS}sk(MS) );
+ send_rsa2(BS,MS, {msrand, bsrand,{prepak,MS}pk(MS),BS}sk(BS) );
+ recv_rsa3(MS,BS, {bsrand}sk(MS) );
+
+ claim_rsar3(BS,Niagree);
+ claim_rsar4(BS,Nisynch);
+ claim_rsar5(BS,SKR,prepak);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/IEEE-WIMAX/pkmv2rsacorrected.spdl b/Vagrant Files/files/scyther/Protocols/IEEE-WIMAX/pkmv2rsacorrected.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..4bd52056efc8fd08202eaa37d4b81401054dcf33
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IEEE-WIMAX/pkmv2rsacorrected.spdl
@@ -0,0 +1,46 @@
+/*
+ * PKMv2-RSA
+ *
+ * Initial model by: Sjouke Mauw, Sasa Radomirovic (2007)
+ * Model changes: Cas Cremers (Nov 2012)
+ *
+ * Analysed in: "A framework for compositional verification of security protocols"
+ * With S. Andova, K. Gjosteen, S. Mauw, S. Mjolsnes, and S. Radomirovic.
+ * Information and Computation, Special issue on Computer Security:
+ * Foundations and Automated Reasoning, Volume 206, Issues 2-4, pp. 425-459,
+ * Elsevier, 2008.
+ */
+
+// The protocol description
+
+protocol pkmv2rsa(MS,BS)
+{
+ role MS
+ {
+ fresh msrand, said: Nonce;
+ var prepak, bsrand: Nonce;
+
+ send_rsa1(MS,BS, {msrand, said, MS}sk(MS) );
+ recv_rsa2(BS,MS, {msrand, bsrand,{prepak,MS}pk(MS),BS}sk(BS) );
+ send_rsa3(MS,BS, {bsrand,BS}sk(MS) );
+
+ claim_rsai3(MS,Niagree);
+ claim_rsai4(MS,Nisynch);
+ claim_rsai5(MS,SKR,prepak);
+ }
+
+ role BS
+ {
+ var msrand, said: Nonce;
+ fresh prepak, bsrand: Nonce;
+
+ recv_rsa1(MS,BS, {msrand, said, MS}sk(MS) );
+ send_rsa2(BS,MS, {msrand, bsrand,{prepak,MS}pk(MS),BS}sk(BS) );
+ recv_rsa3(MS,BS, {bsrand,BS}sk(MS) );
+
+ claim_rsar3(BS,Niagree);
+ claim_rsar4(BS,Nisynch);
+ claim_rsar5(BS,SKR,prepak);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/IEEE-WIMAX/pkmv2satek.spdl b/Vagrant Files/files/scyther/Protocols/IEEE-WIMAX/pkmv2satek.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..b166a1b85195d4237b273a468307fdd766da5734
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IEEE-WIMAX/pkmv2satek.spdl
@@ -0,0 +1,63 @@
+/*
+ * PKMv2-SA-TEK
+ *
+ * Initial model by: Sjouke Mauw, Sasa Radomirovic (2007)
+ * Model changes: Cas Cremers (Nov 2012)
+ *
+ * Analysed in: "A framework for compositional verification of security protocols"
+ * With S. Andova, K. Gjosteen, S. Mauw, S. Mjolsnes, and S. Radomirovic.
+ * Information and Computation, Special issue on Computer Security:
+ * Foundations and Automated Reasoning, Volume 206, Issues 2-4, pp. 425-459,
+ * Elsevier, 2008.
+ */
+
+// Setup
+
+hashfunction hash;
+hashfunction prepak;
+const akid;
+const u,d;
+
+// The protocol description
+
+protocol pkmv2satek(MS,BS)
+{
+ role MS
+ {
+ fresh msrand': Nonce;
+ var bsrand', tek0, tek1: Nonce;
+
+ recv_satek1(BS,MS, bsrand',akid,
+ hash(d,prepak(MS,BS),BS,MS,bsrand',akid) );
+ send_satek2(MS,BS, msrand',bsrand',akid,
+ hash(u,prepak(MS,BS),BS,MS,msrand',bsrand',akid) );
+ recv_satek3(BS,MS,
+ msrand',bsrand',akid,{tek0,tek1}hash(prepak(MS,BS)),
+ hash(d,prepak(MS,BS),msrand',bsrand',akid,{tek0,tek1}hash(prepak(MS,BS))));
+
+ claim_rsai3(MS,Niagree);
+ claim_rsai4(MS,Nisynch);
+ claim_rsai6(MS,SKR,tek0);
+ claim_rsai7(MS,SKR,tek1);
+ }
+
+ role BS
+ {
+ var msrand': Nonce;
+ fresh bsrand', tek0, tek1: Nonce;
+
+ send_satek1(BS,MS, bsrand',akid,
+ hash(d,prepak(MS,BS),BS,MS,bsrand',akid) );
+ recv_satek2(MS,BS, msrand',bsrand',akid,
+ hash(u,prepak(MS,BS),BS,MS,msrand',bsrand',akid) );
+ send_satek3(BS,MS,
+ msrand',bsrand',akid,{tek0,tek1}hash(prepak(MS,BS)),
+ hash(d,prepak(MS,BS),msrand',bsrand',akid,{tek0,tek1}hash(prepak(MS,BS))));
+
+ claim_rsar3(BS,Niagree);
+ claim_rsar4(BS,Nisynch);
+ claim_rsar6(BS,SKR,tek0);
+ claim_rsar7(BS,SKR,tek1);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/IEEE-WIMAX/pqr.spdl b/Vagrant Files/files/scyther/Protocols/IEEE-WIMAX/pqr.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..731d369bd5a9ae45badb52418c887904246b3d91
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IEEE-WIMAX/pqr.spdl
@@ -0,0 +1,84 @@
+/*
+ * PKMv2-RSA
+ *
+ * Initial model by: Sjouke Mauw, Sasa Radomirovic (2007)
+ * Model changes: Cas Cremers (Nov 2012)
+ *
+ * Analysed in: "A framework for compositional verification of security protocols"
+ * With S. Andova, K. Gjosteen, S. Mauw, S. Mjolsnes, and S. Radomirovic.
+ * Information and Computation, Special issue on Computer Security:
+ * Foundations and Automated Reasoning, Volume 206, Issues 2-4, pp. 425-459,
+ * Elsevier, 2008.
+ */
+
+// Setup
+
+hashfunction hash;
+hashfunction prepak;
+const akid;
+const u,d;
+
+// The protocol description
+
+protocol rsaplussatek(MS,BS)
+
+{
+ role MS
+ {
+ fresh msrand, msrand', said, c: Nonce;
+ var prepak, bsrand, bsrand', tek0, tek1, tek2, tek3: Nonce;
+
+ send_rsa1(MS,BS, {msrand, said, MS}sk(MS) );
+ recv_rsa2(BS,MS, {msrand, bsrand,{prepak,MS}pk(MS),BS}sk(BS) );
+ send_rsa3(MS,BS, {bsrand, BS}sk(MS) );
+
+ recv_satek1(BS,MS, bsrand',akid,
+ hash(d,prepak,BS,MS,bsrand',akid) );
+ send_satek2(MS,BS, msrand',bsrand',akid,
+ hash(u,prepak,BS,MS,msrand',bsrand',akid) );
+ recv_satek3(BS,MS,
+ msrand',bsrand',akid,{tek0,tek1}hash(prepak),
+ hash(d,prepak,msrand',bsrand',akid,{tek0,tek1}hash(prepak)));
+
+ send_tekup1(MS,BS,{c}hash(prepak));
+ recv_tekup2(BS,MS,{c,tek2,tek3}hash(prepak));
+
+ claim_rsai3(MS,Niagree);
+ claim_rsai4(MS,Nisynch);
+ claim_rsai5(MS,SKR,prepak);
+ claim_rsai6(MS,SKR,tek0);
+ claim_rsai7(MS,SKR,tek1);
+ claim_rsar8(MS,SKR,tek2);
+ claim_rsar9(MS,SKR,tek3);
+ }
+
+ role BS
+ {
+ var msrand, msrand', said, c: Nonce;
+ fresh prepak, bsrand, bsrand', tek0, tek1, tek2, tek3: Nonce;
+
+ recv_rsa1(MS,BS, {msrand, said, MS}sk(MS) );
+ send_rsa2(BS,MS, {msrand, bsrand,{prepak,MS}pk(MS),BS}sk(BS) );
+ recv_rsa3(MS,BS, {bsrand, BS}sk(MS) );
+
+ send_satek1(BS,MS, bsrand',akid,
+ hash(d,prepak,BS,MS,bsrand',akid) );
+ recv_satek2(MS,BS, msrand',bsrand',akid,
+ hash(u,prepak,BS,MS,msrand',bsrand',akid) );
+ send_satek3(BS,MS,
+ msrand',bsrand',akid,{tek0,tek1}hash(prepak),
+ hash(d,prepak,msrand',bsrand',akid,{tek0,tek1}hash(prepak)));
+
+ recv_tekup1(MS,BS,{c}hash(prepak));
+ send_tekup2(BS,MS,{c,tek2,tek3}hash(prepak));
+
+ claim_rsar3(BS,Niagree);
+ claim_rsar4(BS,Nisynch);
+ claim_rsar5(BS,SKR,prepak);
+ claim_rsar6(BS,SKR,tek0);
+ claim_rsar7(BS,SKR,tek1);
+ claim_rsar8(BS,SKR,tek2);
+ claim_rsar9(BS,SKR,tek3);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/IEEE-WIMAX/rsaplussatek.spdl b/Vagrant Files/files/scyther/Protocols/IEEE-WIMAX/rsaplussatek.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..eb15dde02dd57add4aa6c3fcb54fb80422335fe6
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IEEE-WIMAX/rsaplussatek.spdl
@@ -0,0 +1,74 @@
+/*
+ * PKMv2-RSA
+ *
+ * Initial model by: Sjouke Mauw, Sasa Radomirovic (2007)
+ * Model changes: Cas Cremers (Nov 2012)
+ *
+ * Analysed in: "A framework for compositional verification of security protocols"
+ * With S. Andova, K. Gjosteen, S. Mauw, S. Mjolsnes, and S. Radomirovic.
+ * Information and Computation, Special issue on Computer Security:
+ * Foundations and Automated Reasoning, Volume 206, Issues 2-4, pp. 425-459,
+ * Elsevier, 2008.
+ */
+
+// Setup
+
+hashfunction hash;
+hashfunction prepak;
+const akid;
+const u,d;
+
+// The protocol description
+
+protocol rsaplussatek(MS,BS)
+
+{
+ role MS
+ {
+ fresh msrand, msrand', said: Nonce;
+ var prepak, bsrand, bsrand', tek0, tek1: Nonce;
+
+ send_rsa1(MS,BS, {msrand, said, MS}sk(MS) );
+ recv_rsa2(BS,MS, {msrand, bsrand,{prepak,MS}pk(MS),BS}sk(BS) );
+ send_rsa3(MS,BS, {bsrand}sk(MS) );
+
+ recv_satek1(BS,MS, bsrand',akid,
+ hash(d,prepak,BS,MS,bsrand',akid) );
+ send_satek2(MS,BS, msrand',bsrand',akid,
+ hash(u,prepak,BS,MS,msrand',bsrand',akid) );
+ recv_satek3(BS,MS,
+ msrand',bsrand',akid,{tek0,tek1}hash(prepak),
+ hash(d,prepak,msrand',bsrand',akid,{tek0,tek1}hash(prepak)));
+
+ claim_rsai3(MS,Niagree);
+ claim_rsai4(MS,Nisynch);
+// claim_rsai5(MS,SKR,prepak);
+// claim_rsai6(MS,SKR,tek0);
+// claim_rsai7(MS,SKR,tek1);
+ }
+
+ role BS
+ {
+ var msrand, msrand', said: Nonce;
+ fresh prepak, bsrand, bsrand', tek0, tek1: Nonce;
+
+ recv_rsa1(MS,BS, {msrand, said, MS}sk(MS) );
+ send_rsa2(BS,MS, {msrand, bsrand,{prepak,MS}pk(MS),BS}sk(BS) );
+ recv_rsa3(MS,BS, {bsrand}sk(MS) );
+
+ send_satek1(BS,MS, bsrand',akid,
+ hash(d,prepak,BS,MS,bsrand',akid) );
+ recv_satek2(MS,BS, msrand',bsrand',akid,
+ hash(u,prepak,BS,MS,msrand',bsrand',akid) );
+ send_satek3(BS,MS,
+ msrand',bsrand',akid,{tek0,tek1}hash(prepak),
+ hash(d,prepak,msrand',bsrand',akid,{tek0,tek1}hash(prepak)));
+
+ claim_rsar3(BS,Niagree);
+ claim_rsar4(BS,Nisynch);
+// claim_rsar5(BS,SKR,prepak);
+// claim_rsar6(BS,SKR,tek0);
+// claim_rsar7(BS,SKR,tek1);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/IEEE-WIMAX/rsaplussatekcorrected.spdl b/Vagrant Files/files/scyther/Protocols/IEEE-WIMAX/rsaplussatekcorrected.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..b8051d8983450f45879db0663114907d9fb52203
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IEEE-WIMAX/rsaplussatekcorrected.spdl
@@ -0,0 +1,73 @@
+/*
+ * PKMv2-RSA
+ *
+ * Initial model by: Sjouke Mauw, Sasa Radomirovic (2007)
+ * Model changes: Cas Cremers (Nov 2012)
+ *
+ * Analysed in: "A framework for compositional verification of security protocols"
+ * With S. Andova, K. Gjosteen, S. Mauw, S. Mjolsnes, and S. Radomirovic.
+ * Information and Computation, Special issue on Computer Security:
+ * Foundations and Automated Reasoning, Volume 206, Issues 2-4, pp. 425-459,
+ * Elsevier, 2008.
+ */
+
+// Setup
+
+hashfunction hash;
+hashfunction prepak;
+const akid;
+const u,d;
+
+// The protocol description
+
+protocol rsaplussatek(MS,BS)
+
+{
+ role MS
+ {
+ fresh msrand, msrand', said: Nonce;
+ var prepak, bsrand, bsrand', tek0, tek1: Nonce;
+
+ send_rsa1(MS,BS, {msrand, said, MS}sk(MS) );
+ recv_rsa2(BS,MS, {msrand, bsrand,{prepak,MS}pk(MS),BS}sk(BS) );
+ send_rsa3(MS,BS, {bsrand, BS}sk(MS) );
+
+ recv_satek1(BS,MS, bsrand',akid,
+ hash(d,prepak,BS,MS,bsrand',akid) );
+ send_satek2(MS,BS, msrand',bsrand',akid,
+ hash(u,prepak,BS,MS,msrand',bsrand',akid) );
+ recv_satek3(BS,MS,
+ msrand',bsrand',akid,{tek0,tek1}hash(prepak),
+ hash(d,prepak,msrand',bsrand',akid,{tek0,tek1}hash(prepak)));
+
+ claim_rsai3(MS,Niagree);
+ claim_rsai4(MS,Nisynch);
+ claim_rsai5(MS,SKR,prepak);
+ claim_rsai6(MS,SKR,tek0);
+ claim_rsai7(MS,SKR,tek1);
+ }
+
+ role BS
+ {
+ var msrand, msrand', said: Nonce;
+ fresh prepak, bsrand, bsrand', tek0, tek1: Nonce;
+
+ recv_rsa1(MS,BS, {msrand, said, MS}sk(MS) );
+ send_rsa2(BS,MS, {msrand, bsrand,{prepak,MS}pk(MS),BS}sk(BS) );
+ recv_rsa3(MS,BS, {bsrand, BS}sk(MS) );
+
+ send_satek1(BS,MS, bsrand',akid,
+ hash(d,prepak,BS,MS,bsrand',akid) );
+ recv_satek2(MS,BS, msrand',bsrand',akid,
+ hash(u,prepak,BS,MS,msrand',bsrand',akid) );
+ send_satek3(BS,MS,
+ msrand',bsrand',akid,{tek0,tek1}hash(prepak),
+ hash(d,prepak,msrand',bsrand',akid,{tek0,tek1}hash(prepak)));
+
+ claim_rsar3(BS,Niagree);
+ claim_rsar4(BS,Nisynch);
+ claim_rsar5(BS,SKR,prepak);
+ claim_rsar6(BS,SKR,tek0);
+ claim_rsar7(BS,SKR,tek1);
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/Makefile b/Vagrant Files/files/scyther/Protocols/IKE/Makefile
new file mode 100644
index 0000000000000000000000000000000000000000..7234a64ebf087e7efae859d31b2147dae1a81926
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/Makefile
@@ -0,0 +1,11 @@
+CPPSRC= $(wildcard *.cpp)
+DEST= $(CPPSRC:.cpp=.spdl)
+
+default: $(DEST)
+
+%.spdl: %.cpp
+ cpp $< >$@
+
+mpa: $(DEST) make-mpa.py
+ ./make-mpa.py
+
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/common.h b/Vagrant Files/files/scyther/Protocols/IKE/common.h
new file mode 100644
index 0000000000000000000000000000000000000000..6dcb5d2d108bd084a527b9ebf79bc77bd5cdcb28
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/common.h
@@ -0,0 +1,157 @@
+/****************************************************************************
+ * THIS FILE CONTAINS DEFINITIONS OF COMMON MACROS AND TYPES *
+ ****************************************************************************/
+
+ hashfunction prf, KDF;
+
+/**********************************
+ * DIFFIE-HELLMAN ABSTRACTIONS *
+ * Zi = Gr^i = g^(ri)
+ * Zr = Gi^r = g^(ir)
+ **********************************/
+const g, h: Function;
+#define Zi h(Gr,i)
+#define Zr h(Gi,r)
+
+/**********************************
+ * PROTOCOL DEPENDENT DEFINITIONS *
+ **********************************/
+#ifdef __IKEV1__
+hashfunction H;
+#define SKi KDF(Ni, Nr, Zi, Ci, Cr)
+#define SKr KDF(Ni, Nr, Zr, Ci, Cr)
+#endif
+
+#ifdef __IKEV1_PSK__
+#define SKi prf(k(I,R), Ni, Nr, Zi, Ci, Cr)
+#define SKr prf(k(R,I), Ni, Nr, Zr, Ci, Cr)
+#endif
+
+#ifdef __IKEV1_QUICK__
+/* k(.,.) equals Kd from the spec */
+#define SKi KDF(k(I,R),Zi,Ni,Nr)
+#define SKr KDF(k(R,I),Zr,Ni,Nr)
+#endif
+
+#ifdef __IKEV1_QUICK_NOPFS__
+/* k(.,.) equals Kd from the spec */
+#define SKi KDF(k(I,R),Ni,Nr)
+#define SKr KDF(k(R,I),Ni,Nr)
+#endif
+
+#ifdef __IKEV2__
+hashfunction MAC;
+#define HDR (SPIi,SPIr)
+#define SKi KDF(Ni,Nr,Zi,SPIi,SPIr)
+#define SKr KDF(Ni,Nr,Zr,SPIi,SPIr)
+#endif
+
+#ifdef __IKEV2_CHILD__
+#define SKi KDF(k(I,R),Zi,Ni,Nr)
+#define SKr KDF(k(R,I),Zr,Ni,Nr)
+#endif
+
+#ifdef __IKEV2_CHILD_NOPFS__
+#define SKi KDF(k(I,R),Ni,Nr)
+#define SKr KDF(k(R,I),Ni,Nr)
+#endif
+
+#ifdef __JFK_CORE__
+hashfunction H;
+#define SKi KDF(Zi, Ni, Nr)
+#define SKr KDF(Zr, Ni, Nr)
+#endif
+
+#ifdef __JFK__
+hashfunction H;
+#define SKi KDF(Zi, H(Ni), Nr)
+#define SKr KDF(Zr, H(Ni), Nr)
+#endif
+
+#ifdef __OAKLEY__
+#define SKi KDF(Ni, Nr, Zi, Ci, Cr)
+#define SKr KDF(Ni, Nr, Zr, Ci, Cr)
+#endif
+
+#ifdef __OAKLEY_CONSERVATIVE__
+#define SKi KDF(Ni, Nr, Zi, Ci, Cr)
+#define SKr KDF(Ni, Nr, Zr, Ci, Cr)
+#endif
+
+#ifdef __SKEME__
+#define SKi KDF(Zi)
+#define SKr KDF(Zr)
+#endif
+
+#ifdef __SKEME_REKEY__
+#define SKi KDF(k(I,R),prf(k(I,R), Ni, Nr, R, I))
+#define SKr KDF(k(R,I),prf(k(R,I), Ni, Nr, R, I))
+#endif
+
+#ifdef __STS__
+#define SKi KDF(Zi)
+#define SKr KDF(Zr)
+hashfunction MAC;
+#endif
+
+protocol @oracle (DH, SWAP) {
+#define Gi g(i)
+#define Gr g(r)
+
+ /* Diffie-Hellman oracle: If the adversary is in possession of g^xy, he
+ * can obtain g^yx.
+ * @obsolete The adversary does not need DH as long as SWAP exists
+ */
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, Zi );
+ send_!DH2( DH, DH, Zr );
+ }
+
+ /* Session key swap oracle: If the adversary is in possession of eg the
+ * initiators session key, he can obtain the responders session key.
+ */
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+#ifdef __IKEV1__
+ var Ci, Cr: Nonce;
+#endif
+#ifdef __IKEV1_PSK__
+ var Ci, Cr: Nonce;
+ var I, R: Agent;
+#endif
+#ifdef __IKEV1_QUICK__
+ var I, R: Agent;
+#endif
+#ifdef __IKEV1_QUICK_NOPFS__
+ var I, R: Agent;
+#endif
+#ifdef __IKEV2__
+ var SPIi, SPIr: Nonce;
+#endif
+#ifdef __IKEV2_CHILD__
+ var I, R: Agent;
+#endif
+#ifdef __IKEV2_CHILD_NOPFS__
+ var I, R: Agent;
+#endif
+#ifdef __OAKLEY__
+ var Ci, Cr: Nonce;
+#endif
+#ifdef __OAKLEY_CONSERVATIVE__
+ var Ci, Cr: Nonce;
+#endif
+#ifdef __SKEME_REKEY__
+ var I, R: Agent;
+#endif
+
+ recv_!SWAP1( SWAP, SWAP, SKi );
+ send_!SWAP2( SWAP, SWAP, SKr );
+
+ }
+#undef Gi
+#undef Gr
+}
+#define __ORACLE__
\ No newline at end of file
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a1.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a1.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..86947a875396938da6959163a6a605981618e06e
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a1.cpp
@@ -0,0 +1,96 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Public key authentication (aggressive mode),
+ * last message not encrypted
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define SKEYID prf(H(Ni,Nr),Ci,Cr)
+#define HASH_Ii prf(Ni, Nr, Zi, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(Ni, Nr, Zr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(Ni, Nr, Zi, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(Ni, Nr, Zr, g(r), Gi, Cr, Ci, list, R)
+#define HASH1 H(CERT(R))
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 2
+ recv_!O1( O, O, HASH_Rr );
+ send_!O2( O, O, HASH_Ri );
+
+ // msg 3
+ recv_!O3( O, O, HASH_Ii );
+ send_!O4( O, O, HASH_Ir );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev1-pk-a1(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, g(i), {I}pk(R), {Ni}pk(R) );
+ recv_!2( R, I, Ci, Cr, algo, Gr, {R}pk(I), {Nr}pk(I), HASH_Ri );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!3( I, R, Ci, Cr, HASH_Ii );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, Gi, {I}pk(R), {Ni}pk(R) );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!2( R, I, Ci, Cr, algo, g(r), {R}pk(I), {Nr}pk(I), HASH_Rr );
+ recv_!3( I, R, Ci, Cr, HASH_Ir );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a1.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a1.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..b9b8f00eef120f460ed71c5a4c02c4ccbd14925c
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a1.spdl
@@ -0,0 +1,129 @@
+# 1 "ikev1-pk-a1.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-pk-a1.cpp"
+# 17 "ikev1-pk-a1.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+
+
+
+
+
+
+
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+ var Ci, Cr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 18 "ikev1-pk-a1.cpp" 2
+# 27 "ikev1-pk-a1.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, prf(Ni, Nr, h(g(i),r), g(r), g(i), Cr, Ci, list, R) );
+ send_!O2( O, O, prf(Ni, Nr, h(g(r),i), g(r), g(i), Cr, Ci, list, R) );
+
+
+ recv_!O3( O, O, prf(Ni, Nr, h(g(r),i), g(i), g(r), Ci, Cr, list, I) );
+ send_!O4( O, O, prf(Ni, Nr, h(g(i),r), g(i), g(r), Ci, Cr, list, I) );
+
+ }
+
+
+}
+
+
+protocol ikev1-pk-a1(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, g(i), {I}pk(R), {Ni}pk(R) );
+ recv_!2( R, I, Ci, Cr, algo, Gr, {R}pk(I), {Nr}pk(I), prf(Ni, Nr, h(Gr,i), Gr, g(i), Cr, Ci, list, R) );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!3( I, R, Ci, Cr, prf(Ni, Nr, h(Gr,i), g(i), Gr, Ci, Cr, list, I) );
+
+
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, Gi, {I}pk(R), {Ni}pk(R) );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!2( R, I, Ci, Cr, algo, g(r), {R}pk(I), {Nr}pk(I), prf(Ni, Nr, h(Gi,r), g(r), Gi, Cr, Ci, list, R) );
+ recv_!3( I, R, Ci, Cr, prf(Ni, Nr, h(Gi,r), Gi, g(r), Ci, Cr, list, I) );
+
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a12.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a12.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..435479a7eedd24ec5e2881e207f4f835614f5b2b
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a12.cpp
@@ -0,0 +1,95 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Public key authentication (aggressive mode),
+ * last message encrypted
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define SKEYID prf(H(Ni,Nr),Ci,Cr)
+#define HASH_Ii prf(Ni, Nr, Zi, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(Ni, Nr, Zr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(Ni, Nr, Zi, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(Ni, Nr, Zr, g(r), Gi, Cr, Ci, list, R)
+#define HASH1 H(CERT(R))
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 2
+ recv_!O1( O, O, HASH_Rr );
+ send_!O2( O, O, HASH_Ri );
+
+ // msg 3
+ recv_!O3( O, O, {HASH_Ii}SKi );
+ send_!O4( O, O, {HASH_Ir}SKr );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+protocol ikev1-pk-a12(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, g(i), {I}pk(R), {Ni}pk(R) );
+ recv_!2( R, I, Ci, Cr, algo, Gr, {R}pk(I), {Nr}pk(I), HASH_Ri );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!3( I, R, Ci, Cr, {HASH_Ii}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, Gi, {I}pk(R), {Ni}pk(R) );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!2( R, I, Ci, Cr, algo, g(r), {R}pk(I), {Nr}pk(I), HASH_Rr );
+ recv_!3( I, R, Ci, Cr, {HASH_Ir}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a12.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a12.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..473ffc76bb89606aba874cf52d1200ded3a89e48
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a12.spdl
@@ -0,0 +1,128 @@
+# 1 "ikev1-pk-a12.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-pk-a12.cpp"
+# 17 "ikev1-pk-a12.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+
+
+
+
+
+
+
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+ var Ci, Cr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 18 "ikev1-pk-a12.cpp" 2
+# 27 "ikev1-pk-a12.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, prf(Ni, Nr, h(g(i),r), g(r), g(i), Cr, Ci, list, R) );
+ send_!O2( O, O, prf(Ni, Nr, h(g(r),i), g(r), g(i), Cr, Ci, list, R) );
+
+
+ recv_!O3( O, O, {prf(Ni, Nr, h(g(r),i), g(i), g(r), Ci, Cr, list, I)}KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!O4( O, O, {prf(Ni, Nr, h(g(i),r), g(i), g(r), Ci, Cr, list, I)}KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+
+protocol ikev1-pk-a12(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, g(i), {I}pk(R), {Ni}pk(R) );
+ recv_!2( R, I, Ci, Cr, algo, Gr, {R}pk(I), {Nr}pk(I), prf(Ni, Nr, h(Gr,i), Gr, g(i), Cr, Ci, list, R) );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!3( I, R, Ci, Cr, {prf(Ni, Nr, h(Gr,i), g(i), Gr, Ci, Cr, list, I)}KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, Gi, {I}pk(R), {Ni}pk(R) );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!2( R, I, Ci, Cr, algo, g(r), {R}pk(I), {Nr}pk(I), prf(Ni, Nr, h(Gi,r), g(r), Gi, Cr, Ci, list, R) );
+ recv_!3( I, R, Ci, Cr, {prf(Ni, Nr, h(Gi,r), Gi, g(r), Ci, Cr, list, I)}KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a2.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a2.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..b149cfe78c02db2ed8758b0f710e0dc4f2a9f251
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a2.cpp
@@ -0,0 +1,97 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Public key authentication (aggressive mode),
+ * last message not encrypted, nonce and id encrypted
+ * together
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define SKEYID prf(H(Ni,Nr),Ci,Cr)
+#define HASH_Ii prf(Ni, Nr, Zi, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(Ni, Nr, Zr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(Ni, Nr, Zi, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(Ni, Nr, Zr, g(r), Gi, Cr, Ci, list, R)
+#define HASH1 H(CERT(R))
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 2
+ recv_!O1( O, O, HASH_Rr );
+ send_!O2( O, O, HASH_Ri );
+
+ // msg 3
+ recv_!O3( O, O, HASH_Ii );
+ send_!O4( O, O, HASH_Ir );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev1-pk-a2(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, g(i), {I,Ni}pk(R) );
+ recv_!2( R, I, Ci, Cr, algo, Gr, {R,Nr}pk(I), HASH_Ri );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!3( I, R, Ci, Cr, HASH_Ii );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, Gi, {I,Ni}pk(R) );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!2( R, I, Ci, Cr, algo, g(r), {R,Nr}pk(I), HASH_Rr );
+ recv_!3( I, R, Ci, Cr, HASH_Ir );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a2.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..60b9fb4b7b547392fcee38ba0c7aa004eb3fb029
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a2.spdl
@@ -0,0 +1,129 @@
+# 1 "ikev1-pk-a2.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-pk-a2.cpp"
+# 18 "ikev1-pk-a2.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+
+
+
+
+
+
+
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+ var Ci, Cr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 19 "ikev1-pk-a2.cpp" 2
+# 28 "ikev1-pk-a2.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, prf(Ni, Nr, h(g(i),r), g(r), g(i), Cr, Ci, list, R) );
+ send_!O2( O, O, prf(Ni, Nr, h(g(r),i), g(r), g(i), Cr, Ci, list, R) );
+
+
+ recv_!O3( O, O, prf(Ni, Nr, h(g(r),i), g(i), g(r), Ci, Cr, list, I) );
+ send_!O4( O, O, prf(Ni, Nr, h(g(i),r), g(i), g(r), Ci, Cr, list, I) );
+
+ }
+
+
+}
+
+
+protocol ikev1-pk-a2(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, g(i), {I,Ni}pk(R) );
+ recv_!2( R, I, Ci, Cr, algo, Gr, {R,Nr}pk(I), prf(Ni, Nr, h(Gr,i), Gr, g(i), Cr, Ci, list, R) );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!3( I, R, Ci, Cr, prf(Ni, Nr, h(Gr,i), g(i), Gr, Ci, Cr, list, I) );
+
+
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, Gi, {I,Ni}pk(R) );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!2( R, I, Ci, Cr, algo, g(r), {R,Nr}pk(I), prf(Ni, Nr, h(Gi,r), g(r), Gi, Cr, Ci, list, R) );
+ recv_!3( I, R, Ci, Cr, prf(Ni, Nr, h(Gi,r), Gi, g(r), Ci, Cr, list, I) );
+
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a22.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a22.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..a71e20a29f6002012ad1148b760548c1885fc9dd
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a22.cpp
@@ -0,0 +1,95 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Public key authentication (aggressive mode),
+ * last message encrypted, nonce and id encrypted together
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define SKEYID prf(H(Ni,Nr),Ci,Cr)
+#define HASH_Ii prf(Ni, Nr, Zi, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(Ni, Nr, Zr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(Ni, Nr, Zi, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(Ni, Nr, Zr, g(r), Gi, Cr, Ci, list, R)
+#define HASH1 H(CERT(R))
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 2
+ recv_!O1( O, O, HASH_Rr );
+ send_!O2( O, O, HASH_Ri );
+
+ // msg 3
+ recv_!O3( O, O, {HASH_Ii}SKi );
+ send_!O4( O, O, {HASH_Ir}SKr );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+protocol ikev1-pk-a22(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, g(i), {I,Ni}pk(R) );
+ recv_!2( R, I, Ci, Cr, algo, Gr, {R,Nr}pk(I), HASH_Ri );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!3( I, R, Ci, Cr, {HASH_Ii}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, Gi, {I,Ni}pk(R) );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!2( R, I, Ci, Cr, algo, g(r), {R,Nr}pk(I), HASH_Rr );
+ recv_!3( I, R, Ci, Cr, {HASH_Ir}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a22.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a22.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..1c59323ef5a66c5b23c353d579459aa5f3013823
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-a22.spdl
@@ -0,0 +1,128 @@
+# 1 "ikev1-pk-a22.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-pk-a22.cpp"
+# 17 "ikev1-pk-a22.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+
+
+
+
+
+
+
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+ var Ci, Cr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 18 "ikev1-pk-a22.cpp" 2
+# 27 "ikev1-pk-a22.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, prf(Ni, Nr, h(g(i),r), g(r), g(i), Cr, Ci, list, R) );
+ send_!O2( O, O, prf(Ni, Nr, h(g(r),i), g(r), g(i), Cr, Ci, list, R) );
+
+
+ recv_!O3( O, O, {prf(Ni, Nr, h(g(r),i), g(i), g(r), Ci, Cr, list, I)}KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!O4( O, O, {prf(Ni, Nr, h(g(i),r), g(i), g(r), Ci, Cr, list, I)}KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+
+protocol ikev1-pk-a22(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, g(i), {I,Ni}pk(R) );
+ recv_!2( R, I, Ci, Cr, algo, Gr, {R,Nr}pk(I), prf(Ni, Nr, h(Gr,i), Gr, g(i), Cr, Ci, list, R) );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!3( I, R, Ci, Cr, {prf(Ni, Nr, h(Gr,i), g(i), Gr, Ci, Cr, list, I)}KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, Gi, {I,Ni}pk(R) );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!2( R, I, Ci, Cr, algo, g(r), {R,Nr}pk(I), prf(Ni, Nr, h(Gi,r), g(r), Gi, Cr, Ci, list, R) );
+ recv_!3( I, R, Ci, Cr, {prf(Ni, Nr, h(Gi,r), Gi, g(r), Ci, Cr, list, I)}KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-m.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-m.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..1b27c5ff0422fe7b348d242342b771ae7e072909
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-m.cpp
@@ -0,0 +1,103 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Public key authentication (main mode)
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define SKEYID prf(H(Ni,Nr),Ci,Cr)
+#define HASH_Ii prf(Ni, Nr, Zi, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(Ni, Nr, Zr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(Ni, Nr, Zi, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(Ni, Nr, Zr, g(r), Gi, Cr, Ci, list, R)
+#define HASH1 H({R, pk(R)}sk(s))
+
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 5
+ recv_!O1( O, O, {HASH_Ii}SKi );
+ send_!O2( O, O, {HASH_Ir}SKr );
+
+ // msg 6
+ recv_!O3( O, O, {HASH_Rr}SKr );
+ send_!O4( O, O, {HASH_Ri}SKi );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev1-pk-m(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list );
+ recv_2( R, I, Ci, Cr, algo );
+ send_3( I, R, Ci, Cr, g(i), {I}pk(R), {Ni}pk(R) );
+ recv_4( R, I, Ci, Cr, Gr, {R}pk(I), {Nr}pk(I) );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!5( I, R, Ci, Cr, {HASH_Ii}SKi );
+ recv_!6( R, I, Ci, Cr, {HASH_Ri}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list );
+ send_2( R, I, Ci, Cr, algo );
+ recv_3( I, R, Ci, Cr, Gi, {I}pk(R), {Ni}pk(R) );
+ send_4( R, I, Ci, Cr, g(r), {R}pk(I), {Nr}pk(I) );
+ recv_!5( I, R, Ci, Cr, {HASH_Ir}SKr );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!6( R, I, Ci, Cr, {HASH_Rr}SKr );
+
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-m.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-m.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..843613370c9b6bbbe84e63a52207f051d0027e04
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-m.spdl
@@ -0,0 +1,136 @@
+# 1 "ikev1-pk-m.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-pk-m.cpp"
+# 16 "ikev1-pk-m.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+
+
+
+
+
+
+
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+ var Ci, Cr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 17 "ikev1-pk-m.cpp" 2
+# 27 "ikev1-pk-m.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {prf(Ni, Nr, h(g(r),i), g(i), g(r), Ci, Cr, list, I)}KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!O2( O, O, {prf(Ni, Nr, h(g(i),r), g(i), g(r), Ci, Cr, list, I)}KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+
+ recv_!O3( O, O, {prf(Ni, Nr, h(g(i),r), g(r), g(i), Cr, Ci, list, R)}KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+ send_!O4( O, O, {prf(Ni, Nr, h(g(r),i), g(r), g(i), Cr, Ci, list, R)}KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+
+ }
+
+
+}
+
+
+protocol ikev1-pk-m(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list );
+ recv_2( R, I, Ci, Cr, algo );
+ send_3( I, R, Ci, Cr, g(i), {I}pk(R), {Ni}pk(R) );
+ recv_4( R, I, Ci, Cr, Gr, {R}pk(I), {Nr}pk(I) );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!5( I, R, Ci, Cr, {prf(Ni, Nr, h(Gr,i), g(i), Gr, Ci, Cr, list, I)}KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+ recv_!6( R, I, Ci, Cr, {prf(Ni, Nr, h(Gr,i), Gr, g(i), Cr, Ci, list, R)}KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list );
+ send_2( R, I, Ci, Cr, algo );
+ recv_3( I, R, Ci, Cr, Gi, {I}pk(R), {Ni}pk(R) );
+ send_4( R, I, Ci, Cr, g(r), {R}pk(I), {Nr}pk(I) );
+ recv_!5( I, R, Ci, Cr, {prf(Ni, Nr, h(Gi,r), Gi, g(r), Ci, Cr, list, I)}KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!6( R, I, Ci, Cr, {prf(Ni, Nr, h(Gi,r), g(r), Gi, Cr, Ci, list, R)}KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-m2.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-m2.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..fc08ea0e18493bf955f52faa68b77956533dd283
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-m2.cpp
@@ -0,0 +1,102 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Public key authentication (main mode),
+ * Nonce and id encrypted together
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define SKEYID prf(H(Ni,Nr),Ci,Cr)
+#define HASH_Ii prf(Ni, Nr, Zi, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(Ni, Nr, Zr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(Ni, Nr, Zi, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(Ni, Nr, Zr, g(r), Gi, Cr, Ci, list, R)
+
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 5
+ recv_!O1( O, O, {HASH_Ii}SKi );
+ send_!O2( O, O, {HASH_Ir}SKr );
+
+ // msg 6
+ recv_!O3( O, O, {HASH_Rr}SKr );
+ send_!O4( O, O, {HASH_Ri}SKi );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+protocol ikev1-pk-m2(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list );
+ recv_2( R, I, Ci, Cr, algo );
+ send_3( I, R, Ci, Cr, g(i), {I,Ni}pk(R) );
+ recv_4( R, I, Ci, Cr, Gr, {R,Nr}pk(I) );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!5( I, R, Ci, Cr, {HASH_Ii}SKi );
+ recv_!6( R, I, Ci, Cr, {HASH_Ri}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list );
+ send_2( R, I, Ci, Cr, algo );
+ recv_3( I, R, Ci, Cr, Gi, {I,Ni}pk(R) );
+ send_4( R, I, Ci, Cr, g(r), {R,Nr}pk(I) );
+ recv_!5( I, R, Ci, Cr, {HASH_Ir}SKr );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!6( R, I, Ci, Cr, {HASH_Rr}SKr );
+
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-m2.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-m2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..b625de59f3e42d90ead5b0cf8a83fba0a7cd80f6
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk-m2.spdl
@@ -0,0 +1,135 @@
+# 1 "ikev1-pk-m2.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-pk-m2.cpp"
+# 17 "ikev1-pk-m2.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+
+
+
+
+
+
+
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+ var Ci, Cr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 18 "ikev1-pk-m2.cpp" 2
+# 27 "ikev1-pk-m2.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {prf(Ni, Nr, h(g(r),i), g(i), g(r), Ci, Cr, list, I)}KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!O2( O, O, {prf(Ni, Nr, h(g(i),r), g(i), g(r), Ci, Cr, list, I)}KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+
+ recv_!O3( O, O, {prf(Ni, Nr, h(g(i),r), g(r), g(i), Cr, Ci, list, R)}KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+ send_!O4( O, O, {prf(Ni, Nr, h(g(r),i), g(r), g(i), Cr, Ci, list, R)}KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+
+ }
+
+
+}
+
+protocol ikev1-pk-m2(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list );
+ recv_2( R, I, Ci, Cr, algo );
+ send_3( I, R, Ci, Cr, g(i), {I,Ni}pk(R) );
+ recv_4( R, I, Ci, Cr, Gr, {R,Nr}pk(I) );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!5( I, R, Ci, Cr, {prf(Ni, Nr, h(Gr,i), g(i), Gr, Ci, Cr, list, I)}KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+ recv_!6( R, I, Ci, Cr, {prf(Ni, Nr, h(Gr,i), Gr, g(i), Cr, Ci, list, R)}KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list );
+ send_2( R, I, Ci, Cr, algo );
+ recv_3( I, R, Ci, Cr, Gi, {I,Ni}pk(R) );
+ send_4( R, I, Ci, Cr, g(r), {R,Nr}pk(I) );
+ recv_!5( I, R, Ci, Cr, {prf(Ni, Nr, h(Gi,r), Gi, g(r), Ci, Cr, list, I)}KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!6( R, I, Ci, Cr, {prf(Ni, Nr, h(Gi,r), g(r), Gi, Cr, Ci, list, R)}KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-a.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-a.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..9549e44a977c46e509e6e578669ca8f6a783b7ea
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-a.cpp
@@ -0,0 +1,97 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Revised public key authentication (aggressive mode)
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define SKEYID prf(H(Ni,Nr),Ci,Cr)
+#define HASH_Ii prf(Ni, Nr, Zi, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(Ni, Nr, Zr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(Ni, Nr, Zi, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(Ni, Nr, Zr, g(r), Gi, Cr, Ci, list, R)
+#define Nei prf(Ni, Ci)
+#define Ner prf(Nr, Cr)
+
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 2
+ recv_!O1( O, O, HASH_Rr );
+ send_!O2( O, O, HASH_Ri );
+
+ // msg 3
+ recv_!O3( O, O, HASH_Ir );
+ send_!O4( O, O, HASH_Ii );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev1-pk2-a(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, {Ni}pk(R), {g(i)}Nei, {I}Nei );
+ recv_!2( R, I, Ci, Cr, algo, {Nr}pk(I), {Gr}Ner, {R}Ner, HASH_Ri );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!3( I, R, Ci, Cr, HASH_Ii );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, {Ni}pk(R), {Gi}Nei, {I}Nei );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!2( R, I, Ci, Cr, algo, {Nr}pk(I), {g(r)}Ner, {R}Ner, HASH_Rr );
+ recv_!3( I, R, Ci, Cr, HASH_Ir );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-a.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-a.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..971122ae220e4e956b74969726930104d5271986
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-a.spdl
@@ -0,0 +1,129 @@
+# 1 "ikev1-pk2-a.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-pk2-a.cpp"
+# 16 "ikev1-pk2-a.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+
+
+
+
+
+
+
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+ var Ci, Cr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 17 "ikev1-pk2-a.cpp" 2
+# 28 "ikev1-pk2-a.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, prf(Ni, Nr, h(g(i),r), g(r), g(i), Cr, Ci, list, R) );
+ send_!O2( O, O, prf(Ni, Nr, h(g(r),i), g(r), g(i), Cr, Ci, list, R) );
+
+
+ recv_!O3( O, O, prf(Ni, Nr, h(g(i),r), g(i), g(r), Ci, Cr, list, I) );
+ send_!O4( O, O, prf(Ni, Nr, h(g(r),i), g(i), g(r), Ci, Cr, list, I) );
+
+ }
+
+
+}
+
+
+protocol ikev1-pk2-a(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, {Ni}pk(R), {g(i)}prf(Ni, Ci), {I}prf(Ni, Ci) );
+ recv_!2( R, I, Ci, Cr, algo, {Nr}pk(I), {Gr}prf(Nr, Cr), {R}prf(Nr, Cr), prf(Ni, Nr, h(Gr,i), Gr, g(i), Cr, Ci, list, R) );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!3( I, R, Ci, Cr, prf(Ni, Nr, h(Gr,i), g(i), Gr, Ci, Cr, list, I) );
+
+
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, {Ni}pk(R), {Gi}prf(Ni, Ci), {I}prf(Ni, Ci) );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!2( R, I, Ci, Cr, algo, {Nr}pk(I), {g(r)}prf(Nr, Cr), {R}prf(Nr, Cr), prf(Ni, Nr, h(Gi,r), g(r), Gi, Cr, Ci, list, R) );
+ recv_!3( I, R, Ci, Cr, prf(Ni, Nr, h(Gi,r), Gi, g(r), Ci, Cr, list, I) );
+
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-a2.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-a2.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..a8536fbe952f2f8d5c7b86ac6208bb626aa0f437
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-a2.cpp
@@ -0,0 +1,97 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Revised public key authentication (aggressive mode),
+ * Diffie-Hellman token encrypted together with identity
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define SKEYID prf(H(Ni,Nr),Ci,Cr)
+#define HASH_Ii prf(Ni, Nr, Zi, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(Ni, Nr, Zr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(Ni, Nr, Zi, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(Ni, Nr, Zr, g(r), Gi, Cr, Ci, list, R)
+#define Nei prf(Ni, Ci)
+#define Ner prf(Nr, Cr)
+
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 2
+ recv_!O1( O, O, HASH_Rr );
+ send_!O2( O, O, HASH_Ri );
+
+ // msg 3
+ recv_!O3( O, O, HASH_Ir );
+ send_!O4( O, O, HASH_Ii );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+protocol ikev1-pk2-a2(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, {Ni}pk(R), {g(i),I}Nei );
+ recv_!2( R, I, Ci, Cr, algo, {Nr}pk(I), {Gr,R}Ner, HASH_Ri );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!3( I, R, Ci, Cr, HASH_Ii );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, {Ni}pk(R), {Gi,I}Nei );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!2( R, I, Ci, Cr, algo, {Nr}pk(I), {g(r),R}Ner, HASH_Rr );
+ recv_!3( I, R, Ci, Cr, HASH_Ir );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-a2.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-a2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..51e0d179122a74b46efd8935524f77fa96fb250a
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-a2.spdl
@@ -0,0 +1,128 @@
+# 1 "ikev1-pk2-a2.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-pk2-a2.cpp"
+# 17 "ikev1-pk2-a2.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+
+
+
+
+
+
+
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+ var Ci, Cr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 18 "ikev1-pk2-a2.cpp" 2
+# 29 "ikev1-pk2-a2.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, prf(Ni, Nr, h(g(i),r), g(r), g(i), Cr, Ci, list, R) );
+ send_!O2( O, O, prf(Ni, Nr, h(g(r),i), g(r), g(i), Cr, Ci, list, R) );
+
+
+ recv_!O3( O, O, prf(Ni, Nr, h(g(i),r), g(i), g(r), Ci, Cr, list, I) );
+ send_!O4( O, O, prf(Ni, Nr, h(g(r),i), g(i), g(r), Ci, Cr, list, I) );
+
+ }
+
+
+}
+
+protocol ikev1-pk2-a2(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, {Ni}pk(R), {g(i),I}prf(Ni, Ci) );
+ recv_!2( R, I, Ci, Cr, algo, {Nr}pk(I), {Gr,R}prf(Nr, Cr), prf(Ni, Nr, h(Gr,i), Gr, g(i), Cr, Ci, list, R) );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!3( I, R, Ci, Cr, prf(Ni, Nr, h(Gr,i), g(i), Gr, Ci, Cr, list, I) );
+
+
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, {Ni}pk(R), {Gi,I}prf(Ni, Ci) );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!2( R, I, Ci, Cr, algo, {Nr}pk(I), {g(r),R}prf(Nr, Cr), prf(Ni, Nr, h(Gi,r), g(r), Gi, Cr, Ci, list, R) );
+ recv_!3( I, R, Ci, Cr, prf(Ni, Nr, h(Gi,r), Gi, g(r), Ci, Cr, list, I) );
+
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-m.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-m.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..42f2d9d86fa179e530952980202c5f259c09d866
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-m.cpp
@@ -0,0 +1,104 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Revised public key authentication (main mode)
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define SKEYID prf(H(Ni,Nr),Ci,Cr)
+#define HASH_Ii prf(Ni, Nr, Zi, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(Ni, Nr, Zr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(Ni, Nr, Zi, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(Ni, Nr, Zr, g(r), Gi, Cr, Ci, list, R)
+#define Nei prf(Ni, Ci)
+#define Ner prf(Nr, Cr)
+
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 5
+ recv_!O1( O, O, {HASH_Ii}SKi );
+ send_!O2( O, O, {HASH_Ir}SKr );
+
+ // msg 6
+ recv_!O3( O, O, {HASH_Rr}SKr );
+ send_!O4( O, O, {HASH_Ri}SKi );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev1-pk2-m(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list );
+ recv_2( R, I, Ci, Cr, algo );
+ send_3( I, R, Ci, Cr, {Ni}pk(R), {g(i)}Nei, {I}Nei );
+ recv_4( R, I, Ci, Cr, {Nr}pk(I), {Gr}Ner, {R}Ner );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!5( I, R, Ci, Cr, {HASH_Ii}SKi );
+ recv_!6( R, I, Ci, Cr, {HASH_Ri}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list );
+ send_2( R, I, Ci, Cr, algo );
+ recv_3( I, R, Ci, Cr, {Ni}pk(R), {Gi}Nei, {I}Nei );
+ send_4( R, I, Ci, Cr, {Nr}pk(I), {g(r)}Ner, {R}Ner );
+ recv_!5( I, R, Ci, Cr, {HASH_Ir}SKr );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!6( R, I, Ci, Cr, {HASH_Rr}SKr );
+
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-m.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-m.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..e32dd5b1f6d43fa88d628e068616818bafadc0ea
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-m.spdl
@@ -0,0 +1,136 @@
+# 1 "ikev1-pk2-m.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-pk2-m.cpp"
+# 16 "ikev1-pk2-m.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+
+
+
+
+
+
+
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+ var Ci, Cr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 17 "ikev1-pk2-m.cpp" 2
+# 28 "ikev1-pk2-m.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {prf(Ni, Nr, h(g(r),i), g(i), g(r), Ci, Cr, list, I)}KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!O2( O, O, {prf(Ni, Nr, h(g(i),r), g(i), g(r), Ci, Cr, list, I)}KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+
+ recv_!O3( O, O, {prf(Ni, Nr, h(g(i),r), g(r), g(i), Cr, Ci, list, R)}KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+ send_!O4( O, O, {prf(Ni, Nr, h(g(r),i), g(r), g(i), Cr, Ci, list, R)}KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+
+ }
+
+
+}
+
+
+protocol ikev1-pk2-m(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list );
+ recv_2( R, I, Ci, Cr, algo );
+ send_3( I, R, Ci, Cr, {Ni}pk(R), {g(i)}prf(Ni, Ci), {I}prf(Ni, Ci) );
+ recv_4( R, I, Ci, Cr, {Nr}pk(I), {Gr}prf(Nr, Cr), {R}prf(Nr, Cr) );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!5( I, R, Ci, Cr, {prf(Ni, Nr, h(Gr,i), g(i), Gr, Ci, Cr, list, I)}KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+ recv_!6( R, I, Ci, Cr, {prf(Ni, Nr, h(Gr,i), Gr, g(i), Cr, Ci, list, R)}KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list );
+ send_2( R, I, Ci, Cr, algo );
+ recv_3( I, R, Ci, Cr, {Ni}pk(R), {Gi}prf(Ni, Ci), {I}prf(Ni, Ci) );
+ send_4( R, I, Ci, Cr, {Nr}pk(I), {g(r)}prf(Nr, Cr), {R}prf(Nr, Cr) );
+ recv_!5( I, R, Ci, Cr, {prf(Ni, Nr, h(Gi,r), Gi, g(r), Ci, Cr, list, I)}KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!6( R, I, Ci, Cr, {prf(Ni, Nr, h(Gi,r), g(r), Gi, Cr, Ci, list, R)}KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-m2.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-m2.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..653a83936b281e50d86c098ad742e660b47dfe23
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-m2.cpp
@@ -0,0 +1,106 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Revised public key authentication (aggressive mode),
+ * Diffie-Hellman token encrypted together with identity
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define SKEYID prf(H(Ni,Nr),Ci,Cr)
+#define HASH_Ii prf(Ni, Nr, Zi, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(Ni, Nr, Zr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(Ni, Nr, Zi, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(Ni, Nr, Zr, g(r), Gi, Cr, Ci, list, R)
+#define HASH1 H({R, pk(R)}sk(s))
+#define Nei prf(Ni, Ci)
+#define Ner prf(Nr, Cr)
+
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 5
+ recv_!O1( O, O, {HASH_Ii}SKi );
+ send_!O2( O, O, {HASH_Ir}SKr );
+
+ // msg 6
+ recv_!O3( O, O, {HASH_Rr}SKr );
+ send_!O4( O, O, {HASH_Ri}SKi );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev1-pk2-m2(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list );
+ recv_2( R, I, Ci, Cr, algo );
+ send_3( I, R, Ci, Cr, {Ni}pk(R), {g(i),I}Nei );
+ recv_4( R, I, Ci, Cr, {Nr}pk(I), {Gr,R}Ner );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!5( I, R, Ci, Cr, {HASH_Ii}SKi );
+ recv_!6( R, I, Ci, Cr, {HASH_Ri}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list );
+ send_2( R, I, Ci, Cr, algo );
+ recv_3( I, R, Ci, Cr, {Ni}pk(R), {Gi,I}Nei );
+ send_4( R, I, Ci, Cr, {Nr}pk(I), {g(r),R}Ner );
+ recv_!5( I, R, Ci, Cr, {HASH_Ir}SKr );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!6( R, I, Ci, Cr, {HASH_Rr}SKr );
+
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-m2.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-m2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..62e5b7452f7494bc90b41cd224e987a702019d67
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-pk2-m2.spdl
@@ -0,0 +1,136 @@
+# 1 "ikev1-pk2-m2.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-pk2-m2.cpp"
+# 17 "ikev1-pk2-m2.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+
+
+
+
+
+
+
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+ var Ci, Cr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 18 "ikev1-pk2-m2.cpp" 2
+# 30 "ikev1-pk2-m2.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {prf(Ni, Nr, h(g(r),i), g(i), g(r), Ci, Cr, list, I)}KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!O2( O, O, {prf(Ni, Nr, h(g(i),r), g(i), g(r), Ci, Cr, list, I)}KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+
+ recv_!O3( O, O, {prf(Ni, Nr, h(g(i),r), g(r), g(i), Cr, Ci, list, R)}KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+ send_!O4( O, O, {prf(Ni, Nr, h(g(r),i), g(r), g(i), Cr, Ci, list, R)}KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+
+ }
+
+
+}
+
+
+protocol ikev1-pk2-m2(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list );
+ recv_2( R, I, Ci, Cr, algo );
+ send_3( I, R, Ci, Cr, {Ni}pk(R), {g(i),I}prf(Ni, Ci) );
+ recv_4( R, I, Ci, Cr, {Nr}pk(I), {Gr,R}prf(Nr, Cr) );
+ claim( I, Running, R, g(i),Gr,Ci,Cr,Ni,Nr );
+ send_!5( I, R, Ci, Cr, {prf(Ni, Nr, h(Gr,i), g(i), Gr, Ci, Cr, list, I)}KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+ recv_!6( R, I, Ci, Cr, {prf(Ni, Nr, h(Gr,i), Gr, g(i), Cr, Ci, list, R)}KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, g(i),Gr,Ci,Cr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list );
+ send_2( R, I, Ci, Cr, algo );
+ recv_3( I, R, Ci, Cr, {Ni}pk(R), {Gi,I}prf(Ni, Ci) );
+ send_4( R, I, Ci, Cr, {Nr}pk(I), {g(r),R}prf(Nr, Cr) );
+ recv_!5( I, R, Ci, Cr, {prf(Ni, Nr, h(Gi,r), Gi, g(r), Ci, Cr, list, I)}KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+ claim( R, Running, I, Gi,g(r),Ci,Cr,Ni,Nr );
+ send_!6( R, I, Ci, Cr, {prf(Ni, Nr, h(Gi,r), g(r), Gi, Cr, Ci, list, R)}KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Gi,g(r),Ci,Cr,Ni,Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-psk-a.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-psk-a.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..bdd5b4cf8ee3ce77c3dc29f6dbd804245e1c8479
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-psk-a.cpp
@@ -0,0 +1,94 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Pre-shared key authentication (aggressive mode)
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1_PSK__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define HASH_Ii prf(k(I,R), Ni, Nr, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(k(R,I), Ni, Nr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(k(I,R), Ni, Nr, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(k(R,I), Ni, Nr, g(r), Gi, Cr, Ci, list, R)
+
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 2
+ recv_!O1( O, O, HASH_Rr );
+ send_!O2( O, O, HASH_Ri );
+
+ // msg 3
+ recv_!O3( O, O, HASH_Ii );
+ send_!O4( O, O, HASH_Ir );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev1-psk-a(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, g(i), Ni, I );
+ recv_!2( R, I, Ci, Cr, algo, Gr, Nr, R, HASH_Ri );
+ claim( I, Running, R, Ni, Nr, g(i), Gr, Ci, Cr );
+ send_!3( I, R, Ci, Cr, HASH_Ii );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr, Ci, Cr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, Gi, Ni, I );
+ claim( R, Running, I, Ni, Nr, Gi, g(r), Ci, Cr );
+ send_!2( R, I, Ci, Cr, algo, g(r), Nr, R, HASH_Rr );
+ recv_!3( I, R, Ci, Cr, HASH_Ir );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r), Ci, Cr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-psk-a.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-psk-a.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..788dde03cab4461f9cc471f67597bbd13a087529
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-psk-a.spdl
@@ -0,0 +1,125 @@
+# 1 "ikev1-psk-a.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-psk-a.cpp"
+# 16 "ikev1-psk-a.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+
+
+
+ var Ci, Cr: Nonce;
+ var I, R: Agent;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, prf(k(I,R), Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, prf(k(R,I), Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 17 "ikev1-psk-a.cpp" 2
+# 25 "ikev1-psk-a.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, prf(k(R,I), Ni, Nr, g(r), g(i), Cr, Ci, list, R) );
+ send_!O2( O, O, prf(k(I,R), Ni, Nr, g(r), g(i), Cr, Ci, list, R) );
+
+
+ recv_!O3( O, O, prf(k(I,R), Ni, Nr, g(i), g(r), Ci, Cr, list, I) );
+ send_!O4( O, O, prf(k(R,I), Ni, Nr, g(i), g(r), Ci, Cr, list, I) );
+
+ }
+
+
+}
+
+
+protocol ikev1-psk-a(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, g(i), Ni, I );
+ recv_!2( R, I, Ci, Cr, algo, Gr, Nr, R, prf(k(I,R), Ni, Nr, Gr, g(i), Cr, Ci, list, R) );
+ claim( I, Running, R, Ni, Nr, g(i), Gr, Ci, Cr );
+ send_!3( I, R, Ci, Cr, prf(k(I,R), Ni, Nr, g(i), Gr, Ci, Cr, list, I) );
+
+
+ claim( I, SKR, prf(k(I,R), Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr, Ci, Cr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, Gi, Ni, I );
+ claim( R, Running, I, Ni, Nr, Gi, g(r), Ci, Cr );
+ send_!2( R, I, Ci, Cr, algo, g(r), Nr, R, prf(k(R,I), Ni, Nr, g(r), Gi, Cr, Ci, list, R) );
+ recv_!3( I, R, Ci, Cr, prf(k(R,I), Ni, Nr, Gi, g(r), Ci, Cr, list, I) );
+
+
+ claim( R, SKR, prf(k(R,I), Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r), Ci, Cr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-psk-m-perlman.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-psk-m-perlman.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..01640add7624ed88ea12b9abb3825214feaa639a
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-psk-m-perlman.cpp
@@ -0,0 +1,101 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Pre-shared key authentication (main mode) incorporating
+ * a fix by Perlman et. al.
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1_PSK__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define HASH_Ii prf(k(I,R), Ni, Nr, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(k(R,I), Ni, Nr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(k(I,R), Ni, Nr, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(k(R,I), Ni, Nr, g(r), Gi, Cr, Ci, list, R)
+
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 5
+ recv_!O1( O, O, {I, HASH_Ii}Zi );
+ send_!O2( O, O, {I, HASH_Ir}Zr );
+
+ // msg 6
+ recv_!O3( O, O, {R, HASH_Rr}Zr );
+ send_!O4( O, O, {R, HASH_Ri}Zi );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev1-psk-m-perlman(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list );
+ recv_2( R, I, Ci, Cr, algo );
+ send_3( I, R, Ci, Cr, g(i), Ni );
+ recv_4( R, I, Ci, Cr, Gr, Nr );
+ claim( I, Running, R, Ni, Nr, g(i), Gr, Ci, Cr );
+ send_!5( I, R, Ci, Cr, {I, HASH_Ii}Zi );
+ recv_!6( R, I, Ci, Cr, {R, HASH_Ri}Zi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr, Ci, Cr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list );
+ send_2( R, I, Ci, Cr, algo );
+ recv_3( I, R, Ci, Cr, Gi, Ni );
+ send_4( R, I, Ci, Cr, g(r), Nr );
+ recv_!5( I, R, Ci, Cr, {I, HASH_Ir}Zr );
+ claim( R, Running, I, Ni, Nr, Gi, g(r), Ci, Cr );
+ send_!6( R, I, Ci, Cr, {R, HASH_Rr}Zr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r), Ci, Cr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-psk-m-perlman.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-psk-m-perlman.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..fa9436a2db4fd51aefddef8f1b82985ff070ee02
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-psk-m-perlman.spdl
@@ -0,0 +1,131 @@
+# 1 "ikev1-psk-m-perlman.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-psk-m-perlman.cpp"
+# 17 "ikev1-psk-m-perlman.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+
+
+
+ var Ci, Cr: Nonce;
+ var I, R: Agent;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, prf(k(I,R), Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, prf(k(R,I), Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 18 "ikev1-psk-m-perlman.cpp" 2
+# 26 "ikev1-psk-m-perlman.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {I, prf(k(I,R), Ni, Nr, g(i), g(r), Ci, Cr, list, I)}h(g(r),i) );
+ send_!O2( O, O, {I, prf(k(R,I), Ni, Nr, g(i), g(r), Ci, Cr, list, I)}h(g(i),r) );
+
+
+ recv_!O3( O, O, {R, prf(k(R,I), Ni, Nr, g(r), g(i), Cr, Ci, list, R)}h(g(i),r) );
+ send_!O4( O, O, {R, prf(k(I,R), Ni, Nr, g(r), g(i), Cr, Ci, list, R)}h(g(r),i) );
+
+ }
+
+
+}
+
+
+protocol ikev1-psk-m-perlman(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list );
+ recv_2( R, I, Ci, Cr, algo );
+ send_3( I, R, Ci, Cr, g(i), Ni );
+ recv_4( R, I, Ci, Cr, Gr, Nr );
+ claim( I, Running, R, Ni, Nr, g(i), Gr, Ci, Cr );
+ send_!5( I, R, Ci, Cr, {I, prf(k(I,R), Ni, Nr, g(i), Gr, Ci, Cr, list, I)}h(Gr,i) );
+ recv_!6( R, I, Ci, Cr, {R, prf(k(I,R), Ni, Nr, Gr, g(i), Cr, Ci, list, R)}h(Gr,i) );
+
+
+ claim( I, SKR, prf(k(I,R), Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr, Ci, Cr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list );
+ send_2( R, I, Ci, Cr, algo );
+ recv_3( I, R, Ci, Cr, Gi, Ni );
+ send_4( R, I, Ci, Cr, g(r), Nr );
+ recv_!5( I, R, Ci, Cr, {I, prf(k(R,I), Ni, Nr, Gi, g(r), Ci, Cr, list, I)}h(Gi,r) );
+ claim( R, Running, I, Ni, Nr, Gi, g(r), Ci, Cr );
+ send_!6( R, I, Ci, Cr, {R, prf(k(R,I), Ni, Nr, g(r), Gi, Cr, Ci, list, R)}h(Gi,r) );
+
+
+ claim( R, SKR, prf(k(R,I), Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r), Ci, Cr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-psk-m.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-psk-m.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..f2030186b00dcbe7278d030ad2f7a2b7e6977078
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-psk-m.cpp
@@ -0,0 +1,100 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Pre-shared key authentication (main mode)
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1_PSK__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define SKEYID prf(k(I,R),Ni,Nr)
+#define HASH_Ii prf(k(I,R), Ni, Nr, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(k(R,I), Ni, Nr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(k(I,R), Ni, Nr, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(k(R,I), Ni, Nr, g(r), Gi, Cr, Ci, list, R)
+
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 5
+ recv_!O1( O, O, {I, HASH_Ii}SKi );
+ send_!O2( O, O, {I, HASH_Ir}SKr );
+
+ // msg 6
+ recv_!O3( O, O, {R, HASH_Rr}SKr );
+ send_!O4( O, O, {R, HASH_Ri}SKi );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+protocol ikev1-psk-m(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list );
+ recv_2( R, I, Ci, Cr, algo );
+ send_3( I, R, Ci, Cr, g(i), Ni );
+ recv_4( R, I, Ci, Cr, Gr, Nr );
+ claim( I, Running, R, Ni, Nr, g(i), Gr, Ci, Cr );
+ send_!5( I, R, Ci, Cr, {I, HASH_Ii}SKi );
+ recv_!6( R, I, Ci, Cr, {R, HASH_Ri}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr, Ci, Cr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list );
+ send_2( R, I, Ci, Cr, algo );
+ recv_3( I, R, Ci, Cr, Gi, Ni );
+ send_4( R, I, Ci, Cr, g(r), Nr );
+ recv_!5( I, R, Ci, Cr, {I, HASH_Ir}SKr );
+ claim( R, Running, I, Ni, Nr, Gi, g(r), Ci, Cr );
+ send_!6( R, I, Ci, Cr, {R, HASH_Rr}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r), Ci, Cr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-psk-m.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-psk-m.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..ca7a6888664db131ae5db199e9b56aab363e4711
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-psk-m.spdl
@@ -0,0 +1,130 @@
+# 1 "ikev1-psk-m.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-psk-m.cpp"
+# 16 "ikev1-psk-m.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+
+
+
+ var Ci, Cr: Nonce;
+ var I, R: Agent;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, prf(k(I,R), Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, prf(k(R,I), Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 17 "ikev1-psk-m.cpp" 2
+# 26 "ikev1-psk-m.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {I, prf(k(I,R), Ni, Nr, g(i), g(r), Ci, Cr, list, I)}prf(k(I,R), Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!O2( O, O, {I, prf(k(R,I), Ni, Nr, g(i), g(r), Ci, Cr, list, I)}prf(k(R,I), Ni, Nr, h(g(i),r), Ci, Cr) );
+
+
+ recv_!O3( O, O, {R, prf(k(R,I), Ni, Nr, g(r), g(i), Cr, Ci, list, R)}prf(k(R,I), Ni, Nr, h(g(i),r), Ci, Cr) );
+ send_!O4( O, O, {R, prf(k(I,R), Ni, Nr, g(r), g(i), Cr, Ci, list, R)}prf(k(I,R), Ni, Nr, h(g(r),i), Ci, Cr) );
+
+ }
+
+
+}
+
+protocol ikev1-psk-m(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list );
+ recv_2( R, I, Ci, Cr, algo );
+ send_3( I, R, Ci, Cr, g(i), Ni );
+ recv_4( R, I, Ci, Cr, Gr, Nr );
+ claim( I, Running, R, Ni, Nr, g(i), Gr, Ci, Cr );
+ send_!5( I, R, Ci, Cr, {I, prf(k(I,R), Ni, Nr, g(i), Gr, Ci, Cr, list, I)}prf(k(I,R), Ni, Nr, h(Gr,i), Ci, Cr) );
+ recv_!6( R, I, Ci, Cr, {R, prf(k(I,R), Ni, Nr, Gr, g(i), Cr, Ci, list, R)}prf(k(I,R), Ni, Nr, h(Gr,i), Ci, Cr) );
+
+
+ claim( I, SKR, prf(k(I,R), Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr, Ci, Cr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list );
+ send_2( R, I, Ci, Cr, algo );
+ recv_3( I, R, Ci, Cr, Gi, Ni );
+ send_4( R, I, Ci, Cr, g(r), Nr );
+ recv_!5( I, R, Ci, Cr, {I, prf(k(R,I), Ni, Nr, Gi, g(r), Ci, Cr, list, I)}prf(k(R,I), Ni, Nr, h(Gi,r), Ci, Cr) );
+ claim( R, Running, I, Ni, Nr, Gi, g(r), Ci, Cr );
+ send_!6( R, I, Ci, Cr, {R, prf(k(R,I), Ni, Nr, g(r), Gi, Cr, Ci, list, R)}prf(k(R,I), Ni, Nr, h(Gi,r), Ci, Cr) );
+
+
+ claim( R, SKR, prf(k(R,I), Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r), Ci, Cr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-quick-noid.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-quick-noid.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..f6f57127d1a372a3463cc3c8ada9419e919e40c0
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-quick-noid.cpp
@@ -0,0 +1,102 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Quick mode (pfs), without optional identities
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1_QUICK__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+/* k(I,R)=k(R,I) equal Ka from the spec */
+#define HASH1i prf(k(I,R), mid, list, Ni, g(i))
+#define HASH1r prf(k(R,I), mid, list, Ni, Gi)
+#define HASH2i prf(k(I,R), mid, Ni, algo, Nr, Gr)
+#define HASH2r prf(k(R,I), mid, Ni, algo, Nr, g(r))
+#define HASH3i prf(k(I,R), mid, Ni, Nr)
+#define HASH3r prf(k(R,I), mid, Ni, Nr)
+
+usertype String;
+const list, algo: String;
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling k(I,R) = k(R,I).
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var mid, i, r, Ni, Nr: Nonce;
+ var I, R: Agent;
+
+ // msg 1
+ recv_!O1( O, O, {HASH1i, list, Ni, g(i)}k(I,R) );
+ send_!O2( O, O, {HASH1r, list, Ni, Gi}k(R,I) );
+
+ // msg 2
+ recv_!O3( O, O, {HASH2r, algo, Nr, g(r)}k(R,I) );
+ send_!O4( O, O, {HASH2i, algo, Nr, Gr}k(I,R) );
+
+ // msg 3
+ recv_!O5( O, O, {HASH3i}k(I,R) );
+ send_!O6( O, O, {HASH3r}k(R,I) );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev1-quick-noid(I, R)
+{
+ role I {
+ fresh i, Ni, Ci, mid: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_!1( I, R, mid, {HASH1i, list, Ni, g(i)}k(I,R) );
+ recv_!2( R, I, mid, {HASH2i, algo, Nr, Gr}k(I,R) );
+ claim( I, Running, R, Ni, Nr, g(i), Gr );
+ send_!3( I, R, mid, {HASH3i}k(I,R) );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci, mid: Nonce;
+ var Gi: Ticket;
+
+ recv_!1( I, R, mid, {HASH1r, list, Ni, Gi}k(R,I) );
+ claim( R, Running, I, Ni, Nr, Gi, g(r) );
+ send_!2( R, I, mid, {HASH2r, algo, Nr, g(r)}k(R,I) );
+ recv_!3( I, R, mid, {HASH3r}k(R,I) );
+
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r) );
+
+ }
+}
+// TODO: Incorporate into various phase 1 protocols (see spec for adaptions)
+// NOTE: If incorporated in phase 1, make sure to model with and without optional identities in msg 2 & 3
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-quick-noid.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-quick-noid.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..03e9c05c647160e0e160a560d7c1ffe63ce30d96
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-quick-noid.spdl
@@ -0,0 +1,124 @@
+# 1 "ikev1-quick-noid.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-quick-noid.cpp"
+# 16 "ikev1-quick-noid.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 126 "common.h"
+ var I, R: Agent;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(k(I,R),h(g(r),i),Ni,Nr) );
+ send_!SWAP2( SWAP, SWAP, KDF(k(R,I),h(g(i),r),Ni,Nr) );
+
+ }
+
+
+}
+# 17 "ikev1-quick-noid.cpp" 2
+# 27 "ikev1-quick-noid.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var mid, i, r, Ni, Nr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {prf(k(I,R), mid, list, Ni, g(i)), list, Ni, g(i)}k(I,R) );
+ send_!O2( O, O, {prf(k(R,I), mid, list, Ni, g(i)), list, Ni, g(i)}k(R,I) );
+
+
+ recv_!O3( O, O, {prf(k(R,I), mid, Ni, algo, Nr, g(r)), algo, Nr, g(r)}k(R,I) );
+ send_!O4( O, O, {prf(k(I,R), mid, Ni, algo, Nr, g(r)), algo, Nr, g(r)}k(I,R) );
+
+
+ recv_!O5( O, O, {prf(k(I,R), mid, Ni, Nr)}k(I,R) );
+ send_!O6( O, O, {prf(k(R,I), mid, Ni, Nr)}k(R,I) );
+
+ }
+
+
+}
+
+
+protocol ikev1-quick-noid(I, R)
+{
+ role I {
+ fresh i, Ni, Ci, mid: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_!1( I, R, mid, {prf(k(I,R), mid, list, Ni, g(i)), list, Ni, g(i)}k(I,R) );
+ recv_!2( R, I, mid, {prf(k(I,R), mid, Ni, algo, Nr, Gr), algo, Nr, Gr}k(I,R) );
+ claim( I, Running, R, Ni, Nr, g(i), Gr );
+ send_!3( I, R, mid, {prf(k(I,R), mid, Ni, Nr)}k(I,R) );
+
+
+ claim( I, SKR, KDF(k(I,R),h(Gr,i),Ni,Nr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci, mid: Nonce;
+ var Gi: Ticket;
+
+ recv_!1( I, R, mid, {prf(k(R,I), mid, list, Ni, Gi), list, Ni, Gi}k(R,I) );
+ claim( R, Running, I, Ni, Nr, Gi, g(r) );
+ send_!2( R, I, mid, {prf(k(R,I), mid, Ni, algo, Nr, g(r)), algo, Nr, g(r)}k(R,I) );
+ recv_!3( I, R, mid, {prf(k(R,I), mid, Ni, Nr)}k(R,I) );
+
+
+
+ claim( R, SKR, KDF(k(R,I),h(Gi,r),Ni,Nr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r) );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-quick-nopfs.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-quick-nopfs.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..38a1fc4691595f88f193458b73ff5b5ea5c98103
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-quick-nopfs.cpp
@@ -0,0 +1,96 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Quick mode (no pfs), without optional identities
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1_QUICK_NOPFS__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+/* k(I,R)=k(R,I) equal Ka from the spec */
+#define HASH1i prf(k(I,R), mid, list, Ni)
+#define HASH1r prf(k(R,I), mid, list, Ni)
+#define HASH2i prf(k(I,R), mid, Ni, algo, Nr)
+#define HASH2r prf(k(R,I), mid, Ni, algo, Nr)
+#define HASH3i prf(k(I,R), mid, Ni, Nr)
+#define HASH3r prf(k(R,I), mid, Ni, Nr)
+
+usertype String;
+const list, algo: String;
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling k(I,R) = k(R,I).
+ */
+protocol @executability(O) {
+ role O {
+ var mid, Ni, Nr: Nonce;
+ var I, R: Agent;
+
+ // msg 1
+ recv_!O1( O, O, {HASH1i, list, Ni}k(I,R) );
+ send_!O2( O, O, {HASH1r, list, Ni}k(R,I) );
+
+ // msg 2
+ recv_!O3( O, O, {HASH2r, algo, Nr}k(R,I) );
+ send_!O4( O, O, {HASH2i, algo, Nr}k(I,R) );
+
+ // msg 3
+ recv_!O5( O, O, {HASH3i}k(I,R) );
+ send_!O6( O, O, {HASH3r}k(R,I) );
+
+ }
+}
+
+
+protocol ikev1-quick-nopfs(I, R)
+{
+ role I {
+ fresh i, Ni, Ci, mid: Nonce;
+ var Nr, Cr: Nonce;
+
+ send_!1( I, R, mid, {HASH1i, list, Ni}k(I,R) );
+ recv_!2( R, I, mid, {HASH2i, algo, Nr}k(I,R) );
+ claim( I, Running, R, Ni, Nr );
+ send_!3( I, R, mid, {HASH3i}k(I,R) );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci, mid: Nonce;
+
+ recv_!1( I, R, mid, {HASH1r, list, Ni}k(R,I) );
+ claim( R, Running, I, Ni, Nr );
+ send_!2( R, I, mid, {HASH2r, algo, Nr}k(R,I) );
+ recv_!3( I, R, mid, {HASH3r}k(R,I) );
+
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr );
+
+ }
+}
+// TODO: Incorporate into various phase 1 protocols (see spec for adaptions)
+// NOTE: If incorporated in phase 1, make sure to model with and without optional identities in msg 2 & 3
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-quick-nopfs.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-quick-nopfs.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..c7d2f992cecb058650ba0261bac3a574c8b5f4af
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-quick-nopfs.spdl
@@ -0,0 +1,118 @@
+# 1 "ikev1-quick-nopfs.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-quick-nopfs.cpp"
+# 16 "ikev1-quick-nopfs.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 129 "common.h"
+ var I, R: Agent;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(k(I,R),Ni,Nr) );
+ send_!SWAP2( SWAP, SWAP, KDF(k(R,I),Ni,Nr) );
+
+ }
+
+
+}
+# 17 "ikev1-quick-nopfs.cpp" 2
+# 27 "ikev1-quick-nopfs.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+protocol @executability(O) {
+ role O {
+ var mid, Ni, Nr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {prf(k(I,R), mid, list, Ni), list, Ni}k(I,R) );
+ send_!O2( O, O, {prf(k(R,I), mid, list, Ni), list, Ni}k(R,I) );
+
+
+ recv_!O3( O, O, {prf(k(R,I), mid, Ni, algo, Nr), algo, Nr}k(R,I) );
+ send_!O4( O, O, {prf(k(I,R), mid, Ni, algo, Nr), algo, Nr}k(I,R) );
+
+
+ recv_!O5( O, O, {prf(k(I,R), mid, Ni, Nr)}k(I,R) );
+ send_!O6( O, O, {prf(k(R,I), mid, Ni, Nr)}k(R,I) );
+
+ }
+}
+
+
+protocol ikev1-quick-nopfs(I, R)
+{
+ role I {
+ fresh i, Ni, Ci, mid: Nonce;
+ var Nr, Cr: Nonce;
+
+ send_!1( I, R, mid, {prf(k(I,R), mid, list, Ni), list, Ni}k(I,R) );
+ recv_!2( R, I, mid, {prf(k(I,R), mid, Ni, algo, Nr), algo, Nr}k(I,R) );
+ claim( I, Running, R, Ni, Nr );
+ send_!3( I, R, mid, {prf(k(I,R), mid, Ni, Nr)}k(I,R) );
+
+
+ claim( I, SKR, KDF(k(I,R),Ni,Nr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci, mid: Nonce;
+
+ recv_!1( I, R, mid, {prf(k(R,I), mid, list, Ni), list, Ni}k(R,I) );
+ claim( R, Running, I, Ni, Nr );
+ send_!2( R, I, mid, {prf(k(R,I), mid, Ni, algo, Nr), algo, Nr}k(R,I) );
+ recv_!3( I, R, mid, {prf(k(R,I), mid, Ni, Nr)}k(R,I) );
+
+
+
+ claim( R, SKR, KDF(k(R,I),Ni,Nr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-quick.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-quick.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..60e9fccfe7f3e7253b99c148912152914aec196e
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-quick.cpp
@@ -0,0 +1,70 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Quick mode (pfs), optional identities included
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1_QUICK__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+/* k(I,R) equals Ka from the spec */
+#define HASH1i prf(k(I,R), mid, list, Ni, g(i), I, R)
+#define HASH1r prf(k(R,I), mid, list, Ni, Gi, I, R)
+#define HASH2i prf(k(I,R), mid, Ni, algo, Nr, Gr, I, R)
+#define HASH2r prf(k(R,I), mid, Ni, algo, Nr, g(r), I, R)
+#define HASH3i prf(k(I,R), mid, Ni, Nr)
+#define HASH3r prf(k(R,I), mid, Ni, Nr)
+
+
+protocol ikev1-quick(I, R)
+{
+ role I {
+ fresh i, Ni, Ci, mid, list: Nonce;
+ var Nr, Cr, algo: Nonce;
+ var Gr: Ticket;
+
+ send_!1( I, R, mid, {HASH1i, list, Ni, g(i), I, R}k(I,R) );
+ recv_!2( R, I, mid, {HASH2i, algo, Nr, Gr, I, R}k(I,R) );
+ claim( I, Running, R, Ni, Nr, g(i), Gr );
+ send_!3( I, R, mid, {HASH3i}k(I,R) );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr, algo: Nonce;
+ var Ni, Ci, mid, list: Nonce;
+ var Gi: Ticket;
+
+ recv_!1( I, R, mid, {HASH1r, list, Ni, Gi, I, R}k(I,R) );
+ claim( R, Running, I, Ni, Nr, Gi, g(r) );
+ send_!2( R, I, mid, {HASH2r, algo, Nr, g(r), I, R}k(I,R) );
+ recv_!3( I, R, mid, {HASH3r}k(I,R) );
+
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r) );
+
+ }
+}
+// TODO: Incorporate into various phase 1 protocols (see spec for adaptions)
+// NOTE: If incorporated in phase 1, make sure to model with and without optional identities in msg 2 & 3
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-quick.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-quick.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..6a723c72a8d708953cfc64987229a06b38c800bb
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-quick.spdl
@@ -0,0 +1,91 @@
+# 1 "ikev1-quick.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-quick.cpp"
+# 16 "ikev1-quick.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 126 "common.h"
+ var I, R: Agent;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(k(I,R),h(g(r),i),Ni,Nr) );
+ send_!SWAP2( SWAP, SWAP, KDF(k(R,I),h(g(i),r),Ni,Nr) );
+
+ }
+
+
+}
+# 17 "ikev1-quick.cpp" 2
+# 28 "ikev1-quick.cpp"
+protocol ikev1-quick(I, R)
+{
+ role I {
+ fresh i, Ni, Ci, mid, list: Nonce;
+ var Nr, Cr, algo: Nonce;
+ var Gr: Ticket;
+
+ send_!1( I, R, mid, {prf(k(I,R), mid, list, Ni, g(i), I, R), list, Ni, g(i), I, R}k(I,R) );
+ recv_!2( R, I, mid, {prf(k(I,R), mid, Ni, algo, Nr, Gr, I, R), algo, Nr, Gr, I, R}k(I,R) );
+ claim( I, Running, R, Ni, Nr, g(i), Gr );
+ send_!3( I, R, mid, {prf(k(I,R), mid, Ni, Nr)}k(I,R) );
+
+
+ claim( I, SKR, KDF(k(I,R),h(Gr,i),Ni,Nr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr, algo: Nonce;
+ var Ni, Ci, mid, list: Nonce;
+ var Gi: Ticket;
+
+ recv_!1( I, R, mid, {prf(k(R,I), mid, list, Ni, Gi, I, R), list, Ni, Gi, I, R}k(I,R) );
+ claim( R, Running, I, Ni, Nr, Gi, g(r) );
+ send_!2( R, I, mid, {prf(k(R,I), mid, Ni, algo, Nr, g(r), I, R), algo, Nr, g(r), I, R}k(I,R) );
+ recv_!3( I, R, mid, {prf(k(R,I), mid, Ni, Nr)}k(I,R) );
+
+
+
+ claim( R, SKR, KDF(k(R,I),h(Gi,r),Ni,Nr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r) );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a-perlman1.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a-perlman1.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..ddebfcbbfce70721b1d9d40768cf03a63f246e68
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a-perlman1.cpp
@@ -0,0 +1,99 @@
+/***********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Digital signature authentication (aggressive mode) with
+ * a modification suggested by Perlman et al. (last msg not
+ * encrypted)
+ ***********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define HDR (Ci,Cr)
+#define SKEYIDi prf(Ni,Nr,Zi)
+#define SKEYIDr prf(Ni,Nr,Zr)
+#define HASH_Ii prf(Ni, Nr, Zi, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(Ni, Nr, Zr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(Ni, Nr, Zi, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(Ni, Nr, Zr, g(r), Gi, Cr, Ci, list, R)
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 2
+ recv_!O1( O, O, {R}SKr, {HASH_Rr}sk(R) );
+ send_!O2( O, O, {R}SKi, {HASH_Ri}sk(R) );
+
+ // msg 3
+ recv_!O3( O, O, {I}SKi, {HASH_Ii}sk(I) );
+ send_!O4( O, O, {I}SKr, {HASH_Ir}sk(I) );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev1-sig-a-perlman1(I, R)
+{
+
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, g(i), Ni );
+ recv_!2( R, I, HDR, algo, Gr, Nr, {R}SKi, {HASH_Ri}sk(R) );
+ claim( I, Running, R, Ni, Nr, g(i), Gr, Ci, Cr );
+ send_!3( I, R, HDR, {I}SKi, {HASH_Ii}sk(I) );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr, Ci, Cr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, Gi, Ni );
+ claim( R, Running, I, Ni, Nr, Gi, g(r), Ci, Cr );
+ send_!2( R, I, HDR, algo, g(r), Nr, R, {R}SKr, {HASH_Rr}sk(R) );
+ recv_!3( I, R, HDR, {I}SKr, {HASH_Ir}sk(I) );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r), Ci, Cr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a-perlman1.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a-perlman1.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..f758a99fc3757563feedbddba9d8c3e21e4aa864
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a-perlman1.spdl
@@ -0,0 +1,130 @@
+# 1 "ikev1-sig-a-perlman1.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-sig-a-perlman1.cpp"
+# 18 "ikev1-sig-a-perlman1.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+
+
+
+
+
+
+
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+ var Ci, Cr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 19 "ikev1-sig-a-perlman1.cpp" 2
+# 29 "ikev1-sig-a-perlman1.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {R}KDF(Ni, Nr, h(g(i),r), Ci, Cr), {prf(Ni, Nr, h(g(i),r), g(r), g(i), Cr, Ci, list, R)}sk(R) );
+ send_!O2( O, O, {R}KDF(Ni, Nr, h(g(r),i), Ci, Cr), {prf(Ni, Nr, h(g(r),i), g(r), g(i), Cr, Ci, list, R)}sk(R) );
+
+
+ recv_!O3( O, O, {I}KDF(Ni, Nr, h(g(r),i), Ci, Cr), {prf(Ni, Nr, h(g(r),i), g(i), g(r), Ci, Cr, list, I)}sk(I) );
+ send_!O4( O, O, {I}KDF(Ni, Nr, h(g(i),r), Ci, Cr), {prf(Ni, Nr, h(g(i),r), g(i), g(r), Ci, Cr, list, I)}sk(I) );
+
+ }
+
+
+}
+
+
+protocol ikev1-sig-a-perlman1(I, R)
+{
+
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, g(i), Ni );
+ recv_!2( R, I, (Ci,Cr), algo, Gr, Nr, {R}KDF(Ni, Nr, h(Gr,i), Ci, Cr), {prf(Ni, Nr, h(Gr,i), Gr, g(i), Cr, Ci, list, R)}sk(R) );
+ claim( I, Running, R, Ni, Nr, g(i), Gr, Ci, Cr );
+ send_!3( I, R, (Ci,Cr), {I}KDF(Ni, Nr, h(Gr,i), Ci, Cr), {prf(Ni, Nr, h(Gr,i), g(i), Gr, Ci, Cr, list, I)}sk(I) );
+
+
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr, Ci, Cr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, Gi, Ni );
+ claim( R, Running, I, Ni, Nr, Gi, g(r), Ci, Cr );
+ send_!2( R, I, (Ci,Cr), algo, g(r), Nr, R, {R}KDF(Ni, Nr, h(Gi,r), Ci, Cr), {prf(Ni, Nr, h(Gi,r), g(r), Gi, Cr, Ci, list, R)}sk(R) );
+ recv_!3( I, R, (Ci,Cr), {I}KDF(Ni, Nr, h(Gi,r), Ci, Cr), {prf(Ni, Nr, h(Gi,r), Gi, g(r), Ci, Cr, list, I)}sk(I) );
+
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r), Ci, Cr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a-perlman2.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a-perlman2.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..e39a7b90f03a25100a35ee722708bf45b10ab1ae
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a-perlman2.cpp
@@ -0,0 +1,99 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Digital signature authentication (aggressive mode) with
+ * a modification suggested by Perlman et al. (last msg
+ * encrypted)
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define HDR (Ci,Cr)
+#define SKEYIDi prf(Ni,Nr,Zi)
+#define SKEYIDr prf(Ni,Nr,Zr)
+#define HASH_Ii prf(Ni, Nr, Zi, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(Ni, Nr, Zr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(Ni, Nr, Zi, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(Ni, Nr, Zr, g(r), Gi, Cr, Ci, list, R)
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 2
+ recv_!O1( O, O, {R}SKr, {HASH_Rr}sk(R) );
+ send_!O2( O, O, {R}SKi, {HASH_Ri}sk(R) );
+
+ // msg 3
+ recv_!O3( O, O, {I, {HASH_Ii}sk(I)}SKi );
+ send_!O4( O, O, {I, {HASH_Ir}sk(I)}SKr );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev1-sig-a-perlman2(I, R)
+{
+
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, g(i), Ni );
+ recv_!2( R, I, HDR, algo, Gr, Nr, {R}SKi, {HASH_Ri}sk(R) );
+ claim( I, Running, R, Ni, Nr, g(i), Gr, Ci, Cr );
+ send_!3( I, R, HDR, {I, {HASH_Ii}sk(I)}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr, Ci, Cr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, Gi, Ni );
+ claim( R, Running, I, Ni, Nr, Gi, g(r), Ci, Cr );
+ send_!2( R, I, HDR, algo, g(r), Nr, R, {R}SKr, {HASH_Rr}sk(R) );
+ recv_!3( I, R, HDR, {I, {HASH_Ir}sk(I)}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r), Ci, Cr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a-perlman2.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a-perlman2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..c2edf7d670b607ae011aaea618b2cad7346d49db
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a-perlman2.spdl
@@ -0,0 +1,130 @@
+# 1 "ikev1-sig-a-perlman2.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-sig-a-perlman2.cpp"
+# 18 "ikev1-sig-a-perlman2.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+
+
+
+
+
+
+
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+ var Ci, Cr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 19 "ikev1-sig-a-perlman2.cpp" 2
+# 29 "ikev1-sig-a-perlman2.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {R}KDF(Ni, Nr, h(g(i),r), Ci, Cr), {prf(Ni, Nr, h(g(i),r), g(r), g(i), Cr, Ci, list, R)}sk(R) );
+ send_!O2( O, O, {R}KDF(Ni, Nr, h(g(r),i), Ci, Cr), {prf(Ni, Nr, h(g(r),i), g(r), g(i), Cr, Ci, list, R)}sk(R) );
+
+
+ recv_!O3( O, O, {I, {prf(Ni, Nr, h(g(r),i), g(i), g(r), Ci, Cr, list, I)}sk(I)}KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!O4( O, O, {I, {prf(Ni, Nr, h(g(i),r), g(i), g(r), Ci, Cr, list, I)}sk(I)}KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+
+
+protocol ikev1-sig-a-perlman2(I, R)
+{
+
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, g(i), Ni );
+ recv_!2( R, I, (Ci,Cr), algo, Gr, Nr, {R}KDF(Ni, Nr, h(Gr,i), Ci, Cr), {prf(Ni, Nr, h(Gr,i), Gr, g(i), Cr, Ci, list, R)}sk(R) );
+ claim( I, Running, R, Ni, Nr, g(i), Gr, Ci, Cr );
+ send_!3( I, R, (Ci,Cr), {I, {prf(Ni, Nr, h(Gr,i), g(i), Gr, Ci, Cr, list, I)}sk(I)}KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr, Ci, Cr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, Gi, Ni );
+ claim( R, Running, I, Ni, Nr, Gi, g(r), Ci, Cr );
+ send_!2( R, I, (Ci,Cr), algo, g(r), Nr, R, {R}KDF(Ni, Nr, h(Gi,r), Ci, Cr), {prf(Ni, Nr, h(Gi,r), g(r), Gi, Cr, Ci, list, R)}sk(R) );
+ recv_!3( I, R, (Ci,Cr), {I, {prf(Ni, Nr, h(Gi,r), Gi, g(r), Ci, Cr, list, I)}sk(I)}KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r), Ci, Cr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a1.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a1.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..418492e69ea13476cf63d52bad95dea2b469560d
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a1.cpp
@@ -0,0 +1,98 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Digital signature authentication (aggressive mode)
+ * where the last message is not encrypted
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define HDR (Ci,Cr)
+#define SKEYIDi prf(Ni,Nr,Zi)
+#define SKEYIDr prf(Ni,Nr,Zr)
+#define HASH_Ii prf(Ni, Nr, Zi, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(Ni, Nr, Zr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(Ni, Nr, Zi, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(Ni, Nr, Zr, g(r), Gi, Cr, Ci, list, R)
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 2
+ recv_!O1( O, O, {HASH_Rr}sk(R) );
+ send_!O2( O, O, {HASH_Ri}sk(R) );
+
+ // msg 3
+ recv_!O3( O, O, {HASH_Ii}sk(I) );
+ send_!O4( O, O, {HASH_Ir}sk(I) );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev1-sig-a1(I, R)
+{
+
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, g(i), Ni, I );
+ recv_!2( R, I, HDR, algo, Gr, Nr, R, {HASH_Ri}sk(R) );
+ claim( I, Running, R, Ni, Nr, g(i), Gr, Ci, Cr );
+ send_!3( I, R, HDR, {HASH_Ii}sk(I) );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr, Ci, Cr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, Gi, Ni, I );
+ claim( R, Running, I, Ni, Nr, Gi, g(r), Ci, Cr );
+ send_!2( R, I, HDR, algo, g(r), Nr, R, {HASH_Rr}sk(R) );
+ recv_!3( I, R, HDR, {HASH_Ir}sk(I) );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r), Ci, Cr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a1.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a1.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..327c4fe6b183204d86e2a6bdd43a4f8f081d7fb3
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a1.spdl
@@ -0,0 +1,130 @@
+# 1 "ikev1-sig-a1.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-sig-a1.cpp"
+# 17 "ikev1-sig-a1.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+
+
+
+
+
+
+
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+ var Ci, Cr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 18 "ikev1-sig-a1.cpp" 2
+# 28 "ikev1-sig-a1.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {prf(Ni, Nr, h(g(i),r), g(r), g(i), Cr, Ci, list, R)}sk(R) );
+ send_!O2( O, O, {prf(Ni, Nr, h(g(r),i), g(r), g(i), Cr, Ci, list, R)}sk(R) );
+
+
+ recv_!O3( O, O, {prf(Ni, Nr, h(g(r),i), g(i), g(r), Ci, Cr, list, I)}sk(I) );
+ send_!O4( O, O, {prf(Ni, Nr, h(g(i),r), g(i), g(r), Ci, Cr, list, I)}sk(I) );
+
+ }
+
+
+}
+
+
+protocol ikev1-sig-a1(I, R)
+{
+
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, g(i), Ni, I );
+ recv_!2( R, I, (Ci,Cr), algo, Gr, Nr, R, {prf(Ni, Nr, h(Gr,i), Gr, g(i), Cr, Ci, list, R)}sk(R) );
+ claim( I, Running, R, Ni, Nr, g(i), Gr, Ci, Cr );
+ send_!3( I, R, (Ci,Cr), {prf(Ni, Nr, h(Gr,i), g(i), Gr, Ci, Cr, list, I)}sk(I) );
+
+
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr, Ci, Cr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, Gi, Ni, I );
+ claim( R, Running, I, Ni, Nr, Gi, g(r), Ci, Cr );
+ send_!2( R, I, (Ci,Cr), algo, g(r), Nr, R, {prf(Ni, Nr, h(Gi,r), g(r), Gi, Cr, Ci, list, R)}sk(R) );
+ recv_!3( I, R, (Ci,Cr), {prf(Ni, Nr, h(Gi,r), Gi, g(r), Ci, Cr, list, I)}sk(I) );
+
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r), Ci, Cr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a2.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a2.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..1c81dab28f63a04bd0c5fe2c12704b9249575c8e
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a2.cpp
@@ -0,0 +1,99 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Digital signature authentication (aggressive mode)
+ * where thelast message is encrypted with the session key
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define HDR (Ci,Cr)
+#define SKEYIDi prf(Ni,Nr,Zi)
+#define SKEYIDr prf(Ni,Nr,Zr)
+#define HASH_Ii prf(Ni, Nr, Zi, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(Ni, Nr, Zr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(Ni, Nr, Zi, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(Ni, Nr, Zr, g(r), Gi, Cr, Ci, list, R)
+
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 2
+ recv_!O1( O, O, {HASH_Rr}sk(R) );
+ send_!O2( O, O, {HASH_Ri}sk(R) );
+
+ // msg 3
+ recv_!O3( O, O, {{HASH_Ii}sk(I)}SKi );
+ send_!O4( O, O, {{HASH_Ir}sk(I)}SKr );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev1-sig-a2(I, R)
+{
+
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, g(i), Ni, I );
+ recv_!2( R, I, HDR, algo, Gr, Nr, R, {HASH_Ri}sk(R) );
+ claim( I, Running, R, Ni, Nr, g(i), Gr, Ci, Cr );
+ send_!3( I, R, HDR, {{HASH_Ii}sk(I)}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr, Ci, Cr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, Gi, Ni, I );
+ claim( R, Running, I, Ni, Nr, Gi, g(r), Ci, Cr );
+ send_!2( R, I, HDR, algo, g(r), Nr, R, {HASH_Rr}sk(R) );
+ recv_!3( I, R, HDR, {{HASH_Ir}sk(I)}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r), Ci, Cr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a2.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..b0e6e07cb50087e2ec19c11cb2c15b763931cf38
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-a2.spdl
@@ -0,0 +1,130 @@
+# 1 "ikev1-sig-a2.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-sig-a2.cpp"
+# 17 "ikev1-sig-a2.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+
+
+
+
+
+
+
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+ var Ci, Cr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 18 "ikev1-sig-a2.cpp" 2
+# 29 "ikev1-sig-a2.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {prf(Ni, Nr, h(g(i),r), g(r), g(i), Cr, Ci, list, R)}sk(R) );
+ send_!O2( O, O, {prf(Ni, Nr, h(g(r),i), g(r), g(i), Cr, Ci, list, R)}sk(R) );
+
+
+ recv_!O3( O, O, {{prf(Ni, Nr, h(g(r),i), g(i), g(r), Ci, Cr, list, I)}sk(I)}KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!O4( O, O, {{prf(Ni, Nr, h(g(i),r), g(i), g(r), Ci, Cr, list, I)}sk(I)}KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+
+
+protocol ikev1-sig-a2(I, R)
+{
+
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list, g(i), Ni, I );
+ recv_!2( R, I, (Ci,Cr), algo, Gr, Nr, R, {prf(Ni, Nr, h(Gr,i), Gr, g(i), Cr, Ci, list, R)}sk(R) );
+ claim( I, Running, R, Ni, Nr, g(i), Gr, Ci, Cr );
+ send_!3( I, R, (Ci,Cr), {{prf(Ni, Nr, h(Gr,i), g(i), Gr, Ci, Cr, list, I)}sk(I)}KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr, Ci, Cr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list, Gi, Ni, I );
+ claim( R, Running, I, Ni, Nr, Gi, g(r), Ci, Cr );
+ send_!2( R, I, (Ci,Cr), algo, g(r), Nr, R, {prf(Ni, Nr, h(Gi,r), g(r), Gi, Cr, Ci, list, R)}sk(R) );
+ recv_!3( I, R, (Ci,Cr), {{prf(Ni, Nr, h(Gi,r), Gi, g(r), Ci, Cr, list, I)}sk(I)}KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r), Ci, Cr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-m-perlman.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-m-perlman.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..4129ae25b1cbc4703b74bf4f164b6a87929f2d8c
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-m-perlman.cpp
@@ -0,0 +1,100 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Digital signature authentication (aggressive mode) with
+ * a modification suggested by Perlman et al.
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define SKEYIDi prf(Ni,Nr,Zi)
+#define SKEYIDr prf(Ni,Nr,Zr)
+#define HASH_Ii prf(Ni, Nr, Zi, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(Ni, Nr, Zr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(Ni, Nr, Zi, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(Ni, Nr, Zr, g(r), Gi, Cr, Ci, list, R)
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 4
+ recv_!O1( O, O, {R, {HASH_Rr}sk(R)}SKr );
+ send_!O2( O, O, {R, {HASH_Ri}sk(R)}SKi );
+
+ // msg 5
+ recv_!O3( O, O, {I, {HASH_Ii}sk(I)}SKi );
+ send_!O4( O, O, {I, {HASH_Ir}sk(I)}SKr );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev1-sig-m-perlman(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list );
+ recv_2( R, I, Ci, Cr, algo );
+ send_3( I, R, Ci, Cr, g(i), Ni );
+ recv_!4( R, I, Ci, Cr, Gr, Nr, {R, {HASH_Ri}sk(R)}SKi );
+ claim( I, Running, R, Ni, Nr, g(i), Gr, Ci, Cr );
+ send_!5( I, R, Ci, Cr, {I, {HASH_Ii}sk(I)}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr, Ci, Cr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list );
+ send_2( R, I, Ci, Cr, algo );
+ recv_3( I, R, Ci, Cr, Gi, Ni );
+ claim( R, Running, I, Ni, Nr, Gi, g(r), Ci, Cr );
+ send_!4( R, I, Ci, Cr, g(r), Nr, {R, {HASH_Rr}sk(R)}SKr );
+ recv_!5( I, R, Ci, Cr, {I, {HASH_Ir}sk(I)}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r), Ci, Cr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-m-perlman.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-m-perlman.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..321fc1b2c8b331587c33d5d7de6205b6293e6045
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-m-perlman.spdl
@@ -0,0 +1,133 @@
+# 1 "ikev1-sig-m-perlman.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-sig-m-perlman.cpp"
+# 17 "ikev1-sig-m-perlman.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+
+
+
+
+
+
+
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+ var Ci, Cr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 18 "ikev1-sig-m-perlman.cpp" 2
+# 27 "ikev1-sig-m-perlman.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {R, {prf(Ni, Nr, h(g(i),r), g(r), g(i), Cr, Ci, list, R)}sk(R)}KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+ send_!O2( O, O, {R, {prf(Ni, Nr, h(g(r),i), g(r), g(i), Cr, Ci, list, R)}sk(R)}KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+
+
+ recv_!O3( O, O, {I, {prf(Ni, Nr, h(g(r),i), g(i), g(r), Ci, Cr, list, I)}sk(I)}KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!O4( O, O, {I, {prf(Ni, Nr, h(g(i),r), g(i), g(r), Ci, Cr, list, I)}sk(I)}KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+
+
+protocol ikev1-sig-m-perlman(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list );
+ recv_2( R, I, Ci, Cr, algo );
+ send_3( I, R, Ci, Cr, g(i), Ni );
+ recv_!4( R, I, Ci, Cr, Gr, Nr, {R, {prf(Ni, Nr, h(Gr,i), Gr, g(i), Cr, Ci, list, R)}sk(R)}KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+ claim( I, Running, R, Ni, Nr, g(i), Gr, Ci, Cr );
+ send_!5( I, R, Ci, Cr, {I, {prf(Ni, Nr, h(Gr,i), g(i), Gr, Ci, Cr, list, I)}sk(I)}KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr, Ci, Cr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list );
+ send_2( R, I, Ci, Cr, algo );
+ recv_3( I, R, Ci, Cr, Gi, Ni );
+ claim( R, Running, I, Ni, Nr, Gi, g(r), Ci, Cr );
+ send_!4( R, I, Ci, Cr, g(r), Nr, {R, {prf(Ni, Nr, h(Gi,r), g(r), Gi, Cr, Ci, list, R)}sk(R)}KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+ recv_!5( I, R, Ci, Cr, {I, {prf(Ni, Nr, h(Gi,r), Gi, g(r), Ci, Cr, list, I)}sk(I)}KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r), Ci, Cr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-m.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-m.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..f24b78f9c291e0ea1bbeadb96094819d542cab2e
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-m.cpp
@@ -0,0 +1,102 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv1)
+ * @reference RFC 2409,
+ * Boyd C. and Mathuria A., Protocols for Authentication
+ * and Key Agreement
+ * @variant Digital signature authentication (aggressive mode)
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV1__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define HDR (Ci,Cr)
+#define SKEYIDi prf(Ni,Nr,Zi)
+#define SKEYIDr prf(Ni,Nr,Zr)
+#define HASH_Ii prf(Ni, Nr, Zi, g(i), Gr, Ci, Cr, list, I)
+#define HASH_Ir prf(Ni, Nr, Zr, Gi, g(r), Ci, Cr, list, I)
+#define HASH_Ri prf(Ni, Nr, Zi, Gr, g(i), Cr, Ci, list, R)
+#define HASH_Rr prf(Ni, Nr, Zr, g(r), Gi, Cr, Ci, list, R)
+
+
+usertype String;
+const list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 5
+ recv_!O1( O, O, {I, {HASH_Ii}sk(I)}SKi );
+ send_!O2( O, O, {I, {HASH_Ir}sk(I)}SKr );
+
+ // msg 6
+ recv_!O3( O, O, {R, {HASH_Rr}sk(R)}SKr );
+ send_!O4( O, O, {R, {HASH_Ri}sk(R)}SKi );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+protocol ikev1-sig-m(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list );
+ recv_2( R, I, HDR, algo );
+ send_3( I, R, HDR, g(i), Ni );
+ recv_4( R, I, HDR, Gr, Nr );
+ claim( I, Running, R, Ni, Nr, g(i), Gr, Ci, Cr );
+ send_!5( I, R, HDR, {I, {HASH_Ii}sk(I)}SKi );
+ recv_!6( R, I, HDR, {R, {HASH_Ri}sk(R)}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr, Ci, Cr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list );
+ send_2( R, I, HDR, algo );
+ recv_3( I, R, HDR, Gi, Ni );
+ send_4( R, I, HDR, g(r), Nr );
+ recv_!5( I, R, HDR, {I, {HASH_Ir}sk(I)}SKr );
+ claim( R, Running, I, Ni, Nr, Gi, g(r), Ci, Cr );
+ send_!6( R, I, HDR, {R, {HASH_Rr}sk(R)}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r), Ci, Cr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-m.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-m.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..28150b0db685a0a77f8cd3a1e32ee0e886dd7fde
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev1-sig-m.spdl
@@ -0,0 +1,134 @@
+# 1 "ikev1-sig-m.cpp"
+# 1 "<command-line>"
+# 1 "ikev1-sig-m.cpp"
+# 16 "ikev1-sig-m.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+
+
+
+
+
+
+
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+
+
+ var Ci, Cr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 17 "ikev1-sig-m.cpp" 2
+# 28 "ikev1-sig-m.cpp"
+usertype String;
+const list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {I, {prf(Ni, Nr, h(g(r),i), g(i), g(r), Ci, Cr, list, I)}sk(I)}KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!O2( O, O, {I, {prf(Ni, Nr, h(g(i),r), g(i), g(r), Ci, Cr, list, I)}sk(I)}KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+
+ recv_!O3( O, O, {R, {prf(Ni, Nr, h(g(i),r), g(r), g(i), Cr, Ci, list, R)}sk(R)}KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+ send_!O4( O, O, {R, {prf(Ni, Nr, h(g(r),i), g(r), g(i), Cr, Ci, list, R)}sk(R)}KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+
+ }
+
+
+}
+
+protocol ikev1-sig-m(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, list );
+ recv_2( R, I, (Ci,Cr), algo );
+ send_3( I, R, (Ci,Cr), g(i), Ni );
+ recv_4( R, I, (Ci,Cr), Gr, Nr );
+ claim( I, Running, R, Ni, Nr, g(i), Gr, Ci, Cr );
+ send_!5( I, R, (Ci,Cr), {I, {prf(Ni, Nr, h(Gr,i), g(i), Gr, Ci, Cr, list, I)}sk(I)}KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+ recv_!6( R, I, (Ci,Cr), {R, {prf(Ni, Nr, h(Gr,i), Gr, g(i), Cr, Ci, list, R)}sk(R)}KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni, Nr, g(i), Gr, Ci, Cr );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, list );
+ send_2( R, I, (Ci,Cr), algo );
+ recv_3( I, R, (Ci,Cr), Gi, Ni );
+ send_4( R, I, (Ci,Cr), g(r), Nr );
+ recv_!5( I, R, (Ci,Cr), {I, {prf(Ni, Nr, h(Gi,r), Gi, g(r), Ci, Cr, list, I)}sk(I)}KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+ claim( R, Running, I, Ni, Nr, Gi, g(r), Ci, Cr );
+ send_!6( R, I, (Ci,Cr), {R, {prf(Ni, Nr, h(Gi,r), g(r), Gi, Cr, Ci, list, R)}sk(R)}KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni, Nr, Gi, g(r), Ci, Cr );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-child-nopfs.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-child-nopfs.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..96073084c43e68002f5af4e5da4697c6fa22a647
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-child-nopfs.cpp
@@ -0,0 +1,78 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv2)
+ * @subprotocol IKE Create Child SA
+ * @reference RFC 4306
+ * @variant No perfect forward secrecy support
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV2_CHILD_NOPFS__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+const SA3: Nonce;
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling k(I,R) = k(R,I).
+ */
+protocol @executability(O) {
+ role O {
+ var Ni, Nr: Nonce;
+ var I, R: Agent;
+
+ // msg 1
+ recv_!O1( O, O, {SA3, Ni}k(I,R) );
+ send_!O2( O, O, {SA3, Ni}k(R,I) );
+
+ // msg 2
+ recv_!O3( O, O, {SA3, Nr}k(R,I) );
+ send_!O4( O, O, {SA3, Nr}k(I,R) );
+
+ }
+}
+
+
+protocol ikev2-child-nopfs(I, R)
+{
+
+ role I {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+
+ /* IKE_SA_INIT */
+ claim( I, Running, R,Ni );
+ send_!1( I, R, {SA3, Ni}k(I,R) );
+ recv_!2( R, I, {SA3, Nr}k(I,R) );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,Ni,Nr );
+
+ }
+
+ role R {
+ fresh Nr: Nonce;
+ var Ni: Nonce;
+
+ recv_!1( I, R, {SA3, Ni}k(R,I) );
+ claim( R, Running, I,Ni,Nr );
+ send_!2( R, I, {SA3, Nr}k(R,I) );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I,Ni );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-child-nopfs.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-child-nopfs.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..d163151b06607972db52326f4018ec9c1a93f11a
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-child-nopfs.spdl
@@ -0,0 +1,112 @@
+# 1 "ikev2-child-nopfs.cpp"
+# 1 "<command-line>"
+# 1 "ikev2-child-nopfs.cpp"
+# 15 "ikev2-child-nopfs.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 138 "common.h"
+ var I, R: Agent;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(k(I,R),Ni,Nr) );
+ send_!SWAP2( SWAP, SWAP, KDF(k(R,I),Ni,Nr) );
+
+ }
+
+
+}
+# 16 "ikev2-child-nopfs.cpp" 2
+
+
+const SA3: Nonce;
+
+
+
+
+
+
+protocol @executability(O) {
+ role O {
+ var Ni, Nr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {SA3, Ni}k(I,R) );
+ send_!O2( O, O, {SA3, Ni}k(R,I) );
+
+
+ recv_!O3( O, O, {SA3, Nr}k(R,I) );
+ send_!O4( O, O, {SA3, Nr}k(I,R) );
+
+ }
+}
+
+
+protocol ikev2-child-nopfs(I, R)
+{
+
+ role I {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+
+
+ claim( I, Running, R,Ni );
+ send_!1( I, R, {SA3, Ni}k(I,R) );
+ recv_!2( R, I, {SA3, Nr}k(I,R) );
+
+
+ claim( I, SKR, KDF(k(I,R),Ni,Nr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,Ni,Nr );
+
+ }
+
+ role R {
+ fresh Nr: Nonce;
+ var Ni: Nonce;
+
+ recv_!1( I, R, {SA3, Ni}k(R,I) );
+ claim( R, Running, I,Ni,Nr );
+ send_!2( R, I, {SA3, Nr}k(R,I) );
+
+
+ claim( R, SKR, KDF(k(R,I),Ni,Nr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I,Ni );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-child.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-child.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..2378231e53b6adad28fc5bf1a6977360f8196e81
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-child.cpp
@@ -0,0 +1,87 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv2)
+ * @subprotocol IKE Create Child SA
+ * @reference RFC 4306
+ * @variant Supports perfect forward secrecy
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV2_CHILD__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+
+usertype SecurityAssociation;
+const SA1 ,SA2, SA3: SecurityAssociation;
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling k(I,R) = k(R,I).
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr: Nonce;
+ var I, R: Agent;
+
+ // msg 1
+ recv_!O1( O, O, {SA3, Ni, g(i)}k(I,R) );
+ send_!O2( O, O, {SA3, Ni, g(i)}k(R,I) );
+
+ // msg 2
+ recv_!O3( O, O, {SA3, Nr, Gr}k(R,I) );
+ send_!O4( O, O, {SA3, Nr, Gr}k(I,R) );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+// Note: SPIs not modeled as they would lead to trivial attacks where the adversary
+// tampers with the SPIs (they are not subsequently authenticated)
+protocol ikev2-child(I, R)
+{
+
+ role I {
+ fresh i, Ni: Nonce;
+ var Nr: Nonce;
+ var Gr: Ticket;
+
+ /* IKE_SA_INIT */
+ claim( I, Running, R,Ni,g(i) );
+ send_!1( I, R, {SA3, Ni, g(i)}k(I,R) );
+ recv_!2( R, I, {SA3, Nr, Gr}k(I,R) );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,Ni,g(i),Nr,Gr );
+
+ }
+
+ role R {
+ fresh r, Nr: Nonce;
+ var Ni: Nonce;
+ var Gi: Ticket;
+
+ recv_!1( I, R, {SA3, Ni, Gi}k(R,I) );
+ claim( R, Running, I,Ni,Gi,Nr,g(r) );
+ send_!2( R, I, {SA3, Nr, g(r)}k(R,I) );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I,Ni,Gi );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-child.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-child.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..7c58959c1425b052bd51c14051ecd976c1fde63f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-child.spdl
@@ -0,0 +1,121 @@
+# 1 "ikev2-child.cpp"
+# 1 "<command-line>"
+# 1 "ikev2-child.cpp"
+# 15 "ikev2-child.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 135 "common.h"
+ var I, R: Agent;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(k(I,R),h(g(r),i),Ni,Nr) );
+ send_!SWAP2( SWAP, SWAP, KDF(k(R,I),h(g(i),r),Ni,Nr) );
+
+ }
+
+
+}
+# 16 "ikev2-child.cpp" 2
+
+
+
+usertype SecurityAssociation;
+const SA1 ,SA2, SA3: SecurityAssociation;
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {SA3, Ni, g(i)}k(I,R) );
+ send_!O2( O, O, {SA3, Ni, g(i)}k(R,I) );
+
+
+ recv_!O3( O, O, {SA3, Nr, g(r)}k(R,I) );
+ send_!O4( O, O, {SA3, Nr, g(r)}k(I,R) );
+
+ }
+
+
+}
+
+
+
+protocol ikev2-child(I, R)
+{
+
+ role I {
+ fresh i, Ni: Nonce;
+ var Nr: Nonce;
+ var Gr: Ticket;
+
+
+ claim( I, Running, R,Ni,g(i) );
+ send_!1( I, R, {SA3, Ni, g(i)}k(I,R) );
+ recv_!2( R, I, {SA3, Nr, Gr}k(I,R) );
+
+
+ claim( I, SKR, KDF(k(I,R),h(Gr,i),Ni,Nr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,Ni,g(i),Nr,Gr );
+
+ }
+
+ role R {
+ fresh r, Nr: Nonce;
+ var Ni: Nonce;
+ var Gi: Ticket;
+
+ recv_!1( I, R, {SA3, Ni, Gi}k(R,I) );
+ claim( R, Running, I,Ni,Gi,Nr,g(r) );
+ send_!2( R, I, {SA3, Nr, g(r)}k(R,I) );
+
+
+ claim( R, SKR, KDF(k(R,I),h(Gi,r),Ni,Nr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I,Ni,Gi );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-eap.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-eap.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..7d8310bf74f404db0d727772c116f6cf571d0845
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-eap.cpp
@@ -0,0 +1,131 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv2)
+ * @subprotocol IKE EAP
+ * @reference RFC 4306
+ * @variant Includes optional payloads
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV2__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define AUTHii {SPIi, O, SA1, g(i), Ni, Nr, prf(SKi, I)}sk(I)
+#define AUTHir {SPIi, O, SA1, Gi, Ni, Nr, prf(SKr, I)}sk(I)
+#define AUTHri {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(SKi, R)}sk(R)
+#define AUTHrr {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(SKr, R)}sk(R)
+
+
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(E) {
+#define Gi g(i)
+#define Gr g(r)
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr, EAP, EAPOK: Nonce;
+ var I, R: Agent;
+
+ // msg 3
+ recv_!E1( E, E, {I, R, SA2, TSi, TSr}SKi );
+ send_!E2( E, E, {I, R, SA2, TSi, TSr}SKr );
+
+ // msg 4
+ recv_!E3( E, E, {R, AUTHrr, EAP}SKr );
+ send_!E4( E, E, {R, AUTHri, EAP}SKi );
+
+ // msg 5
+ recv_!E5( E, E, {EAP}SKi );
+ send_!E6( E, E, {EAP}SKr );
+
+ // msg 6
+ recv_!E7( E, E, {EAPOK}SKr );
+ send_!E8( E, E, {EAPOK}SKi );
+
+ // msg 7
+ recv_!E9( E, E, {AUTHii}SKi );
+ send_!EA( E, E, {AUTHir}SKr );
+
+ // msg 8
+ send_!EB( E, E, {AUTHrr, SA2, TSi, TSr}SKr );
+ send_!EC( E, E, {AUTHri, SA2, TSi, TSr}SKi );
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev2-eap(I, R)
+{
+
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var EAP, EAPOK: Nonce;
+ var Gr: Ticket;
+
+
+ /* IKE_SA_INIT */
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, HDR, SA1, Gr, Nr );
+
+ /* IKE_AUTH */
+ send_!3( I, R, HDR, {I, R, SA2, TSi, TSr}SKi );
+ recv_!4( R, I, HDR, {R, AUTHri, EAP}SKi );
+ send_!5( I, R, HDR, {EAP}SKi );
+ recv_!6( R, I, HDR, {EAPOK}SKi );
+ claim( I, Running, R, Ni,g(i),Nr,Gr,TSi,TSr,EAP,EAPOK );
+ send_!7( I, R, HDR, {AUTHii}SKi );
+ recv_!8( R, I, HDR, {AUTHri, SA2, TSi, TSr}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni,g(i),Nr,Gr,TSi,TSr,EAP,EAPOK );
+
+ }
+
+ role R {
+ fresh EAP, EAPOK: Nonce;
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+ /* IKE_SA_INIT */
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, HDR, SA1, g(r), Nr );
+
+ /* IKE_AUTH */
+ recv_!3( I, R, HDR, {I, R, SA2, TSi, TSr}SKr );
+ send_!4( R, I, HDR, {R, AUTHrr, EAP}SKr );
+ recv_!5( I, R, HDR, {EAP}SKr );
+ send_!6( R, I, HDR, {EAPOK}SKr );
+ recv_!7( I, R, HDR, {AUTHir}SKr );
+ claim( R, Running, I, Ni,Gi,Nr,g(r),TSi,TSr,EAP,EAPOK );
+ send_!8( R, I, HDR, {AUTHrr, SA2, TSi, TSr}SKr );
+
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni,Gi,Nr,g(r),TSi,TSr,EAP,EAPOK );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-eap.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-eap.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..43ec49a27f8500a71f77d6e490bf378bed249aec
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-eap.spdl
@@ -0,0 +1,160 @@
+# 1 "ikev2-eap.cpp"
+# 1 "<command-line>"
+# 1 "ikev2-eap.cpp"
+# 15 "ikev2-eap.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 43 "common.h"
+hashfunction MAC;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 132 "common.h"
+ var SPIi, SPIr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+ }
+
+
+}
+# 16 "ikev2-eap.cpp" 2
+# 24 "ikev2-eap.cpp"
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+
+
+
+
+
+protocol @executability(E) {
+
+
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr, EAP, EAPOK: Nonce;
+ var I, R: Agent;
+
+
+ recv_!E1( E, E, {I, R, SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E2( E, E, {I, R, SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E3( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), R)}sk(R), EAP}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E4( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), R)}sk(R), EAP}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+
+
+ recv_!E5( E, E, {EAP}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E6( E, E, {EAP}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E7( E, E, {EAPOK}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E8( E, E, {EAPOK}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+
+
+ recv_!E9( E, E, {{SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), I)}sk(I)}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!EA( E, E, {{SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), I)}sk(I)}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ send_!EB( E, E, {{SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!EC( E, E, {{SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ }
+
+
+}
+
+
+protocol ikev2-eap(I, R)
+{
+
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var EAP, EAPOK: Nonce;
+ var Gr: Ticket;
+
+
+
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, (SPIi,SPIr), SA1, Gr, Nr );
+
+
+ send_!3( I, R, (SPIi,SPIr), {I, R, SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!4( R, I, (SPIi,SPIr), {R, {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), R)}sk(R), EAP}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ send_!5( I, R, (SPIi,SPIr), {EAP}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!6( R, I, (SPIi,SPIr), {EAPOK}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ claim( I, Running, R, Ni,g(i),Nr,Gr,TSi,TSr,EAP,EAPOK );
+ send_!7( I, R, (SPIi,SPIr), {{SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), I)}sk(I)}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!8( R, I, (SPIi,SPIr), {{SPIi, SPIr, SA1, Gr, Nr, Ni, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+
+ claim( I, SKR, KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni,g(i),Nr,Gr,TSi,TSr,EAP,EAPOK );
+
+ }
+
+ role R {
+ fresh EAP, EAPOK: Nonce;
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, (SPIi,SPIr), SA1, g(r), Nr );
+
+
+ recv_!3( I, R, (SPIi,SPIr), {I, R, SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ send_!4( R, I, (SPIi,SPIr), {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), R)}sk(R), EAP}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ recv_!5( I, R, (SPIi,SPIr), {EAP}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ send_!6( R, I, (SPIi,SPIr), {EAPOK}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ recv_!7( I, R, (SPIi,SPIr), {{SPIi, O, SA1, Gi, Ni, Nr, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), I)}sk(I)}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ claim( R, Running, I, Ni,Gi,Nr,g(r),TSi,TSr,EAP,EAPOK );
+ send_!8( R, I, (SPIi,SPIr), {{SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+
+
+ claim( R, SKR, KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni,Gi,Nr,g(r),TSi,TSr,EAP,EAPOK );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-eap2.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-eap2.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..c56855a4e197ba66d40e714afda209dbf878224c
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-eap2.cpp
@@ -0,0 +1,138 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv2)
+ * @subprotocol IKE EAP
+ * @reference RFC 4306
+ * @variant Excludes optional payloads
+ **********************************************************************/
+
+/**
+ * Modeling notes:
+ * - It's not clear what to put in the EAP payloads; we now model them
+ * as nonces, but maybe it is better to view them as a function of the
+ * actor.
+ */
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV2__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define AUTHii {SPIi, O, SA1, g(i), Ni, Nr, prf(SKi, I)}sk(I)
+#define AUTHir {SPIi, O, SA1, Gi, Ni, Nr, prf(SKr, I)}sk(I)
+#define AUTHri {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(SKi, R)}sk(R)
+#define AUTHrr {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(SKr, R)}sk(R)
+
+
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(E) {
+#define Gi g(i)
+#define Gr g(r)
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr, EAP, EAPOK: Nonce;
+ var I, R: Agent;
+
+ // msg 3
+ recv_!E1( E, E, {I, SA2, TSi, TSr}SKi );
+ send_!E2( E, E, {I, SA2, TSi, TSr}SKr );
+
+ // msg 4
+ recv_!E3( E, E, {R, AUTHrr, EAP}SKr );
+ send_!E4( E, E, {R, AUTHri, EAP}SKi );
+
+ // msg 5
+ recv_!E5( E, E, {EAP}SKi );
+ send_!E6( E, E, {EAP}SKr );
+
+ // msg 6
+ recv_!E7( E, E, {EAPOK}SKr );
+ send_!E8( E, E, {EAPOK}SKi );
+
+ // msg 7
+ recv_!E9( E, E, {AUTHii}SKi );
+ send_!EA( E, E, {AUTHir}SKr );
+
+ // msg 8
+ send_!EB( E, E, {AUTHrr, SA2, TSi, TSr}SKr );
+ send_!EC( E, E, {AUTHri, SA2, TSi, TSr}SKi );
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev2-eap2(I, R)
+{
+
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var EAP, EAPOK: Nonce;
+ var Gr: Ticket;
+
+
+ /* IKE_SA_INIT */
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, HDR, SA1, Gr, Nr );
+
+ /* IKE_AUTH */
+ send_!3( I, R, HDR, {I, SA2, TSi, TSr}SKi );
+ recv_!4( R, I, HDR, {R, AUTHri, EAP}SKi );
+ send_!5( I, R, HDR, {EAP}SKi );
+ recv_!6( R, I, HDR, {EAPOK}SKi );
+ claim( I, Running, R, Ni,g(i),Nr,Gr,TSi,TSr,EAP,EAPOK );
+ send_!7( I, R, HDR, {AUTHii}SKi );
+ recv_!8( R, I, HDR, {AUTHri, SA2, TSi, TSr}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni,g(i),Nr,Gr,TSi,TSr,EAP,EAPOK );
+
+ }
+
+ role R {
+ fresh EAP, EAPOK: Nonce;
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+ /* IKE_SA_INIT */
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, HDR, SA1, g(r), Nr );
+
+ /* IKE_AUTH */
+ recv_!3( I, R, HDR, {I, SA2, TSi, TSr}SKr );
+ send_!4( R, I, HDR, {R, AUTHrr, EAP}SKr );
+ recv_!5( I, R, HDR, {EAP}SKr );
+ send_!6( R, I, HDR, {EAPOK}SKr );
+ recv_!7( I, R, HDR, {AUTHir}SKr );
+ claim( R, Running, I, Ni,Gi,Nr,g(r),TSi,TSr,EAP,EAPOK );
+ send_!8( R, I, HDR, {AUTHrr, SA2, TSi, TSr}SKr );
+
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni,Gi,Nr,g(r),TSi,TSr,EAP,EAPOK );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-eap2.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-eap2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..1fbb5800641b974ad89d3e1aa896760a20bbb15f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-eap2.spdl
@@ -0,0 +1,160 @@
+# 1 "ikev2-eap2.cpp"
+# 1 "<command-line>"
+# 1 "ikev2-eap2.cpp"
+# 22 "ikev2-eap2.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 43 "common.h"
+hashfunction MAC;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 132 "common.h"
+ var SPIi, SPIr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+ }
+
+
+}
+# 23 "ikev2-eap2.cpp" 2
+# 31 "ikev2-eap2.cpp"
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+
+
+
+
+
+protocol @executability(E) {
+
+
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr, EAP, EAPOK: Nonce;
+ var I, R: Agent;
+
+
+ recv_!E1( E, E, {I, SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E2( E, E, {I, SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E3( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), R)}sk(R), EAP}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E4( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), R)}sk(R), EAP}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+
+
+ recv_!E5( E, E, {EAP}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E6( E, E, {EAP}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E7( E, E, {EAPOK}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E8( E, E, {EAPOK}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+
+
+ recv_!E9( E, E, {{SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), I)}sk(I)}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!EA( E, E, {{SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), I)}sk(I)}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ send_!EB( E, E, {{SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!EC( E, E, {{SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ }
+
+
+}
+
+
+protocol ikev2-eap2(I, R)
+{
+
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var EAP, EAPOK: Nonce;
+ var Gr: Ticket;
+
+
+
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, (SPIi,SPIr), SA1, Gr, Nr );
+
+
+ send_!3( I, R, (SPIi,SPIr), {I, SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!4( R, I, (SPIi,SPIr), {R, {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), R)}sk(R), EAP}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ send_!5( I, R, (SPIi,SPIr), {EAP}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!6( R, I, (SPIi,SPIr), {EAPOK}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ claim( I, Running, R, Ni,g(i),Nr,Gr,TSi,TSr,EAP,EAPOK );
+ send_!7( I, R, (SPIi,SPIr), {{SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), I)}sk(I)}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!8( R, I, (SPIi,SPIr), {{SPIi, SPIr, SA1, Gr, Nr, Ni, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+
+ claim( I, SKR, KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni,g(i),Nr,Gr,TSi,TSr,EAP,EAPOK );
+
+ }
+
+ role R {
+ fresh EAP, EAPOK: Nonce;
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, (SPIi,SPIr), SA1, g(r), Nr );
+
+
+ recv_!3( I, R, (SPIi,SPIr), {I, SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ send_!4( R, I, (SPIi,SPIr), {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), R)}sk(R), EAP}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ recv_!5( I, R, (SPIi,SPIr), {EAP}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ send_!6( R, I, (SPIi,SPIr), {EAPOK}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ recv_!7( I, R, (SPIi,SPIr), {{SPIi, O, SA1, Gi, Ni, Nr, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), I)}sk(I)}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ claim( R, Running, I, Ni,Gi,Nr,g(r),TSi,TSr,EAP,EAPOK );
+ send_!8( R, I, (SPIi,SPIr), {{SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+
+
+ claim( R, SKR, KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni,Gi,Nr,g(r),TSi,TSr,EAP,EAPOK );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mac.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mac.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..832afae1516326bdef16593494d0d0a799bb468d
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mac.cpp
@@ -0,0 +1,104 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv2)
+ * @subprotocol MAC authenticated IKEv2
+ * @reference RFC 4306
+ * @variant Includes optional payloads
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV2__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define AUTHii MAC(k(I,R), SPIi, O, SA1, g(i), Ni, Nr, prf(SKi, I))
+#define AUTHir MAC(k(R,I), SPIi, O, SA1, Gi, Ni, Nr, prf(SKr, I))
+#define AUTHri MAC(k(I,R), SPIi, SPIr, SA1, Gr, Nr, Ni, prf(SKi, R))
+#define AUTHrr MAC(k(R,I), SPIi, SPIr, SA1, g(r), Nr, Ni, prf(SKr, R))
+
+
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(E) {
+#define Gi g(i)
+#define Gr g(r)
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+ // msg 3
+ recv_!E1( E, E, {I, R, AUTHii, SA2, TSi, TSr}SKi );
+ send_!E2( E, E, {I, R, AUTHir, SA2, TSi, TSr}SKr );
+
+ // msg 4
+ recv_!E3( E, E, {R, AUTHrr, SA2, TSi, TSr}SKr );
+ send_!E4( E, E, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev2-mac(I, R)
+{
+
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var Gr: Ticket;
+
+
+ /* IKE_SA_INIT */
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, HDR, SA1, Gr, Nr );
+
+ /* IKE_AUTH */
+ claim( I, Running, R, Ni,g(i),Nr,Gr,TSi,TSr);
+ send_!3( I, R, HDR, {I, R, AUTHii, SA2, TSi, TSr}SKi );
+ recv_!4( R, I, HDR, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni,g(i),Nr,Gr,TSi,TSr);
+
+ }
+
+ role R {
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+ /* IKE_SA_INIT */
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, HDR, SA1, g(r), Nr );
+
+ /* IKE_AUTH */
+ recv_!3( I, R, HDR, {I, R, AUTHir, SA2, TSi, TSr}SKr );
+ claim( R, Running, I, Ni,Gi,Nr,g(r),TSi,TSr);
+ send_!4( R, I, HDR, {R, AUTHrr, SA2, TSi, TSr}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni,Gi,Nr,g(r),TSi,TSr);
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mac.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mac.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..608d314c011ed38718804a5a2a29e315e6b11a3e
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mac.spdl
@@ -0,0 +1,133 @@
+# 1 "ikev2-mac.cpp"
+# 1 "<command-line>"
+# 1 "ikev2-mac.cpp"
+# 15 "ikev2-mac.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 43 "common.h"
+hashfunction MAC;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 132 "common.h"
+ var SPIi, SPIr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+ }
+
+
+}
+# 16 "ikev2-mac.cpp" 2
+# 24 "ikev2-mac.cpp"
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+
+
+
+
+
+protocol @executability(E) {
+
+
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!E1( E, E, {I, R, MAC(k(I,R), SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), I)), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E2( E, E, {I, R, MAC(k(R,I), SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), I)), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E3( E, E, {R, MAC(k(R,I), SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), R)), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E4( E, E, {R, MAC(k(I,R), SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), R)), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+
+ }
+
+
+}
+
+
+protocol ikev2-mac(I, R)
+{
+
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var Gr: Ticket;
+
+
+
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, (SPIi,SPIr), SA1, Gr, Nr );
+
+
+ claim( I, Running, R, Ni,g(i),Nr,Gr,TSi,TSr);
+ send_!3( I, R, (SPIi,SPIr), {I, R, MAC(k(I,R), SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), I)), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!4( R, I, (SPIi,SPIr), {R, MAC(k(I,R), SPIi, SPIr, SA1, Gr, Nr, Ni, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), R)), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+
+ claim( I, SKR, KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni,g(i),Nr,Gr,TSi,TSr);
+
+ }
+
+ role R {
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, (SPIi,SPIr), SA1, g(r), Nr );
+
+
+ recv_!3( I, R, (SPIi,SPIr), {I, R, MAC(k(R,I), SPIi, O, SA1, Gi, Ni, Nr, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), I)), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ claim( R, Running, I, Ni,Gi,Nr,g(r),TSi,TSr);
+ send_!4( R, I, (SPIi,SPIr), {R, MAC(k(R,I), SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), R)), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+
+ claim( R, SKR, KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni,Gi,Nr,g(r),TSi,TSr);
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mac2.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mac2.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..cb09faad76d1abcfec4e63f81075b4e0d55e548a
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mac2.cpp
@@ -0,0 +1,104 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv2)
+ * @subprotocol MAC authenticated IKEv2
+ * @reference RFC 4306
+ * @variant Excludes optional payloads
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV2__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define AUTHii MAC(k(I,R), SPIi, O, SA1, g(i), Ni, Nr, prf(SKi, I))
+#define AUTHir MAC(k(R,I), SPIi, O, SA1, Gi, Ni, Nr, prf(SKr, I))
+#define AUTHri MAC(k(I,R), SPIi, SPIr, SA1, Gr, Nr, Ni, prf(SKi, R))
+#define AUTHrr MAC(k(R,I), SPIi, SPIr, SA1, g(r), Nr, Ni, prf(SKr, R))
+
+
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(E) {
+#define Gi g(i)
+#define Gr g(r)
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+ // msg 3
+ recv_!E1( E, E, {I, AUTHii, SA2, TSi, TSr}SKi );
+ send_!E2( E, E, {I, AUTHir, SA2, TSi, TSr}SKr );
+
+ // msg 4
+ recv_!E3( E, E, {R, AUTHrr, SA2, TSi, TSr}SKr );
+ send_!E4( E, E, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev2-mac2(I, R)
+{
+
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var Gr: Ticket;
+
+
+ /* IKE_SA_INIT */
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, HDR, SA1, Gr, Nr );
+
+ /* IKE_AUTH */
+ claim( I, Running, R, Ni,g(i),Nr,Gr,TSi,TSr );
+ send_!3( I, R, HDR, {I, AUTHii, SA2, TSi, TSr}SKi );
+ recv_!4( R, I, HDR, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni,g(i),Nr,Gr,TSi,TSr );
+
+ }
+
+ role R {
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+ /* IKE_SA_INIT */
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, HDR, SA1, g(r), Nr );
+
+ /* IKE_AUTH */
+ recv_!3( I, R, HDR, {I, AUTHir, SA2, TSi, TSr}SKr );
+ claim( R, Running, I, Ni,Gi,Nr,g(r),TSi,TSr );
+ send_!4( R, I, HDR, {R, AUTHrr, SA2, TSi, TSr}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni,Gi,Nr,g(r),TSi,TSr );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mac2.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mac2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..f6d3385b228389cb2dac98d4f1f95de0f002c780
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mac2.spdl
@@ -0,0 +1,133 @@
+# 1 "ikev2-mac2.cpp"
+# 1 "<command-line>"
+# 1 "ikev2-mac2.cpp"
+# 15 "ikev2-mac2.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 43 "common.h"
+hashfunction MAC;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 132 "common.h"
+ var SPIi, SPIr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+ }
+
+
+}
+# 16 "ikev2-mac2.cpp" 2
+# 24 "ikev2-mac2.cpp"
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+
+
+
+
+
+protocol @executability(E) {
+
+
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!E1( E, E, {I, MAC(k(I,R), SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), I)), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E2( E, E, {I, MAC(k(R,I), SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), I)), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E3( E, E, {R, MAC(k(R,I), SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), R)), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E4( E, E, {R, MAC(k(I,R), SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), R)), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+
+ }
+
+
+}
+
+
+protocol ikev2-mac2(I, R)
+{
+
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var Gr: Ticket;
+
+
+
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, (SPIi,SPIr), SA1, Gr, Nr );
+
+
+ claim( I, Running, R, Ni,g(i),Nr,Gr,TSi,TSr );
+ send_!3( I, R, (SPIi,SPIr), {I, MAC(k(I,R), SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), I)), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!4( R, I, (SPIi,SPIr), {R, MAC(k(I,R), SPIi, SPIr, SA1, Gr, Nr, Ni, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), R)), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+
+ claim( I, SKR, KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R, Ni,g(i),Nr,Gr,TSi,TSr );
+
+ }
+
+ role R {
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, (SPIi,SPIr), SA1, g(r), Nr );
+
+
+ recv_!3( I, R, (SPIi,SPIr), {I, MAC(k(R,I), SPIi, O, SA1, Gi, Ni, Nr, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), I)), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ claim( R, Running, I, Ni,Gi,Nr,g(r),TSi,TSr );
+ send_!4( R, I, (SPIi,SPIr), {R, MAC(k(R,I), SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), R)), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+
+ claim( R, SKR, KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni,Gi,Nr,g(r),TSi,TSr );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mactosig.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mactosig.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..519f93af4f7799e66a29484f6bf0d05b15b72ba8
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mactosig.cpp
@@ -0,0 +1,104 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv2)
+ * @reference RFC 4306
+ * @variant Initiator authenticates itself using message
+ * authentication codes while responder uses digital
+ * signatures. Includes optional payloads
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV2__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define AUTHii MAC(k(I,R), SPIi, O, SA1, g(i), Ni, Nr, prf(SKi, I))
+#define AUTHir MAC(k(R,I), SPIi, O, SA1, Gi, Ni, Nr, prf(SKr, I))
+#define AUTHri {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(SKi, R)}sk(R)
+#define AUTHrr {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(SKr, R)}sk(R)
+
+
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(E) {
+#define Gi g(i)
+#define Gr g(r)
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+ // msg 3
+ recv_!E1( E, E, {I, R, AUTHii, SA2, TSi, TSr}SKi );
+ send_!E2( E, E, {I, R, AUTHir, SA2, TSi, TSr}SKr );
+
+ // msg 4
+ recv_!E3( E, E, {R, AUTHrr, SA2, TSi, TSr}SKr );
+ send_!E4( E, E, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev2-mactosig(I, R)
+{
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var Gr: Ticket;
+
+
+ /* IKE_SA_INIT */
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, SPIi, SPIr, SA1, Gr, Nr );
+
+ /* IKE_AUTH */
+ claim( I, Running, R,Ni,g(i),Nr,Gr,TSi,TSr );
+ send_!3( I, R, SPIi, SPIr, {I, R, AUTHii, SA2, TSi, TSr}SKi );
+ recv_!4( R, I, SPIi, SPIr, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,Ni,g(i),Nr,Gr,TSi,TSr );
+
+ }
+
+ role R {
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+ /* IKE_SA_INIT */
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, SPIi, SPIr, SA1, g(r), Nr );
+
+ /* IKE_AUTH */
+ recv_!3( I, R, SPIi, SPIr, {I, R, AUTHir, SA2, TSi, TSr}SKr );
+ claim( R, Running, I, Ni,Gi,Nr,g(r),TSi,TSr );
+ send_!4( R, I, SPIi, SPIr, {R, AUTHrr, SA2, TSi, TSr}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni,Gi,Nr,g(r),TSi,TSr );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mactosig.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mactosig.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..388562e5a361d24c8943a92574f1c8ab7f010876
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mactosig.spdl
@@ -0,0 +1,132 @@
+# 1 "ikev2-mactosig.cpp"
+# 1 "<command-line>"
+# 1 "ikev2-mactosig.cpp"
+# 16 "ikev2-mactosig.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 43 "common.h"
+hashfunction MAC;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 132 "common.h"
+ var SPIi, SPIr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+ }
+
+
+}
+# 17 "ikev2-mactosig.cpp" 2
+# 25 "ikev2-mactosig.cpp"
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+
+
+
+
+
+protocol @executability(E) {
+
+
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!E1( E, E, {I, R, MAC(k(I,R), SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), I)), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E2( E, E, {I, R, MAC(k(R,I), SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), I)), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E3( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E4( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+
+ }
+
+
+}
+
+
+protocol ikev2-mactosig(I, R)
+{
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var Gr: Ticket;
+
+
+
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, SPIi, SPIr, SA1, Gr, Nr );
+
+
+ claim( I, Running, R,Ni,g(i),Nr,Gr,TSi,TSr );
+ send_!3( I, R, SPIi, SPIr, {I, R, MAC(k(I,R), SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), I)), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!4( R, I, SPIi, SPIr, {R, {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+
+ claim( I, SKR, KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,Ni,g(i),Nr,Gr,TSi,TSr );
+
+ }
+
+ role R {
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, SPIi, SPIr, SA1, g(r), Nr );
+
+
+ recv_!3( I, R, SPIi, SPIr, {I, R, MAC(k(R,I), SPIi, O, SA1, Gi, Ni, Nr, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), I)), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ claim( R, Running, I, Ni,Gi,Nr,g(r),TSi,TSr );
+ send_!4( R, I, SPIi, SPIr, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+
+ claim( R, SKR, KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni,Gi,Nr,g(r),TSi,TSr );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mactosig2.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mactosig2.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..73b20f55efe250dedf89d3427976c3722add6015
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mactosig2.cpp
@@ -0,0 +1,103 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv2)
+ * @reference RFC 4306
+ * @variant Initiator authenticates itself using message
+ * authentication codes while responder uses digital
+ * signatures. Excludes optional payloads
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV2__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define AUTHii MAC(k(I,R), SPIi, O, SA1, g(i), Ni, Nr, prf(SKi, I))
+#define AUTHir MAC(k(R,I), SPIi, O, SA1, Gi, Ni, Nr, prf(SKr, I))
+#define AUTHri {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(SKi, R)}sk(R)
+#define AUTHrr {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(SKr, R)}sk(R)
+
+
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(E) {
+#define Gi g(i)
+#define Gr g(r)
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+ // msg 3
+ recv_!E1( E, E, {I, AUTHii, SA2, TSi, TSr}SKi );
+ send_!E2( E, E, {I, AUTHir, SA2, TSi, TSr}SKr );
+
+ // msg 4
+ recv_!E3( E, E, {R, AUTHrr, SA2, TSi, TSr}SKr );
+ send_!E4( E, E, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+protocol ikev2-mactosig2(I, R)
+{
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var Gr: Ticket;
+
+
+ /* IKE_SA_INIT */
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, SPIi, SPIr, SA1, Gr, Nr );
+
+ /* IKE_AUTH */
+ claim( I, Running, R,Ni,g(i),Nr,Gr,TSi,TSr );
+ send_!3( I, R, SPIi, SPIr, {I, AUTHii, SA2, TSi, TSr}SKi );
+ recv_!4( R, I, SPIi, SPIr, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,Ni,g(i),Nr,Gr,TSi,TSr );
+
+ }
+
+ role R {
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+ /* IKE_SA_INIT */
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, SPIi, SPIr, SA1, g(r), Nr );
+
+ /* IKE_AUTH */
+ recv_!3( I, R, SPIi, SPIr, {I, AUTHir, SA2, TSi, TSr}SKr );
+ claim( R, Running, I, Ni,Gi,Nr,g(r),TSi,TSr );
+ send_!4( R, I, SPIi, SPIr, {R, AUTHrr, SA2, TSi, TSr}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni,Gi,Nr,g(r),TSi,TSr );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mactosig2.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mactosig2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..92864abae98bfb18daa2c85ea74e4d33a94cd11a
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-mactosig2.spdl
@@ -0,0 +1,131 @@
+# 1 "ikev2-mactosig2.cpp"
+# 1 "<command-line>"
+# 1 "ikev2-mactosig2.cpp"
+# 16 "ikev2-mactosig2.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 43 "common.h"
+hashfunction MAC;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 132 "common.h"
+ var SPIi, SPIr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+ }
+
+
+}
+# 17 "ikev2-mactosig2.cpp" 2
+# 25 "ikev2-mactosig2.cpp"
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+
+
+
+
+
+protocol @executability(E) {
+
+
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!E1( E, E, {I, MAC(k(I,R), SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), I)), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E2( E, E, {I, MAC(k(R,I), SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), I)), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E3( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E4( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+
+ }
+
+
+}
+
+protocol ikev2-mactosig2(I, R)
+{
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var Gr: Ticket;
+
+
+
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, SPIi, SPIr, SA1, Gr, Nr );
+
+
+ claim( I, Running, R,Ni,g(i),Nr,Gr,TSi,TSr );
+ send_!3( I, R, SPIi, SPIr, {I, MAC(k(I,R), SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), I)), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!4( R, I, SPIi, SPIr, {R, {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+
+ claim( I, SKR, KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,Ni,g(i),Nr,Gr,TSi,TSr );
+
+ }
+
+ role R {
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, SPIi, SPIr, SA1, g(r), Nr );
+
+
+ recv_!3( I, R, SPIi, SPIr, {I, MAC(k(R,I), SPIi, O, SA1, Gi, Ni, Nr, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), I)), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ claim( R, Running, I, Ni,Gi,Nr,g(r),TSi,TSr );
+ send_!4( R, I, SPIi, SPIr, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+
+ claim( R, SKR, KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni,Gi,Nr,g(r),TSi,TSr );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child-composed.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child-composed.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..62ddf6f166fb42d270e5cf78063aa845da1323fa
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child-composed.cpp
@@ -0,0 +1,138 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv2)
+ * @reference RFC 4306
+ * @variant Combination of signature authenticated IKEv2 and
+ * CREATE_CHILD_SA, includes optional payloads
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV2__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define AUTHii {SPIi, O, SA1, g(i), Ni, Nr, prf(SKi, I)}sk(I)
+#define AUTHir {SPIi, O, SA1, Gi, Ni, Nr, prf(SKr, I)}sk(I)
+#define AUTHri {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(SKi, R)}sk(R)
+#define AUTHrr {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(SKr, R)}sk(R)
+#define KEYMATi KDF(Ni, Nr, Zi, h(Gt,j), Mi, Mr)
+#define KEYMATr KDF(Ni, Nr, Zr, h(Gi,t), Mi, Mr)
+
+
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(E) {
+#define Gi g(i)
+#define Gr g(r)
+ role E {
+ var i, j, r, t, Mi, Ni, Mr, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+ // msg 3
+ recv_!E1( E, E, {I, R, AUTHii, SA2, TSi, TSr}SKi );
+ send_!E2( E, E, {I, R, AUTHir, SA2, TSi, TSr}SKr );
+
+ // msg 4
+ recv_!E3( E, E, {R, AUTHrr, SA2, TSi, TSr}SKr );
+ send_!E4( E, E, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ // msg 5
+ recv_!E5( E, E, {SA3, Mi, g(j), TSi, TSr}SKi );
+ send_!E6( E, E, {SA3, Mi, g(j), TSi, TSr}SKr );
+
+ // msg 6
+ recv_!E7( E, E, {SA3, Mr, g(t), TSi, TSr}SKr );
+ send_!E8( E, E, {SA3, Mr, g(t), TSi, TSr}SKr );
+ }
+#undef Gi
+#undef Gr
+}
+protocol @ora(S) {
+#define Gi g(i)
+#define Gj g(j)
+#define Gr g(r)
+#define Gt g(t)
+ role S {
+ var i, j, r, t, Mi, Ni, Mr, Nr, SPIi, SPIr: Nonce;
+
+ recv_!S1( S, S, KDF(Ni, Nr, Zi, h(Gt,j), Mi, Mr) );
+ send_!S2( S, S, KDF(Ni, Nr, Zr, h(Gj,t), Mi, Mr) );
+ }
+#undef Gi
+#undef Gj
+#undef Gr
+#undef Gt
+}
+
+
+protocol ikev2-sig-child(I, R)
+{
+ role I {
+ fresh i, j, Ni, Mi, SPIi: Nonce;
+ var Nr, Mr, SPIr: Nonce;
+ var Gr, Gt: Ticket;
+
+
+ /* IKE_SA_INIT */
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, HDR, SA1, Gr, Nr );
+
+ /* IKE_AUTH */
+ send_!3( I, R, HDR, {I, R, AUTHii, SA2, TSi, TSr}SKi );
+ recv_!4( R, I, HDR, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ /* CREATE_CHILD_SA */
+ claim( I, Running, R,g(i),g(j),Gr );
+ send_!5( I, R, HDR, {SA3, Mi, g(j), TSi, TSr}SKi );
+ recv_!6( R, I, HDR, {SA3, Mr, Gt, TSi, TSr}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+ claim( I, SKR, KEYMATi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,g(i),g(j),Gr,Gt );
+
+ }
+
+ role R {
+ fresh r, t, Nr, Mr, SPIr: Nonce;
+ var Ni, Mi, SPIi: Nonce;
+ var Gi, Gj: Ticket;
+
+
+ /* IKE_SA_INIT */
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, HDR, SA1, g(r), Nr );
+
+ /* IKE_AUTH */
+ recv_!3( I, R, HDR, {I, R, AUTHir, SA2, TSi, TSr}SKr );
+ send_!4( R, I, HDR, {R, AUTHrr, SA2, TSi, TSr}SKr );
+
+ /* CREATE_CHILD_SA */
+ recv_!5( I, R, HDR, {SA3, Mi, Gj, TSi, TSr}SKr );
+ claim( R, Running, I,Gi,Gj,g(r),g(t) );
+ send_!6( R, I, HDR, {SA3, Mr, g(t), TSi, TSr}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+ claim( R, SKR, KEYMATr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I,Gi,Gj,g(r) );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child-composed.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child-composed.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..392c99510d70cbfd6134f552ca0a3d9f04ea0aa4
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child-composed.spdl
@@ -0,0 +1,165 @@
+# 1 "ikev2-sig-child-composed.cpp"
+# 1 "<command-line>"
+# 1 "ikev2-sig-child-composed.cpp"
+# 15 "ikev2-sig-child-composed.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 43 "common.h"
+hashfunction MAC;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 132 "common.h"
+ var SPIi, SPIr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+ }
+
+
+}
+# 16 "ikev2-sig-child-composed.cpp" 2
+# 26 "ikev2-sig-child-composed.cpp"
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+
+
+
+
+
+protocol @executability(E) {
+
+
+ role E {
+ var i, j, r, t, Mi, Ni, Mr, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!E1( E, E, {I, R, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E2( E, E, {I, R, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E3( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E4( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+
+
+ recv_!E5( E, E, {SA3, Mi, g(j), TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E6( E, E, {SA3, Mi, g(j), TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E7( E, E, {SA3, Mr, g(t), TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E8( E, E, {SA3, Mr, g(t), TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ }
+
+
+}
+protocol @ora(S) {
+
+
+
+
+ role S {
+ var i, j, r, t, Mi, Ni, Mr, Nr, SPIi, SPIr: Nonce;
+
+ recv_!S1( S, S, KDF(Ni, Nr, h(g(r),i), h(g(t),j), Mi, Mr) );
+ send_!S2( S, S, KDF(Ni, Nr, h(g(i),r), h(g(j),t), Mi, Mr) );
+ }
+
+
+
+
+}
+
+
+protocol ikev2-sig-child(I, R)
+{
+ role I {
+ fresh i, j, Ni, Mi, SPIi: Nonce;
+ var Nr, Mr, SPIr: Nonce;
+ var Gr, Gt: Ticket;
+
+
+
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, (SPIi,SPIr), SA1, Gr, Nr );
+
+
+ send_!3( I, R, (SPIi,SPIr), {I, R, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!4( R, I, (SPIi,SPIr), {R, {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+
+ claim( I, Running, R,g(i),g(j),Gr );
+ send_!5( I, R, (SPIi,SPIr), {SA3, Mi, g(j), TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!6( R, I, (SPIi,SPIr), {SA3, Mr, Gt, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+
+ claim( I, SKR, KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), h(Gt,j), Mi, Mr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,g(i),g(j),Gr,Gt );
+
+ }
+
+ role R {
+ fresh r, t, Nr, Mr, SPIr: Nonce;
+ var Ni, Mi, SPIi: Nonce;
+ var Gi, Gj: Ticket;
+
+
+
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, (SPIi,SPIr), SA1, g(r), Nr );
+
+
+ recv_!3( I, R, (SPIi,SPIr), {I, R, {SPIi, O, SA1, Gi, Ni, Nr, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ send_!4( R, I, (SPIi,SPIr), {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+
+ recv_!5( I, R, (SPIi,SPIr), {SA3, Mi, Gj, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ claim( R, Running, I,Gi,Gj,g(r),g(t) );
+ send_!6( R, I, (SPIi,SPIr), {SA3, Mr, g(t), TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+
+ claim( R, SKR, KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), h(Gi,t), Mi, Mr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I,Gi,Gj,g(r) );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..62ddf6f166fb42d270e5cf78063aa845da1323fa
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child.cpp
@@ -0,0 +1,138 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv2)
+ * @reference RFC 4306
+ * @variant Combination of signature authenticated IKEv2 and
+ * CREATE_CHILD_SA, includes optional payloads
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV2__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define AUTHii {SPIi, O, SA1, g(i), Ni, Nr, prf(SKi, I)}sk(I)
+#define AUTHir {SPIi, O, SA1, Gi, Ni, Nr, prf(SKr, I)}sk(I)
+#define AUTHri {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(SKi, R)}sk(R)
+#define AUTHrr {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(SKr, R)}sk(R)
+#define KEYMATi KDF(Ni, Nr, Zi, h(Gt,j), Mi, Mr)
+#define KEYMATr KDF(Ni, Nr, Zr, h(Gi,t), Mi, Mr)
+
+
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(E) {
+#define Gi g(i)
+#define Gr g(r)
+ role E {
+ var i, j, r, t, Mi, Ni, Mr, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+ // msg 3
+ recv_!E1( E, E, {I, R, AUTHii, SA2, TSi, TSr}SKi );
+ send_!E2( E, E, {I, R, AUTHir, SA2, TSi, TSr}SKr );
+
+ // msg 4
+ recv_!E3( E, E, {R, AUTHrr, SA2, TSi, TSr}SKr );
+ send_!E4( E, E, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ // msg 5
+ recv_!E5( E, E, {SA3, Mi, g(j), TSi, TSr}SKi );
+ send_!E6( E, E, {SA3, Mi, g(j), TSi, TSr}SKr );
+
+ // msg 6
+ recv_!E7( E, E, {SA3, Mr, g(t), TSi, TSr}SKr );
+ send_!E8( E, E, {SA3, Mr, g(t), TSi, TSr}SKr );
+ }
+#undef Gi
+#undef Gr
+}
+protocol @ora(S) {
+#define Gi g(i)
+#define Gj g(j)
+#define Gr g(r)
+#define Gt g(t)
+ role S {
+ var i, j, r, t, Mi, Ni, Mr, Nr, SPIi, SPIr: Nonce;
+
+ recv_!S1( S, S, KDF(Ni, Nr, Zi, h(Gt,j), Mi, Mr) );
+ send_!S2( S, S, KDF(Ni, Nr, Zr, h(Gj,t), Mi, Mr) );
+ }
+#undef Gi
+#undef Gj
+#undef Gr
+#undef Gt
+}
+
+
+protocol ikev2-sig-child(I, R)
+{
+ role I {
+ fresh i, j, Ni, Mi, SPIi: Nonce;
+ var Nr, Mr, SPIr: Nonce;
+ var Gr, Gt: Ticket;
+
+
+ /* IKE_SA_INIT */
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, HDR, SA1, Gr, Nr );
+
+ /* IKE_AUTH */
+ send_!3( I, R, HDR, {I, R, AUTHii, SA2, TSi, TSr}SKi );
+ recv_!4( R, I, HDR, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ /* CREATE_CHILD_SA */
+ claim( I, Running, R,g(i),g(j),Gr );
+ send_!5( I, R, HDR, {SA3, Mi, g(j), TSi, TSr}SKi );
+ recv_!6( R, I, HDR, {SA3, Mr, Gt, TSi, TSr}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+ claim( I, SKR, KEYMATi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,g(i),g(j),Gr,Gt );
+
+ }
+
+ role R {
+ fresh r, t, Nr, Mr, SPIr: Nonce;
+ var Ni, Mi, SPIi: Nonce;
+ var Gi, Gj: Ticket;
+
+
+ /* IKE_SA_INIT */
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, HDR, SA1, g(r), Nr );
+
+ /* IKE_AUTH */
+ recv_!3( I, R, HDR, {I, R, AUTHir, SA2, TSi, TSr}SKr );
+ send_!4( R, I, HDR, {R, AUTHrr, SA2, TSi, TSr}SKr );
+
+ /* CREATE_CHILD_SA */
+ recv_!5( I, R, HDR, {SA3, Mi, Gj, TSi, TSr}SKr );
+ claim( R, Running, I,Gi,Gj,g(r),g(t) );
+ send_!6( R, I, HDR, {SA3, Mr, g(t), TSi, TSr}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+ claim( R, SKR, KEYMATr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I,Gi,Gj,g(r) );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..f9db4cfa7738103d925a7c80c79c320bc72eb0c0
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child.spdl
@@ -0,0 +1,165 @@
+# 1 "ikev2-sig-child.cpp"
+# 1 "<command-line>"
+# 1 "ikev2-sig-child.cpp"
+# 15 "ikev2-sig-child.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 43 "common.h"
+hashfunction MAC;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 132 "common.h"
+ var SPIi, SPIr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+ }
+
+
+}
+# 16 "ikev2-sig-child.cpp" 2
+# 26 "ikev2-sig-child.cpp"
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+
+
+
+
+
+protocol @executability(E) {
+
+
+ role E {
+ var i, j, r, t, Mi, Ni, Mr, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!E1( E, E, {I, R, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E2( E, E, {I, R, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E3( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E4( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+
+
+ recv_!E5( E, E, {SA3, Mi, g(j), TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E6( E, E, {SA3, Mi, g(j), TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E7( E, E, {SA3, Mr, g(t), TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E8( E, E, {SA3, Mr, g(t), TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ }
+
+
+}
+protocol @ora(S) {
+
+
+
+
+ role S {
+ var i, j, r, t, Mi, Ni, Mr, Nr, SPIi, SPIr: Nonce;
+
+ recv_!S1( S, S, KDF(Ni, Nr, h(g(r),i), h(g(t),j), Mi, Mr) );
+ send_!S2( S, S, KDF(Ni, Nr, h(g(i),r), h(g(j),t), Mi, Mr) );
+ }
+
+
+
+
+}
+
+
+protocol ikev2-sig-child(I, R)
+{
+ role I {
+ fresh i, j, Ni, Mi, SPIi: Nonce;
+ var Nr, Mr, SPIr: Nonce;
+ var Gr, Gt: Ticket;
+
+
+
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, (SPIi,SPIr), SA1, Gr, Nr );
+
+
+ send_!3( I, R, (SPIi,SPIr), {I, R, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!4( R, I, (SPIi,SPIr), {R, {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+
+ claim( I, Running, R,g(i),g(j),Gr );
+ send_!5( I, R, (SPIi,SPIr), {SA3, Mi, g(j), TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!6( R, I, (SPIi,SPIr), {SA3, Mr, Gt, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+
+ claim( I, SKR, KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), h(Gt,j), Mi, Mr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,g(i),g(j),Gr,Gt );
+
+ }
+
+ role R {
+ fresh r, t, Nr, Mr, SPIr: Nonce;
+ var Ni, Mi, SPIi: Nonce;
+ var Gi, Gj: Ticket;
+
+
+
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, (SPIi,SPIr), SA1, g(r), Nr );
+
+
+ recv_!3( I, R, (SPIi,SPIr), {I, R, {SPIi, O, SA1, Gi, Ni, Nr, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ send_!4( R, I, (SPIi,SPIr), {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+
+ recv_!5( I, R, (SPIi,SPIr), {SA3, Mi, Gj, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ claim( R, Running, I,Gi,Gj,g(r),g(t) );
+ send_!6( R, I, (SPIi,SPIr), {SA3, Mr, g(t), TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+
+ claim( R, SKR, KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), h(Gi,t), Mi, Mr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I,Gi,Gj,g(r) );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child2-composed.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child2-composed.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..621e7f65d90b83cdecc0d196a2fab0913d06d313
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child2-composed.cpp
@@ -0,0 +1,138 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv2)
+ * @reference RFC 4306
+ * @variant Combination of signature authenticated IKEv2 and
+ * CREATE_CHILD_SA, excludes optional payloads
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV2__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define AUTHii {SPIi, O, SA1, g(i), Ni, Nr, prf(SKi, I)}sk(I)
+#define AUTHir {SPIi, O, SA1, Gi, Ni, Nr, prf(SKr, I)}sk(I)
+#define AUTHri {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(SKi, R)}sk(R)
+#define AUTHrr {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(SKr, R)}sk(R)
+#define KEYMATi KDF(Ni, Nr, Zi, h(Gt,j), Mi, Mr)
+#define KEYMATr KDF(Ni, Nr, Zr, h(Gi,t), Mi, Mr)
+
+
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(E) {
+#define Gi g(i)
+#define Gr g(r)
+ role E {
+ var i, j, r, t, Mi, Ni, Mr, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+ // msg 3
+ recv_!E1( E, E, {I, AUTHii, SA2, TSi, TSr}SKi );
+ send_!E2( E, E, {I, AUTHir, SA2, TSi, TSr}SKr );
+
+ // msg 4
+ recv_!E3( E, E, {R, AUTHrr, SA2, TSi, TSr}SKr );
+ send_!E4( E, E, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ // msg 5
+ recv_!E5( E, E, {SA3, Mi, g(j)}SKi );
+ send_!E6( E, E, {SA3, Mi, g(j)}SKr );
+
+ // msg 6
+ recv_!E7( E, E, {SA3, Mr, g(t)}SKr );
+ send_!E8( E, E, {SA3, Mr, g(t)}SKr );
+ }
+#undef Gi
+#undef Gr
+}
+protocol @ora(S) {
+#define Gi g(i)
+#define Gj g(j)
+#define Gr g(r)
+#define Gt g(t)
+ role S {
+ var i, j, r, t, Mi, Ni, Mr, Nr, SPIi, SPIr: Nonce;
+
+ recv_!S1( S, S, KDF(Ni, Nr, Zi, h(Gt,j), Mi, Mr) );
+ send_!S2( S, S, KDF(Ni, Nr, Zr, h(Gj,t), Mi, Mr) );
+ }
+#undef Gi
+#undef Gj
+#undef Gr
+#undef Gt
+}
+
+
+protocol ikev2-sig-child2(I, R)
+{
+ role I {
+ fresh i, j, Ni, Mi, SPIi: Nonce;
+ var Nr, Mr, SPIr: Nonce;
+ var Gr, Gt: Ticket;
+
+
+ /* IKE_SA_INIT */
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, HDR, SA1, Gr, Nr );
+
+ /* IKE_AUTH */
+ send_!3( I, R, HDR, {I, AUTHii, SA2, TSi, TSr}SKi );
+ recv_!4( R, I, HDR, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ /* CREATE_CHILD_SA */
+ claim( I, Running, R,g(i),g(j),Gr );
+ send_!5( I, R, HDR, {SA3, Mi, g(j)}SKi );
+ recv_!6( R, I, HDR, {SA3, Mr, Gt}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+ claim( I, SKR, KEYMATi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,g(i),g(j),Gr,Gt );
+
+ }
+
+ role R {
+ fresh r, t, Nr, Mr, SPIr: Nonce;
+ var Ni, Mi, SPIi: Nonce;
+ var Gi, Gj: Ticket;
+
+
+ /* IKE_SA_INIT */
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, HDR, SA1, g(r), Nr );
+
+ /* IKE_AUTH */
+ recv_!3( I, R, HDR, {I, AUTHir, SA2, TSi, TSr}SKr );
+ send_!4( R, I, HDR, {R, AUTHrr, SA2, TSi, TSr}SKr );
+
+ /* CREATE_CHILD_SA */
+ recv_!5( I, R, HDR, {SA3, Mi, Gj}SKr );
+ claim( R, Running, I,Gi,Gj,g(r),g(t) );
+ send_!6( R, I, HDR, {SA3, Mr, g(t)}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+ claim( R, SKR, KEYMATr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I,Gi,Gj,g(r) );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child2-composed.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child2-composed.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..49df999d4bd0cd84ac59e9298926b7297124296f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child2-composed.spdl
@@ -0,0 +1,165 @@
+# 1 "ikev2-sig-child2-composed.cpp"
+# 1 "<command-line>"
+# 1 "ikev2-sig-child2-composed.cpp"
+# 15 "ikev2-sig-child2-composed.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 43 "common.h"
+hashfunction MAC;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 132 "common.h"
+ var SPIi, SPIr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+ }
+
+
+}
+# 16 "ikev2-sig-child2-composed.cpp" 2
+# 26 "ikev2-sig-child2-composed.cpp"
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+
+
+
+
+
+protocol @executability(E) {
+
+
+ role E {
+ var i, j, r, t, Mi, Ni, Mr, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!E1( E, E, {I, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E2( E, E, {I, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E3( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E4( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+
+
+ recv_!E5( E, E, {SA3, Mi, g(j)}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E6( E, E, {SA3, Mi, g(j)}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E7( E, E, {SA3, Mr, g(t)}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E8( E, E, {SA3, Mr, g(t)}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ }
+
+
+}
+protocol @ora(S) {
+
+
+
+
+ role S {
+ var i, j, r, t, Mi, Ni, Mr, Nr, SPIi, SPIr: Nonce;
+
+ recv_!S1( S, S, KDF(Ni, Nr, h(g(r),i), h(g(t),j), Mi, Mr) );
+ send_!S2( S, S, KDF(Ni, Nr, h(g(i),r), h(g(j),t), Mi, Mr) );
+ }
+
+
+
+
+}
+
+
+protocol ikev2-sig-child2(I, R)
+{
+ role I {
+ fresh i, j, Ni, Mi, SPIi: Nonce;
+ var Nr, Mr, SPIr: Nonce;
+ var Gr, Gt: Ticket;
+
+
+
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, (SPIi,SPIr), SA1, Gr, Nr );
+
+
+ send_!3( I, R, (SPIi,SPIr), {I, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!4( R, I, (SPIi,SPIr), {R, {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+
+ claim( I, Running, R,g(i),g(j),Gr );
+ send_!5( I, R, (SPIi,SPIr), {SA3, Mi, g(j)}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!6( R, I, (SPIi,SPIr), {SA3, Mr, Gt}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+
+ claim( I, SKR, KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), h(Gt,j), Mi, Mr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,g(i),g(j),Gr,Gt );
+
+ }
+
+ role R {
+ fresh r, t, Nr, Mr, SPIr: Nonce;
+ var Ni, Mi, SPIi: Nonce;
+ var Gi, Gj: Ticket;
+
+
+
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, (SPIi,SPIr), SA1, g(r), Nr );
+
+
+ recv_!3( I, R, (SPIi,SPIr), {I, {SPIi, O, SA1, Gi, Ni, Nr, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ send_!4( R, I, (SPIi,SPIr), {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+
+ recv_!5( I, R, (SPIi,SPIr), {SA3, Mi, Gj}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ claim( R, Running, I,Gi,Gj,g(r),g(t) );
+ send_!6( R, I, (SPIi,SPIr), {SA3, Mr, g(t)}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+
+ claim( R, SKR, KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), h(Gi,t), Mi, Mr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I,Gi,Gj,g(r) );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child2.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child2.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..621e7f65d90b83cdecc0d196a2fab0913d06d313
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child2.cpp
@@ -0,0 +1,138 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv2)
+ * @reference RFC 4306
+ * @variant Combination of signature authenticated IKEv2 and
+ * CREATE_CHILD_SA, excludes optional payloads
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV2__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define AUTHii {SPIi, O, SA1, g(i), Ni, Nr, prf(SKi, I)}sk(I)
+#define AUTHir {SPIi, O, SA1, Gi, Ni, Nr, prf(SKr, I)}sk(I)
+#define AUTHri {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(SKi, R)}sk(R)
+#define AUTHrr {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(SKr, R)}sk(R)
+#define KEYMATi KDF(Ni, Nr, Zi, h(Gt,j), Mi, Mr)
+#define KEYMATr KDF(Ni, Nr, Zr, h(Gi,t), Mi, Mr)
+
+
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(E) {
+#define Gi g(i)
+#define Gr g(r)
+ role E {
+ var i, j, r, t, Mi, Ni, Mr, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+ // msg 3
+ recv_!E1( E, E, {I, AUTHii, SA2, TSi, TSr}SKi );
+ send_!E2( E, E, {I, AUTHir, SA2, TSi, TSr}SKr );
+
+ // msg 4
+ recv_!E3( E, E, {R, AUTHrr, SA2, TSi, TSr}SKr );
+ send_!E4( E, E, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ // msg 5
+ recv_!E5( E, E, {SA3, Mi, g(j)}SKi );
+ send_!E6( E, E, {SA3, Mi, g(j)}SKr );
+
+ // msg 6
+ recv_!E7( E, E, {SA3, Mr, g(t)}SKr );
+ send_!E8( E, E, {SA3, Mr, g(t)}SKr );
+ }
+#undef Gi
+#undef Gr
+}
+protocol @ora(S) {
+#define Gi g(i)
+#define Gj g(j)
+#define Gr g(r)
+#define Gt g(t)
+ role S {
+ var i, j, r, t, Mi, Ni, Mr, Nr, SPIi, SPIr: Nonce;
+
+ recv_!S1( S, S, KDF(Ni, Nr, Zi, h(Gt,j), Mi, Mr) );
+ send_!S2( S, S, KDF(Ni, Nr, Zr, h(Gj,t), Mi, Mr) );
+ }
+#undef Gi
+#undef Gj
+#undef Gr
+#undef Gt
+}
+
+
+protocol ikev2-sig-child2(I, R)
+{
+ role I {
+ fresh i, j, Ni, Mi, SPIi: Nonce;
+ var Nr, Mr, SPIr: Nonce;
+ var Gr, Gt: Ticket;
+
+
+ /* IKE_SA_INIT */
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, HDR, SA1, Gr, Nr );
+
+ /* IKE_AUTH */
+ send_!3( I, R, HDR, {I, AUTHii, SA2, TSi, TSr}SKi );
+ recv_!4( R, I, HDR, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ /* CREATE_CHILD_SA */
+ claim( I, Running, R,g(i),g(j),Gr );
+ send_!5( I, R, HDR, {SA3, Mi, g(j)}SKi );
+ recv_!6( R, I, HDR, {SA3, Mr, Gt}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+ claim( I, SKR, KEYMATi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,g(i),g(j),Gr,Gt );
+
+ }
+
+ role R {
+ fresh r, t, Nr, Mr, SPIr: Nonce;
+ var Ni, Mi, SPIi: Nonce;
+ var Gi, Gj: Ticket;
+
+
+ /* IKE_SA_INIT */
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, HDR, SA1, g(r), Nr );
+
+ /* IKE_AUTH */
+ recv_!3( I, R, HDR, {I, AUTHir, SA2, TSi, TSr}SKr );
+ send_!4( R, I, HDR, {R, AUTHrr, SA2, TSi, TSr}SKr );
+
+ /* CREATE_CHILD_SA */
+ recv_!5( I, R, HDR, {SA3, Mi, Gj}SKr );
+ claim( R, Running, I,Gi,Gj,g(r),g(t) );
+ send_!6( R, I, HDR, {SA3, Mr, g(t)}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+ claim( R, SKR, KEYMATr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I,Gi,Gj,g(r) );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child2.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..aa8642fcb2a8b72781bed2aafbf1e2a4ef88e23f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig-child2.spdl
@@ -0,0 +1,165 @@
+# 1 "ikev2-sig-child2.cpp"
+# 1 "<command-line>"
+# 1 "ikev2-sig-child2.cpp"
+# 15 "ikev2-sig-child2.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 43 "common.h"
+hashfunction MAC;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 132 "common.h"
+ var SPIi, SPIr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+ }
+
+
+}
+# 16 "ikev2-sig-child2.cpp" 2
+# 26 "ikev2-sig-child2.cpp"
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+
+
+
+
+
+protocol @executability(E) {
+
+
+ role E {
+ var i, j, r, t, Mi, Ni, Mr, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!E1( E, E, {I, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E2( E, E, {I, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E3( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E4( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+
+
+ recv_!E5( E, E, {SA3, Mi, g(j)}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E6( E, E, {SA3, Mi, g(j)}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E7( E, E, {SA3, Mr, g(t)}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E8( E, E, {SA3, Mr, g(t)}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ }
+
+
+}
+protocol @ora(S) {
+
+
+
+
+ role S {
+ var i, j, r, t, Mi, Ni, Mr, Nr, SPIi, SPIr: Nonce;
+
+ recv_!S1( S, S, KDF(Ni, Nr, h(g(r),i), h(g(t),j), Mi, Mr) );
+ send_!S2( S, S, KDF(Ni, Nr, h(g(i),r), h(g(j),t), Mi, Mr) );
+ }
+
+
+
+
+}
+
+
+protocol ikev2-sig-child2(I, R)
+{
+ role I {
+ fresh i, j, Ni, Mi, SPIi: Nonce;
+ var Nr, Mr, SPIr: Nonce;
+ var Gr, Gt: Ticket;
+
+
+
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, (SPIi,SPIr), SA1, Gr, Nr );
+
+
+ send_!3( I, R, (SPIi,SPIr), {I, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!4( R, I, (SPIi,SPIr), {R, {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+
+ claim( I, Running, R,g(i),g(j),Gr );
+ send_!5( I, R, (SPIi,SPIr), {SA3, Mi, g(j)}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!6( R, I, (SPIi,SPIr), {SA3, Mr, Gt}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+
+ claim( I, SKR, KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), h(Gt,j), Mi, Mr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,g(i),g(j),Gr,Gt );
+
+ }
+
+ role R {
+ fresh r, t, Nr, Mr, SPIr: Nonce;
+ var Ni, Mi, SPIi: Nonce;
+ var Gi, Gj: Ticket;
+
+
+
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, (SPIi,SPIr), SA1, g(r), Nr );
+
+
+ recv_!3( I, R, (SPIi,SPIr), {I, {SPIi, O, SA1, Gi, Ni, Nr, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ send_!4( R, I, (SPIi,SPIr), {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+
+ recv_!5( I, R, (SPIi,SPIr), {SA3, Mi, Gj}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ claim( R, Running, I,Gi,Gj,g(r),g(t) );
+ send_!6( R, I, (SPIi,SPIr), {SA3, Mr, g(t)}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+
+ claim( R, SKR, KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), h(Gi,t), Mi, Mr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I,Gi,Gj,g(r) );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..68e7326d3a9a47b64e4d14259ffacc0262500e1a
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig.cpp
@@ -0,0 +1,103 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv2)
+ * @subprotocol Signature authenticated IKEv2
+ * @reference RFC 4306
+ * @variant Includes optional payloads
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV2__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define AUTHii {SPIi, O, SA1, g(i), Ni, Nr, prf(SKi, I)}sk(I)
+#define AUTHir {SPIi, O, SA1, Gi, Ni, Nr, prf(SKr, I)}sk(I)
+#define AUTHri {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(SKi, R)}sk(R)
+#define AUTHrr {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(SKr, R)}sk(R)
+
+
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(E) {
+#define Gi g(i)
+#define Gr g(r)
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+ // msg 3
+ recv_!E1( E, E, {I, R, AUTHii, SA2, TSi, TSr}SKi );
+ send_!E2( E, E, {I, R, AUTHir, SA2, TSi, TSr}SKr );
+
+ // msg 4
+ recv_!E3( E, E, {R, AUTHrr, SA2, TSi, TSr}SKr );
+ send_!E4( E, E, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev2-sig(I, R)
+{
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var Gr: Ticket;
+
+
+ /* IKE_SA_INIT */
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, HDR, SA1, Gr, Nr );
+
+ /* IKE_AUTH */
+ claim( I, Running, R,g(i),Gr,Ni,Nr );
+ send_!3( I, R, HDR, {I, R, AUTHii, SA2, TSi, TSr}SKi );
+ recv_!4( R, I, HDR, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,g(i),Gr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+ /* IKE_SA_INIT */
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, HDR, SA1, g(r), Nr );
+
+ /* IKE_AUTH */
+ recv_!3( I, R, HDR, {I, R, AUTHir, SA2, TSi, TSr}SKr );
+ claim( R, Running, I,Gi,g(r),Ni,Nr );
+ send_!4( R, I, HDR, {R, AUTHrr, SA2, TSi, TSr}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I,Gi,g(r),Ni,Nr );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..baaba1ab6720760867fca5bb2d345a4547ab5cca
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig.spdl
@@ -0,0 +1,132 @@
+# 1 "ikev2-sig.cpp"
+# 1 "<command-line>"
+# 1 "ikev2-sig.cpp"
+# 15 "ikev2-sig.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 43 "common.h"
+hashfunction MAC;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 132 "common.h"
+ var SPIi, SPIr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+ }
+
+
+}
+# 16 "ikev2-sig.cpp" 2
+# 24 "ikev2-sig.cpp"
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+
+
+
+
+
+protocol @executability(E) {
+
+
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!E1( E, E, {I, R, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E2( E, E, {I, R, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E3( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E4( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+
+ }
+
+
+}
+
+
+protocol ikev2-sig(I, R)
+{
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var Gr: Ticket;
+
+
+
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, (SPIi,SPIr), SA1, Gr, Nr );
+
+
+ claim( I, Running, R,g(i),Gr,Ni,Nr );
+ send_!3( I, R, (SPIi,SPIr), {I, R, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!4( R, I, (SPIi,SPIr), {R, {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+
+ claim( I, SKR, KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,g(i),Gr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, (SPIi,SPIr), SA1, g(r), Nr );
+
+
+ recv_!3( I, R, (SPIi,SPIr), {I, R, {SPIi, O, SA1, Gi, Ni, Nr, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ claim( R, Running, I,Gi,g(r),Ni,Nr );
+ send_!4( R, I, (SPIi,SPIr), {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+
+ claim( R, SKR, KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I,Gi,g(r),Ni,Nr );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig2.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig2.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..e2e02b71a4ae47ca381e88e9dc02647a0173aaa7
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig2.cpp
@@ -0,0 +1,103 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv2)
+ * @subprotocol Signature authenticated IKEv2
+ * @reference RFC 4306
+ * @variant Excludes optional payloads
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV2__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define AUTHii {SPIi, O, SA1, g(i), Ni, Nr, prf(SKi, I)}sk(I)
+#define AUTHir {SPIi, O, SA1, Gi, Ni, Nr, prf(SKr, I)}sk(I)
+#define AUTHri {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(SKi, R)}sk(R)
+#define AUTHrr {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(SKr, R)}sk(R)
+
+
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(E) {
+#define Gi g(i)
+#define Gr g(r)
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+ // msg 3
+ recv_!E1( E, E, {I, AUTHii, SA2, TSi, TSr}SKi );
+ send_!E2( E, E, {I, AUTHir, SA2, TSi, TSr}SKr );
+
+ // msg 4
+ recv_!E3( E, E, {R, AUTHrr, SA2, TSi, TSr}SKr );
+ send_!E4( E, E, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev2-sig2(I, R)
+{
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var Gr: Ticket;
+
+
+ /* IKE_SA_INIT */
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, HDR, SA1, Gr, Nr );
+
+ /* IKE_AUTH */
+ claim( I, Running, R,Ni,g(i),Nr,Gr,TSi,TSr );
+ send_!3( I, R, HDR, {I, AUTHii, SA2, TSi, TSr}SKi );
+ recv_!4( R, I, HDR, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,Ni,g(i),Nr,Gr,TSi,TSr );
+
+ }
+
+ role R {
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+ /* IKE_SA_INIT */
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, HDR, SA1, g(r), Nr );
+
+ /* IKE_AUTH */
+ recv_!3( I, R, HDR, {I, AUTHir, SA2, TSi, TSr}SKr );
+ claim( R, Running, I, Ni,Gi,Nr,g(r),TSi,TSr );
+ send_!4( R, I, HDR, {R, AUTHrr, SA2, TSi, TSr}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni,Gi,Nr,g(r),TSi,TSr );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig2.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..0825976eb9adcfbb0fab40784e940c795d572a50
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sig2.spdl
@@ -0,0 +1,132 @@
+# 1 "ikev2-sig2.cpp"
+# 1 "<command-line>"
+# 1 "ikev2-sig2.cpp"
+# 15 "ikev2-sig2.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 43 "common.h"
+hashfunction MAC;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 132 "common.h"
+ var SPIi, SPIr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+ }
+
+
+}
+# 16 "ikev2-sig2.cpp" 2
+# 24 "ikev2-sig2.cpp"
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+
+
+
+
+
+protocol @executability(E) {
+
+
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!E1( E, E, {I, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E2( E, E, {I, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E3( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E4( E, E, {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+
+ }
+
+
+}
+
+
+protocol ikev2-sig2(I, R)
+{
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var Gr: Ticket;
+
+
+
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, (SPIi,SPIr), SA1, Gr, Nr );
+
+
+ claim( I, Running, R,Ni,g(i),Nr,Gr,TSi,TSr );
+ send_!3( I, R, (SPIi,SPIr), {I, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!4( R, I, (SPIi,SPIr), {R, {SPIi, SPIr, SA1, Gr, Nr, Ni, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+
+ claim( I, SKR, KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,Ni,g(i),Nr,Gr,TSi,TSr );
+
+ }
+
+ role R {
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, (SPIi,SPIr), SA1, g(r), Nr );
+
+
+ recv_!3( I, R, (SPIi,SPIr), {I, {SPIi, O, SA1, Gi, Ni, Nr, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ claim( R, Running, I, Ni,Gi,Nr,g(r),TSi,TSr );
+ send_!4( R, I, (SPIi,SPIr), {R, {SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), R)}sk(R), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+
+ claim( R, SKR, KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I, Ni,Gi,Nr,g(r),TSi,TSr );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sigtomac.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sigtomac.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..dc7a0596fa614ced60de68f0716515b46ff534b2
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sigtomac.cpp
@@ -0,0 +1,104 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv2)
+ * @reference RFC 4306
+ * @variant Initiator authenticates itself using digital signatures
+ * while responder uses message authentication codes.
+ * Includes optional payloads
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV2__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define AUTHii {SPIi, O, SA1, g(i), Ni, Nr, prf(SKi, I)}sk(I)
+#define AUTHir {SPIi, O, SA1, Gi, Ni, Nr, prf(SKr, I)}sk(I)
+#define AUTHri MAC(k(I,R), SPIi, SPIr, SA1, Gr, Nr, Ni, prf(SKi, R))
+#define AUTHrr MAC(k(R,I), SPIi, SPIr, SA1, g(r), Nr, Ni, prf(SKr, R))
+
+
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(E) {
+#define Gi g(i)
+#define Gr g(r)
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+ // msg 3
+ recv_!E1( E, E, {I, R, AUTHii, SA2, TSi, TSr}SKi );
+ send_!E2( E, E, {I, R, AUTHir, SA2, TSi, TSr}SKr );
+
+ // msg 4
+ recv_!E3( E, E, {R, AUTHrr, SA2, TSi, TSr}SKr );
+ send_!E4( E, E, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev2-sigtomac(I, R)
+{
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var Gr: Ticket;
+
+
+ /* IKE_SA_INIT */
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, SPIi, SPIr, SA1, Gr, Nr );
+
+ /* IKE_AUTH */
+ claim( I, Running, R,g(i),Gr,Ni,Nr );
+ send_!3( I, R, SPIi, SPIr, {I, R, AUTHii, SA2, TSi, TSr}SKi );
+ recv_!4( R, I, SPIi, SPIr, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,g(i),Gr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+ /* IKE_SA_INIT */
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, SPIi, SPIr, SA1, g(r), Nr );
+
+ /* IKE_AUTH */
+ recv_!3( I, R, SPIi, SPIr, {I, R, AUTHir, SA2, TSi, TSr}SKr );
+ claim( R, Running, I,Gi,g(r),Ni,Nr );
+ send_!4( R, I, SPIi, SPIr, {R, AUTHrr, SA2, TSi, TSr}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I,Gi,g(r),Ni,Nr );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sigtomac.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sigtomac.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..9d40a3aa671881fe22f6129fc8a113c0356db322
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sigtomac.spdl
@@ -0,0 +1,132 @@
+# 1 "ikev2-sigtomac.cpp"
+# 1 "<command-line>"
+# 1 "ikev2-sigtomac.cpp"
+# 16 "ikev2-sigtomac.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 43 "common.h"
+hashfunction MAC;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 132 "common.h"
+ var SPIi, SPIr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+ }
+
+
+}
+# 17 "ikev2-sigtomac.cpp" 2
+# 25 "ikev2-sigtomac.cpp"
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+
+
+
+
+
+protocol @executability(E) {
+
+
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!E1( E, E, {I, R, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E2( E, E, {I, R, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E3( E, E, {R, MAC(k(R,I), SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), R)), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E4( E, E, {R, MAC(k(I,R), SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), R)), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+
+ }
+
+
+}
+
+
+protocol ikev2-sigtomac(I, R)
+{
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var Gr: Ticket;
+
+
+
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, SPIi, SPIr, SA1, Gr, Nr );
+
+
+ claim( I, Running, R,g(i),Gr,Ni,Nr );
+ send_!3( I, R, SPIi, SPIr, {I, R, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!4( R, I, SPIi, SPIr, {R, MAC(k(I,R), SPIi, SPIr, SA1, Gr, Nr, Ni, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), R)), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+
+ claim( I, SKR, KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,g(i),Gr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, SPIi, SPIr, SA1, g(r), Nr );
+
+
+ recv_!3( I, R, SPIi, SPIr, {I, R, {SPIi, O, SA1, Gi, Ni, Nr, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ claim( R, Running, I,Gi,g(r),Ni,Nr );
+ send_!4( R, I, SPIi, SPIr, {R, MAC(k(R,I), SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), R)), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+
+ claim( R, SKR, KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I,Gi,g(r),Ni,Nr );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sigtomac2.cpp b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sigtomac2.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..bccbab30ec606cf5e01de1091177bebcbd3e5d27
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sigtomac2.cpp
@@ -0,0 +1,104 @@
+/**********************************************************************
+ * @protocol Internet Key Exchange Protocol (IKEv2)
+ * @reference RFC 4306
+ * @variant Initiator authenticates itself using digital signatures
+ * while responder uses message authentication codes.
+ * Excludes optional payloads
+ **********************************************************************/
+
+/**
+ * MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ */
+
+#define __IKEV2__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define AUTHii {SPIi, O, SA1, g(i), Ni, Nr, prf(SKi, I)}sk(I)
+#define AUTHir {SPIi, O, SA1, Gi, Ni, Nr, prf(SKr, I)}sk(I)
+#define AUTHri MAC(k(I,R), SPIi, SPIr, SA1, Gr, Nr, Ni, prf(SKi, R))
+#define AUTHrr MAC(k(R,I), SPIi, SPIr, SA1, g(r), Nr, Ni, prf(SKr, R))
+
+
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(E) {
+#define Gi g(i)
+#define Gr g(r)
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+ // msg 3
+ recv_!E1( E, E, {I, AUTHii, SA2, TSi, TSr}SKi );
+ send_!E2( E, E, {I, AUTHir, SA2, TSi, TSr}SKr );
+
+ // msg 4
+ recv_!E3( E, E, {R, AUTHrr, SA2, TSi, TSr}SKr );
+ send_!E4( E, E, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol ikev2-sigtomac2(I, R)
+{
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var Gr: Ticket;
+
+
+ /* IKE_SA_INIT */
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, SPIi, SPIr, SA1, Gr, Nr );
+
+ /* IKE_AUTH */
+ claim( I, Running, R,g(i),Gr,Ni,Nr );
+ send_!3( I, R, SPIi, SPIr, {I, AUTHii, SA2, TSi, TSr}SKi );
+ recv_!4( R, I, SPIi, SPIr, {R, AUTHri, SA2, TSi, TSr}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,g(i),Gr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+ /* IKE_SA_INIT */
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, SPIi, SPIr, SA1, g(r), Nr );
+
+ /* IKE_AUTH */
+ recv_!3( I, R, SPIi, SPIr, {I, AUTHir, SA2, TSi, TSr}SKr );
+ claim( R, Running, I,Gi,g(r),Ni,Nr );
+ send_!4( R, I, SPIi, SPIr, {R, AUTHrr, SA2, TSi, TSr}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I,Gi,g(r),Ni,Nr );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sigtomac2.spdl b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sigtomac2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..99ad18caf94b8ef51dad27d68845233c3e32bf83
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/ikev2-sigtomac2.spdl
@@ -0,0 +1,132 @@
+# 1 "ikev2-sigtomac2.cpp"
+# 1 "<command-line>"
+# 1 "ikev2-sigtomac2.cpp"
+# 16 "ikev2-sigtomac2.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 43 "common.h"
+hashfunction MAC;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 132 "common.h"
+ var SPIi, SPIr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+ }
+
+
+}
+# 17 "ikev2-sigtomac2.cpp" 2
+# 25 "ikev2-sigtomac2.cpp"
+usertype Number, SecurityAssociation, TrafficSelector;
+const O: Number;
+const SA1 ,SA2, SA3: SecurityAssociation;
+const TSi, TSr: TrafficSelector;
+
+
+
+
+
+
+protocol @executability(E) {
+
+
+ role E {
+ var i, r, Ni, Nr, SPIi, SPIr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!E1( E, E, {I, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+ send_!E2( E, E, {I, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+
+
+ recv_!E3( E, E, {R, MAC(k(R,I), SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(i),r),SPIi,SPIr), R)), SA2, TSi, TSr}KDF(Ni,Nr,h(g(i),r),SPIi,SPIr) );
+ send_!E4( E, E, {R, MAC(k(I,R), SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(g(r),i),SPIi,SPIr), R)), SA2, TSi, TSr}KDF(Ni,Nr,h(g(r),i),SPIi,SPIr) );
+
+ }
+
+
+}
+
+
+protocol ikev2-sigtomac2(I, R)
+{
+ role I {
+ fresh i, Ni, SPIi: Nonce;
+ var Nr, SPIr: Nonce;
+ var Gr: Ticket;
+
+
+
+ send_1( I, R, SPIi, O, SA1, g(i), Ni );
+ recv_2( R, I, SPIi, SPIr, SA1, Gr, Nr );
+
+
+ claim( I, Running, R,g(i),Gr,Ni,Nr );
+ send_!3( I, R, SPIi, SPIr, {I, {SPIi, O, SA1, g(i), Ni, Nr, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+ recv_!4( R, I, SPIi, SPIr, {R, MAC(k(I,R), SPIi, SPIr, SA1, Gr, Nr, Ni, prf(KDF(Ni,Nr,h(Gr,i),SPIi,SPIr), R)), SA2, TSi, TSr}KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+
+ claim( I, SKR, KDF(Ni,Nr,h(Gr,i),SPIi,SPIr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+ claim( I, Commit, R,g(i),Gr,Ni,Nr );
+
+ }
+
+ role R {
+ fresh r, Nr, SPIr: Nonce;
+ var Ni, SPIi: Nonce;
+ var Gi: Ticket;
+
+
+
+ recv_1( I, R, SPIi, O, SA1, Gi, Ni );
+ send_2( R, I, SPIi, SPIr, SA1, g(r), Nr );
+
+
+ recv_!3( I, R, SPIi, SPIr, {I, {SPIi, O, SA1, Gi, Ni, Nr, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), I)}sk(I), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+ claim( R, Running, I,Gi,g(r),Ni,Nr );
+ send_!4( R, I, SPIi, SPIr, {R, MAC(k(R,I), SPIi, SPIr, SA1, g(r), Nr, Ni, prf(KDF(Ni,Nr,h(Gi,r),SPIi,SPIr), R)), SA2, TSi, TSr}KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+
+ claim( R, SKR, KDF(Ni,Nr,h(Gi,r),SPIi,SPIr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+ claim( R, Commit, I,Gi,g(r),Ni,Nr );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/jfki-core.cpp b/Vagrant Files/files/scyther/Protocols/IKE/jfki-core.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..d6c2abf2848839157b157f5be77311331971a034
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/jfki-core.cpp
@@ -0,0 +1,54 @@
+/** HEADDOC
+ * @protocol Just Fast Keying
+ * @reference Aiello et al., Just Fast Keying: Key Agreement In A Hostile
+ * Internet
+ * @description
+ * @variant Core cryptographic protocol of JFKi
+**/
+
+
+/** MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+**/
+#define __JFK_CORE__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+
+protocol jfki-core(I, R)
+{
+ role I {
+ fresh i, Ni: Nonce;
+ var Nr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ni, I, g(i) );
+ recv_2( R, I, Nr, Ni, R, Gr, {Nr, Ni, Gr, g(i), I}sk(R) );
+ send_3( I, R, Nr, Ni, {Nr, Ni, Gr, g(i), R}sk(I) );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r, Nr: Nonce;
+ var Ni: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ni, I, Gi );
+ send_2( R, I, Nr, Ni, R, g(r), {Nr, Ni, g(r), Gi, I}sk(R) );
+ recv_3( I, R, Nr, Ni, {Nr, Ni, g(r), Gi, R}sk(I) );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
\ No newline at end of file
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/jfki-core.spdl b/Vagrant Files/files/scyther/Protocols/IKE/jfki-core.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..2517cbff0410ab9a91c8d82870593cdfaddaa5a8
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/jfki-core.spdl
@@ -0,0 +1,88 @@
+# 1 "jfki-core.cpp"
+# 1 "<command-line>"
+# 1 "jfki-core.cpp"
+# 15 "jfki-core.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 60 "common.h"
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(h(g(r),i), Ni, Nr) );
+ send_!SWAP2( SWAP, SWAP, KDF(h(g(i),r), Ni, Nr) );
+
+ }
+
+
+}
+# 16 "jfki-core.cpp" 2
+
+
+
+protocol jfki-core(I, R)
+{
+ role I {
+ fresh i, Ni: Nonce;
+ var Nr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ni, I, g(i) );
+ recv_2( R, I, Nr, Ni, R, Gr, {Nr, Ni, Gr, g(i), I}sk(R) );
+ send_3( I, R, Nr, Ni, {Nr, Ni, Gr, g(i), R}sk(I) );
+
+
+ claim( I, SKR, KDF(h(Gr,i), Ni, Nr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r, Nr: Nonce;
+ var Ni: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ni, I, Gi );
+ send_2( R, I, Nr, Ni, R, g(r), {Nr, Ni, g(r), Gi, I}sk(R) );
+ recv_3( I, R, Nr, Ni, {Nr, Ni, g(r), Gi, R}sk(I) );
+
+
+ claim( R, SKR, KDF(h(Gi,r), Ni, Nr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/jfki.cpp b/Vagrant Files/files/scyther/Protocols/IKE/jfki.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..5b000f9331eaae3cf887df53bac515a404e62842
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/jfki.cpp
@@ -0,0 +1,84 @@
+/** HEADDOC
+ * @protocol Just Fast Keying
+ * @reference Aiello et al., Just Fast Keying: Key Agreement In A Hostile
+ * Internet
+ * @description
+ * @variant Initiatior is identity protected
+**/
+
+
+/** MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+**/
+#define __JFK__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, SAi, SAr: Nonce;
+ var I, R: Agent;
+
+ // msg 3
+ recv_!O1( O, O, {I, SAi, {H(Ni), Nr, g(i), Gr, R, SAi}sk(I)}SKi );
+ send_!O2( O, O, {I, SAi, {H(Ni), Nr, g(i), Gr, R, SAi}sk(I)}SKr );
+
+ // msg 4
+ recv_!O3( O, O, {{H(Ni), Nr, g(i), Gr, I, SAi, SAr}sk(R), SAr}SKr );
+ send_!O4( O, O, {{H(Ni), Nr, g(i), Gr, I, SAi, SAr}sk(R), SAr}SKi );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+// Abstractions: no grpinfo, no MAC(ENC(M)), no ID_R', no IPi
+protocol jfki(I, R)
+{
+ role I {
+ fresh i, Ni, SAi: Nonce;
+ var Nr, SAr: Nonce;
+ var Gr, TH: Ticket;
+
+ send_1( I, R, H(Ni), g(i) );
+ recv_2( R, I, H(Ni), Nr, Gr, R, {Gr}sk(R), TH );
+ send_!3( I, R, Ni, Nr, g(i), Gr, TH, {I, SAi, {H(Ni), Nr, g(i), Gr, R, SAi}sk(I)}SKi );
+ recv_!4( R, I, {{H(Ni), Nr, g(i), Gr, I, SAi, SAr}sk(R), SAr}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r, Nr, SAr, HKr: Nonce;
+ var Ni, SAi: Nonce;
+ var Gi, HNi: Ticket;
+
+ recv_1( I, R, HNi, Gi );
+ send_2( R, I, HNi, Nr, g(r), R, {g(r)}sk(R), H(HKr, g(r), Nr, HNi) );
+ // Note: if R can receive H(HKr, g(r), Nr, H(Ni)) then HNi=H(Ni)
+ recv_!3( I, R, Ni, Nr, Gi, g(r), H(HKr, g(r), Nr, H(Ni)), {I, SAi, {H(Ni), Nr, Gi, g(r), R, SAi}sk(I)}SKr );
+ send_!4( R, I, {{H(Ni), Nr, Gi, g(r), I, SAi, SAr}sk(R), SAr}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, Secret, HKr );
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
\ No newline at end of file
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/jfki.spdl b/Vagrant Files/files/scyther/Protocols/IKE/jfki.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..d3855434638b2bc7acc8b485affea9888d3c3203
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/jfki.spdl
@@ -0,0 +1,118 @@
+# 1 "jfki.cpp"
+# 1 "<command-line>"
+# 1 "jfki.cpp"
+# 15 "jfki.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 66 "common.h"
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(h(g(r),i), H(Ni), Nr) );
+ send_!SWAP2( SWAP, SWAP, KDF(h(g(i),r), H(Ni), Nr) );
+
+ }
+
+
+}
+# 16 "jfki.cpp" 2
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, SAi, SAr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {I, SAi, {H(Ni), Nr, g(i), g(r), R, SAi}sk(I)}KDF(h(g(r),i), H(Ni), Nr) );
+ send_!O2( O, O, {I, SAi, {H(Ni), Nr, g(i), g(r), R, SAi}sk(I)}KDF(h(g(i),r), H(Ni), Nr) );
+
+
+ recv_!O3( O, O, {{H(Ni), Nr, g(i), g(r), I, SAi, SAr}sk(R), SAr}KDF(h(g(i),r), H(Ni), Nr) );
+ send_!O4( O, O, {{H(Ni), Nr, g(i), g(r), I, SAi, SAr}sk(R), SAr}KDF(h(g(r),i), H(Ni), Nr) );
+
+ }
+
+
+}
+
+
+
+protocol jfki(I, R)
+{
+ role I {
+ fresh i, Ni, SAi: Nonce;
+ var Nr, SAr: Nonce;
+ var Gr, TH: Ticket;
+
+ send_1( I, R, H(Ni), g(i) );
+ recv_2( R, I, H(Ni), Nr, Gr, R, {Gr}sk(R), TH );
+ send_!3( I, R, Ni, Nr, g(i), Gr, TH, {I, SAi, {H(Ni), Nr, g(i), Gr, R, SAi}sk(I)}KDF(h(Gr,i), H(Ni), Nr) );
+ recv_!4( R, I, {{H(Ni), Nr, g(i), Gr, I, SAi, SAr}sk(R), SAr}KDF(h(Gr,i), H(Ni), Nr) );
+
+
+ claim( I, SKR, KDF(h(Gr,i), H(Ni), Nr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r, Nr, SAr, HKr: Nonce;
+ var Ni, SAi: Nonce;
+ var Gi, HNi: Ticket;
+
+ recv_1( I, R, HNi, Gi );
+ send_2( R, I, HNi, Nr, g(r), R, {g(r)}sk(R), H(HKr, g(r), Nr, HNi) );
+
+ recv_!3( I, R, Ni, Nr, Gi, g(r), H(HKr, g(r), Nr, H(Ni)), {I, SAi, {H(Ni), Nr, Gi, g(r), R, SAi}sk(I)}KDF(h(Gi,r), H(Ni), Nr) );
+ send_!4( R, I, {{H(Ni), Nr, Gi, g(r), I, SAi, SAr}sk(R), SAr}KDF(h(Gi,r), H(Ni), Nr) );
+
+
+ claim( R, Secret, HKr );
+ claim( R, SKR, KDF(h(Gi,r), H(Ni), Nr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/jfkr-core.cpp b/Vagrant Files/files/scyther/Protocols/IKE/jfkr-core.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..500a8bbec675ea6e3fc40c9b254342b1613b3564
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/jfkr-core.cpp
@@ -0,0 +1,78 @@
+/** HEADDOC
+ * @protocol Just Fast Keying
+ * @reference Aiello et al., Just Fast Keying: Key Agreement In A Hostile
+ * Internet
+ * @description
+ * @variant Core cryptographic protocol of JFKr
+**/
+
+
+/** MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+**/
+#define __JFK_CORE__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr: Nonce;
+ var I, R: Agent;
+
+ // msg 3
+ recv_!O1( O, O, H(SKr, Nr, Ni, R) );
+ send_!O2( O, O, H(SKi, Nr, Ni, R) );
+
+ // msg 4
+ recv_!O3( O, O, H(SKi, Nr, Ni, I) );
+ send_!O4( O, O, H(SKr, Nr, Ni, I) );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+// Abstractions: same key for ENC, MAC
+protocol jfkr-core(I, R)
+{
+ role I {
+ fresh i, Ni: Nonce;
+ var Nr, Gr: Ticket;
+
+ send_1( I, R, Ni, g(i) );
+ recv_!2( R, I, Nr, Ni, R, Gr, {Nr, Ni, Gr, g(i)}sk(R), H(SKi, Nr, Ni, R) );
+ send_!3( I, R, Nr, Ni, I, {Nr, Ni, Gr, g(i)}sk(I), H(SKi, Nr, Ni, I) );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r, Nr: Nonce;
+ var Ni, Gi: Ticket;
+
+ recv_1( I, R, Ni, Gi );
+ send_!2( R, I, Nr, Ni, R, g(r), {Nr, Ni, g(r), Gi}sk(R), H(SKr, Nr, Ni, R) );
+ recv_!3( I, R, Nr, Ni, I, {Nr, Ni, g(r), Gi}sk(I), H(SKr, Nr, Ni, I) );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
\ No newline at end of file
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/jfkr-core.spdl b/Vagrant Files/files/scyther/Protocols/IKE/jfkr-core.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..adce573c412e0095b6793a4cd6de30fb4308fa3f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/jfkr-core.spdl
@@ -0,0 +1,112 @@
+# 1 "jfkr-core.cpp"
+# 1 "<command-line>"
+# 1 "jfkr-core.cpp"
+# 15 "jfkr-core.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 60 "common.h"
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(h(g(r),i), Ni, Nr) );
+ send_!SWAP2( SWAP, SWAP, KDF(h(g(i),r), Ni, Nr) );
+
+ }
+
+
+}
+# 16 "jfkr-core.cpp" 2
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, H(KDF(h(g(i),r), Ni, Nr), Nr, Ni, R) );
+ send_!O2( O, O, H(KDF(h(g(r),i), Ni, Nr), Nr, Ni, R) );
+
+
+ recv_!O3( O, O, H(KDF(h(g(r),i), Ni, Nr), Nr, Ni, I) );
+ send_!O4( O, O, H(KDF(h(g(i),r), Ni, Nr), Nr, Ni, I) );
+
+ }
+
+
+}
+
+
+
+protocol jfkr-core(I, R)
+{
+ role I {
+ fresh i, Ni: Nonce;
+ var Nr, Gr: Ticket;
+
+ send_1( I, R, Ni, g(i) );
+ recv_!2( R, I, Nr, Ni, R, Gr, {Nr, Ni, Gr, g(i)}sk(R), H(KDF(h(Gr,i), Ni, Nr), Nr, Ni, R) );
+ send_!3( I, R, Nr, Ni, I, {Nr, Ni, Gr, g(i)}sk(I), H(KDF(h(Gr,i), Ni, Nr), Nr, Ni, I) );
+
+
+ claim( I, SKR, KDF(h(Gr,i), Ni, Nr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r, Nr: Nonce;
+ var Ni, Gi: Ticket;
+
+ recv_1( I, R, Ni, Gi );
+ send_!2( R, I, Nr, Ni, R, g(r), {Nr, Ni, g(r), Gi}sk(R), H(KDF(h(Gi,r), Ni, Nr), Nr, Ni, R) );
+ recv_!3( I, R, Nr, Ni, I, {Nr, Ni, g(r), Gi}sk(I), H(KDF(h(Gi,r), Ni, Nr), Nr, Ni, I) );
+
+
+ claim( R, SKR, KDF(h(Gi,r), Ni, Nr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/jfkr.cpp b/Vagrant Files/files/scyther/Protocols/IKE/jfkr.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..fbe85d312d5d36db80842e7b4e732778cf7dd901
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/jfkr.cpp
@@ -0,0 +1,83 @@
+/** HEADDOC
+ * @protocol Just Fast Keying
+ * @reference Aiello et al., Just Fast Keying: Key Agreement In A Hostile
+ * Internet
+ * @description
+ * @variant Responder is identity protected
+**/
+
+
+/** MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+**/
+#define __JFK__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, SAi, SAr: Nonce;
+ var I, R: Agent;
+
+ // msg 3
+ recv_!O1( O, O, {I, SAi, {H(Ni), Nr, g(i), Gr}sk(I)}SKi );
+ send_!O2( O, O, {I, SAi, {H(Ni), Nr, g(i), Gr}sk(I)}SKr );
+
+ // msg 4
+ recv_!O3( O, O, {R, SAr, {Gr, Nr, g(i), H(Ni)}sk(R)}SKr );
+ send_!O4( O, O, {R, SAr, {Gr, Nr, g(i), H(Ni)}sk(R)}SKi );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+// Abstractions: no grpinfo, no MAC(ENC(M)), no ID_R', no IPi
+protocol jfkr(I, R)
+{
+ role I {
+ fresh i, Ni, SAi: Nonce;
+ var Nr, SAr: Nonce;
+ var Gr, TH: Ticket;
+
+ send_1( I, R, H(Ni), g(i) );
+ recv_2( R, I, H(Ni), Nr, Gr, TH );
+ send_!3( I, R, Ni, Nr, g(i), Gr, TH, {I, SAi, {H(Ni), Nr, g(i), Gr}sk(I)}SKi );
+ recv_!4( R, I, {R, SAr, {Gr, Nr, g(i), H(Ni)}sk(R)}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r, Nr, SAr, HKr: Nonce;
+ var Ni, SAi: Nonce;
+ var Gi, HNi: Ticket;
+
+ recv_1( I, R, HNi, Gi );
+ send_2( R, I, HNi, Nr, g(r), H(HKr, g(r), Nr, HNi) );
+ recv_!3( I, R, Ni, Nr, Gi, g(r), H(HKr, g(r), Nr, H(Ni)), {I, SAi, {H(Ni), Nr, Gi, g(r)}sk(I)}SKr );
+ send_!4( R, I, {R, SAr, {g(r), Nr, Gi, H(Ni)}sk(R)}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, Secret, HKr );
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
\ No newline at end of file
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/jfkr.spdl b/Vagrant Files/files/scyther/Protocols/IKE/jfkr.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..6e5e3e22e6324fa0411884a9faee45a9841627a9
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/jfkr.spdl
@@ -0,0 +1,117 @@
+# 1 "jfkr.cpp"
+# 1 "<command-line>"
+# 1 "jfkr.cpp"
+# 15 "jfkr.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 66 "common.h"
+hashfunction H;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(h(g(r),i), H(Ni), Nr) );
+ send_!SWAP2( SWAP, SWAP, KDF(h(g(i),r), H(Ni), Nr) );
+
+ }
+
+
+}
+# 16 "jfkr.cpp" 2
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, SAi, SAr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {I, SAi, {H(Ni), Nr, g(i), g(r)}sk(I)}KDF(h(g(r),i), H(Ni), Nr) );
+ send_!O2( O, O, {I, SAi, {H(Ni), Nr, g(i), g(r)}sk(I)}KDF(h(g(i),r), H(Ni), Nr) );
+
+
+ recv_!O3( O, O, {R, SAr, {g(r), Nr, g(i), H(Ni)}sk(R)}KDF(h(g(i),r), H(Ni), Nr) );
+ send_!O4( O, O, {R, SAr, {g(r), Nr, g(i), H(Ni)}sk(R)}KDF(h(g(r),i), H(Ni), Nr) );
+
+ }
+
+
+}
+
+
+
+protocol jfkr(I, R)
+{
+ role I {
+ fresh i, Ni, SAi: Nonce;
+ var Nr, SAr: Nonce;
+ var Gr, TH: Ticket;
+
+ send_1( I, R, H(Ni), g(i) );
+ recv_2( R, I, H(Ni), Nr, Gr, TH );
+ send_!3( I, R, Ni, Nr, g(i), Gr, TH, {I, SAi, {H(Ni), Nr, g(i), Gr}sk(I)}KDF(h(Gr,i), H(Ni), Nr) );
+ recv_!4( R, I, {R, SAr, {Gr, Nr, g(i), H(Ni)}sk(R)}KDF(h(Gr,i), H(Ni), Nr) );
+
+
+ claim( I, SKR, KDF(h(Gr,i), H(Ni), Nr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r, Nr, SAr, HKr: Nonce;
+ var Ni, SAi: Nonce;
+ var Gi, HNi: Ticket;
+
+ recv_1( I, R, HNi, Gi );
+ send_2( R, I, HNi, Nr, g(r), H(HKr, g(r), Nr, HNi) );
+ recv_!3( I, R, Ni, Nr, Gi, g(r), H(HKr, g(r), Nr, H(Ni)), {I, SAi, {H(Ni), Nr, Gi, g(r)}sk(I)}KDF(h(Gi,r), H(Ni), Nr) );
+ send_!4( R, I, {R, SAr, {g(r), Nr, Gi, H(Ni)}sk(R)}KDF(h(Gi,r), H(Ni), Nr) );
+
+
+ claim( R, Secret, HKr );
+ claim( R, SKR, KDF(h(Gi,r), H(Ni), Nr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/make-mpa.py b/Vagrant Files/files/scyther/Protocols/IKE/make-mpa.py
new file mode 100644
index 0000000000000000000000000000000000000000..c75984d96c89017da2fca1df4e10f9e4e5dfc900
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/make-mpa.py
@@ -0,0 +1,63 @@
+#!/usr/bin/env python
+
+import os
+
+def getProtocolFiles(path=".",extension=""):
+ allfiles = os.listdir(path)
+ spfl = []
+ for fn in allfiles:
+ if fn.endswith(extension):
+ spfl.append(fn)
+ return spfl
+
+def scanThis(fn,f,rewritelist,cnt):
+
+ s = ""
+ mapping = []
+ for lhs in rewritelist:
+ rhs = "%s%i" % (lhs,cnt)
+ mapping.append((lhs,rhs))
+
+ fp = open(fn,"r")
+ for rl in fp.xreadlines():
+ l = rl
+ if f != None:
+ l = f(l)
+ for (lhs,rhs) in mapping:
+ l = l.replace(lhs,rhs)
+ s = s + l
+ fp.close()
+ return s
+
+def convertEm(f=None,path=".",rewritelist=[],newdir=".",oldext="",newext=None):
+ fl = getProtocolFiles(path=path,extension=oldext)
+ cnt = 1
+ for fn in fl:
+ ffn = os.path.join(path,fn)
+ print "Processing",ffn
+ s = scanThis(ffn,f,rewritelist,cnt)
+ if newext == None:
+ fn2 = fn
+ else:
+ fn2 = fn.replace(oldext,newext)
+ ffn2 = os.path.join(newdir,fn2)
+ fp = open(ffn2,"w")
+ fp.write(s)
+ fp.close()
+ print "Produced",ffn2
+ cnt = cnt+1
+
+def preprocess(s):
+ s = s.replace("@oracle","@OracleA")
+ s = s.replace("@ora ", "@OracleB ")
+ s = s.replace("@ora(", "@OracleB(")
+ return s
+
+def main():
+ convertEm(f=preprocess,rewritelist=["@OracleA","@executability","@OracleB"],path=".",newdir="mpa",oldext=".spdl")
+ print "Done."
+
+if __name__ == '__main__':
+ main()
+
+
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/mpa/README.txt b/Vagrant Files/files/scyther/Protocols/IKE/mpa/README.txt
new file mode 100644
index 0000000000000000000000000000000000000000..91e5266485a63f369eee8f773e8345da14f015cf
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/mpa/README.txt
@@ -0,0 +1,6 @@
+This directory is filled by the script
+
+`../make-mpa.py`
+
+It takes the `.spdl` files from the `..` directory and prepares them for
+multi-protocol analysis.
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/oakley-a.cpp b/Vagrant Files/files/scyther/Protocols/IKE/oakley-a.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..84db6b085796d3e12515c397d02fbc36edc1a7af
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/oakley-a.cpp
@@ -0,0 +1,60 @@
+/**
+ * @protocol OAKLEY
+ * @reference RFC 2412,
+ * Boyd C. and Mathuria A., Protocols for Authentication and
+ * Key Agreement
+ * @description OAKLEY is related to STS and allows for shared key
+ * determination via authenticated Diffie-Hellman exchanges and
+ * provides perfect forward secrecy for the shared key.
+ * @variant Aggressive mode
+**/
+
+
+/** MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+**/
+#define __OAKLEY__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+
+usertype String;
+const list, algo: String;
+
+protocol oakley-a(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, g(i), list, I, R, Ni, {I, R, Ni, g(i), list}sk(I) );
+ recv_2( R, I, Cr, Ci, Gr, algo, R, I, Nr, Ni, {R, I, Nr, Ni, g(i), Gr, algo}sk(R) );
+ send_3( I, R, Ci, Cr, g(i), algo, I, R, Ni, Nr, {I, R, Ni, Nr, g(i), Gr, algo}sk(I) );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, Gi, list, I, R, Ni, {I, R, Ni, Gi, list}sk(I) );
+ send_2( R, I, Cr, Ci, g(r), algo, R, I, Nr, Ni, {R, I, Nr, Ni, Gi, g(r), algo}sk(R) );
+ recv_3( I, R, Ci, Cr, Gi, algo, I, R, Ni, Nr, {I, R, Ni, Nr, Gi, g(r), algo}sk(I) );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
\ No newline at end of file
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/oakley-a.spdl b/Vagrant Files/files/scyther/Protocols/IKE/oakley-a.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..aa04c2ed9168bdeee7331aacd873121741ae143c
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/oakley-a.spdl
@@ -0,0 +1,91 @@
+# 1 "oakley-a.cpp"
+# 1 "<command-line>"
+# 1 "oakley-a.cpp"
+# 18 "oakley-a.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 141 "common.h"
+ var Ci, Cr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 19 "oakley-a.cpp" 2
+
+
+
+usertype String;
+const list, algo: String;
+
+protocol oakley-a(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, Ci, g(i), list, I, R, Ni, {I, R, Ni, g(i), list}sk(I) );
+ recv_2( R, I, Cr, Ci, Gr, algo, R, I, Nr, Ni, {R, I, Nr, Ni, g(i), Gr, algo}sk(R) );
+ send_3( I, R, Ci, Cr, g(i), algo, I, R, Ni, Nr, {I, R, Ni, Nr, g(i), Gr, algo}sk(I) );
+
+
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, Gi, list, I, R, Ni, {I, R, Ni, Gi, list}sk(I) );
+ send_2( R, I, Cr, Ci, g(r), algo, R, I, Nr, Ni, {R, I, Nr, Ni, Gi, g(r), algo}sk(R) );
+ recv_3( I, R, Ci, Cr, Gi, algo, I, R, Ni, Nr, {I, R, Ni, Nr, Gi, g(r), algo}sk(I) );
+
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/oakley-alt.cpp b/Vagrant Files/files/scyther/Protocols/IKE/oakley-alt.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..5c4654f613b536bf0ac86c393e6fca115d207a89
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/oakley-alt.cpp
@@ -0,0 +1,63 @@
+/** HEADDOC
+ * @protocol OAKLEY
+ * @reference RFC 2412,
+ * Boyd C. and Mathuria A., Protocols for Authentication and
+ * Key Agreement
+ * @description OAKLEY is related to STS and allows for shared key
+ * determination via authenticated Diffie-Hellman exchanges and
+ * provides perfect forward secrecy for the shared key.
+ * @variant Alternative variant to prevent user identity disclosure
+**/
+
+
+/** MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+**/
+#define __OAKLEY__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+#define AK prf(Ni,Nr)
+
+
+usertype String;
+const list, algo: String;
+
+protocol oakley-alt(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ // NOTE: pk(R) is sent in plain so that the recipient knows which decryption key to use
+ // In the specification, there is a distinction between the R in pk(R) and the encrypted R
+ send_1( I, R, Ci, g(i), list, pk(R), {I, R, Ni}pk(R) );
+ recv_2( R, I, Cr, Ci, Gr, algo, {R, I, Nr}pk(I), prf(AK, R, I, Gr, g(i), algo) );
+ send_3( I, R, Ci, Cr, prf(AK, I, R, g(i), Gr, algo) );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, Gi, list, pk(R), {I, R, Ni}pk(R) );
+ send_2( R, I, Cr, Ci, g(r), algo, {R, I, Nr}pk(I), prf(AK, R, I, g(r), Gi, algo) );
+ recv_3( I, R, Ci, Cr, prf(AK, I, R, Gi, g(r), algo) );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
\ No newline at end of file
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/oakley-alt.spdl b/Vagrant Files/files/scyther/Protocols/IKE/oakley-alt.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..f94b355da298c0b085d520e555c12a7275d28372
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/oakley-alt.spdl
@@ -0,0 +1,94 @@
+# 1 "oakley-alt.cpp"
+# 1 "<command-line>"
+# 1 "oakley-alt.cpp"
+# 18 "oakley-alt.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 141 "common.h"
+ var Ci, Cr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 19 "oakley-alt.cpp" 2
+
+
+
+
+usertype String;
+const list, algo: String;
+
+protocol oakley-alt(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+
+
+ send_1( I, R, Ci, g(i), list, pk(R), {I, R, Ni}pk(R) );
+ recv_2( R, I, Cr, Ci, Gr, algo, {R, I, Nr}pk(I), prf(prf(Ni,Nr), R, I, Gr, g(i), algo) );
+ send_3( I, R, Ci, Cr, prf(prf(Ni,Nr), I, R, g(i), Gr, algo) );
+
+
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Ci, Gi, list, pk(R), {I, R, Ni}pk(R) );
+ send_2( R, I, Cr, Ci, g(r), algo, {R, I, Nr}pk(I), prf(prf(Ni,Nr), R, I, g(r), Gi, algo) );
+ recv_3( I, R, Ci, Cr, prf(prf(Ni,Nr), I, R, Gi, g(r), algo) );
+
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/oakley-c.cpp b/Vagrant Files/files/scyther/Protocols/IKE/oakley-c.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..32e6a80ecfcd5317875583e636c4aa2bdf865c1a
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/oakley-c.cpp
@@ -0,0 +1,105 @@
+/** HEADDOC
+ * @protocol OAKLEY
+ * @reference RFC 2412,
+ * Boyd C. and Mathuria A., Protocols for Authentication and
+ * Key Agreement
+ * @description OAKLEY is related to STS and allows for shared key
+ * determination via authenticated Diffie-Hellman exchanges and
+ * provides perfect forward secrecy for the shared key.
+ * @variant Conservative mode with identity hiding
+**/
+
+
+/** MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+**/
+#define __OAKLEY_CONSERVATIVE__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+#define Kpi prf(Zi)
+#define Kpr prf(Zr)
+#define Kir prf(Ni,Nr)
+
+
+usertype String;
+const OK, list, algo: String;
+
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+ // msg 5
+ recv_!O1( O, O, {I, R, {Ni}pk(R)}Kpi );
+ send_!O2( O, O, {I, R, {Ni}pk(R)}Kpr );
+
+ // msg 6
+ recv_!O3( O, O, {{Nr, Ni}pk(I), R, I, prf(Kir, R, I, Gr, g(i), algo)}Kpr );
+ send_!O4( O, O, {{Nr, Ni}pk(I), R, I, prf(Kir, R, I, Gr, g(i), algo)}Kpi );
+
+ // msg 7
+ recv_!O5( O, O, {prf(Kir, I, R, g(i), Gr, algo)}Kpi );
+ send_!O6( O, O, {prf(Kir, I, R, g(i), Gr, algo)}Kpr );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol oakley-c(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, OK );
+ recv_2( R, I, Cr );
+ send_3( I, R, Ci, Cr, g(i), list );
+ recv_4( R, I, Cr, Ci, Gr, algo );
+ send_!5( I, R, Ci, Cr, g(i), {I, R, {Ni}pk(R)}Kpi );
+ recv_!6( R, I, Cr, Ci, {{Nr, Ni}pk(I), R, I, prf(Kir, R, I, Gr, g(i), algo)}Kpi );
+ send_!7( I, R, Ci, Cr, {prf(Kir, I, R, g(i), Gr, algo)}Kpi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, Kpi );
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, OK );
+ send_2( R, I, Cr );
+ recv_3( I, R, Ci, Cr, Gi, list );
+ send_4( R, I, Cr, Ci, g(r), algo );
+ recv_!5( I, R, Ci, Cr, Gi, {I, R, {Ni}pk(R)}Kpr );
+ send_!6( R, I, Cr, Ci, {{Nr, Ni}pk(I), R, I, prf(Kir, R, I, g(r), Gi, algo)}Kpr );
+ recv_!7( I, R, Ci, Cr, {prf(Kir, I, R, Gi, g(r), algo)}Kpr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, Kpr );
+
+ claim( R, SKR, SKr );
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
\ No newline at end of file
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/oakley-c.spdl b/Vagrant Files/files/scyther/Protocols/IKE/oakley-c.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..2585ef9d1c5435a051dd8405f49b24635e222cb5
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/oakley-c.spdl
@@ -0,0 +1,140 @@
+# 1 "oakley-c.cpp"
+# 1 "<command-line>"
+# 1 "oakley-c.cpp"
+# 18 "oakley-c.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 144 "common.h"
+ var Ci, Cr: Nonce;
+
+
+
+
+
+ recv_!SWAP1( SWAP, SWAP, KDF(Ni, Nr, h(g(r),i), Ci, Cr) );
+ send_!SWAP2( SWAP, SWAP, KDF(Ni, Nr, h(g(i),r), Ci, Cr) );
+
+ }
+
+
+}
+# 19 "oakley-c.cpp" 2
+
+
+
+
+
+
+
+usertype String;
+const OK, list, algo: String;
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r, Ni, Nr, Ci, Cr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {I, R, {Ni}pk(R)}prf(h(g(r),i)) );
+ send_!O2( O, O, {I, R, {Ni}pk(R)}prf(h(g(i),r)) );
+
+
+ recv_!O3( O, O, {{Nr, Ni}pk(I), R, I, prf(prf(Ni,Nr), R, I, g(r), g(i), algo)}prf(h(g(i),r)) );
+ send_!O4( O, O, {{Nr, Ni}pk(I), R, I, prf(prf(Ni,Nr), R, I, g(r), g(i), algo)}prf(h(g(r),i)) );
+
+
+ recv_!O5( O, O, {prf(prf(Ni,Nr), I, R, g(i), g(r), algo)}prf(h(g(r),i)) );
+ send_!O6( O, O, {prf(prf(Ni,Nr), I, R, g(i), g(r), algo)}prf(h(g(i),r)) );
+
+ }
+
+
+}
+
+
+protocol oakley-c(I, R)
+{
+ role I {
+ fresh i, Ni, Ci: Nonce;
+ var Nr, Cr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, OK );
+ recv_2( R, I, Cr );
+ send_3( I, R, Ci, Cr, g(i), list );
+ recv_4( R, I, Cr, Ci, Gr, algo );
+ send_!5( I, R, Ci, Cr, g(i), {I, R, {Ni}pk(R)}prf(h(Gr,i)) );
+ recv_!6( R, I, Cr, Ci, {{Nr, Ni}pk(I), R, I, prf(prf(Ni,Nr), R, I, Gr, g(i), algo)}prf(h(Gr,i)) );
+ send_!7( I, R, Ci, Cr, {prf(prf(Ni,Nr), I, R, g(i), Gr, algo)}prf(h(Gr,i)) );
+
+
+ claim( I, SKR, prf(h(Gr,i)) );
+ claim( I, SKR, KDF(Ni, Nr, h(Gr,i), Ci, Cr) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r, Nr, Cr: Nonce;
+ var Ni, Ci: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, OK );
+ send_2( R, I, Cr );
+ recv_3( I, R, Ci, Cr, Gi, list );
+ send_4( R, I, Cr, Ci, g(r), algo );
+ recv_!5( I, R, Ci, Cr, Gi, {I, R, {Ni}pk(R)}prf(h(Gi,r)) );
+ send_!6( R, I, Cr, Ci, {{Nr, Ni}pk(I), R, I, prf(prf(Ni,Nr), R, I, g(r), Gi, algo)}prf(h(Gi,r)) );
+ recv_!7( I, R, Ci, Cr, {prf(prf(Ni,Nr), I, R, Gi, g(r), algo)}prf(h(Gi,r)) );
+
+
+ claim( R, SKR, prf(h(Gi,r)) );
+
+ claim( R, SKR, KDF(Ni, Nr, h(Gi,r), Ci, Cr) );
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/pp.sh b/Vagrant Files/files/scyther/Protocols/IKE/pp.sh
new file mode 100644
index 0000000000000000000000000000000000000000..1ee7b6eae1437f05197b192106b1b3a992f11e89
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/pp.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+FILES="$*"
+EXT="pp"
+#OUT=.
+OUT=pp-results
+
+if [ -n "$FILES" ]; then
+ for file in $FILES;
+ do
+ if [ "$file" = "*.$EXT.*" ]; then
+ echo "skipping $file"
+ else
+ echo "preprocessing $file"
+ cpp $file | sed -e '/^(\#.*)*$/d' > $OUT/${file%%.*}.$EXT.spdl
+ fi
+ done
+else
+ printf "Usage: %s: file...\n" $(basename $0) >&2
+ exit 1
+fi
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/scanner.py b/Vagrant Files/files/scyther/Protocols/IKE/scanner.py
new file mode 100644
index 0000000000000000000000000000000000000000..bc529ac01ce8fea85901e48330f83158805df45a
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/scanner.py
@@ -0,0 +1,800 @@
+#!/usr/bin/env python
+
+import sys
+
+ALLPROTS = set()
+ALLCLAIMS = set() # prot x role x claim
+PREFIX = None # Required prefix
+FFUNC = (lambda p: True) # Filter function
+
+def reset():
+
+ global ALLPROTS
+ global ALLCLAIMS
+ global PREFIX
+ global FFUNC
+
+ ALLPROTS = set()
+ ALLCLAIMS = set()
+ PREFIX = None
+ FFUNC = (lambda p: True)
+
+def skipLine(l):
+ if len(l) == 0:
+ return True
+
+ skippable = ["%","\\begin","\\end","Protocol"]
+ for skstr in skippable:
+ if l.startswith(skstr):
+ return True
+
+ return False
+
+def stripRowEnd(l):
+ # Assume ends with \\, split by dtl
+ endstr = "\\\\"
+ if not l.endswith(endstr):
+ print "Error: some line does not end with \\\\"
+ print ">>%s<<" % (l)
+ sys.exit(-1)
+
+ return l[:-len(endstr)]
+
+def splitStrip(l,sp):
+
+ dtl = l.split(sp)
+ for i in range(0,len(dtl)):
+ dtl[i] = dtl[i].strip()
+ return dtl
+
+def roleClaim(dtl):
+ rcdt = dtl.split()
+ assert(rcdt[0].endswith(":"))
+ role = rcdt[0][:-1]
+ claim = rcdt[1]
+ return (role,claim[:20])
+
+def scanAttackFile(fn):
+
+ global ALLPROTS
+
+ fp = open("gen-%s-mpaattacks.tex" % (fn),"r")
+ attackmap = {}
+ prot = None
+ role = None
+ claim = None
+ for rawline in fp.xreadlines():
+
+ l = rawline.strip()
+
+ if skipLine(l):
+ continue
+
+ l = stripRowEnd(l)
+
+ dtl = splitStrip(l,"&")
+
+ # New protocol
+ if len(dtl[0]) > 0:
+ prot = dtl[0]
+
+ # New role
+ if len(dtl[1]) > 0:
+ (role,claim) = roleClaim(dtl[1])
+
+ # Claims list
+ # Assume starts with '[' and ends with ']'
+ assert(dtl[2].startswith("["))
+ assert(dtl[2].endswith("]"))
+ attl = ((dtl[2])[1:-1]).split(",")
+ for i in range(0,len(attl)):
+ x = attl[i].strip()
+ assert(x.startswith("'"))
+ assert(x.endswith("'"))
+ attl[i] = x[1:-1]
+
+ ak = (prot,role,claim)
+ if ak not in attackmap.keys():
+ attackmap[ak] = set()
+ attackmap[ak].add(tuple(attl))
+
+ # Add to allprots set
+ ALLPROTS.add(prot)
+ for p in attl:
+ ALLPROTS.add(prot)
+
+ fp.close()
+
+ return attackmap
+
+
+def shorten(prot):
+ """
+ Shorten protocol name
+ """
+ cutting = ["isoiec-","9798-"]
+ for ct in cutting:
+ if prot.startswith(ct):
+ prot = prot[len(ct):]
+ return prot.replace("-udkey","-ud")
+
+
+def prettyclaim(cl):
+ """
+ Rewrite if needed
+ """
+ return cl.replace("Commit","Agreement")
+
+
+def mpaTable(attackmap):
+ """
+ construct table for MPA attacks
+ """
+ counter = 1
+ s = ""
+
+ s += "\\begin{longtable}{|l|lll|l|}\n"
+ s += "\\hline\n"
+ for kk in sorted(ALLCLAIMS):
+ if kk not in attackmap.keys():
+ continue
+ (prot,role,claim) = kk
+
+ ats = str(attackmap[kk])
+ sl = "%i & %s & %s & %s & %s \\\\ \n" % (counter,prot,role,claim,ats)
+
+ s += sl
+ counter = counter + 1
+
+ s += "\\hline\n"
+ s += "\\end{longtable}\n"
+
+ return s
+
+
+def rotated(headl):
+ """
+ Add rotated headers
+ """
+ for i in range(0,len(headl)):
+ headl[i] = "\\begin{sideways} %s \\end{sideways}\n" % (headl[i])
+ return " & ".join(headl)
+
+
+def baseprot(prot):
+ return shorten(prot)[:5]
+
+
+def mpaTable2(attackmap,tabtype="tabular",options=""):
+ """
+ construct table for MPA attacks
+
+ Second attempt
+ """
+
+ # To find the number of columns, we first need to find all protocols involved in two-protocol attacks
+ involved = set()
+ for kk in attackmap.keys():
+ for atl in attackmap[kk]:
+ # convert tuple back to list
+ att = list(atl)
+ if len(att) == 1:
+ # This attack involves one *additional* protocol, so is a two-protocol attack
+ involved.add(att[0])
+ colheads = sorted(involved)
+ attcols = ""
+ last = None
+ for hd in colheads:
+ prm = baseprot(hd)
+ if last == prm:
+ attcols += "@{\hspace{2mm}}c"
+ else:
+ last = prm
+ attcols += "|c"
+
+
+ #attcols = "c" * len(involved)
+
+ counter = 1
+ s = ""
+
+ #s += "\\clearpage \n"
+
+ s += "\\begin{%s}%s{|l|ll|%s|}\n" % (tabtype,options,attcols)
+ s += "\\hline\n"
+ s += rotated(["No","Prot","Claim"])
+ for hd in colheads:
+ s += "& \\begin{sideways}%s\\end{sideways} " % (shorten(hd))
+ s += "\\\\ \n"
+
+ s += "\\hline\n"
+ last = None
+ for kk in sorted(ALLCLAIMS):
+ if kk not in attackmap.keys():
+ continue
+ (prot,role,claim) = kk
+
+ prm = baseprot(prot)
+ if last != prm:
+ last = prm
+ s += "\\hline\n"
+
+ sl = ""
+ sl += "%i & %s & %s %s " % (counter,shorten(prot),role,claim)
+ for ch in colheads:
+ se = tuple([ch])
+ if se in attackmap[kk]:
+ sl += "& $\\bullet$ "
+ else:
+ sl += "& $\\circ$ "
+
+ sl += "\\\\ \n"
+
+ s += sl
+ counter = counter + 1
+
+ s += "\\hline\n"
+ s += "\\end{%s}\n" % (tabtype)
+
+ return s
+
+
+def mpaTable3(attackmaps,tabtype="tabular",options=""):
+ """
+ construct table for MPA attacks
+
+ attmaps = sequence of (attackmap, symbol)
+
+ Symbol of the first matching is displayed
+
+ Second attempt
+ """
+
+ global FFUNC
+ # To find the number of columns, we first need to find all protocols involved in two-protocol attacks
+ # Also populate "allkeys"
+ involved = set()
+ allkeys = set()
+ for (attackmap,symbs) in attackmaps:
+ for kk in attackmap.keys():
+ allkeys.add(kk)
+ for atl in attackmap[kk]:
+ # convert tuple back to list
+ att = list(atl)
+ if len(att) == 1:
+ # This attack involves one *additional* protocol, so is a two-protocol attack
+ if FFUNC:
+ if not FFUNC(att[0]):
+ continue
+
+ involved.add(att[0])
+
+ colheads = sorted(involved)
+ attcols = ""
+ last = None
+ for hd in colheads:
+ prm = baseprot(hd)
+ if last == prm:
+ attcols += "@{\hspace{2mm}}c"
+ else:
+ last = prm
+ attcols += "|c"
+
+
+ #attcols = "c" * len(involved)
+
+ counter = 1
+ s = ""
+
+ #s += "\\clearpage \n"
+
+ s += "\\begin{%s}%s{|l|ll|%s|}\n" % (tabtype,options,attcols)
+ s += "\\hline\n"
+ s += rotated(["No","Prot","Claim"])
+ for hd in colheads:
+ s += "& \\begin{sideways}%s\\end{sideways} " % (shorten(hd))
+ s += "\\\\ \n"
+
+ s += "\\hline\n"
+ last = None
+ for kk in sorted(ALLCLAIMS):
+ if kk not in attackmap.keys():
+ continue
+ (prot,role,claim) = kk
+
+ prm = baseprot(prot)
+ if last != prm:
+ last = prm
+ s += "\\hline\n"
+
+ sl = ""
+ sl += "%i & %s & %s %s " % (counter,shorten(prot),role,prettyclaim(claim))
+ for ch in colheads:
+ se = tuple([ch])
+ sl += "& "
+ for (attackmap,symb) in attackmaps:
+ if kk in attackmap.keys():
+ if se in attackmap[kk]:
+ sl += symb
+ break
+
+ sl += "\\\\ \n"
+
+ s += sl
+ counter = counter + 1
+
+ s += "\\hline\n"
+ s += "\\end{%s}\n" % (tabtype)
+
+ return s
+
+
+def scanClaimList(fn):
+ """
+ Simply gather claims
+ """
+
+ global ALLPROTS
+ global ALLCLAIMS
+ global FFUNC
+
+ fp = open("gen-%s-claims.txt" % (fn),"r")
+
+ claimmap = {}
+ for rawline in fp.xreadlines():
+
+ l = rawline.strip()
+
+ if skipLine(l):
+ continue
+
+ dtl = splitStrip(l,"; ")
+
+ filename = dtl[0]
+ prot = dtl[1]
+ if FFUNC:
+ if not FFUNC(prot):
+ continue
+
+ label = dtl[2]
+ (role,claim) = roleClaim(dtl[3])
+
+ ALLCLAIMS.add((prot,role,claim))
+ ALLPROTS.add(prot)
+
+ fp.close()
+
+ return claimmap
+
+def scanClaimFile(fn):
+ """
+ Construct claimmap
+
+ prot -> roles -> claims
+ """
+
+ global ALLPROTS
+ global ALLCLAIMS
+ global FFUNC
+
+ fp = open("gen-%s-correctclaims.tex" % (fn),"r")
+
+ claimmap = {}
+ for rawline in fp.xreadlines():
+
+ l = rawline.strip()
+
+ if skipLine(l):
+ continue
+
+ l = stripRowEnd(l)
+
+ dtl = splitStrip(l,"&")
+
+ prot = dtl[0]
+ if FFUNC:
+ if not FFUNC(prot):
+ continue
+
+ if prot not in claimmap.keys():
+ claimmap[prot] = {}
+
+ cll = splitStrip(dtl[1],";")
+
+ for dt in cll:
+ (role,claim) = roleClaim(dt)
+
+ if role not in claimmap[prot].keys():
+ claimmap[prot][role] = set()
+
+ claimmap[prot][role].add(claim)
+
+ ALLCLAIMS.add((prot,role,claim))
+
+ ALLPROTS.add(prot)
+
+ fp.close()
+
+ return claimmap
+
+def getRoleClaims(rcmap):
+
+ rc = set()
+ for role in rcmap.keys():
+ for claim in rcmap[role]:
+ rc.add((role,claim))
+
+ return rc
+
+def typeScanMatrix(cml,onlyChanged = False):
+
+ global ALLPROTS
+
+ """
+ Scan for the influence of typing.
+
+ Input:
+
+ [(txt1,cm1),(txt2,cm2),...]
+
+ """
+ s = ""
+
+ s += "\\begin{longtable}{|l|lll|%s|}\n" % ("c" * len(cml))
+ s += "\\hline\n"
+
+ s += "No & Prot & Role & Claim "
+ for (txt,cm) in cml:
+ s += "& %s " % (txt)
+ s += "\\\\\n"
+ s += "\\hline\n"
+
+ goodverdict = "$\\circ$"
+ badverdict = "$\\bullet$"
+
+ counter = 1
+ for (prot,role,claim) in sorted(ALLCLAIMS):
+ # Header
+ sl = "%i & %s & %s & %s " % (counter,prot,role,claim)
+ alltrue = True
+ for (txt,cm) in cml:
+ verdict = badverdict
+ if prot in cm.keys():
+ if role in cm[prot].keys():
+ if claim in cm[prot][role]:
+ verdict = goodverdict
+ if verdict == badverdict:
+ alltrue = False
+
+ sl += "& %s " % (verdict)
+ sl += "\\\\\n"
+
+ if alltrue == True:
+ if onlyChanged == True:
+ continue
+
+ s += sl
+ counter = counter + 1
+
+ s += "\\hline\n"
+ s += "\\end{longtable}\n"
+ return s
+
+def typeScanMatrix2(cml,onlyChanged = False,additive = False):
+
+ global ALLPROTS
+
+ """
+ Scan for the influence of typing.
+
+ Input:
+
+ [(txt1,cm1),(txt2,cm2),...]
+
+ """
+ s = ""
+
+ s += "\\begin{longtable}{|l|lll||c|}\n"
+ s += "\\hline\n"
+
+ s += "No & Prot & Claim & Attacks"
+ s += "\\\\\n"
+ s += "\\hline\n"
+ s += "\\hline\n"
+
+ goodverdict = "$\\circ$"
+ badverdict = "$\\bullet$"
+
+ last = None
+ counter = 1
+ for (prot,role,claim) in sorted(ALLCLAIMS):
+ if baseprot(prot) != last:
+ last = baseprot(prot)
+ s += "\\hline\n"
+
+ # Header
+ sl = "%i & %s & %s %s " % (counter,prot,role,prettyclaim(claim))
+ alltrue = True
+ res = ""
+ for (txt,cm) in cml:
+ verdict = badverdict
+ if prot in cm.keys():
+ if role in cm[prot].keys():
+ if claim in cm[prot][role]:
+ verdict = goodverdict
+ if verdict == badverdict:
+ alltrue = False
+ if additive:
+ res += txt
+ else:
+ res = txt
+
+ sl += "& %s " % (res)
+ sl += "\\\\\n"
+
+ if alltrue == True:
+ if onlyChanged == True:
+ continue
+
+ s += sl
+ counter = counter + 1
+
+ s += "\\hline\n"
+ s += "\\end{longtable}\n"
+ return s
+
+def typeScanMatrix3(hd1,hd2,cml,f,onlyChanged = False,tabletype="longtable"):
+
+ global ALLPROTS
+
+ """
+ Scan for the influence of typing.
+
+ Input:
+
+ f is given as input a sequence of Bool (attack = False) of length len(cml), should return string.
+
+ """
+ s = ""
+
+ s += "\\begin{%s}{|l|ll||%s|}\n" % (tabletype,hd1)
+ s += "\\hline\n"
+
+ s += rotated(["No","Protocol","Claim"]) + " & " + rotated(hd2)
+ s += "\\\\\n"
+ s += "\\hline\n"
+ s += "\\hline\n"
+
+ goodverdict = "$\\circ$"
+ badverdict = "$\\bullet$"
+
+ last = None
+ counter = 1
+ for (prot,role,claim) in sorted(ALLCLAIMS):
+ if baseprot(prot) != last:
+ last = baseprot(prot)
+ s += "\\hline\n"
+
+ # Header
+ sl = "%i & %s & %s %s " % (counter,prot,role,prettyclaim(claim))
+ alltrue = True
+ res = ""
+ resl = []
+ for cm in cml:
+ verdict = badverdict
+ if prot in cm.keys():
+ if role in cm[prot].keys():
+ if claim in cm[prot][role]:
+ verdict = goodverdict
+ if verdict == badverdict:
+ alltrue = False
+ resl.append(False)
+ else:
+ resl.append(True)
+
+ sl += "& %s " % (f(resl))
+ sl += "\\\\\n"
+
+ if alltrue == True:
+ if onlyChanged == True:
+ continue
+
+ s += sl
+ counter = counter + 1
+
+ s += "\\hline\n"
+ s += "\\end{%s}\n" % (tabletype)
+ return s
+
+def docWrapper(s,title=None,author=None):
+
+ pref = ""
+ pref += "\\documentclass{article}\n"
+ pref += "\\usepackage{a4}\n"
+ pref += "\\usepackage{geometry}\n"
+ pref += "\\usepackage{longtable}\n"
+ pref += "\\usepackage{rotating}\n"
+ pref += "\\begin{document}\n"
+ if title or author:
+ if title:
+ pref += "\\title{%s}\n" % (title)
+ if author:
+ pref += "\\author{%s}\n" % (author)
+ pref += "\\maketitle\n"
+ post = ""
+ post += "\\end{document}\n"
+
+ return pref + s + post
+
+def secWrapper(s,title,level=0):
+ """
+ level :
+
+ 0 section
+ 1 subsection
+ 2 subsub...
+ """
+ pref = "\\" + "sub" * level + "section{" + title + "}\n\n"
+ post = "\n"
+ return pref + s + post
+
+
+def sizeWrapper(s, width="!", height="!"):
+
+ if (width != "!") or (height != "!"):
+ s = "\\resizebox{%s}{%s}{ \n%s}\n" % (width,height,s)
+ return s
+
+
+def fileWrite(fn,s):
+
+ fp = open("%s.tex" % (fn), "w")
+ fp.write(s)
+ fp.close()
+
+
+def docWrite(fn,tex,author=None,title=None):
+
+ fileWrite(fn, docWrapper(tex,author=author,title=title))
+
+
+def docMake(fn,tex,author=None,title=None):
+
+ import commands
+
+ docWrite(fn,tex,author,title)
+ cmd = "pdflatex %s" % (fn)
+ commands.getoutput(cmd)
+
+def f1(resl):
+ txtl = []
+ for t in resl:
+ if t == True:
+ txtl.append(" ")
+ else:
+ txtl.append("$\\bullet$")
+ return " & ".join(txtl)
+
+def pb(tl,width):
+ nl = []
+ for t in tl:
+ nl.append("\\parbox{%s}{%s}" % (width,t))
+ return nl
+
+def makeReport(fn,includefiles=False):
+ scanClaimList(fn + "-aa-t")
+
+ cISOaat = scanClaimFile(fn + "-aa-t")
+ cISOaab = scanClaimFile(fn + "-aa-b")
+ cISOaau = scanClaimFile(fn + "-aa-u")
+ cISOiut = scanClaimFile(fn + "-iu-t")
+ cISOiub = scanClaimFile(fn + "-iu-b")
+ cISOiuu = scanClaimFile(fn + "-iu-u")
+ cISOext = scanClaimFile(fn + "-ex-t")
+ cISOexb = scanClaimFile(fn + "-ex-b")
+ cISOexu = scanClaimFile(fn + "-ex-u")
+
+ tex = ""
+ #tex += secWrapper(typeScanMatrix([("typed",cISOaat),("basic",cISOaab),("untyped",cISOaau)],onlyChanged = False),title="Normal mode (Alice-Alice communication allowed)")
+ #tex += secWrapper(typeScanMatrix([("typed",cISOiut),("basic",cISOiub),("untyped",cISOiuu)],onlyChanged = True),title="Disallow Alice-Alice initiators")
+ #tex += secWrapper(typeScanMatrix([("typed",cISOext),("basic",cISOexb),("untyped",cISOexu)],onlyChanged = True),title="Disallow Alice-Alice communications")
+
+ orders = [cISOaab,
+ cISOaat,
+ cISOiub,
+ cISOiut]
+
+ sectex = typeScanMatrix3("c|c|c|c",pb(["No type checks\\\\Alice-talks-to-Alice initators","Type checks\\\\Alice-talks-to-Alice initators","No type checks\\\\No Alice-talks-to-Alice initators","Type checks\\\\No Alice-talks-to-Alice initators"],"49mm"), orders,f1,onlyChanged = True)
+
+ mpatex = sizeWrapper(mpaTable3([
+ (scanAttackFile(fn + "-ex-t"),"$\\bullet$"),
+ (scanAttackFile(fn + "-aa-b"),"$\\circ$")
+ ]),width="\\textwidth")
+
+ if includefiles == True:
+ fileWrite("../gen-att-" + fn,sectex)
+ fileWrite("../gen-mpa-" + fn,mpatex)
+
+ tex += secWrapper(sectex,title="Attacks found")
+ tex += secWrapper(mpatex,title="MPA attacks")
+ docMake(fn,tex,author="Cas Cremers",title="test report %s" % (fn))
+
+
+def filterPrefix(prot):
+ """
+ Returns true iff the protocol name is okay to be considered
+ """
+ if PREFIX:
+ if not prot.startswith(PREFIX):
+ return False
+ return True
+
+def filterPrefixBD(prot):
+ """
+ Returns true iff the protocol name is okay to be considered
+ """
+ if PREFIX:
+ if not prot.startswith(PREFIX):
+ return False
+ if prot.endswith("-ud"):
+ return False
+ if prot.endswith("-udkey"):
+ return False
+ return True
+
+
+def filterCombo(prot):
+ """
+ Returns true iff the protocol name is okay to be considered
+ """
+ if prot.find("-sig-child") >= 0:
+ return False
+
+ return True
+
+
+def filterISOsymmBD(prot):
+ """
+ Returns true iff the protocol name is okay to be considered
+ """
+ if prot.endswith("-ud"):
+ return False
+ if prot.endswith("-udkey"):
+ return False
+
+ if prot.startswith("isoiec-9798-2"):
+ return True
+ if prot.startswith("isoiec-9798-4"):
+ return True
+
+ return False
+
+
+
+if __name__ == "__main__":
+
+ #reset()
+ #PREFIX = "isoiec-9798-2"
+ #makeReport(PREFIX)
+
+ includefiles = True
+
+ reset()
+ FFUNC = filterCombo
+ PREFIX = "ike1"
+ makeReport(PREFIX,includefiles=includefiles)
+
+ reset()
+ FFUNC = filterCombo
+ PREFIX = "ike2"
+ makeReport(PREFIX,includefiles=includefiles)
+
+ reset()
+ FFUNC = filterCombo
+ PREFIX = "ike0"
+ makeReport(PREFIX,includefiles=includefiles)
+
+
+
+
+
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/skeme-basic.cpp b/Vagrant Files/files/scyther/Protocols/IKE/skeme-basic.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..d9f58abac9bd56efe3cd9ff646b292c32c228fbd
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/skeme-basic.cpp
@@ -0,0 +1,61 @@
+/** HEADDOC
+ * @protocol SKEME
+ * @reference Krawczyk, H., SKEME: A Versatile Secure Key Exchange Mechanism
+ * for Internet,
+ * Boyd C. and Mathuria A., Protocols for Authentication and
+ * Key Agreement
+ * @description SKEME is a set of protocols suitable for negotiation of
+ * services in a general networked environment. The main
+ * characteristics are forward secrecy, privacy and anonymity,
+ * and DoS protection.
+ * @variant Basic mode
+**/
+
+
+/** MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+ * Note: May use the same oracles as sts
+**/
+#define __SKEME__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+#define Kir prf(Ni,Nr)
+
+
+protocol skeme-basic(I, R)
+{
+ role I {
+ fresh i, Ni: Nonce;
+ var Nr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, {I, Ni}pk(R), g(i) );
+ recv_2( R, I, {Nr}pk(I), Gr, prf(Kir, g(i), Gr, R, I) );
+ send_3( I, R, prf(Kir, Gr, g(i), I, R) );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r, Nr: Nonce;
+ var Ni: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, {I, Ni}pk(R), Gi );
+ send_2( R, I, {Nr}pk(I), g(r), prf(Kir, Gi, g(r), R, I) );
+ recv_3( I, R, prf(Kir, g(r), Gi, I, R) );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
\ No newline at end of file
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/skeme-basic.spdl b/Vagrant Files/files/scyther/Protocols/IKE/skeme-basic.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..8c53debe3080c80a8a0afccd60484535f60a0b5e
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/skeme-basic.spdl
@@ -0,0 +1,87 @@
+# 1 "skeme-basic.cpp"
+# 1 "<command-line>"
+# 1 "skeme-basic.cpp"
+# 21 "skeme-basic.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(h(g(r),i)) );
+ send_!SWAP2( SWAP, SWAP, KDF(h(g(i),r)) );
+
+ }
+
+
+}
+# 22 "skeme-basic.cpp" 2
+
+
+
+
+protocol skeme-basic(I, R)
+{
+ role I {
+ fresh i, Ni: Nonce;
+ var Nr: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, {I, Ni}pk(R), g(i) );
+ recv_2( R, I, {Nr}pk(I), Gr, prf(prf(Ni,Nr), g(i), Gr, R, I) );
+ send_3( I, R, prf(prf(Ni,Nr), Gr, g(i), I, R) );
+
+
+ claim( I, SKR, KDF(h(Gr,i)) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r, Nr: Nonce;
+ var Ni: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, {I, Ni}pk(R), Gi );
+ send_2( R, I, {Nr}pk(I), g(r), prf(prf(Ni,Nr), Gi, g(r), R, I) );
+ recv_3( I, R, prf(prf(Ni,Nr), g(r), Gi, I, R) );
+
+
+ claim( R, SKR, KDF(h(Gi,r)) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/skeme-psk.cpp b/Vagrant Files/files/scyther/Protocols/IKE/skeme-psk.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..355edc2a0a1ee77831c3494e1cd43aaa35c4a825
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/skeme-psk.cpp
@@ -0,0 +1,82 @@
+/** HEADDOC
+ * @protocol SKEME
+ * @reference Krawczyk, H., SKEME: A Versatile Secure Key Exchange Mechanism
+ * for Internet,
+ * Boyd C. and Mathuria A., Protocols for Authentication and
+ * Key Agreement
+ * @description SKEME is a set of protocols suitable for negotiation of
+ * services in a general networked environment. The main
+ * characteristics are forward secrecy, privacy and anonymity,
+ * and DoS protection.
+ * @variant Basic mode with pre-shared keys and correct application of DH
+**/
+
+
+/** MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+**/
+#define __SKEME__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling k(I,R) = k(R,I).
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r: Nonce;
+ var I, R: Agent;
+
+ // msg 2
+ recv_!O1( O, O, prf(k(R,I), Gi, g(r), R, I) );
+ send_!O2( O, O, prf(k(I,R), Gi, g(r), R, I) );
+
+ // msg 3
+ recv_!O3( O, O, prf(k(I,R), Gr, g(i), I, R) );
+ send_!O4( O, O, prf(k(R,I), Gr, g(i), I, R) );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+protocol skeme-psk(I, R)
+{
+ role I {
+ fresh i: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, g(i) );
+ recv_!2( R, I, Gr, prf(k(I,R), g(i), Gr, R, I) );
+ send_!3( I, R, prf(k(I,R), Gr, g(i), I, R) );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Gi );
+ send_!2( R, I, g(r), prf(k(R,I), Gi, g(r), R, I) );
+ recv_!3( I, R, prf(k(R,I), g(r), Gi, I, R) );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
\ No newline at end of file
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/skeme-psk.spdl b/Vagrant Files/files/scyther/Protocols/IKE/skeme-psk.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..e3e8796cdff93ed5d9df1a5299618ee9d4cd4bee
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/skeme-psk.spdl
@@ -0,0 +1,109 @@
+# 1 "skeme-psk.cpp"
+# 1 "<command-line>"
+# 1 "skeme-psk.cpp"
+# 20 "skeme-psk.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(h(g(r),i)) );
+ send_!SWAP2( SWAP, SWAP, KDF(h(g(i),r)) );
+
+ }
+
+
+}
+# 21 "skeme-psk.cpp" 2
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, prf(k(R,I), g(i), g(r), R, I) );
+ send_!O2( O, O, prf(k(I,R), g(i), g(r), R, I) );
+
+
+ recv_!O3( O, O, prf(k(I,R), g(r), g(i), I, R) );
+ send_!O4( O, O, prf(k(R,I), g(r), g(i), I, R) );
+
+ }
+
+
+}
+
+
+protocol skeme-psk(I, R)
+{
+ role I {
+ fresh i: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, g(i) );
+ recv_!2( R, I, Gr, prf(k(I,R), g(i), Gr, R, I) );
+ send_!3( I, R, prf(k(I,R), Gr, g(i), I, R) );
+
+
+ claim( I, SKR, KDF(h(Gr,i)) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Gi );
+ send_!2( R, I, g(r), prf(k(R,I), Gi, g(r), R, I) );
+ recv_!3( I, R, prf(k(R,I), g(r), Gi, I, R) );
+
+
+ claim( R, SKR, KDF(h(Gi,r)) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/skeme-rekey.cpp b/Vagrant Files/files/scyther/Protocols/IKE/skeme-rekey.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..a1915a263d78bb76b9ee59e9b94b882f069d0104
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/skeme-rekey.cpp
@@ -0,0 +1,80 @@
+/** HEADDOC
+ * @protocol SKEME
+ * @reference Krawczyk, H., SKEME: A Versatile Secure Key Exchange Mechanism
+ * for Internet,
+ * Boyd C. and Mathuria A., Protocols for Authentication and
+ * Key Agreement
+ * @description SKEME is a set of protocols suitable for negotiation of
+ * services in a general networked environment. The main
+ * characteristics are forward secrecy, privacy and anonymity,
+ * and DoS protection.
+ * @variant Fast rekeying protocol
+**/
+
+/** MACRO DEFINITIONS
+ * Needs preprocessing by cpp before fed to scyther
+**/
+#define __SKEME_REKEY__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling k(I,R) = k(R,I).
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var Ni, Nr: Nonce;
+ var I, R: Agent;
+
+ // msg 2
+ recv_!O1( O, O, prf(k(R,I), Ni, Nr, R, I) );
+ send_!O2( O, O, prf(k(I,R), Ni, Nr, R, I) );
+
+ // msg 3
+ recv_!O3( O, O, prf(k(I,R), Nr, Ni, I, R) );
+ send_!O4( O, O, prf(k(R,I), Nr, Ni, I, R) );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+protocol skeme-rekey(I, R)
+{
+ role I {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+
+ send_1( I, R, Ni );
+ recv_!2( R, I, Nr, prf(k(I,R), Ni, Nr, R, I) );
+ send_!3( I, R, prf(k(I,R), Nr, Ni, I, R) );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh Nr: Nonce;
+ var Ni: Nonce;
+
+ recv_1( I, R, Ni );
+ send_!2( R, I, Nr, prf(k(I,R), Ni, Nr, R, I) );
+ recv_!3( I, R, prf(k(I,R), Nr, Ni, I, R) );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
\ No newline at end of file
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/skeme-rekey.spdl b/Vagrant Files/files/scyther/Protocols/IKE/skeme-rekey.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..acd0c509c4f46026ed5ae0199bef7bdccfa03bb4
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/skeme-rekey.spdl
@@ -0,0 +1,111 @@
+# 1 "skeme-rekey.cpp"
+# 1 "<command-line>"
+# 1 "skeme-rekey.cpp"
+# 19 "skeme-rekey.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 97 "common.h"
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 147 "common.h"
+ var I, R: Agent;
+
+
+ recv_!SWAP1( SWAP, SWAP, KDF(k(I,R),prf(k(I,R), Ni, Nr, R, I)) );
+ send_!SWAP2( SWAP, SWAP, KDF(k(R,I),prf(k(R,I), Ni, Nr, R, I)) );
+
+ }
+
+
+}
+# 20 "skeme-rekey.cpp" 2
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var Ni, Nr: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, prf(k(R,I), Ni, Nr, R, I) );
+ send_!O2( O, O, prf(k(I,R), Ni, Nr, R, I) );
+
+
+ recv_!O3( O, O, prf(k(I,R), Nr, Ni, I, R) );
+ send_!O4( O, O, prf(k(R,I), Nr, Ni, I, R) );
+
+ }
+
+
+}
+
+protocol skeme-rekey(I, R)
+{
+ role I {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+
+ send_1( I, R, Ni );
+ recv_!2( R, I, Nr, prf(k(I,R), Ni, Nr, R, I) );
+ send_!3( I, R, prf(k(I,R), Nr, Ni, I, R) );
+
+
+ claim( I, SKR, KDF(k(I,R),prf(k(I,R), Ni, Nr, R, I)) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh Nr: Nonce;
+ var Ni: Nonce;
+
+ recv_1( I, R, Ni );
+ send_!2( R, I, Nr, prf(k(I,R), Ni, Nr, R, I) );
+ recv_!3( I, R, prf(k(I,R), Nr, Ni, I, R) );
+
+
+ claim( R, SKR, KDF(k(R,I),prf(k(R,I), Ni, Nr, R, I)) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/sts-mac.cpp b/Vagrant Files/files/scyther/Protocols/IKE/sts-mac.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..9faaf4f7959c1692fca248d8db8a180eb348647f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/sts-mac.cpp
@@ -0,0 +1,78 @@
+/** HEADDOC
+ * @protocol Station-to-Station Protocol (STS)
+ * @reference Diffie W., van Oorschot P. C., and Wiener M. J.,
+ * Authentication and authenticated key exchange,
+ * Boyd C. and Mathuria A., Protocols for Authentication and
+ * Key Agreement
+ * @description STS adds a diGital signaure to the exchanged messages to
+ * provide authentication for the Diffie-Hellman protocol. In
+ * addition, the shared secret is used to provide further
+ * assurances.
+ * @variant Variant using MACs
+**/
+
+#define __STS__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r: Nonce;
+
+ // msg 2
+ recv_!O1( O, O, MAC(Zr, g(r), Gi) );
+ send_!O2( O, O, MAC(Zi, g(r), Gi) );
+
+ // msg 3
+ recv_!O3( O, O, MAC(Zi, Gi, g(r)) );
+ send_!O4( O, O, MAC(Zr, Gi, g(r)) );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+// It is not specified how the session key is derived from the ephemeral DH
+// secret Z; we use KDF(Z).
+protocol sts-mac(I, R)
+{
+ role I {
+ fresh i: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, g(i) );
+ recv_!2( R, I, Gr, {Gr, g(i)}sk(R), MAC(Zi, Gr, g(i)) );
+ send_!3( I, R, {g(i), Gr}sk(I), MAC(Zi, g(i), Gr) );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Gi );
+ send_!2( R, I, Gi, {g(r), Gi}sk(R), MAC(Zr, g(r), Gi) );
+ recv_!3( I, R, {Gi, g(r)}sk(I), MAC(Zr, Gi, g(r)) );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
\ No newline at end of file
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/sts-mac.spdl b/Vagrant Files/files/scyther/Protocols/IKE/sts-mac.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..09c583b7bd3fa51dfb2a73564ea95416dc2b70ac
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/sts-mac.spdl
@@ -0,0 +1,112 @@
+# 1 "sts-mac.cpp"
+# 1 "<command-line>"
+# 1 "sts-mac.cpp"
+# 16 "sts-mac.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 94 "common.h"
+hashfunction MAC;
+
+
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(h(g(r),i)) );
+ send_!SWAP2( SWAP, SWAP, KDF(h(g(i),r)) );
+
+ }
+
+
+}
+# 17 "sts-mac.cpp" 2
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r: Nonce;
+
+
+ recv_!O1( O, O, MAC(h(g(i),r), g(r), g(i)) );
+ send_!O2( O, O, MAC(h(g(r),i), g(r), g(i)) );
+
+
+ recv_!O3( O, O, MAC(h(g(r),i), g(i), g(r)) );
+ send_!O4( O, O, MAC(h(g(i),r), g(i), g(r)) );
+
+ }
+
+
+}
+
+
+
+protocol sts-mac(I, R)
+{
+ role I {
+ fresh i: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, g(i) );
+ recv_!2( R, I, Gr, {Gr, g(i)}sk(R), MAC(h(Gr,i), Gr, g(i)) );
+ send_!3( I, R, {g(i), Gr}sk(I), MAC(h(Gr,i), g(i), Gr) );
+
+
+ claim( I, SKR, KDF(h(Gr,i)) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Gi );
+ send_!2( R, I, Gi, {g(r), Gi}sk(R), MAC(h(Gi,r), g(r), Gi) );
+ recv_!3( I, R, {Gi, g(r)}sk(I), MAC(h(Gi,r), Gi, g(r)) );
+
+
+ claim( R, SKR, KDF(h(Gi,r)) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/sts-main.cpp b/Vagrant Files/files/scyther/Protocols/IKE/sts-main.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..b95d30660c5dd6ea65619e864d559cf615d6dfcd
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/sts-main.cpp
@@ -0,0 +1,79 @@
+/** HEADDOC
+ * @protocol Station-to-Station Protocol (STS)
+ * @reference Diffie W., van Oorschot P. C., and Wiener M. J.,
+ * Authentication and authenticated key exchange,
+ * Boyd C. and Mathuria A., Protocols for Authentication and
+ * Key Agreement
+ * @description STS adds a digital signaure to the exchanged messages to
+ * provide authentication for the Diffie-Hellman protocol. In
+ * addition, the shared secret is used to provide further
+ * assurances.
+**/
+
+#define __STS__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+/**
+ * This role serves as an "oracle" to ensure the executability of the
+ * protocol by taking care of the problems that arise from our way of
+ * modelling Diffie-Hellman keys.
+ */
+protocol @executability(O) {
+#define Gi g(i)
+#define Gr g(r)
+ role O {
+ var i, r: Nonce;
+ var I, R: Agent;
+
+ // msg 2
+ recv_!O1( O, O, {{g(r), Gi}sk(R)}SKr );
+ send_!O2( O, O, {{g(r), Gi}sk(R)}SKi );
+
+ // msg 3
+ recv_!O3( O, O, {{g(i), Gr}sk(I)}SKi );
+ send_!O4( O, O, {{g(i), Gr}sk(I)}SKr );
+
+ }
+#undef Gi
+#undef Gr
+}
+
+
+// It is not specified how the session key is derived from the ephemeral DH
+// secret Z; we use KDF(Z).
+protocol sts-main(I, R)
+{
+ role I {
+ fresh i: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, g(i) );
+ recv_!2( R, I, Gr, {{Gr, g(i)}sk(R)}SKi );
+ send_!3( I, R, {{g(i), Gr}sk(I)}SKi );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Gi );
+ send_!2( R, I, g(r), {{g(r), Gi}sk(R)}SKr );
+ recv_!3( I, R, {{Gi, g(r)}sk(I)}SKr );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
\ No newline at end of file
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/sts-main.spdl b/Vagrant Files/files/scyther/Protocols/IKE/sts-main.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..4cfb76ca7e2aa619433953010d6a7827ce67c46b
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/sts-main.spdl
@@ -0,0 +1,114 @@
+# 1 "sts-main.cpp"
+# 1 "<command-line>"
+# 1 "sts-main.cpp"
+# 15 "sts-main.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 94 "common.h"
+hashfunction MAC;
+
+
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(h(g(r),i)) );
+ send_!SWAP2( SWAP, SWAP, KDF(h(g(i),r)) );
+
+ }
+
+
+}
+# 16 "sts-main.cpp" 2
+
+
+
+
+
+
+
+protocol @executability(O) {
+
+
+ role O {
+ var i, r: Nonce;
+ var I, R: Agent;
+
+
+ recv_!O1( O, O, {{g(r), g(i)}sk(R)}KDF(h(g(i),r)) );
+ send_!O2( O, O, {{g(r), g(i)}sk(R)}KDF(h(g(r),i)) );
+
+
+ recv_!O3( O, O, {{g(i), g(r)}sk(I)}KDF(h(g(r),i)) );
+ send_!O4( O, O, {{g(i), g(r)}sk(I)}KDF(h(g(i),r)) );
+
+ }
+
+
+}
+
+
+
+
+protocol sts-main(I, R)
+{
+ role I {
+ fresh i: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, g(i) );
+ recv_!2( R, I, Gr, {{Gr, g(i)}sk(R)}KDF(h(Gr,i)) );
+ send_!3( I, R, {{g(i), Gr}sk(I)}KDF(h(Gr,i)) );
+
+
+ claim( I, SKR, KDF(h(Gr,i)) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Gi );
+ send_!2( R, I, g(r), {{g(r), Gi}sk(R)}KDF(h(Gi,r)) );
+ recv_!3( I, R, {{Gi, g(r)}sk(I)}KDF(h(Gi,r)) );
+
+
+ claim( R, SKR, KDF(h(Gi,r)) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/sts-modified.cpp b/Vagrant Files/files/scyther/Protocols/IKE/sts-modified.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..458a042a58b69b03edd3f3b62b04b833dbc5c433
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/sts-modified.cpp
@@ -0,0 +1,55 @@
+/** HEADDOC
+ * @protocol Station-to-Station Protocol (STS)
+ * @reference Diffie W., van Oorschot P. C., and Wiener M. J.,
+ * Authentication and authenticated key exchange,
+ * Boyd C. and Mathuria A., Protocols for Authentication and
+ * Key Agreement
+ * @description STS adds a diGital signaure to the exchanged messages to
+ * provide authentication for the Diffie-Hellman protocol. In
+ * addition, the shared secret is used to provide further
+ * assurances.
+ * @variant Variant proposed by Boyd et al to prevent unknown key-share
+ * attacks.
+**/
+
+#define __STS__
+#ifndef __ORACLE__
+#include "common.h"
+#endif
+
+// It is not specified how the session key is derived from the ephemeral DH
+// secret Z; we use KDF(Z).
+protocol sts-modified(I, R)
+{
+ role I {
+ fresh i: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, g(i) );
+ recv_2( R, I, Gr, {Gr, g(i), I}sk(R) );
+ send_3( I, R, {g(i), Gr, R}sk(I) );
+
+ /* SECURITY CLAIMS */
+ claim( I, SKR, SKi );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Gi );
+ send_2( R, I, g(r), {g(r), Gi, I}sk(R) );
+ recv_3( I, R, {Gi, g(r), R}sk(I) );
+
+ /* SECURITY CLAIMS */
+ claim( R, SKR, SKr );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
\ No newline at end of file
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/sts-modified.spdl b/Vagrant Files/files/scyther/Protocols/IKE/sts-modified.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..660d068d8beeba783ff26fdb0633a773901ff2e0
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/sts-modified.spdl
@@ -0,0 +1,88 @@
+# 1 "sts-modified.cpp"
+# 1 "<command-line>"
+# 1 "sts-modified.cpp"
+# 17 "sts-modified.cpp"
+# 1 "common.h" 1
+
+
+
+
+ hashfunction prf, KDF;
+
+
+
+
+
+
+hashfunction g, h;
+# 94 "common.h"
+hashfunction MAC;
+
+
+protocol @oracle (DH, SWAP) {
+
+
+
+
+
+
+
+ role DH {
+ var i, r: Nonce;
+
+ recv_!DH1( DH, DH, h(g(r),i) );
+ send_!DH2( DH, DH, h(g(i),r) );
+ }
+
+
+
+
+ role SWAP {
+ var i, r, Ni, Nr: Nonce;
+# 150 "common.h"
+ recv_!SWAP1( SWAP, SWAP, KDF(h(g(r),i)) );
+ send_!SWAP2( SWAP, SWAP, KDF(h(g(i),r)) );
+
+ }
+
+
+}
+# 18 "sts-modified.cpp" 2
+
+
+
+
+protocol sts-modified(I, R)
+{
+ role I {
+ fresh i: Nonce;
+ var Gr: Ticket;
+
+ send_1( I, R, g(i) );
+ recv_2( R, I, Gr, {Gr, g(i), I}sk(R) );
+ send_3( I, R, {g(i), Gr, R}sk(I) );
+
+
+ claim( I, SKR, KDF(h(Gr,i)) );
+
+ claim( I, Alive );
+ claim( I, Weakagree );
+
+ }
+
+ role R {
+ fresh r: Nonce;
+ var Gi: Ticket;
+
+ recv_1( I, R, Gi );
+ send_2( R, I, g(r), {g(r), Gi, I}sk(R) );
+ recv_3( I, R, {Gi, g(r), R}sk(I) );
+
+
+ claim( R, SKR, KDF(h(Gi,r)) );
+
+ claim( R, Alive );
+ claim( R, Weakagree );
+
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/verify.sh b/Vagrant Files/files/scyther/Protocols/IKE/verify.sh
new file mode 100644
index 0000000000000000000000000000000000000000..44f2b619b55d044267edded5535bebc576e72f22
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/verify.sh
@@ -0,0 +1,149 @@
+#############################################################################
+#
+# NAME
+# verify - batch protocol verifier script for scyther
+#
+# SYNOPSIS
+# ./verify.sh [option]... [file]...
+#
+# DESCRIPTION
+# Verify protocol specifications using scyther.
+#
+# OPTIONS
+#
+# -d Debug mode [false]
+# -e Execution environment [cluster]
+# -h Help
+# -i Skip attack patterns of the form Alice talking to Alice
+# -l lower bound of claims to check [1]
+# -m Adversary-compromise model [ext]
+# -o Output directory (attack graphs) [./graphs/]
+# -r number of runs [6]
+# -t timeout in s
+# -u upper bound of claims to check [1]
+#
+# EXAMPLE
+# ./verify.sh -m br -o . *.spdl
+#
+#############################################################################
+
+
+#!/bin/bash
+
+# Default values
+CLAIM[0]=1
+CLAIM[1]=1
+DEBUG=false
+ENV='cluster'
+FILES="*.spdl"
+INITUNIQUE=
+MODEL='ext'
+OUTDIR='./graphs'
+RUNS='-r 6'
+SCYTHER='../scyther/Scyther/scyther-linux'
+TIMEOUT=
+
+# Adversary-compromise models
+# EXT
+MODELS[0]=
+# INT
+MODELS[1]='--LKRothers 1'
+# CA
+MODELS[2]='--LKRactor 1'
+# AF
+MODELS[3]='--LKRafter 1'
+# AFC
+MODELS[4]='--LKRaftercorrect 1'
+# BR
+MODELS[5]='--LKRothers 1 --SKR 1 --SKRinfer' # (inferred session keys)
+MODELS[6]='--LKRothers 1 --SKR 1'
+# CKw
+MODELS[7]='--LKRothers 1 --LKRactor 1 --LKRaftercorrect 1 --SKR 1 --SKRinfer --SSR 1'
+MODELS[8]='--LKRothers 1 --LKRactor 1 --LKRaftercorrect 1 --SKR 1 --SSR 1'
+# CK
+MODELS[9]='--LKRothers 1 --LKRafter 1 --LKRaftercorrect 1 --SKR 1 --SKRinfer --SSR 1'
+MODELS[10]='--LKRothers 1 --LKRafter 1 --LKRaftercorrect 1 --SKR 1 --SSR 1'
+# eCK-1
+MODELS[11]='--LKRothers 1 --SKR 1 --SKRinfer --RNR 1'
+MODELS[12]='--LKRothers 1 --SKR 1 --RNR 1'
+# eCK-2
+MODELS[13]='--LKRothers 1 --LKRactor 1 --LKRaftercorrect 1 --SKR 1 --SKRinfer'
+MODELS[14]='--LKRothers 1 --LKRactor 1 --LKRaftercorrect 1 --SKR 1'
+
+
+# Parse command line arguments
+while getopts “de:hil:m:o:r:t:u:” FLAG;
+do
+ case $FLAG in
+ d) DEBUG=true;;
+ e) ENV=$OPTARG;;
+ i) INITUNIQUE='--init-unique';;
+ l) CLAIM[0]=$OPTARG;;
+ m) MODEL=$OPTARG;;
+ o) OUTDIR=$OPTARG;;
+ r) RUNS="-r $OPTARG";;
+ t) TIMEOUT="-T $OPTARG";;
+ u) CLAIM[1]=$OPTARG;;
+ h|?)
+ printf "Usage: %s: [-l num][-u num][-d][-e [cluster|remote|local]][-h][-m model][-o value][-r num][-t sec]file[...]\n" $(basename $0) >&2
+ exit 1;;
+ esac
+done
+shift $(($OPTIND - 1))
+
+# Remaining arguments treated as specification files
+if [ -n "$*" ]; then
+ FILES="$*"
+ # mkdir -p "$OUTDIR$TSTAMP"
+fi
+
+
+# Parse model identifiers
+mflags=
+case $MODEL in
+ int) mflags=${MODELS[1]};;
+ ca) mflags=${MODELS[2]};;
+ af) mflags=${MODELS[3]};;
+ afc) mflags=${MODELS[4]};;
+ bri) mflags=${MODELS[5]};;
+ br) mflags=${MODELS[6]};;
+ ckwi) mflags=${MODELS[7]};;
+ ckw) mflags=${MODELS[8]};;
+ cki) mflags=${MODELS[9]};;
+ ck) mflags=${MODELS[10]};;
+ eck1i) mflags=${MODELS[11]};;
+ eck1) mflags=${MODELS[12]};;
+ eck2i) mflags=${MODELS[13]};;
+ eck2) mflags=${MODELS[14]};;
+esac
+
+
+# Verify
+for file in $FILES;
+do
+ EXT=`echo "$file" | sed 's/^.*\.//'`
+ if [ "$EXT" == 'spdl' ]; then
+ # Extract protocol name
+ tmp=`basename $file .spdl`
+ p=`basename $tmp .pp`
+
+ # Execute scyther for selected models and claim
+ for (( c=${CLAIM[0]}; c<=${CLAIM[1]}; c++ ));
+ do
+ init="$SCYTHER $TIMEOUT --force-regular $INITUNIQUE $RUNS $mflags $file -d -o $OUTDIR/${p}_adv-${MODEL}_I$c.dot --filter=$p,I$c"
+ resp="$SCYTHER $TIMEOUT --force-regular $INITUNIQUE $RUNS $mflags $file -d -o $OUTDIR/${p}_adv-${MODEL}_R$c.dot --filter=$p,R$c"
+ if $DEBUG; then
+ echo $init
+ echo $resp
+ elif [ $ENV = "cluster" ]; then
+ bsub -W 08:00 -R "rusage[mem=4096]" $init
+ bsub -W 08:00 -R "rusage[mem=4096]" $resp
+ else # $ENV = local
+ time $init
+ time $resp
+ fi
+ done
+ else
+ printf "WARNING: %s could not be processed." $file
+ fi
+done
diff --git a/Vagrant Files/files/scyther/Protocols/IKE/verify_all.sh b/Vagrant Files/files/scyther/Protocols/IKE/verify_all.sh
new file mode 100644
index 0000000000000000000000000000000000000000..0cad2f655dcce8da95e9242b56b4c8304eb0c3b7
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/IKE/verify_all.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+if [ -n "$*" ]; then
+ FILES="$*"
+ ./verify.sh -i -r 4 -l 1 -u 3 -e remote $FILES
+ ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m int $FILES
+ ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m ca $FILES
+ ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m afc $FILES
+ ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m af $FILES
+ ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m br $FILES
+ ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m bri $FILES
+ ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m ckw $FILES
+ ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m ckwi $FILES
+ ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m ck $FILES
+ ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m cki $FILES
+ ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m eck1 $FILES
+ ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m eck1i $FILES
+ ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m eck2 $FILES
+ ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m eck2i $FILES
+fi
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/Makefile b/Vagrant Files/files/scyther/Protocols/ISO-9798/Makefile
new file mode 100644
index 0000000000000000000000000000000000000000..e0a1179337a6a2cad3c23ca6b5cad28b02ef8c2a
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/Makefile
@@ -0,0 +1,16 @@
+
+outputs= isoiec-9798-3-6-1.spdl isoiec-9798-3-6-2.spdl \
+ isoiec-9798-3-7-1.spdl isoiec-9798-3-7-2.spdl
+
+all: $(outputs)
+
+isoiec-9798-3-6-%.spdl: isoiec-9798-3-6-%.cpp isoiec-9798-3-6.template
+ cpp -C -P $< >$@
+
+isoiec-9798-3-7-%.spdl: isoiec-9798-3-7-%.cpp isoiec-9798-3-7.template
+ cpp -C -P $< >$@
+
+clean:
+ \rm -f $(outputs)
+
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/iso25-tag.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/iso25-tag.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..a97164b55fb7d6aff4c72839cd56bd59777ad6bc
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/iso25-tag.spdl
@@ -0,0 +1,78 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * symmetric
+ * ttp
+ * four-pass
+ * mutual
+ *
+ * Modeling notes:
+ * - The use of TNb in message 4, as specified by the ISO standard, is
+ * different from other models, in which it was TNa.
+ */
+usertype SessionKey;
+usertype Tag;
+
+const t1,t2a,t2b,t3,t4,t5: Tag;
+
+protocol isoiec-9798-2-5(A,B,P)
+{
+ role A
+ {
+ fresh TVPa: Nonce;
+ var T: Ticket;
+ fresh TNa: Nonce;
+ var TNb: Nonce;
+ var Kab: SessionKey;
+ fresh Text1,Text5,Text6: Ticket;
+ var Text3,Text4,Text7,Text8: Ticket;
+
+ send_1(A,P, TVPa, B, Text1);
+ recv_2(P,A, Text4, { t2a, TVPa, Kab, B, Text3 }k(A,P), T );
+ claim(A,Running,B,Kab,Text5);
+ send_3(A,B, Text6, T, { t3, TNa, B, Text5 }Kab );
+ recv_4(B,A, Text8, { t4, TNb, A, Text7 }Kab );
+
+ claim(A,Commit,B,Kab,Text5,Text7);
+ claim(A,Secret,Kab);
+ claim(A,Secret,Text5);
+ claim(A,Secret,Text7);
+ claim(A,Alive);
+ claim(A,Weakagree);
+ }
+ role B
+ {
+ var TNp: Nonce;
+ var TNa: Nonce;
+ fresh TNb: Nonce;
+ var Kab: SessionKey;
+ fresh Text7,Text8: Ticket;
+ var Text2,Text5,Text6: Ticket;
+
+ recv_3(A,B, Text6, { t2b, TNp, Kab, A, Text2 }k(B,P), {
+ t3, TNa, B, Text5 }Kab );
+ claim(B,Running,A,Kab,Text5,Text7);
+ send_4(B,A, Text8, { t4, TNb, A, Text7 }Kab );
+
+ claim(B,Commit,A,Kab,Text5);
+ claim(B,Secret,Kab);
+ claim(B,Secret,Text5);
+ claim(B,Secret,Text7);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+ role P
+ {
+ var TVPa: Nonce;
+ fresh TNp: Nonce;
+ fresh Kab: SessionKey;
+ fresh Text2,Text3,Text4: Ticket;
+ var Text1: Ticket;
+
+ recv_1(A,P, TVPa, B, Text1);
+ send_2(P,A, Text4, { t2a, TVPa, Kab, B, Text3 }k(A,P),
+ { t2b, TNp, Kab, A, Text2 }k(B,P) );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/iso26-tag.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/iso26-tag.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..ced5d0259ee01c6e84f3b38eec40bfc35aaf7806
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/iso26-tag.spdl
@@ -0,0 +1,95 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * symmetric
+ * ttp
+ * five-pass
+ * mutual
+ *
+ * MPA Attack reported by Mathuria:
+ * - Type flaw MPA when in parallel with Abadi-Needham protocol.
+ *
+ */
+usertype Tag;
+
+const t1,t2,t3,t4,t5: Tag;
+
+protocol isoiec-9798-2-6-tag(A,B,P)
+{
+ role A
+ {
+ var Rb: Nonce;
+ fresh Ra,Rpa: Nonce;
+ var Kab: SessionKey;
+ var T: Ticket;
+ fresh Text2,Text6,Text7: Ticket;
+ var Text1,Text4,Text5,Text8,Text9: Ticket;
+
+ recv_1(B,A, Rb, Text1);
+ send_2(A,P, Ra, Rb, B, Text2);
+ recv_3(P,A, Text5, {t1, Ra,Kab,B,Text4}k(A,P), T );
+ claim(A,Running,B,Kab,Text6);
+ send_4(A,B, Text7, T, {t3,Rpa,Rb,Text6}Kab );
+ recv_5(B,A, Text9, {t4,Rb,Rpa,Text8}Kab );
+
+ claim(A,Commit,B,Kab,Text6,Text8);
+ claim(A,Secret,Kab);
+ claim(A,Secret,Text6);
+ claim(A,Secret,Text8);
+ claim(A,Alive);
+ claim(A,Weakagree);
+ }
+ role B
+ {
+ fresh Rb: Nonce;
+ var Rpa: Nonce;
+ var Kab: SessionKey;
+ fresh Text1,Text8,Text9: Ticket;
+ var Text3,Text6,Text7: Ticket;
+
+ send_1(B,A, Rb, Text1);
+ recv_4(A,B, Text7, {t2,Rb,Kab,A,Text3}k(B,P), {t3,Rpa,Rb,Text6}Kab );
+ claim(B,Running,A,Kab,Text6,Text8);
+ send_5(B,A, Text9, {t4,Rb,Rpa,Text8}Kab );
+
+ claim(B,Commit,A,Kab,Text6);
+ claim(B,Secret,Kab);
+ claim(B,Secret,Text6);
+ claim(B,Secret,Text8);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+ role P
+ {
+ var Ra, Rb: Nonce;
+ fresh Kab: SessionKey;
+ fresh Text3,Text4,Text5: Ticket;
+ var Text2: Ticket;
+
+ recv_2(A,P, Ra, Rb, B, Text2);
+ send_3(P,A, Text5, {t1,Ra,Kab,B,Text4}k(A,P),
+ {t2,Rb,Kab,A,Text3}k(B,P) );
+ }
+}
+
+protocol @keysymm26(A,B,P)
+{
+ role A
+ {
+ var TVPN: Nonce;
+ var Kab: SessionKey;
+ var Text: Ticket;
+ var Tag: Ticket;
+
+ recv_!1(B,A, { Tag,TVPN, Kab, B, Text }k(P,A) );
+ send_!2(A,B, { Tag,TVPN, Kab, B, Text }k(A,P) );
+ }
+ role B
+ {
+ }
+ role P
+ {
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-1-udkey.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-1-udkey.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..e1f8be609a90fde6cc1c531a344932d598b1086f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-1-udkey.spdl
@@ -0,0 +1,35 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * symmetric
+ * one-pass
+ * unilateral
+ *
+ * Note: the identity B may be ommitted, if
+ * (a) the environment disallows such attacks, or
+ * (b) a unidirectional key is used
+ */
+protocol isoiec-9798-2-1-udkey(A,B)
+{
+ role A
+ {
+ fresh TNA: Nonce;
+ fresh Text1,Text2: Ticket;
+
+ claim(A,Running,B,TNA,Text1);
+ send_1(A,B, Text2, { TNA, Text1 }k(A,B) );
+ }
+ role B
+ {
+ var TNA: Nonce;
+ var Text1,Text2: Ticket;
+
+ recv_1(A,B, Text2, { TNA, Text1 }k(A,B) );
+
+ claim(B,Commit,A,TNA,Text1);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-1.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-1.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..0d47be3137db77fd9bc6a89bcfd1c3cdb6ea932c
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-1.spdl
@@ -0,0 +1,55 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * symmetric
+ * one-pass
+ * unilateral
+ *
+ * Note: the identity B may be ommitted, if
+ * (a) the environment disallows such attacks, or
+ * (b) a unidirectional key is used
+ */
+protocol @keysymm-21(A,B)
+{
+ role A
+ {
+ var T: Nonce;
+ var Text: Ticket;
+
+ recv_!1(B,A, { T, A, Text }k(A,B) );
+ send_!2(A,B, { T, A, Text }k(B,A) );
+ }
+ role B
+ {
+ var T: Nonce;
+ var Text: Ticket;
+
+ recv_!3(A,B, { T, B, Text }k(A,B) );
+ send_!4(B,A, { T, B, Text }k(B,A) );
+ }
+}
+
+protocol isoiec-9798-2-1(A,B)
+{
+ role A
+ {
+ fresh TNA: Nonce;
+ fresh Text1,Text2: Ticket;
+
+ claim(A,Running,B,TNA,Text1);
+ send_1(A,B, Text2, { TNA, B, Text1 }k(A,B) );
+ }
+ role B
+ {
+ var TNA: Nonce;
+ var Text1,Text2: Ticket;
+
+ recv_1(A,B, Text2, { TNA, B, Text1 }k(A,B) );
+
+ claim(B,Commit,A,TNA,Text1);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-2-udkey.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-2-udkey.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..314aa8e820366bd1d122fdac1b5bd1d572d36840
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-2-udkey.spdl
@@ -0,0 +1,40 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * symmetric
+ * two-pass
+ * unilateral
+ *
+ * Note: the identity A may be ommitted, if
+ * (a) the environment disallows such attacks, or
+ * (b) a unidirectional key is used
+ *
+ */
+protocol isoiec-9798-2-2-udkey(A,B)
+{
+ role A
+ {
+ var RB: Nonce;
+ var Text1: Ticket;
+ fresh Text2,Text3: Ticket;
+
+ recv_1(B,A, RB,Text1 );
+ claim(A,Running,B,RB,Text2);
+ send_2(A,B, Text3, { RB, Text2 }k(B,A) );
+ }
+ role B
+ {
+ fresh RB: Nonce;
+ fresh Text1: Ticket;
+ var Text2,Text3: Ticket;
+
+ send_1(B,A, RB,Text1 );
+ recv_2(A,B, Text3, { RB, Text2 }k(B,A) );
+
+ claim(B,Commit,A,RB,Text2);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-2.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..fc1ae687bac0b7618131dfcd76bcd226cd88ecf0
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-2.spdl
@@ -0,0 +1,59 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * symmetric
+ * two-pass
+ * unilateral
+ *
+ * Note: the identity A may be ommitted, if
+ * (a) the environment disallows such attacks, or
+ * (b) a unidirectional key is used
+ */
+protocol @keysymm-22(A,B)
+{
+ role A
+ {
+ var T: Nonce;
+ var Text: Ticket;
+
+ recv_!1(B,A, { T, A, Text }k(A,B) );
+ send_!2(A,B, { T, A, Text }k(B,A) );
+ }
+ role B
+ {
+ var T: Nonce;
+ var Text: Ticket;
+
+ recv_!3(A,B, { T, B, Text }k(A,B) );
+ send_!4(B,A, { T, B, Text }k(B,A) );
+ }
+}
+
+protocol isoiec-9798-2-2(A,B)
+{
+ role A
+ {
+ var RB: Nonce;
+ var Text1: Ticket;
+ fresh Text2,Text3: Ticket;
+
+ recv_1(B,A, RB,Text1 );
+ claim(A,Running,B,RB,Text2);
+ send_2(A,B, Text3, { RB, B, Text2 }k(B,A) );
+ }
+ role B
+ {
+ fresh RB: Nonce;
+ fresh Text1: Ticket;
+ var Text2,Text3: Ticket;
+
+ send_1(B,A, RB,Text1 );
+ recv_2(A,B, Text3, { RB, B, Text2 }k(B,A) );
+
+ claim(B,Commit,A,RB,Text2);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-3-udkey.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-3-udkey.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..9fddf6915a561d4ba8ff6c7831755e96dc2fe01d
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-3-udkey.spdl
@@ -0,0 +1,49 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * symmetric
+ * two-pass
+ * mutual
+ *
+ * Note: the identity inside the encryption may be ommitted, if
+ * (a) the environment disallows such attacks, or
+ * (b) a unidirectional key is used
+ *
+ * In case (b), modeled here, the second key is reversed.
+ *
+ */
+protocol isoiec-9798-2-3-udkey(A,B)
+{
+ role A
+ {
+ fresh TNA: Nonce;
+ var TNB: Nonce;
+ fresh Text1,Text2: Ticket;
+ var Text3,Text4: Ticket;
+
+ claim(A,Running,B,TNA,Text1);
+ send_1(A,B, Text2, { TNA, Text1 }k(A,B) );
+ recv_2(B,A, Text4, { TNB, Text3 }k(B,A) );
+
+ claim(A,Commit,B,TNB,Text3);
+ claim(A,Alive);
+ claim(A,Weakagree);
+ }
+ role B
+ {
+ var TNA: Nonce;
+ fresh TNB: Nonce;
+ var Text1,Text2: Ticket;
+ fresh Text3,Text4: Ticket;
+
+ recv_1(A,B, Text2, { TNA, Text1 }k(A,B) );
+ claim(B,Running,A,TNB,Text3);
+ send_2(B,A, Text4, { TNB, Text3 }k(B,A) );
+
+ claim(B,Commit,A,TNA,Text1);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-3.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-3.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..6f2f86ba77ac32907fd3f35a682dbdc5e92a59df
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-3.spdl
@@ -0,0 +1,67 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * symmetric
+ * two-pass
+ * mutual
+ *
+ * Note: the identity inside the encryption may be ommitted, if
+ * (a) the environment disallows such attacks, or
+ * (b) a unidirectional key is used
+ *
+ */
+protocol @keysymm-23(A,B)
+{
+ role A
+ {
+ var T: Nonce;
+ var Text: Ticket;
+
+ recv_!1(B,A, { T, A, Text }k(A,B) );
+ send_!2(A,B, { T, A, Text }k(B,A) );
+ }
+ role B
+ {
+ var T: Nonce;
+ var Text: Ticket;
+
+ recv_!3(A,B, { T, B, Text }k(A,B) );
+ send_!4(B,A, { T, B, Text }k(B,A) );
+ }
+}
+
+protocol isoiec-9798-2-3(A,B)
+{
+ role A
+ {
+ fresh TNA: Nonce;
+ var TNB: Nonce;
+ fresh Text1,Text2: Ticket;
+ var Text3,Text4: Ticket;
+
+ claim(A,Running,B,TNA,Text1);
+ send_1(A,B, Text2, { TNA, B, Text1 }k(A,B) );
+ recv_2(B,A, Text4, { TNB, A, Text3 }k(A,B) );
+
+ claim(A,Commit,B,TNB,Text3);
+ claim(A,Alive);
+ claim(A,Weakagree);
+ }
+ role B
+ {
+ var TNA: Nonce;
+ fresh TNB: Nonce;
+ var Text1,Text2: Ticket;
+ fresh Text3,Text4: Ticket;
+
+ recv_1(A,B, Text2, { TNA, B, Text1 }k(A,B) );
+ claim(B,Running,A,TNB,Text3);
+ send_2(B,A, Text4, { TNB, A, Text3 }k(A,B) );
+
+ claim(B,Commit,A,TNA,Text1);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-4-udkey.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-4-udkey.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..28694defb93c3fd31861f1594363bfe4915b0243
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-4-udkey.spdl
@@ -0,0 +1,50 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * symmetric
+ * three-pass
+ * mutual
+ *
+ * Note: the identity inside the encryption may be ommitted, if
+ * (a) the environment disallows such attacks, or
+ * (b) a unidirectional key is used
+ *
+ * In case (b), modeled here, the second key is reversed.
+ */
+protocol isoiec-9798-2-4-udkey(A,B)
+{
+ role A
+ {
+ var RB: Nonce;
+ fresh RA: Nonce;
+ var Text1,Text4,Text5: Ticket;
+ fresh Text2,Text3: Ticket;
+
+ recv_1(B,A, RB,Text1 );
+ claim(A,Running,B,RA,RB,Text2);
+ send_2(A,B, Text3, { RA, RB, Text2 }k(A,B) );
+ recv_3(B,A, Text5, { RB, RA, Text4 }k(B,A) );
+
+ claim(A,Commit,B,RA,RB,Text2,Text4);
+ claim(A,Alive);
+ claim(A,Weakagree);
+ }
+ role B
+ {
+ fresh RB: Nonce;
+ var RA: Nonce;
+ fresh Text1,Text4,Text5: Ticket;
+ var Text2,Text3: Ticket;
+
+ send_1(B,A, RB,Text1 );
+ recv_2(A,B, Text3, { RA, RB, Text2 }k(A,B) );
+ claim(B,Running,A,RA,RB,Text2,Text4);
+ send_3(B,A, Text5, { RB, RA, Text4 }k(B,A) );
+
+ claim(B,Commit,A,RA,RB,Text2);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-4.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-4.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..5d709c061df7f53209dc15892d37b5b35465ac8e
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-4.spdl
@@ -0,0 +1,88 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * symmetric
+ * three-pass
+ * mutual
+ *
+ * Note: the identity inside the encryption may be ommitted, if
+ * (a) the environment disallows such attacks, or
+ * (b) a unidirectional key is used
+ */
+protocol @keysymm-24a(A,B)
+{
+ role A
+ {
+ var T1,T2: Nonce;
+ var Text: Ticket;
+
+ recv_!1(B,A, { T1, T2, A, Text }k(A,B) );
+ send_!2(A,B, { T1, T2, A, Text }k(B,A) );
+ }
+ role B
+ {
+ var T1,T2: Nonce;
+ var Text: Ticket;
+
+ recv_!3(A,B, { T1, T2, B, Text }k(A,B) );
+ send_!4(B,A, { T1, T2, B, Text }k(B,A) );
+ }
+}
+
+protocol @keysymm-24b(A,B)
+{
+ role A
+ {
+ var T1,T2: Nonce;
+ var Text: Ticket;
+
+ recv_!1(B,A, { T1, T2, Text }k(A,B) );
+ send_!2(A,B, { T1, T2, Text }k(B,A) );
+ }
+ role B
+ {
+ var T1,T2: Nonce;
+ var Text: Ticket;
+
+ recv_!3(A,B, { T1, T2, Text }k(A,B) );
+ send_!4(B,A, { T1, T2, Text }k(B,A) );
+ }
+}
+
+protocol isoiec-9798-2-4(A,B)
+{
+ role A
+ {
+ var RB: Nonce;
+ fresh RA: Nonce;
+ var Text1,Text4,Text5: Ticket;
+ fresh Text2,Text3: Ticket;
+
+ recv_1(B,A, RB,Text1 );
+ claim(A,Running,B,RA,RB,Text2);
+ send_2(A,B, Text3, { RA, RB, B, Text2 }k(A,B) );
+ recv_3(B,A, Text5, { RB, RA, Text4 }k(A,B) );
+
+ claim(A,Commit,B,RA,RB,Text2,Text4);
+ claim(A,Alive);
+ claim(A,Weakagree);
+ }
+ role B
+ {
+ fresh RB: Nonce;
+ var RA: Nonce;
+ fresh Text1,Text4,Text5: Ticket;
+ var Text2,Text3: Ticket;
+
+ send_1(B,A, RB,Text1 );
+ recv_2(A,B, Text3, { RA, RB, B, Text2 }k(A,B) );
+ claim(B,Running,A,RA,RB,Text2,Text4);
+ send_3(B,A, Text5, { RB, RA, Text4 }k(A,B) );
+
+ claim(B,Commit,A,RA,RB,Text2);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-5.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-5.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..7a98c0de840abd28d69c3c584107b0b41a3ffd07
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-5.spdl
@@ -0,0 +1,93 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * symmetric
+ * ttp
+ * four-pass
+ * mutual
+ *
+ * Modeling notes:
+ * - The use of TNb in message 4, as specified by the ISO standard, is
+ * different from other models, in which it was TNa.
+ */
+usertype SessionKey;
+
+protocol isoiec-9798-2-5(A,B,P)
+{
+ role A
+ {
+ fresh TVPa: Nonce;
+ var T: Ticket;
+ fresh TNa: Nonce;
+ var TNb: Nonce;
+ var Kab: SessionKey;
+ fresh Text1,Text5,Text6: Ticket;
+ var Text3,Text4,Text7,Text8: Ticket;
+
+ send_1(A,P, TVPa, B, Text1);
+ recv_2(P,A, Text4, { TVPa, Kab, B, Text3 }k(A,P), T );
+ claim(A,Running,B,Kab,Text5);
+ send_3(A,B, Text6, T, { TNa, B, Text5 }Kab );
+ recv_4(B,A, Text8, { TNb, A, Text7 }Kab );
+
+ claim(A,Commit,B,Kab,Text5,Text7);
+ claim(A,Secret,Kab);
+ claim(A,Secret,Text5);
+ claim(A,Secret,Text7);
+ claim(A,Alive);
+ claim(A,Weakagree);
+ }
+ role B
+ {
+ var TNp: Nonce;
+ var TNa: Nonce;
+ fresh TNb: Nonce;
+ var Kab: SessionKey;
+ fresh Text7,Text8: Ticket;
+ var Text2,Text5,Text6: Ticket;
+
+ recv_3(A,B, Text6, { TNp, Kab, A, Text2 }k(B,P), { TNa, B, Text5 }Kab );
+ claim(B,Running,A,Kab,Text5,Text7);
+ send_4(B,A, Text8, { TNb, A, Text7 }Kab );
+
+ claim(B,Commit,A,Kab,Text5);
+ claim(B,Secret,Kab);
+ claim(B,Secret,Text5);
+ claim(B,Secret,Text7);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+ role P
+ {
+ var TVPa: Nonce;
+ fresh TNp: Nonce;
+ fresh Kab: SessionKey;
+ fresh Text2,Text3,Text4: Ticket;
+ var Text1: Ticket;
+
+ recv_1(A,P, TVPa, B, Text1);
+ send_2(P,A, Text4, { TVPa, Kab, B, Text3 }k(A,P),
+ { TNp, Kab, A, Text2 }k(B,P) );
+ }
+}
+
+protocol @keysymm25(A,B,P)
+{
+ role A
+ {
+ var TVPN: Nonce;
+ var Kab: SessionKey;
+ var Text: Ticket;
+
+ recv_!1(B,A, { TVPN, Kab, B, Text }k(P,A) );
+ send_!2(A,B, { TVPN, Kab, B, Text }k(A,P) );
+ }
+ role B
+ {
+ }
+ role P
+ {
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-6.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-6.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..703885b8a4968e96bfb53f35945f4300a83a7686
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-2-6.spdl
@@ -0,0 +1,90 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * symmetric
+ * ttp
+ * five-pass
+ * mutual
+ *
+ * MPA Attack reported by Mathuria:
+ * - Type flaw MPA when in parallel with Abadi-Needham protocol.
+ *
+ */
+protocol isoiec-9798-2-6(A,B,P)
+{
+ role A
+ {
+ var Rb: Nonce;
+ fresh Ra,Rpa: Nonce;
+ var Kab: SessionKey;
+ var T: Ticket;
+ fresh Text2,Text6,Text7: Ticket;
+ var Text1,Text4,Text5,Text8,Text9: Ticket;
+
+ recv_1(B,A, Rb, Text1);
+ send_2(A,P, Ra, Rb, B, Text2);
+ recv_3(P,A, Text5, {Ra,Kab,B,Text4}k(A,P), T );
+ claim(A,Running,B,Kab,Text6);
+ send_4(A,B, Text7, T, {Rpa,Rb,Text6}Kab );
+ recv_5(B,A, Text9, {Rb,Rpa,Text8}Kab );
+
+ claim(A,Commit,B,Kab,Text6,Text8);
+ claim(A,Secret,Kab);
+ claim(A,Secret,Text6);
+ claim(A,Secret,Text8);
+ claim(A,Alive);
+ claim(A,Weakagree);
+ }
+ role B
+ {
+ fresh Rb: Nonce;
+ var Rpa: Nonce;
+ var Kab: SessionKey;
+ fresh Text1,Text8,Text9: Ticket;
+ var Text3,Text6,Text7: Ticket;
+
+ send_1(B,A, Rb, Text1);
+ recv_4(A,B, Text7, {Rb,Kab,A,Text3}k(B,P), {Rpa,Rb,Text6}Kab );
+ claim(B,Running,A,Kab,Text6,Text8);
+ send_5(B,A, Text9, {Rb,Rpa,Text8}Kab );
+
+ claim(B,Commit,A,Kab,Text6);
+ claim(B,Secret,Kab);
+ claim(B,Secret,Text6);
+ claim(B,Secret,Text8);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+ role P
+ {
+ var Ra, Rb: Nonce;
+ fresh Kab: SessionKey;
+ fresh Text3,Text4,Text5: Ticket;
+ var Text2: Ticket;
+
+ recv_2(A,P, Ra, Rb, B, Text2);
+ send_3(P,A, Text5, {Ra,Kab,B,Text4}k(A,P),
+ {Rb,Kab,A,Text3}k(B,P) );
+ }
+}
+
+protocol @keysymm26(A,B,P)
+{
+ role A
+ {
+ var TVPN: Nonce;
+ var Kab: SessionKey;
+ var Text: Ticket;
+
+ recv_!1(B,A, { TVPN, Kab, B, Text }k(P,A) );
+ send_!2(A,B, { TVPN, Kab, B, Text }k(A,P) );
+ }
+ role B
+ {
+ }
+ role P
+ {
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-1.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-1.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..42b5667f3b18e9856a9f5be80ff7757794202deb
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-1.spdl
@@ -0,0 +1,33 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * signature
+ * one-pass
+ * unilateral
+ */
+const Cert: Function;
+
+protocol isoiec-9798-3-1(A,B)
+{
+ role A
+ {
+ fresh TNA: Nonce;
+ fresh Text1,Text2: Ticket;
+
+ claim(A,Running,B,TNA,Text1);
+ send_1(A,B, Cert(A),TNA,B,Text2, { TNA, B, Text1 }sk(A) );
+ }
+ role B
+ {
+ var TNA: Nonce;
+ var Text1,Text2: Ticket;
+
+ recv_1(A,B, Cert(A),TNA,B,Text2, { TNA, B, Text1 }sk(A) );
+
+ claim(B,Commit,A,TNA,Text1);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-2.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..97f5c681b0c17c18e7bee5aa6db61799b0a2cb57
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-2.spdl
@@ -0,0 +1,39 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * signature
+ * two-pass
+ * unilateral
+ */
+const Cert: Function;
+
+protocol isoiec-9798-3-2(A,B)
+{
+ role A
+ {
+ var Rb: Nonce;
+ fresh Ra: Nonce;
+ var Text1: Ticket;
+ fresh Text2,Text3: Ticket;
+
+ recv_1(B,A, Rb,Text1 );
+ claim(A,Running,B,Ra,Rb,Text2);
+ send_2(A,B, Cert(A),Ra,Rb,B,Text3, { Ra, Rb, B, Text2 }sk(A) );
+ }
+ role B
+ {
+ fresh Rb: Nonce;
+ var Ra: Nonce;
+ fresh Text1: Ticket;
+ var Text2,Text3: Ticket;
+
+ send_1(B,A, Rb,Text1 );
+ recv_2(A,B, Cert(A),Ra,Rb,B,Text3, { Ra, Rb, B, Text2 }sk(A) );
+
+ claim(B,Commit,A,Ra,Rb,Text2);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-3.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-3.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..ca1d944b376fa3c23e2bc98495fb8d7aa30d1add
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-3.spdl
@@ -0,0 +1,44 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * signature
+ * two-pass
+ * mutual
+ */
+const Cert: Function;
+
+protocol isoiec-9798-3-3(A,B)
+{
+ role A
+ {
+ fresh TNA: Nonce;
+ var TNB: Nonce;
+ fresh Text1,Text2: Ticket;
+ var Text3,Text4: Ticket;
+
+ claim(A,Running,B,TNA,Text1);
+ send_1(A,B, Cert(A), TNA, B,Text2, { TNA, B, Text1 }sk(A) );
+ recv_2(B,A, Cert(B), TNB, A,Text4, { TNB, A, Text3 }sk(B) );
+
+ claim(A,Commit,B,TNB,Text3);
+ claim(A,Alive);
+ claim(A,Weakagree);
+ }
+ role B
+ {
+ var TNA: Nonce;
+ fresh TNB: Nonce;
+ var Text1,Text2: Ticket;
+ fresh Text3,Text4: Ticket;
+
+ recv_1(A,B, Cert(A), TNA, B,Text2, { TNA, B, Text1 }sk(A) );
+ claim(B,Running,A,TNB,Text3);
+ send_2(B,A, Cert(B), TNB, A,Text4, { TNB, A, Text3 }sk(B) );
+
+ claim(B,Commit,A,TNA,Text1);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-4.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-4.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..f8bfbbcac3a3e930dd00265356ceb4b845d0b183
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-4.spdl
@@ -0,0 +1,46 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * signature
+ * three-pass
+ * mutual
+ */
+const Cert: Function;
+
+protocol isoiec-9798-3-4(A,B)
+{
+ role A
+ {
+ var RB: Nonce;
+ fresh RA: Nonce;
+ var Text1,Text4,Text5: Ticket;
+ fresh Text2,Text3: Ticket;
+
+ recv_1(B,A, RB,Text1 );
+ claim(A,Running,B,RA,RB,Text2);
+ send_2(A,B, Cert(B), RA,RB,B,Text3, { RA, RB, B, Text2 }sk(A) );
+ recv_3(B,A, Cert(A), RB,RA,A,Text5, { RB, RA, A, Text4 }sk(B) );
+
+ claim(A,Commit,B,RA,RB,Text2,Text4);
+ claim(A,Alive);
+ claim(A,Weakagree);
+ }
+ role B
+ {
+ fresh RB: Nonce;
+ var RA: Nonce;
+ fresh Text1,Text4,Text5: Ticket;
+ var Text2,Text3: Ticket;
+
+ send_1(B,A, RB,Text1 );
+ recv_2(A,B, Cert(B), RA,RB,B,Text3, { RA, RB, B, Text2 }sk(A) );
+ claim(B,Running,A,RA,RB,Text2,Text4);
+ send_3(B,A, Cert(A), RB,RA,A,Text5, { RB, RA, A, Text4 }sk(B) );
+
+ claim(B,Commit,A,RA,RB,Text2);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-5.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-5.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..237e56f920e146e3c9775b3056a50bc2049ab138
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-5.spdl
@@ -0,0 +1,49 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * signature
+ * two-pass
+ * mutual
+ * parallel
+ */
+const Cert: Function;
+
+protocol isoiec-9798-3-5(A,B)
+{
+ role A
+ {
+ fresh RA: Nonce;
+ var RB: Nonce;
+ fresh Text1,Text3,Text4: Ticket;
+ var Text2,Text5,Text6: Ticket;
+
+ send_1(A,B, Cert(A), RA,Text1 );
+ recv_2(B,A, Cert(B), RB,Text2 );
+ recv_3(B,A, RB,RA,A,Text6, { RB, RA, A, Text5 }sk(B) );
+ claim(A,Running,B,RA,RB,Text3,Text5);
+ send_4(A,B, RA,RB,B,Text4, { RA, RB, B, Text3 }sk(A) );
+
+ claim(A,Commit,B,RA,RB,Text5);
+ claim(A,Alive);
+ claim(A,Weakagree);
+ }
+ role B
+ {
+ var RA: Nonce;
+ fresh RB: Nonce;
+ var Text1,Text3,Text4: Ticket;
+ fresh Text2,Text5,Text6: Ticket;
+
+ recv_1(A,B, Cert(A), RA,Text1 );
+ send_2(B,A, Cert(B), RB,Text2 );
+ claim(B,Running,A,RA,RB,Text5);
+ send_3(B,A, RB,RA,A,Text6, { RB, RA, A, Text5 }sk(B) );
+ recv_4(A,B, RA,RB,B,Text4, { RA, RB, B, Text3 }sk(A) );
+
+ claim(B,Commit,A,RA,RB,Text3,Text5);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-6-1.cpp b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-6-1.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..fb5b93be4200025a326d7c3f20db867266287e8f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-6-1.cpp
@@ -0,0 +1,12 @@
+#define NAME isoiec-9798-3-6-1
+#define IA A
+#define IB B
+#define ResA A,pk(A)
+#define ResB B,pk(B)
+#define TokenAB Text9,ResA,{Rb,ResA,Text5}sk(T),{Rb,Ra,B,A,Text8}sk(A)
+#define TokenBA Ra,Rb,Text3,{B,Ra,Rb,A,Text2}sk(B)
+#define TokenTA ResA,ResB,{Rpa,ResB,Text6}sk(T),{Rb,ResA,Text5}sk(T)
+
+#include "isoiec-9798-3-6.template"
+
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-6-1.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-6-1.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..51545a6a2d82871366e77c3f4aa53321c8f76978
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-6-1.spdl
@@ -0,0 +1,69 @@
+
+
+/*
+ * Modeled from ISO standard
+ *
+ * signature
+ * ttp
+ * five-pass
+ * mutual
+ *
+ * A initiates and also communicates with T
+ *
+ * parameters:
+ *
+ * NAME
+ * IA
+ * IB
+ * ResA
+ * ResB
+ * TokenAB
+ * TokenBA (although identical in both cases)
+ * TokenTA
+ *
+ */
+protocol isoiec-9798-3-6-1(A,B,T)
+{
+ role A
+ {
+ fresh Ra,Rpa: Nonce;
+ fresh Text1,Text4,Text8,Text9: Ticket;
+ var Rb: Nonce;
+ var Text2,Text3;
+ var Text5,Text6,Text7: Ticket;
+
+ send_1(A,B, Ra,A,Text1);
+ recv_2(B,A, B,Ra,Rb,Text3,{B,Ra,Rb,A,Text2}sk(B));
+ send_3(A,T, Rpa,Rb,A,B,Text4);
+ recv_4(T,A, Text7,A,pk(A),B,pk(B),{Rpa,B,pk(B),Text6}sk(T),{Rb,A,pk(A),Text5}sk(T));
+ claim(A,Running,B,Ra,Rb,Text8);
+ send_5(A,B, Text9,A,pk(A),{Rb,A,pk(A),Text5}sk(T),{Rb,Ra,B,A,Text8}sk(A));
+
+ claim(A,Commit,B,Ra,Rb,Text2);
+ claim(A,Alive);
+ }
+ role B
+ {
+ var Ra,Rpa: Nonce;
+ var Text1,Text5,Text8,Text9: Ticket;
+ fresh Text2,Text3,Text4: Ticket;
+ fresh Rb: Nonce;
+
+ recv_1(A,B, Ra,A,Text1);
+ claim(B,Running,A,Ra,Rb,Text2);
+ send_2(B,A, B,Ra,Rb,Text3,{B,Ra,Rb,A,Text2}sk(B));
+ recv_5(A,B, Text9,A,pk(A),{Rb,A,pk(A),Text5}sk(T),{Rb,Ra,B,A,Text8}sk(A));
+
+ claim(B,Commit,A,Ra,Rb,Text8);
+ claim(B,Alive);
+ }
+ role T
+ {
+ var Rpa, Rb: Nonce;
+ var Text4: Ticket;
+ fresh Text5,Text6,Text7: Ticket;
+
+ recv_3(A,T, Rpa,Rb,A,B,Text4);
+ send_4(T,A, Text7,A,pk(A),B,pk(B),{Rpa,B,pk(B),Text6}sk(T),{Rb,A,pk(A),Text5}sk(T));
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-6-2.cpp b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-6-2.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..d40ca51980370235268f78398760d83860d1f6f1
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-6-2.cpp
@@ -0,0 +1,12 @@
+#define NAME isoiec-9798-3-6-2
+#define IA A
+#define IB B
+#define ResA A,pk(A)
+#define ResB B,pk(B)
+#define TokenAB Rpa,Text9,TokenTA,{Rb,Ra,B,A,Text8}sk(A)
+#define TokenBA Ra,Rb,Text3,{B,Ra,Rb,A,Text2}sk(B)
+#define TokenTA ResA,ResB,{Rpa,Rb,ResA,ResB,Text5}sk(T)
+
+#include "isoiec-9798-3-6.template"
+
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-6-2.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-6-2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..3debbc7fd17759030d1d8b979db998f2a6edbc53
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-6-2.spdl
@@ -0,0 +1,69 @@
+
+
+/*
+ * Modeled from ISO standard
+ *
+ * signature
+ * ttp
+ * five-pass
+ * mutual
+ *
+ * A initiates and also communicates with T
+ *
+ * parameters:
+ *
+ * NAME
+ * IA
+ * IB
+ * ResA
+ * ResB
+ * TokenAB
+ * TokenBA (although identical in both cases)
+ * TokenTA
+ *
+ */
+protocol isoiec-9798-3-6-2(A,B,T)
+{
+ role A
+ {
+ fresh Ra,Rpa: Nonce;
+ fresh Text1,Text4,Text8,Text9: Ticket;
+ var Rb: Nonce;
+ var Text2,Text3;
+ var Text5,Text6,Text7: Ticket;
+
+ send_1(A,B, Ra,A,Text1);
+ recv_2(B,A, B,Ra,Rb,Text3,{B,Ra,Rb,A,Text2}sk(B));
+ send_3(A,T, Rpa,Rb,A,B,Text4);
+ recv_4(T,A, Text7,A,pk(A),B,pk(B),{Rpa,Rb,A,pk(A),B,pk(B),Text5}sk(T));
+ claim(A,Running,B,Ra,Rb,Text8);
+ send_5(A,B, Rpa,Text9,A,pk(A),B,pk(B),{Rpa,Rb,A,pk(A),B,pk(B),Text5}sk(T),{Rb,Ra,B,A,Text8}sk(A));
+
+ claim(A,Commit,B,Ra,Rb,Text2);
+ claim(A,Alive);
+ }
+ role B
+ {
+ var Ra,Rpa: Nonce;
+ var Text1,Text5,Text8,Text9: Ticket;
+ fresh Text2,Text3,Text4: Ticket;
+ fresh Rb: Nonce;
+
+ recv_1(A,B, Ra,A,Text1);
+ claim(B,Running,A,Ra,Rb,Text2);
+ send_2(B,A, B,Ra,Rb,Text3,{B,Ra,Rb,A,Text2}sk(B));
+ recv_5(A,B, Rpa,Text9,A,pk(A),B,pk(B),{Rpa,Rb,A,pk(A),B,pk(B),Text5}sk(T),{Rb,Ra,B,A,Text8}sk(A));
+
+ claim(B,Commit,A,Ra,Rb,Text8);
+ claim(B,Alive);
+ }
+ role T
+ {
+ var Rpa, Rb: Nonce;
+ var Text4: Ticket;
+ fresh Text5,Text6,Text7: Ticket;
+
+ recv_3(A,T, Rpa,Rb,A,B,Text4);
+ send_4(T,A, Text7,A,pk(A),B,pk(B),{Rpa,Rb,A,pk(A),B,pk(B),Text5}sk(T));
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-6.template b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-6.template
new file mode 100644
index 0000000000000000000000000000000000000000..e8b6a804b727dec57ecaf6ea614586c2d69bf471
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-6.template
@@ -0,0 +1,68 @@
+/*
+ * Modeled from ISO standard
+ *
+ * signature
+ * ttp
+ * five-pass
+ * mutual
+ *
+ * A initiates and also communicates with T
+ *
+ * parameters:
+ *
+ * NAME
+ * IA
+ * IB
+ * ResA
+ * ResB
+ * TokenAB
+ * TokenBA (although identical in both cases)
+ * TokenTA
+ *
+ */
+protocol NAME(A,B,T)
+{
+ role A
+ {
+ fresh Ra,Rpa: Nonce;
+ fresh Text1,Text4,Text8,Text9: Ticket;
+ var Rb: Nonce;
+ var Text2,Text3;
+ var Text5,Text6,Text7: Ticket;
+
+ send_1(A,B, Ra,IA,Text1);
+ recv_2(B,A, IB,TokenBA);
+ send_3(A,T, Rpa,Rb,IA,IB,Text4);
+ recv_4(T,A, Text7,TokenTA);
+ claim(A,Running,B,Ra,Rb,Text8);
+ send_5(A,B, TokenAB);
+
+ claim(A,Commit,B,Ra,Rb,Text2);
+ claim(A,Alive);
+ }
+ role B
+ {
+ var Ra,Rpa: Nonce;
+ var Text1,Text5,Text8,Text9: Ticket;
+ fresh Text2,Text3,Text4: Ticket;
+ fresh Rb: Nonce;
+
+ recv_1(A,B, Ra,IA,Text1);
+ claim(B,Running,A,Ra,Rb,Text2);
+ send_2(B,A, IB,TokenBA);
+ recv_5(A,B, TokenAB);
+
+ claim(B,Commit,A,Ra,Rb,Text8);
+ claim(B,Alive);
+ }
+ role T
+ {
+ var Rpa, Rb: Nonce;
+ var Text4: Ticket;
+ fresh Text5,Text6,Text7: Ticket;
+
+ recv_3(A,T, Rpa,Rb,IA,IB,Text4);
+ send_4(T,A, Text7,TokenTA);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-7-1.cpp b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-7-1.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..fd972110f8218f012f6cd23fb5e2828d80a4298e
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-7-1.cpp
@@ -0,0 +1,12 @@
+#define NAME isoiec-9798-3-7-1
+#define IA A
+#define IB B
+#define ResA A,pk(A)
+#define ResB B,pk(B)
+#define TokenAB Text7,Ra,ResA,{Rb,ResA,Text3}sk(T),{Rb,Ra,B,A,Text6}sk(A)
+#define TokenBA Ra,Rb,Text9,{A,Ra,Rb,B,Text8}sk(B)
+#define TokenTA ResA,ResB,{Rpa,ResB,Text4}sk(T),{Rb,ResA,Text3}sk(T)
+
+#include "isoiec-9798-3-7.template"
+
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-7-1.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-7-1.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..516ceb00e1ef7ad22b45be7c8f9f460e07abc074
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-7-1.spdl
@@ -0,0 +1,66 @@
+/*
+ * Modeled from ISO standard
+ *
+ * signature
+ * ttp
+ * five-pass
+ * mutual
+ *
+ * B initiates and A communicates with T
+ *
+ * parameters:
+ *
+ * NAME
+ * IA
+ * IB
+ * ResA
+ * ResB
+ * TokenAB
+ * TokenBA (although identical in both cases)
+ * TokenTA
+ *
+ */
+protocol isoiec-9798-3-7-1(A,B,T)
+{
+ role A
+ {
+ fresh Ra,Rpa: Nonce;
+ var Rb: Nonce;
+ var Text1,Text3,Text4,Text5,Text8,Text9: Ticket;
+ fresh Text2,Text6,Text7: Ticket;
+
+ recv_1(B,A, Rb,B,Text1 );
+ send_2(A,T, Rpa,Rb,A,Text2 );
+ recv_3(T,A, Text5, A,pk(A),B,pk(B),{Rpa,B,pk(B),Text4}sk(T),{Rb,A,pk(A),Text3}sk(T) );
+ claim(A,Running,B,Ra,Rb,Text6);
+ send_4(A,B, A, Text7,Ra,A,pk(A),{Rb,A,pk(A),Text3}sk(T),{Rb,Ra,B,A,Text6}sk(A) );
+ recv_5(B,A, Ra,Rb,Text9,{A,Ra,Rb,B,Text8}sk(B) );
+
+ claim(A,Commit,B,Ra,Rb,Text8);
+ claim(A,Alive);
+ }
+ role B
+ {
+ fresh Text1,Text8,Text9: Ticket;
+ fresh Rb: Nonce;
+ var Text3,Text4,Text6,Text7: Ticket;
+ var Ra,Rpa: Nonce;
+
+ send_1(B,A, Rb,B,Text1 );
+ recv_4(A,B, A, Text7,Ra,A,pk(A),{Rb,A,pk(A),Text3}sk(T),{Rb,Ra,B,A,Text6}sk(A) );
+ claim(B,Running,A,Ra,Rb,Text8);
+ send_5(B,A, Ra,Rb,Text9,{A,Ra,Rb,B,Text8}sk(B) );
+
+ claim(B,Commit,A,Ra,Rb,Text6);
+ claim(B,Alive);
+ }
+ role T
+ {
+ var Rpa,Rb: Nonce;
+ var Text2: Ticket;
+ fresh Text3,Text4,Text5: Ticket;
+
+ recv_2(A,T, Rpa,Rb,A,Text2 );
+ send_3(T,A, Text5, A,pk(A),B,pk(B),{Rpa,B,pk(B),Text4}sk(T),{Rb,A,pk(A),Text3}sk(T) );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-7-2.cpp b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-7-2.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..6ca070bdaa11d7185470697aef4c5a6cbc9a2f26
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-7-2.cpp
@@ -0,0 +1,12 @@
+#define NAME isoiec-9798-3-7-2
+#define IA A
+#define IB B
+#define ResA A,pk(A)
+#define ResB B,pk(B)
+#define TokenAB Rpa,Text7,TokenTA,{Rb,Ra,B,A,Text6}sk(A)
+#define TokenBA Ra,Rb,Text9,{Ra,Rb,A,B,Text8}sk(B)
+#define TokenTA ResA,ResB,{Rpa,Rb,ResA,ResB,Text3}sk(T)
+
+#include "isoiec-9798-3-7.template"
+
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-7-2.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-7-2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..98ce4247bb5c01287a5db9c7b7bf153bb7483552
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-7-2.spdl
@@ -0,0 +1,68 @@
+
+
+/*
+ * Modeled from ISO standard
+ *
+ * signature
+ * ttp
+ * five-pass
+ * mutual
+ *
+ * B initiates and A communicates with T
+ *
+ * parameters:
+ *
+ * NAME
+ * IA
+ * IB
+ * ResA
+ * ResB
+ * TokenAB
+ * TokenBA (although identical in both cases)
+ * TokenTA
+ *
+ */
+protocol isoiec-9798-3-7-2(A,B,T)
+{
+ role A
+ {
+ fresh Ra,Rpa: Nonce;
+ var Rb: Nonce;
+ var Text1,Text3,Text4,Text5,Text8,Text9: Ticket;
+ fresh Text2,Text6,Text7: Ticket;
+
+ recv_1(B,A, Rb,B,Text1 );
+ send_2(A,T, Rpa,Rb,A,Text2 );
+ recv_3(T,A, Text5, A,pk(A),B,pk(B),{Rpa,Rb,A,pk(A),B,pk(B),Text3}sk(T) );
+ claim(A,Running,B,Ra,Rb,Text6);
+ send_4(A,B, A, Rpa,Text7,A,pk(A),B,pk(B),{Rpa,Rb,A,pk(A),B,pk(B),Text3}sk(T),{Rb,Ra,B,A,Text6}sk(A) );
+ recv_5(B,A, Ra,Rb,Text9,{Ra,Rb,A,B,Text8}sk(B) );
+
+ claim(A,Commit,B,Ra,Rb,Text8);
+ claim(A,Alive);
+ }
+ role B
+ {
+ fresh Text1,Text8,Text9: Ticket;
+ fresh Rb: Nonce;
+ var Text3,Text4,Text6,Text7: Ticket;
+ var Ra,Rpa: Nonce;
+
+ send_1(B,A, Rb,B,Text1 );
+ recv_4(A,B, A, Rpa,Text7,A,pk(A),B,pk(B),{Rpa,Rb,A,pk(A),B,pk(B),Text3}sk(T),{Rb,Ra,B,A,Text6}sk(A) );
+ claim(B,Running,A,Ra,Rb,Text8);
+ send_5(B,A, Ra,Rb,Text9,{Ra,Rb,A,B,Text8}sk(B) );
+
+ claim(B,Commit,A,Ra,Rb,Text6);
+ claim(B,Alive);
+ }
+ role T
+ {
+ var Rpa,Rb: Nonce;
+ var Text2: Ticket;
+ fresh Text3,Text4,Text5: Ticket;
+
+ recv_2(A,T, Rpa,Rb,A,Text2 );
+ send_3(T,A, Text5, A,pk(A),B,pk(B),{Rpa,Rb,A,pk(A),B,pk(B),Text3}sk(T) );
+ }
+}
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-7.template b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-7.template
new file mode 100644
index 0000000000000000000000000000000000000000..8d9491a381ec0922f6d3529623f344c73a931648
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-3-7.template
@@ -0,0 +1,67 @@
+/*
+ * Modeled from ISO standard
+ *
+ * signature
+ * ttp
+ * five-pass
+ * mutual
+ *
+ * B initiates and A communicates with T
+ *
+ * parameters:
+ *
+ * NAME
+ * IA
+ * IB
+ * ResA
+ * ResB
+ * TokenAB
+ * TokenBA (although identical in both cases)
+ * TokenTA
+ *
+ */
+protocol NAME(A,B,T)
+{
+ role A
+ {
+ fresh Ra,Rpa: Nonce;
+ var Rb: Nonce;
+ var Text1,Text3,Text4,Text5,Text8,Text9: Ticket;
+ fresh Text2,Text6,Text7: Ticket;
+
+ recv_1(B,A, Rb,IB,Text1 );
+ send_2(A,T, Rpa,Rb,IA,Text2 );
+ recv_3(T,A, Text5, TokenTA );
+ claim(A,Running,B,Ra,Rb,Text6);
+ send_4(A,B, IA, TokenAB );
+ recv_5(B,A, TokenBA );
+
+ claim(A,Commit,B,Ra,Rb,Text8);
+ claim(A,Alive);
+ }
+ role B
+ {
+ fresh Text1,Text8,Text9: Ticket;
+ fresh Rb: Nonce;
+ var Text3,Text4,Text6,Text7: Ticket;
+ var Ra,Rpa: Nonce;
+
+ send_1(B,A, Rb,IB,Text1 );
+ recv_4(A,B, IA, TokenAB );
+ claim(B,Running,A,Ra,Rb,Text8);
+ send_5(B,A, TokenBA );
+
+ claim(B,Commit,A,Ra,Rb,Text6);
+ claim(B,Alive);
+ }
+ role T
+ {
+ var Rpa,Rb: Nonce;
+ var Text2: Ticket;
+ fresh Text3,Text4,Text5: Ticket;
+
+ recv_2(A,T, Rpa,Rb,IA,Text2 );
+ send_3(T,A, Text5, TokenTA );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-1-udkey.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-1-udkey.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..6a955d0d55fb3ca924c900b62931b9b71b2cda33
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-1-udkey.spdl
@@ -0,0 +1,39 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * ccf
+ * one-pass
+ * unilateral
+ *
+ * Unidirectional key version.
+ *
+ * Modeling notes:
+ *
+ * - The keyed CCF (f_kab(x)) is modeled as f(x,kab)
+ */
+hashfunction f;
+
+protocol isoiec-9798-4-1-udkey(A,B)
+{
+ role A
+ {
+ fresh Text1,Text2: Ticket;
+ fresh TNA: Nonce;
+
+ claim(A,Running,B,TNA,Text1);
+ send_1(A,B, TNA, Text2, f( TNA, Text1 ,k(A,B) ) );
+ }
+ role B
+ {
+ var TNA: Nonce;
+ var Text1,Text2: Ticket;
+
+ recv_1(A,B, TNA, Text2, f( TNA, Text1 ,k(A,B) ) );
+
+ claim(B,Commit,A,TNA,Text1);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-1.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-1.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..f3a5b95b3e27334c1d4ffaf166d30bd56247ede0
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-1.spdl
@@ -0,0 +1,58 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010, Feb. 2011.
+ *
+ * History:
+ *
+ * - v2.0, Feb. 2011:
+ * Added key symmetry emulation protocol.
+ *
+ * ccf
+ * one-pass
+ * unilateral
+ *
+ * The identifier B is optional and may be omitted if the key is unidirectional.
+ *
+ * Modeling notes:
+ *
+ * - The keyed CCF (f_kab(x)) is modeled as f(x,kab)
+ */
+hashfunction f;
+
+protocol @keysymm-41(A,B)
+{
+ role A
+ {
+ var X,Y,Z: Ticket;
+
+ recv_!1(B,A, f(X,Y,Z, k(A,B) ) );
+ send_!2(A,B, f(X,Y,Z, k(B,A) ) );
+ }
+ role B
+ {
+ }
+}
+
+protocol isoiec-9798-4-1(A,B)
+{
+ role A
+ {
+ fresh Text1,Text2: Ticket;
+ fresh TNA: Nonce;
+
+ claim(A,Running,B,TNA,Text1);
+ send_1(A,B, TNA, Text2, f( TNA, B, Text1 ,k(A,B) ) );
+ }
+ role B
+ {
+ var TNA: Nonce;
+ var Text1,Text2: Ticket;
+
+ recv_1(A,B, TNA, Text2, f( TNA, B, Text1 ,k(A,B) ) );
+
+ claim(B,Commit,A,TNA,Text1);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-2-udkey.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-2-udkey.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..c1e292f6eff5c704029199aba97a41f578b8fdfb
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-2-udkey.spdl
@@ -0,0 +1,43 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * ccf
+ * unilateral
+ * two-pass
+ *
+ * Unidirectional key version.
+ *
+ * Modeling notes:
+ *
+ * - The keyed CCF (f_kab(x)) is modeled as f(x,kab)
+ */
+hashfunction f;
+
+protocol isoiec-9798-4-2-udkey(A,B)
+{
+ role A
+ {
+ var Rb: Nonce;
+ var Text1: Ticket;
+ fresh Text2,Text3: Ticket;
+
+ recv_1(B,A, Rb,Text1 );
+ claim(A,Running,B,Rb,Text2);
+ send_2(A,B, Text3, f( Rb, Text2, k(A,B)) );
+ }
+ role B
+ {
+ fresh Rb: Nonce;
+ fresh Text1: Ticket;
+ var Text2,Text3: Ticket;
+
+ send_1(B,A, Rb,Text1 );
+ recv_2(A,B, Text3, f( Rb, Text2, k(A,B)) );
+
+ claim(B,Commit,A,Rb,Text2);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-2.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..d2bd4a93c494e5ac4d36f93348563cefa17adf2e
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-2.spdl
@@ -0,0 +1,62 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010, Feb. 2011.
+ *
+ * History:
+ *
+ * - v2.0, Feb. 2011:
+ * Added key symmetry emulation protocol.
+ *
+ * ccf
+ * unilateral
+ * two-pass
+ *
+ * The identifier B is optional and may be omitted if the key is unidirectional.
+ *
+ * Modeling notes:
+ *
+ * - The keyed CCF (f_kab(x)) is modeled as f(x,kab)
+ */
+hashfunction f;
+
+protocol @keysymm-42(A,B)
+{
+ role A
+ {
+ var X,Y,Z: Ticket;
+
+ recv_!1(B,A, f(X,Y,Z, k(A,B) ) );
+ send_!2(A,B, f(X,Y,Z, k(B,A) ) );
+ }
+ role B
+ {
+ }
+}
+
+protocol isoiec-9798-4-2(A,B)
+{
+ role A
+ {
+ var Rb: Nonce;
+ var Text1: Ticket;
+ fresh Text2,Text3: Ticket;
+
+ recv_1(B,A, Rb,Text1 );
+ claim(A,Running,B,Rb,Text2);
+ send_2(A,B, Text3, f( Rb, B, Text2, k(A,B)) );
+ }
+ role B
+ {
+ fresh Rb: Nonce;
+ fresh Text1: Ticket;
+ var Text2,Text3: Ticket;
+
+ send_1(B,A, Rb,Text1 );
+ recv_2(A,B, Text3, f( Rb, B, Text2, k(A,B)) );
+
+ claim(B,Commit,A,Rb,Text2);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-3-udkey.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-3-udkey.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..4371591eefddf4852ce453e3f3d229728744baa9
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-3-udkey.spdl
@@ -0,0 +1,50 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * ccf
+ * two-pass
+ * mutual
+ *
+ * Unidirectional key version.
+ *
+ * Modeling notes:
+ *
+ * - The keyed CCF (f_kab(x)) is modeled as f(x,kab)
+ */
+hashfunction f;
+
+protocol isoiec-9798-4-3-udkey(A,B)
+{
+ role A
+ {
+ fresh Text1,Text2: Ticket;
+ var Text3,Text4: Ticket;
+ fresh TNa: Nonce;
+ var TNb: Nonce;
+
+ claim(A,Running,B,TNa,Text1);
+ send_1(A,B, TNa, Text2, f(TNa,Text1, k(A,B) ) );
+ recv_2(B,A, TNb, Text4, f(TNb,Text3, k(B,A) ) );
+
+ claim(A,Commit,B,TNb,Text3);
+ claim(A,Alive);
+ claim(A,Weakagree);
+ }
+ role B
+ {
+ var TNa: Nonce;
+ fresh TNb: Nonce;
+ var Text1,Text2: Ticket;
+ fresh Text3,Text4: Ticket;
+
+ recv_1(A,B, TNa, Text2, f(TNa,Text1, k(A,B) ) );
+ claim(B,Running,A,TNb,Text3);
+ send_2(B,A, TNb, Text4, f(TNb,Text3, k(B,A) ) );
+
+ claim(B,Commit,A,TNa,Text1);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-3.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-3.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..a5902e2a24b9f34bb18dcd5e316986d3bada1846
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-3.spdl
@@ -0,0 +1,69 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010, Feb. 2011.
+ *
+ * History:
+ *
+ * - v2.0, Feb. 2011:
+ * Added key symmetry emulation protocol.
+ *
+ * ccf
+ * two-pass
+ * mutual
+ *
+ * The identifiers B,A are optional and may be (independently) be omitted if the key is unidirectional.
+ *
+ * Modeling notes:
+ *
+ * - The keyed CCF (f_kab(x)) is modeled as f(x,kab)
+ */
+hashfunction f;
+
+protocol @keysymm-43(A,B)
+{
+ role A
+ {
+ var X,Y,Z: Ticket;
+
+ recv_!1(B,A, f(X,Y,Z, k(A,B) ) );
+ send_!2(A,B, f(X,Y,Z, k(B,A) ) );
+ }
+ role B
+ {
+ }
+}
+
+protocol isoiec-9798-4-3(A,B)
+{
+ role A
+ {
+ fresh Text1,Text2: Ticket;
+ var Text3,Text4: Ticket;
+ fresh TNa: Nonce;
+ var TNb: Nonce;
+
+ claim(A,Running,B,TNa,Text1);
+ send_1(A,B, TNa, Text2, f(TNa,B,Text1, k(A,B) ) );
+ recv_2(B,A, TNb, Text4, f(TNb,A,Text3, k(A,B) ) );
+
+ claim(A,Commit,B,TNb,Text3);
+ claim(A,Alive);
+ claim(A,Weakagree);
+ }
+ role B
+ {
+ var TNa: Nonce;
+ fresh TNb: Nonce;
+ var Text1,Text2: Ticket;
+ fresh Text3,Text4: Ticket;
+
+ recv_1(A,B, TNa, Text2, f(TNa,B,Text1, k(A,B) ) );
+ claim(B,Running,A,TNb,Text3);
+ send_2(B,A, TNb, Text4, f(TNb,A,Text3, k(A,B) ) );
+
+ claim(B,Commit,A,TNa,Text1);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-4-udkey.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-4-udkey.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..27e546651f7b519ecb60f7f0fdf514cc14a5071e
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-4-udkey.spdl
@@ -0,0 +1,52 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010
+ *
+ * ccf
+ * mutual
+ * three-pass
+ *
+ * Unidirectional key version.
+ *
+ * Modeling notes:
+ *
+ * - The keyed CCF (f_kab(x)) is modeled as f(x,kab)
+ */
+hashfunction f;
+
+protocol isoiec-9798-4-4-udkey(A,B)
+{
+ role A
+ {
+ fresh Ra: Nonce;
+ var Rb: Nonce;
+ var Text1,Text4,Text5: Ticket;
+ fresh Text2,Text3: Ticket;
+
+ recv_1(B,A, Rb, Text1 );
+ claim(A,Running,B,Ra,Rb,Text2);
+ send_2(A,B, Ra, Text3, f(Ra,Rb,Text2, k(A,B) ) );
+ recv_3(B,A, Text5, f(Rb,Ra,Text4, k(B,A) ) );
+
+ claim(A,Commit,B,Ra,Rb,Text2,Text4);
+ claim(A,Alive);
+ claim(A,Weakagree);
+ }
+ role B
+ {
+ var Ra: Nonce;
+ fresh Rb: Nonce;
+ fresh Text1,Text4,Text5: Ticket;
+ var Text2,Text3: Ticket;
+
+ send_1(B,A, Rb, Text1 );
+ recv_2(A,B, Ra, Text3, f(Ra,Rb,Text2, k(A,B) ) );
+ claim(B,Running,A,Ra,Rb,Text2,Text4);
+ send_3(B,A, Text5, f(Rb,Ra,Text4, k(B,A) ) );
+
+ claim(B,Commit,A,Ra,Rb,Text2);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-4.spdl b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-4.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..f7963694798d8aef65d93b19ef92bdcb668231fe
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ISO-9798/isoiec-9798-4-4.spdl
@@ -0,0 +1,75 @@
+/*
+ * Modeled from ISO/IEC 9798
+ * Modeler: Cas Cremers, Dec. 2010, Feb. 2011.
+ *
+ * History:
+ *
+ * - v2.0, Feb. 2011:
+ * Added key symmetry emulation protocol.
+ *
+ * ccf
+ * mutual
+ * three-pass
+ *
+ * The identifier B is optional and may be omitted if the key is unidirectional.
+ *
+ * Modeling notes:
+ *
+ * - The keyed CCF (f_kab(x)) is modeled as f(x,kab)
+ */
+hashfunction f;
+
+protocol @keysymm-44(A,B)
+{
+ role A
+ {
+ var X,Y,Z: Ticket;
+
+ recv_!1(B,A, f(X,Y,Z, k(A,B) ) );
+ send_!2(A,B, f(X,Y,Z, k(B,A) ) );
+ }
+ role B
+ {
+ var X,Y,Z,ZZ: Ticket;
+
+ recv_!3(A,B, f(X,Y,Z,ZZ, k(A,B) ) );
+ send_!4(B,A, f(X,Y,Z,ZZ, k(B,A) ) );
+ }
+}
+
+protocol isoiec-9798-4-4(A,B)
+{
+ role A
+ {
+ fresh Ra: Nonce;
+ var Rb: Nonce;
+ var Text1,Text4,Text5: Ticket;
+ fresh Text2,Text3: Ticket;
+
+ recv_1(B,A, Rb, Text1 );
+ claim(A,Running,B,Ra,Rb,Text2);
+ send_2(A,B, Ra, Text3, f(Ra,Rb,B,Text2, k(A,B) ) );
+ recv_3(B,A, Text5, f(Rb,Ra,Text4, k(A,B) ) );
+
+ claim(A,Commit,B,Ra,Rb,Text2,Text4);
+ claim(A,Alive);
+ claim(A,Weakagree);
+ }
+ role B
+ {
+ var Ra: Nonce;
+ fresh Rb: Nonce;
+ fresh Text1,Text4,Text5: Ticket;
+ var Text2,Text3: Ticket;
+
+ send_1(B,A, Rb, Text1 );
+ recv_2(A,B, Ra, Text3, f(Ra,Rb,B,Text2, k(A,B) ) );
+ claim(B,Running,A,Ra,Rb,Text2,Text4);
+ send_3(B,A, Text5, f(Rb,Ra,Text4, k(A,B) ) );
+
+ claim(B,Commit,A,Ra,Rb,Text2);
+ claim(B,Alive);
+ claim(B,Weakagree);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/BKE.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/BKE.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..8342bd6c709b316e2599862cea3b32925c7e7306
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/BKE.spdl
@@ -0,0 +1,40 @@
+/*
+ Bilateral Key Exchange with Public Key protocol (BKEPK)
+*/
+
+usertype SessionKey;
+
+hashfunction hash;
+
+protocol bke(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+ var kir: SessionKey;
+
+ send_1 (I,R, { ni,I }pk(R) );
+ recv_2 (R,I, { hash(ni),nr,R,kir }pk(I) );
+ send_3 (I,R, { hash(nr) }kir );
+ claim_4 (I, Secret, kir );
+ //claim_5 (I, Niagree );
+ //claim_6 (I, Nisynch );
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+ fresh kir: SessionKey;
+
+ recv_1 (I,R, { ni,I }pk(R) );
+ send_2 (R,I, { hash(ni),nr,R,kir }pk(I) );
+ recv_3 (I,R, { hash(nr) }kir );
+ claim_7 (R, Secret, kir );
+ //claim_8 (R, Niagree );
+ //claim_9 (R, Nisynch );
+ }
+}
+
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/andrew-ban-concrete.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/andrew-ban-concrete.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..48f52d8f450814a116b7291bdfea1475800f311f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/andrew-ban-concrete.spdl
@@ -0,0 +1,67 @@
+# BAN concrete Andrew Secure RPC
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/andrewBAN2.html
+#
+# Note:
+# The shared key between I and R is modelled as k(I,R) currently
+# there is no way to express that this key is equal to k(R,I)
+# In order to overcome this a 'dummy' role X has been hadded that recrypts
+# a given term crypted with k(I,R) with k(R,I)
+#
+# Note:
+# Recv 4 by the Initatior has been placed after the synchronisation claim
+# as it allows trivial synchronisation attacks otherwise (the message is
+# completely fresh and can therefore always be replaced by an arbitrary value
+# created by the intruder) which are not considered in SPORE
+#
+
+usertype SessionKey;
+const Fresh: Function;
+
+protocol @swapkey(X)
+{
+ # Protocol added to work around the symmetry problems where k(I,R) != k(R,I)
+ role X
+ {
+ var I,R: Agent;
+ var T:Ticket;
+ recv_!X1(X,X,I,R,{T}k(I,R));
+ send_!X2(X,X,{T}k(R,I));
+ }
+}
+
+protocol andrew-Concrete(I,R)
+{
+
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+ var kir: SessionKey;
+
+ send_1(I,R, I,ni );
+ recv_2(R,I, {ni,kir}k(I,R) );
+ send_3(I,R, {ni}kir);
+ claim_I1(I,Secret,kir);
+ claim_I2(I,Nisynch);
+ claim_I3(I,Empty,(Fresh,kir));
+ recv_6(R,I, nr);
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+ fresh kir: SessionKey;
+
+ recv_1(I,R, I,ni );
+ send_2(R,I, {ni,kir}k(I,R) );
+ recv_3(I,R, {ni}kir);
+ send_6(R,I, nr);
+ claim_R1(R,Secret,kir);
+ claim_R2(R,Nisynch);
+ claim_R3(R,Empty,(Fresh,kir));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/andrew-ban.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/andrew-ban.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..5118604cdc06f34dd2d5f3b8b4ba1035c792ce53
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/andrew-ban.spdl
@@ -0,0 +1,52 @@
+# BAN modified Andrew Secure RPC
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/andrewBAN.html
+#
+# Note:
+# The shared key between I and R is modelled as k(I,R) currently
+# there is no way to express that this key is equal to k(R,I)
+# So it is possile that certain attacks that use this property are not found
+#
+# Note:
+# According to SPORE there are no known attacks on this protocol
+#
+usertype SessionKey;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol andrew-Ban(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr,nr2: Nonce;
+ var kir: SessionKey;
+
+ send_1(I,R, I,{ni}k(I,R) );
+ recv_2(R,I, {ni,nr}k(I,R) );
+ send_3(I,R, {nr}k(I,R) );
+ recv_4(R,I, {kir,nr2,ni}k(I,R) );
+ claim_I1(I,Nisynch);
+ claim_I2(I,Niagree);
+ claim_I3(I,Secret, kir);
+ claim_I5(I,Empty, (Fresh,kir));
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr,nr2: Nonce;
+ fresh kir: SessionKey;
+
+ recv_1(I,R, I,{ni}k(I,R) );
+ send_2(R,I, {ni,nr}k(I,R) );
+ recv_3(I,R, {nr}k(I,R) );
+ send_4(R,I, {kir,nr2,ni}k(I,R) );
+ claim_R1(R,Nisynch);
+ claim_R2(R,Niagree);
+ claim_R3(R,Secret, kir);
+ claim_R5(R,Empty, (Fresh,kir));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/andrew-lowe-ban.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/andrew-lowe-ban.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..04e15f27a67bbe57cd026848e0b715e9602e407b
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/andrew-lowe-ban.spdl
@@ -0,0 +1,57 @@
+# Lowe modified BAN concrete Andrew Secure RPC
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/andrewLowe.html
+#
+# Note:
+# The shared key between I and R is modelled as k(I,R) currently
+# there is no way to express that this key is equal to k(R,I)
+# So it is possile that certain attacks that use this property are not found
+#
+# Note:
+# Recv 4 by the Initatior has been placed after the synchronisation claim
+# as it allows trivial synchronisation attacks otherwise (the message is
+# completely fresh and can therefore always be replaced by an arbitrary value
+# created by the intruder) which are not considered in SPORE
+#
+# Note:
+# According to SPORE there are no known attacks on this protocol
+#
+
+usertype SessionKey;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol andrew-LoweBan(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+ var kir: SessionKey;
+
+ send_1(I,R, I,ni );
+ recv_2(R,I, {ni,kir,R}k(I,R) );
+ send_3(I,R, {ni}kir );
+ claim_I1(I,Nisynch);
+ claim_I2(I,Secret, kir);
+ claim_I3(I,Empty, (Fresh,kir));
+ recv_4(R,I, nr );
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+ fresh kir: SessionKey;
+
+ recv_1(I,R, I,ni );
+ send_2(R,I, {ni,kir,R}k(I,R) );
+ recv_3(I,R, {ni}kir );
+ send_4(R,I, nr );
+ claim_R1(R,Nisynch);
+ claim_R2(R,Secret, kir);
+ claim_R3(R,Empty, (Fresh,kir));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/boyd.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/boyd.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..0a9c755296ba85d44bbe48f5ca5ee393e16e72fb
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/boyd.spdl
@@ -0,0 +1,56 @@
+usertype Sessionkey;
+usertype Macseed;
+const m: Function;
+secret unm: Function;
+const f: Function;
+
+inversekeys (m, unm);
+
+/*
+ * Boyd key agreement
+ *
+ * Boyd & Mathuria: Protocols for authentication and key establishment
+ * (2003) p. 101
+ *
+ * Note that MAC_ks(x) has been interpreted as MAC(x,ks); this
+ * assumption causes some possible false attacks.
+ */
+
+protocol boyd(I,R,S)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+ var ks: Macseed;
+
+ send_1 (I,S, I,R, ni );
+ recv_3 (R,I, { I,R, ks }k(I,S), m(ni, m(ks,ni,nr)), nr );
+ send_4 (I,R, m(nr, m(ks,ni,nr)) );
+
+ claim_6 (I, Secret, m(ks,ni,nr) );
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+ var ks: Macseed;
+
+ recv_2 (S,R, { I,R, ks }k(I,S), { I,R, ks }k(R,S), ni );
+ send_3 (R,I, { I,R, ks }k(I,S), m(ni, m(ks,ni,nr)), nr );
+ recv_4 (I,R, m(nr, m(ks,ni,nr)) );
+
+ claim_10 (R, Secret, m(ks,ni,nr));
+ }
+
+ role S
+ {
+ var ni,nr: Nonce;
+ fresh ks: Macseed;
+
+ recv_1 (I,S, I,R, ni );
+ send_2 (S,R, { I,R, ks }k(I,S), { I,R, ks }k(R,S), ni );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/ccitt509-ban3.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/ccitt509-ban3.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..bdf146dd74c09e6b53acff463737d53a19ec83bb
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/ccitt509-ban3.spdl
@@ -0,0 +1,39 @@
+# BAN modified version of CCITT X.509 (3)
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/ccittx509_3BAN.html
+#
+# Note:
+# The protocol description also states that Xa and Ya should be fresh
+# this can not be verified using scyther
+#
+# Note:
+# According to SPORE there are no known attacks on this protocol
+#
+
+protocol ccitt509-ban3(I,R)
+{
+ role I
+ {
+ fresh Na,Xa,Ya: Nonce;
+ var Xb,Nb,Yb: Nonce;
+
+ send_1(I,R, I,{Na, R, Xa,{Ya}pk(R)}sk(I));
+ recv_2(R,I, R,{Nb, I, Na, Xb,{Yb}pk(I)}sk(R));
+ send_3(I,R, I,{R, Nb}sk(I));
+ claim_4(I,Nisynch);
+ }
+
+ role R
+ {
+ var Na,Xa,Ya: Nonce;
+ fresh Xb,Yb,Nb: Nonce;
+
+ recv_1(I,R, I,{Na, R, Xa,{Ya}pk(R)}sk(I));
+ send_2(R,I, R,{Nb, I, Na, Xb,{Yb}pk(I)}sk(R));
+ recv_3(I,R, I,{R, Nb}sk(I));
+ claim_5(R,Nisynch);
+ # There should also be Fresh Xa and Fresh Ya claims here
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/denning-sacco-lowe.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/denning-sacco-lowe.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..d5c3182c14dddd44b359464b37d52e51719dafb0
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/denning-sacco-lowe.spdl
@@ -0,0 +1,66 @@
+# Lowe modified Denning-Sacco shared key
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/denningSaccoLowe.html
+#
+# Note:
+# According to SPORE there are no attacks on this protocol, scyther
+# finds one however. This has to be investigated further.
+
+usertype Key;
+usertype SessionKey;
+usertype TimeStamp;
+usertype ExpiredTimeStamp;
+usertype PseudoFunction;
+const dec: PseudoFunction;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol denningSacco-Lowe(I,R,S)
+{
+ role I
+ {
+ var W: Ticket;
+ var Kir: SessionKey;
+ var T: TimeStamp;
+ var Nr: Nonce;
+
+ send_1(I,S, I,R );
+ recv_2(S,I, {R, Kir, T, W}k(I,S) );
+ send_3(I,R, W);
+ recv_4(R,I, {Nr}Kir);
+ send_5(I,R, {{Nr}dec}Kir);
+ claim_I1(I,Niagree);
+ claim_I2(I,Nisynch);
+ claim_I3(I,Secret,Kir);
+ claim_I4(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ var Kir: SessionKey;
+ var T: TimeStamp;
+ fresh Nr: Nonce;
+
+ recv_3(I,R, {Kir,I,T}k(R,S));
+ send_4(R,I, {Nr}Kir);
+ recv_5(I,R, {{Nr}dec}Kir);
+ claim_R1(R,Niagree);
+ claim_R2(R,Nisynch);
+ claim_R3(R,Secret,Kir);
+ claim_R4(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ var W: Ticket;
+ fresh Kir: SessionKey;
+ fresh T: TimeStamp;
+
+ recv_1(I,S, I,R );
+ send_2(S,I, {R, Kir, T, {Kir, I,T}k(R,S)}k(I,S));
+ claim_x(S, Secret, Kir);
+ }
+}
+
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/denning-sacco.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/denning-sacco.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..00167e975c65cc94323c1fed8e2efeba3227bf69
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/denning-sacco.spdl
@@ -0,0 +1,55 @@
+# Denning-Sacco shared key
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/denningSacco.html
+#
+
+usertype Key;
+usertype SessionKey;
+usertype TimeStamp;
+usertype ExpiredTimeStamp;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol denningSacco(I,R,S)
+{
+ role I
+ {
+ var W: Ticket;
+ var Kir: SessionKey;
+ var T: TimeStamp;
+
+ send_1(I,S, I,R );
+ recv_2(S,I, {R, Kir, T, W}k(I,S) );
+ send_3(I,R, W);
+ claim_I1(I,Niagree);
+ claim_I2(I,Nisynch);
+ claim_I3(I,Secret,Kir);
+ claim_I4(I,Empty, (Fresh,Kir));
+ }
+
+ role R
+ {
+ var Kir: SessionKey;
+ var T: TimeStamp;
+
+ recv_3(I,R, {Kir,I,T}k(R,S));
+ claim_R1(R,Niagree);
+ claim_R2(R,Nisynch);
+ claim_R3(R,Secret,Kir);
+ claim_R4(R,Empty, (Fresh,Kir));
+ }
+
+ role S
+ {
+ var W: Ticket;
+ fresh Kir: SessionKey;
+ fresh T: TimeStamp;
+
+ recv_1(I,S, I,R );
+ send_2(S,I, {R, Kir, T, {Kir, I,T}k(R,S)}k(I,S));
+ }
+}
+
+
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/gong-nonce-b.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/gong-nonce-b.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..09bde6d80fc530c90b1ce4ebb4c624bd2fd25024
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/gong-nonce-b.spdl
@@ -0,0 +1,60 @@
+usertype Sessionkey;
+usertype Keypart;
+hashfunction f;
+
+/*
+ * Gong nonce based alternative
+ *
+ * Boyd & Mathuria: Protocols for authentication and key establishment
+ * (2003) p. 101
+ */
+
+protocol gongnonceb(I,R,S)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+ fresh ki: Keypart;
+ var kr: Keypart;
+
+ send_1 (I,S, I,R, { I,S,I, ki, R }k(I,S), ni );
+ recv_4 (S,I, { S,I,R,kr,I }k(I,S), { R,I,ni }f(ki,kr), nr );
+ send_5 (I,R, { I,R,nr }f(ki,kr) );
+
+ claim_6 (I, Secret, ki);
+ claim_7 (I, Secret, kr);
+ claim_8 (I, Nisynch);
+ claim_9 (I, Niagree);
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+ fresh kr: Keypart;
+ var ki: Keypart;
+
+ recv_2 (S,R, I,R, { S,R,I, ki, R }k(R,S), ni );
+ send_3 (R,S, { R,S,R,kr,I }k(R,S), { R,I, ni }f(ki,kr), nr );
+ recv_5 (I,R, { I,R,nr }f(ki,kr) );
+
+ claim_10 (R, Secret, ki);
+ claim_11 (R, Secret, kr);
+ claim_12 (R, Nisynch);
+ claim_13 (R, Niagree);
+ }
+
+ role S
+ {
+ var ni,nr: Nonce;
+ var ki,kr: Keypart;
+ var T;
+
+ recv_1 (I,S, I,R, { I,S,I, ki, R }k(I,S), ni );
+ send_2 (S,R, I,R, { S,R,I, ki, R }k(R,S), ni );
+ recv_3 (R,S, { R,S,R,kr,I }k(R,S), T, nr );
+ send_4 (S,I, { S,I,R,kr,I }k(I,S), T, nr );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/gong-nonce.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/gong-nonce.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..594e1b9753998059d509dfecc53af0e9b04ed579
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/gong-nonce.spdl
@@ -0,0 +1,57 @@
+/*
+ * From Boyd Mathuria
+ *
+ * To check: 3.38 or other?
+ *
+ */
+usertype Sessionkey;
+usertype Keypart;
+
+protocol gongnonce(I,R,S)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+ fresh ki: Keypart;
+ var kr: Keypart;
+
+ send_1 (I,R, I,R,ni );
+ recv_3 (S,I, { S,I,R, kr, I, ni }k(I,S), nr);
+ send_4 (I,S, { I,S,I, ki, R, nr }k(I,S) );
+
+ claim_6 (I, Secret, ki);
+ claim_7 (I, Secret, kr);
+ claim_8 (I, Nisynch);
+ claim_9 (I, Niagree);
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+ fresh kr: Keypart;
+ var ki: Keypart;
+
+ recv_1 (I,R, I,R,ni );
+ send_2 (R,S, I,R, nr, { R,S,R, kr, I,ni }k(R,S));
+ recv_5 (S,R, { S,R,I, ki, R, nr }k(R,S) );
+
+ claim_10 (R, Secret, ki);
+ claim_11 (R, Secret, kr);
+ claim_12 (R, Nisynch);
+ claim_13 (R, Niagree);
+ }
+
+ role S
+ {
+ var ni,nr: Nonce;
+ var ki,kr: Keypart;
+
+ recv_2 (R,S, I,R, nr, { R,S,R, kr, I,ni }k(R,S));
+ send_3 (S,I, { S,I,R, kr, I, ni }k(I,S), nr);
+ recv_4 (I,S, { I,S,I, ki, R, nr }k(I,S) );
+ send_5 (S,R, { S,R,I, ki, R, nr }k(R,S) );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/isoiec11770-2-13.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/isoiec11770-2-13.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..5db1533dbcd541c27156d917511c73d5933eae5d
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/isoiec11770-2-13.spdl
@@ -0,0 +1,42 @@
+usertype Sessionkey;
+usertype Ticket;
+
+protocol isoiec11770213(I,R,S)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+ var kir: Sessionkey;
+
+ send_1 (I,R, ni);
+ recv_4 (R,I, { ni,kir,R }k(I,S) );
+
+ claim_5 (I, Secret, kir);
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+ fresh kir: Sessionkey;
+ var T;
+
+ recv_1 (I,R, ni);
+ send_2 (R,S, { nr,ni,I,kir }k(R,S) );
+ recv_3 (S,R, { nr, I }k(R,S), T );
+ send_4 (R,I, T );
+
+ claim_6 (R, Secret, kir);
+ }
+
+ role S
+ {
+ var ni,nr: Nonce;
+ var kir: Sessionkey;
+
+ recv_2 (R,S, { nr,ni,I,kir }k(R,S) );
+ send_3 (S,R, { nr, I }k(R,S), { ni,kir,R }k(I,S) );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/kaochow-v2.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/kaochow-v2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..638a54b7cdd3722fbac37a1b9241b855246d4ea7
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/kaochow-v2.spdl
@@ -0,0 +1,55 @@
+# Kao Chow Authentication v.2
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/kaoChow2.html
+#
+
+usertype SessionKey;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol kaochow-2(I,R,S)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+ var kir,kt: SessionKey;
+
+ send_1 (I,S, I,R,ni);
+ recv_3 (R,I, R, {I,R,ni,kir,kt}k(I,S), {ni, kir}kt, nr );
+ send_4 (I,R, {nr,kir}kt );
+
+ claim_I1 (I, Nisynch);
+ claim_I2 (I, Niagree);
+ claim_I3 (I, Secret, kir);
+ claim_I4 (I, Empty, (Fresh,kir));
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+ var kir,kt: SessionKey;
+ var T: Ticket;
+
+ recv_2 (S,R, T, { I,R,ni,kir,kt }k(R,S) );
+ send_3 (R,I, R, T, {ni, kir}kt, nr );
+ recv_4 (I,R, {nr,kir}kt );
+
+ claim_R1 (R, Nisynch);
+ claim_R2 (R, Niagree);
+ claim_R3 (R, Secret, kir);
+ claim_R4 (R, Empty, (Fresh,kir));
+ }
+
+ role S
+ {
+ var ni: Nonce;
+ fresh kir, kt: SessionKey;
+
+ recv_1 (I,S, I,R,ni);
+ send_2 (S,R, {I,R,ni,kir,kt}k(I,S), { I,R,ni,kir,kt }k(R,S) );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/kaochow-v3.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/kaochow-v3.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..88cef24fd8e955769d166e75f879caed7f30f7fe
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/kaochow-v3.spdl
@@ -0,0 +1,59 @@
+# Kao Chow Authentication v.3
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/kaoChow3.html
+#
+
+usertype SessionKey;
+usertype ExpiredTimeStamp;
+usertype TimeStamp;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol kaochow-3(I,R,S)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+ var kir,kt: SessionKey;
+ var T2: Ticket;
+
+ send_1 (I,S, I,R,ni);
+ recv_3 (R,I, {I,R,ni,kir,kt}k(I,S), {ni, kir}kt, nr, T2 );
+ send_4 (I,R, {nr,kir}kt, T2 );
+
+ claim_I1 (I, Nisynch);
+ claim_I2 (I, Niagree);
+ claim_I3 (I, Secret, kir);
+ claim_I4 (I, Empty, (Fresh,kir));
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+ var kir,kt: SessionKey;
+ var T: Ticket;
+ fresh tr: TimeStamp;
+
+ recv_2 (S,R, T, { I,R,ni,kir,kt }k(R,S) );
+ send_3 (R,I, T, {ni, kir}kt, nr, {I,R,tr,kir}k(R,S) );
+ recv_4 (I,R, {nr,kir}kt, {I,R,tr,kir}k(R,S) );
+
+ claim_R1 (R, Nisynch);
+ claim_R2 (R, Niagree);
+ claim_R3 (R, Secret, kir);
+ claim_R4 (R, Empty, (Fresh,kir));
+ }
+
+ role S
+ {
+ var ni: Nonce;
+ fresh kir, kt: SessionKey;
+
+ recv_1 (I,S, I,R,ni);
+ send_2 (S,R, {I,R,ni,kir,kt}k(I,S), { I,R,ni,kir,kt }k(R,S) );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/kaochow.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/kaochow.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..1c6c827982ce289073ffc12103fe5accd1b95462
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/kaochow.spdl
@@ -0,0 +1,55 @@
+# Kao Chow Authentication v.1
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/kaoChow1.html
+#
+
+usertype SessionKey;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol kaochow(I,R,S)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+ var kir: SessionKey;
+
+ send_1 (I,S, I,R,ni);
+ recv_3 (R,I, {I,R,ni,kir}k(I,S), {ni}kir, nr );
+ send_4 (I,R, {nr}kir );
+
+ claim_I1 (I, Nisynch);
+ claim_I2 (I, Niagree);
+ claim_I3 (I, Secret, kir);
+ claim_I4 (I, Empty, (Fresh,kir));
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+ var kir: SessionKey;
+ var T;
+
+ recv_2 (S,R, T, { I,R,ni,kir }k(R,S) );
+ send_3 (R,I, T, {ni}kir, nr );
+ recv_4 (I,R, {nr}kir );
+
+ claim_R1 (R, Nisynch);
+ claim_R2 (R, Niagree);
+ claim_R3 (R, Secret, kir);
+ claim_R4 (R, Empty, (Fresh,kir));
+ }
+
+ role S
+ {
+ var ni: Nonce;
+ fresh kir: SessionKey;
+
+ recv_1 (I,S, I,R,ni);
+ send_2 (S,R, {I,R,ni,kir}k(I,S), { I,R,ni,kir }k(R,S) );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/ksl.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/ksl.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..3595cf2750bab2ba69cf5cd4c55e3349b2b78ca7
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/ksl.spdl
@@ -0,0 +1,75 @@
+# KSL
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/ksl.html
+#
+#
+
+
+usertype Server, SessionKey, TimeStamp, TicketKey;
+usertype ExpiredTimeStamp;
+
+const Fresh: Function;
+const Compromised: Function;
+
+
+
+protocol ksl(I,R,S)
+{
+ role I
+ {
+ fresh Ni, Mi: Nonce;
+ var Nc, Mr: Nonce;
+ var T: Ticket;
+ var Kir: SessionKey;
+
+ send_1(I,R, Ni, I);
+ recv_4(R,I, { Ni,R,Kir }k(I,S), T, Nc, {Ni}Kir );
+ send_5(I,R, { Nc }Kir );
+
+ send_6(I,R, Mi,T );
+ recv_7(R,I, Mr,{Mi}Kir );
+ send_8(I,R, {Mr}Kir );
+
+ claim_I1(I,Secret, Kir);
+ claim_I2(I,Niagree);
+ claim_I3(I,Nisynch);
+ claim_I4(I,Empty, (Fresh, Kir));
+ }
+
+ role R
+ {
+ var Ni,Mi: Nonce;
+ fresh Nr,Nc,Mr: Nonce;
+ var Kir: SessionKey;
+ fresh Kbb: TicketKey;
+ fresh Tr: TimeStamp;
+ var T: Ticket;
+
+ recv_1(I,R, Ni, I);
+ send_2(R,S, Ni, I, Nr, R );
+ recv_3(S,R, { Nr, I, Kir }k(R,S), T );
+ send_4(R,I, T, { Tr, I, Kir }Kbb, Nc, {Ni}Kir );
+ recv_5(I,R, { Nc }Kir );
+
+ recv_6(I,R, Mi,{ Tr, I, Kir }Kbb );
+ send_7(R,I, Mr,{Mi}Kir );
+ recv_8(I,R, {Mr}Kir );
+
+ claim_R1(R,Secret, Kir);
+ claim_R2(R,Niagree);
+ claim_R3(R,Nisynch);
+ claim_R4(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ var Ni, Nr: Nonce;
+ fresh Kir: SessionKey;
+
+ recv_2(R,S, Ni, I, Nr, R );
+ send_3(S,R, { Nr, I, Kir }k(R,S), { Ni,R,Kir }k(I,S) );
+ }
+}
+
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/needham-schroeder-sk-amend.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/needham-schroeder-sk-amend.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..189093d107295d32d8bc177f455d9246d0059bf0
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/needham-schroeder-sk-amend.spdl
@@ -0,0 +1,66 @@
+# Amended Needham Schroeder Symmetric Key
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/nssk_amended.html
+#
+#
+# Note:
+# According to SPORE there are no attacks on this protocol, scyther
+# finds one however. This has to be investigated further.
+
+
+
+# Model dec that is invertible by inc
+const dec,inc: Function;
+inversekeys(dec,inc);
+usertype SessionKey;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol needhamschroedersk-amend(I,R,S)
+{
+ role I
+ {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+ var Kir: SessionKey;
+ var T,T2: Ticket;
+
+ send_1(I,R,I);
+ recv_2(R,I,T);
+ send_3(I,S,(I,R,Ni,T));
+ recv_4(S,I, {Ni,R,Kir,T2}k(I,S));
+ send_5(I,R,T2);
+ recv_6(R,I,{Nr}Kir);
+ send_7(I,R,{{Nr}dec}Kir);
+
+ claim_I2(I,Secret,Kir);
+ claim_I3(I,Nisynch);
+ claim_I4(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var Kir: SessionKey;
+
+ recv_1(I,R,I);
+ send_2(R,I,{I,Nr}k(R,S));
+ recv_5(I,R,{Kir,Nr,I}k(R,S));
+ send_6(R,I,{Nr}Kir);
+ recv_7(I,R,{{Nr}dec}Kir);
+ claim_R1(R,Secret,Nr);
+ claim_R3(R,Nisynch);
+ claim_R4(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ var Ni,Nr: Nonce;
+ fresh Kir: SessionKey;
+ recv_3(I,S,(I,R,Ni,{I,Nr}k(R,S)));
+ send_4(S,I,{Ni,R,Kir,{Kir,Nr,I}k(R,S)}k(I,S));
+ }
+
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/needham-schroeder-sk.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/needham-schroeder-sk.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..71a7e6c3ca031a129edced11e2ed78a1e78ceb37
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/needham-schroeder-sk.spdl
@@ -0,0 +1,56 @@
+# Needham Schroeder Symmetric Key
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/nssk.html
+#
+#
+
+
+# Model dec that is invertible by inc
+const dec,inc: Function;
+inversekeys(dec,inc);
+usertype SessionKey;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol needhamschroedersk(I,R,S)
+{
+ role I
+ {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+ var Kir: SessionKey;
+ var T: Ticket;
+
+ send_1(I,S,(I,R,Ni));
+ recv_2(S,I, {Ni,R,Kir,T}k(I,S));
+ send_3(I,R,T);
+ recv_4(R,I,{Nr}Kir);
+ send_5(I,R,{{Nr}dec}Kir);
+ claim_I2(I,Secret,Kir);
+ claim_I3(I,Nisynch);
+ claim_I4(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var Kir: SessionKey;
+
+ recv_3(I,R,{Kir,I}k(R,S));
+ send_4(R,I,{Nr}Kir);
+ recv_5(I,R,{{Nr}dec}Kir);
+ claim_R1(R,Secret,Kir);
+ claim_R3(R,Nisynch);
+ claim_R4(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ var Ni: Nonce;
+ fresh Kir: SessionKey;
+ recv_1(I,S,(I,R,Ni));
+ send_2(S,I,{Ni,R,Kir,{Kir,I}k(R,S)}k(I,S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/new.txt b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/new.txt
new file mode 100644
index 0000000000000000000000000000000000000000..dbba1982d9d5f1ac0b3570a6e1f32d6c93138f09
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/new.txt
@@ -0,0 +1,5 @@
+denning-sacco-lowe.spdl
+wmf.spdl
+wmf-lowe.spdl
+andrew-ban-concrete.spdl
+yahalom-ban-paulson.spdl
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/ns3.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/ns3.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..b83afa7f8f1668784cf4d216744a71dcb2a89bfe
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/ns3.spdl
@@ -0,0 +1,41 @@
+/*
+ * Needham-Schroeder protocol
+ */
+
+// The protocol description
+
+protocol ns3(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+
+ send_1(I,R, {ni,I}pk(R) );
+ recv_2(R,I, {ni,nr}pk(I) );
+ send_3(I,R, {nr}pk(R) );
+
+ claim_i1(I,Secret,ni);
+ claim_i2(I,Secret,nr);
+ //claim_i3(I,Alive);
+ claim_i4(I,Niagree);
+ claim_i5(I,Nisynch);
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+
+ recv_1(I,R, {ni,I}pk(R) );
+ send_2(R,I, {ni,nr}pk(I) );
+ recv_3(I,R, {nr}pk(R) );
+
+ claim_r1(R,Secret,ni);
+ claim_r2(R,Secret,nr);
+ //claim_r3(R,Alive);
+ claim_r4(R,Niagree);
+ claim_r5(R,Nisynch);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/nsl3.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/nsl3.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..a4bfef59ba5460e46a4adf941a03c3375291305d
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/nsl3.spdl
@@ -0,0 +1,39 @@
+/*
+ * Needham-Schroeder-Lowe protocol
+ */
+
+// The protocol description
+
+protocol nsl3(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+
+ send_1(I,R, {ni,I}pk(R) );
+ recv_2(R,I, {ni,nr,R}pk(I) );
+ send_3(I,R, {nr}pk(R) );
+
+ claim_i1(I,Secret,ni);
+ claim_i2(I,Secret,nr);
+ claim_i3(I,Niagree);
+ claim_i4(I,Nisynch);
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+
+ recv_1(I,R, {ni,I}pk(R) );
+ send_2(R,I, {ni,nr,R}pk(I) );
+ recv_3(I,R, {nr}pk(R) );
+
+ claim_r1(R,Secret,ni);
+ claim_r2(R,Secret,nr);
+ claim_r3(R,Niagree);
+ claim_r4(R,Nisynch);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/otwayrees.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/otwayrees.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..bed12addbb962630e674c20705162c706183767c
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/otwayrees.spdl
@@ -0,0 +1,56 @@
+# Otway Rees
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/otwayRees.html
+#
+
+
+const Fresh: Function;
+const Compromised: Function;
+
+usertype String,SessionKey;
+
+protocol otwayrees(I,R,S)
+{
+ role I
+ {
+ fresh Ni : Nonce;
+ fresh M : String;
+ var Kir : SessionKey;
+
+ send_1(I,R, M,I,R,{Ni,M,I,R}k(I,S) );
+ recv_4(R,I, M,{Ni,Kir}k(I,S) );
+
+ claim_I1(I, Secret,Kir);
+ claim_I2(I, Nisynch);
+ claim_I3(I, Empty, (Fresh,Kir));
+ }
+
+ role R
+ {
+ var M : String;
+ fresh Nr : Nonce;
+ var Kir : SessionKey;
+ var T1,T2: Ticket;
+
+ recv_1(I,R, M,I,R, T1 );
+ send_2(R,S, M,I,R, T1, { Nr,M,I,R }k(R,S) );
+ recv_3(S,R, M, T2, { Nr,Kir }k(R,S) );
+ send_4(R,I, M, T2 );
+
+ claim_R1(R, Secret,Kir);
+ claim_R2(R, Nisynch);
+ claim_R3(R, Empty, (Fresh,Kir));
+ }
+
+ role S
+ {
+ var Ni,Nr : Nonce;
+ var M : String;
+ fresh Kir : SessionKey;
+
+ recv_2(R,S, M,I,R, { Ni,M,I,R}k(I,S), { Nr,M,I,R }k(R,S) );
+ send_3(S,R, M, { Ni,Kir }k(I,S) , { Nr,Kir }k(R,S) );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/soph.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/soph.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..3b108514f40d9182acbfbe3746f4a5ec76947b16
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/soph.spdl
@@ -0,0 +1,21 @@
+
+protocol soph(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+
+ send_1(I,R, {I,ni}pk(R) );
+ recv_2(R,I, ni );
+ claim_3(I,Niagree);
+ }
+
+ role R
+ {
+ var ni: Nonce;
+
+ recv_1(I,R, {I,ni}pk(R) );
+ send_2(R,I, ni );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/splice-as-cj.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/splice-as-cj.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..b393294a0e2524970c0bd0be27db7a38404ce592
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/splice-as-cj.spdl
@@ -0,0 +1,66 @@
+# Clark and Jacob modified Hwang and Chen modified SPLICE/AS
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/spliceas3.html
+#
+# Note:
+# The assumptions made here do not comply with those in SPORE
+# SPORE assumes that the agents do not know the pk function, but only
+# their own public key values.
+# This can currently not be modelled.
+
+
+usertype TimeStamp, LifeTime;
+
+const inc,dec: Function;
+inversekeys (inc,dec);
+
+protocol spliceAS-CJ(I,R,S)
+{
+ role I
+ {
+ fresh N1,N2: Nonce;
+ fresh T: TimeStamp;
+ fresh L: LifeTime;
+
+ send_1(I,S, I, R, N1 );
+ recv_2(S,I, S, {S, I, N1, R, pk(R)}sk(S) );
+ send_3(I,R, I, R, {T, L, {I, N2}pk(R)}sk(I) );
+ recv_6(R,I, R, I, {{N2}inc}pk(I) );
+
+ claim_7(I, Secret, N2);
+ claim_9(I, Niagree);
+ claim_10(I, Nisynch);
+ }
+
+ role S
+ {
+ var N1,N3: Nonce;
+
+ recv_1(I,S, I, R, N1 );
+ send_2(S,I, S, {S, I, N1, R, pk(R)}sk(S) );
+ recv_4(R,S, R, I, N3 );
+ send_5(S,R, S, {S, R, N3, pk(I)}sk(S) );
+ }
+
+ role R
+ {
+ fresh N3: Nonce;
+ var N2: Nonce;
+ var T: TimeStamp;
+ var L: LifeTime;
+
+ var ni: Nonce;
+ fresh nr: Nonce;
+
+ recv_3(I,R, I, R, {T, L, {I, N2}pk(R)}sk(I) );
+ send_4(R,S, R, I, N3 );
+ recv_5(S,R, S, {S, R, N3, pk(I)}sk(S) );
+ send_6(R,I, R, I, {{N2}inc}pk(I) );
+
+ claim_8(R, Secret, N2);
+ claim_11(R, Niagree);
+ claim_12(R, Nisynch);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/splice-as-hc.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/splice-as-hc.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..2f975ad29dad1faaa6150ad4e56dfc83b9c20fb5
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/splice-as-hc.spdl
@@ -0,0 +1,61 @@
+# Hwang and Chen Modified SPLICE/AS
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/spliceas2.html
+#
+
+
+usertype TimeStamp, LifeTime;
+
+const inc,dec: Function;
+inversekeys (inc,dec);
+
+protocol spliceAS-HC(I,R,S)
+{
+ role I
+ {
+ fresh N1,N2: Nonce;
+ fresh T: TimeStamp;
+ fresh L: LifeTime;
+
+ send_1(I,S, I, R, N1 );
+ recv_2(S,I, S, {S, I, N1, R, pk(R)}sk(S) );
+ send_3(I,R, I, R, {I, T, L, {N2}pk(R)}sk(I) );
+ recv_6(R,I, R, I, {R, {N2}inc}pk(I) );
+
+ claim_7(I, Secret, N2);
+ claim_9(I, Niagree);
+ claim_10(I, Nisynch);
+ }
+
+ role S
+ {
+ var N1,N3: Nonce;
+
+ recv_1(I,S, I, R, N1 );
+ send_2(S,I, S, {S, I, N1, R, pk(R)}sk(S) );
+ recv_4(R,S, R, I, N3 );
+ send_5(S,R, S, {S, R, N3, I, pk(I)}sk(S) );
+ }
+
+ role R
+ {
+ fresh N3: Nonce;
+ var N2: Nonce;
+ var T: TimeStamp;
+ var L: LifeTime;
+
+ var ni: Nonce;
+ fresh nr: Nonce;
+
+ recv_3(I,R, I, R, {I, T, L, {N2}pk(R)}sk(I) );
+ send_4(R,S, R, I, N3 );
+ recv_5(S,R, S, {S, R, N3, I, pk(I)}sk(S) );
+ send_6(R,I, R, I, {R, {N2}inc}pk(I) );
+
+ claim_8(R, Secret, N2);
+ claim_11(R, Niagree);
+ claim_12(R, Nisynch);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/splice-as.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/splice-as.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..b1d8e181dee03a611e57770eae47e84b0d9238f3
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/splice-as.spdl
@@ -0,0 +1,66 @@
+# SPLICE/AS
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/spliceas.html
+#
+# Note:
+# The assumptions made here do not comply with those in SPORE
+# SPORE assumes that the agents do not know the pk function, but only
+# their own public key values.
+# This can currently not be modelled.
+
+
+usertype TimeStamp, LifeTime;
+
+const inc,dec: Function;
+inversekeys (inc,dec);
+
+protocol spliceAS(I,R,S)
+{
+ role I
+ {
+ fresh N1,N2: Nonce;
+ fresh T: TimeStamp;
+ fresh L: LifeTime;
+
+ send_1(I,S, I, R, N1 );
+ recv_2(S,I, S, {S, I, N1, pk(R)}sk(S) );
+ send_3(I,R, I, R, {I, T, L, {N2}pk(R)}sk(I) );
+ recv_6(R,I, R, I, {R, {N2}inc}pk(I) );
+
+ claim_7(I, Secret, N2);
+ claim_9(I, Niagree);
+ claim_10(I, Nisynch);
+ }
+
+ role S
+ {
+ var N1,N3: Nonce;
+
+ recv_1(I,S, I, R, N1 );
+ send_2(S,I, S, {S, I, N1, pk(R)}sk(S) );
+ recv_4(R,S, R, I, N3 );
+ send_5(S,R, S, {S, R, N3, pk(I)}sk(S) );
+ }
+
+ role R
+ {
+ fresh N3: Nonce;
+ var N2: Nonce;
+ var T: TimeStamp;
+ var L: LifeTime;
+
+ var ni: Nonce;
+ fresh nr: Nonce;
+
+ recv_3(I,R, I, R, {I, T, L, {N2}pk(R)}sk(I) );
+ send_4(R,S, R, I, N3 );
+ recv_5(S,R, S, {S, R, N3, pk(I)}sk(S) );
+ send_6(R,I, R, I, {R, {N2}inc}pk(I) );
+
+ claim_8(R, Secret, N2);
+ claim_11(R, Niagree);
+ claim_12(R, Nisynch);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/tmn.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/tmn.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..c6fb55fecbe88e8ce642f86260ee5bceca08b443
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/tmn.spdl
@@ -0,0 +1,51 @@
+# TMN
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/tmn.html
+#
+# Note:
+# According to Boyd and Mathuria Kb is the session key this is not clear
+# from the description in SPORE
+usertype SessionKey;
+
+const Fresh: Function;
+const Compromised: Function;
+
+protocol tmn(I,R,S)
+{
+ role I
+ {
+ fresh Ki: SessionKey;
+ var Kr: SessionKey;
+
+ send_1(I,S, R,{Ki}pk(S) );
+ recv_4(S,I, R,{Kr}Ki );
+
+ claim_I1(I,Secret,Kr);
+ claim_I2(I,Nisynch);
+ claim_I3(I,Empty,(Fresh,Kr));
+ }
+
+ role R
+ {
+ fresh Kr: SessionKey;
+
+ recv_2(S,R, I );
+ send_3(R,S, I, { Kr }pk(S) );
+
+ claim_R1(R,Secret,Kr);
+ claim_R2(R,Nisynch);
+ claim_R3(R,Empty,(Fresh,Kr));
+ }
+
+ role S
+ {
+ var Ki,Kr: SessionKey;
+
+ recv_1(I,S, R,{Ki}pk(S) );
+ send_2(S,R, I );
+ recv_3(R,S, I, { Kr }pk(S) );
+ send_4(S,I, R,{Kr}Ki );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/wmf-brutus.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/wmf-brutus.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..c22bdcc233cb9ebd3b702a54e42905c1ad862e5e
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/wmf-brutus.spdl
@@ -0,0 +1,32 @@
+usertype SesKey, Server;
+
+/* Version from the Brutus reports
+*/
+
+protocol wmfbrutus(A,B,S)
+{
+ role A
+ {
+ fresh kab : SesKey;
+
+ send_1(A,S, A, { B,kab }k(A,S) );
+ }
+
+ role B
+ {
+ var kab : SesKey;
+
+ recv_2(S,B, { A, kab }k(B,S) );
+
+ claim_3(B, Secret,kab);
+ }
+
+ role S
+ {
+ var kab : SesKey;
+
+ recv_1(A,S, A, { B,kab }k(A,S) );
+ send_2(S,B, { A, kab }k(B,S) );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/wmf-lowe.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/wmf-lowe.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..0e0de87f2d852889cf5eb101c7c9a0074e26c60c
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/wmf-lowe.spdl
@@ -0,0 +1,63 @@
+# Lowe modified Wide Mouthed Frog
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/wideMouthedFrogLowe.html
+#
+# Note:
+# According to SPORE there are no known attacks on this protocol, scyther
+# finds one however this has to do with the unusual assumption that every
+# agent can recognise and will reject to recv messages that it has created
+# itself.
+
+usertype SessionKey;
+usertype TimeStamp;
+usertype ExpiredTimeStamp;
+const succ,pred: Function;
+inversekeys (succ,pred);
+const Fresh: Function;
+const Compromised: Function;
+
+protocol wmf-Lowe(I,R,S)
+{
+ role I
+ {
+ fresh Kir: SessionKey;
+ fresh Ti: TimeStamp;
+ var Kr: SessionKey;
+ var Nr: Nonce;
+
+ send_1(I,S, I, {Ti, R, Kir}k(I,S));
+ recv_3(R,I,{Nr}Kir);
+ send_4(I,R,{{Nr}succ}Kir);
+
+ claim_I1(I,Secret,Kir);
+ claim_I2(I,Nisynch);
+ claim_I3(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ var Ts: TimeStamp;
+ var Kir: SessionKey;
+ fresh Nr: Nonce;
+
+ recv_2(S,R, {Ts, I, Kir}k(R,S) );
+ send_3(R,I, {Nr}Kir);
+ recv_4(I,R, {{Nr}succ}Kir);
+
+ claim_R1(R,Secret,Kir);
+ claim_R2(R,Nisynch);
+ claim_R3(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ var Kir: SessionKey;
+ fresh Ts: TimeStamp;
+ var Ti: TimeStamp;
+
+ recv_1(I,S, I,{Ti, R, Kir}k(I,S) );
+ send_2(S,R, {Ts, I, Kir}k(R,S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/wmf.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/wmf.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..758843ad8db42af3b4250060d47b14d88444938f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/wmf.spdl
@@ -0,0 +1,54 @@
+# Wide Mouthed Frog
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/wideMouthedFrog.html
+#
+# Note
+# The name of the party that has generated a message was added in order
+# to model the property described in SPORE that an agent can identify
+# its own messages and will reject them.
+
+usertype SessionKey;
+usertype TimeStamp;
+usertype ExpiredTimeStamp;
+
+const Fresh: Function;
+const Compromised: Function;
+
+protocol wmf(I,R,S)
+{
+ role I
+ {
+ fresh Kir: SessionKey;
+ fresh Ti: TimeStamp;
+ var Kr: SessionKey;
+
+ send_1(I,S, I, {I, Ti, R, Kir}k(I,S));
+
+ claim_I1(I,Secret,Kir);
+ claim_I2(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ var Ts: TimeStamp;
+ var Kir: SessionKey;
+
+ recv_2(S,R, {S, Ts, I, Kir}k(R,S) );
+
+ claim_R1(R,Secret,Kir);
+ claim_R2(R,Nisynch);
+ claim_R3(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ var Kir: SessionKey;
+ fresh Ts: TimeStamp;
+ var Ti: TimeStamp;
+
+ recv_1(I,S, I,{I, Ti, R, Kir}k(I,S) );
+ send_2(S,R, {S, Ts, I, Kir}k(R,S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/woo-lam-pi-1.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/woo-lam-pi-1.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..7e4e09dc56a0317935e27247354bacd062a41d78
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/woo-lam-pi-1.spdl
@@ -0,0 +1,41 @@
+# Woo and Lam Pi 1
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/wooLamPi1.html
+#
+
+protocol woolamPi-1(I,R,S)
+{
+ role I
+ {
+ var Nr: Nonce;
+
+ send_1(I,R, I);
+ recv_2(R,I, Nr);
+ send_3(I,R, {I,R,Nr}k(I,S));
+
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var T: Ticket;
+
+ recv_1(I,R, I);
+ send_2(R,I, Nr);
+ recv_3(I,R, T);
+ send_4(R,S, {I,R, T}k(R,S));
+ recv_5(S,R, {I,R, Nr}k(R,S));
+
+ claim_R1(R,Nisynch);
+ }
+
+ role S
+ {
+ var Nr: Nonce;
+
+ recv_4(R,S, {I,R, {I,R,Nr}k(I,S)}k(R,S));
+ send_5(S,R, {I,R,Nr}k(R,S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/woo-lam-pi-2.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/woo-lam-pi-2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..5d767d614d01b5755e0b81f4d2eade5f6cb3e776
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/woo-lam-pi-2.spdl
@@ -0,0 +1,41 @@
+# Woo and Lam Pi 2
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/wooLamPi2.html
+#
+
+protocol woolamPi-2(I,R,S)
+{
+ role I
+ {
+ var Nr: Nonce;
+
+ send_1(I,R, I);
+ recv_2(R,I, Nr);
+ send_3(I,R, {I,Nr}k(I,S));
+
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var T: Ticket;
+
+ recv_1(I,R, I);
+ send_2(R,I, Nr);
+ recv_3(I,R, T);
+ send_4(R,S, {I, T}k(R,S));
+ recv_5(S,R, {I, Nr}k(R,S));
+
+ claim_R1(R,Nisynch);
+ }
+
+ role S
+ {
+ var Nr: Nonce;
+
+ recv_4(R,S, {I, {I,Nr}k(I,S)}k(R,S));
+ send_5(S,R, {I,Nr}k(R,S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/woo-lam-pi-3.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/woo-lam-pi-3.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..1db544e1b58b303e4c51014525bef6096465416a
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/woo-lam-pi-3.spdl
@@ -0,0 +1,41 @@
+# Woo and Lam Pi 2
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/wooLamPi3.html
+#
+
+protocol woolamPi-3(I,R,S)
+{
+ role I
+ {
+ var Nr: Nonce;
+
+ send_1(I,R, I);
+ recv_2(R,I, Nr);
+ send_3(I,R, {Nr}k(I,S));
+
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var T: Ticket;
+
+ recv_1(I,R, I);
+ send_2(R,I, Nr);
+ recv_3(I,R, T);
+ send_4(R,S, {I, T}k(R,S));
+ recv_5(S,R, {I, Nr}k(R,S));
+
+ claim_R1(R,Nisynch);
+ }
+
+ role S
+ {
+ var Nr: Nonce;
+
+ recv_4(R,S, {I, {Nr}k(I,S)}k(R,S));
+ send_5(S,R, {I,Nr}k(R,S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/woo-lam-pi-f.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/woo-lam-pi-f.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..22f028c0e8edc3654b2f162471de803271f53228
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/woo-lam-pi-f.spdl
@@ -0,0 +1,41 @@
+# Woo and Lam Pi f
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/wooLamPif.html
+#
+
+protocol woolamPi-f(I,R,S)
+{
+ role I
+ {
+ var Nr: Nonce;
+
+ send_1(I,R, I);
+ recv_2(R,I, Nr);
+ send_3(I,R, {I,R,Nr}k(I,S));
+
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var T: Ticket;
+
+ recv_1(I,R, I);
+ send_2(R,I, Nr);
+ recv_3(I,R, T);
+ send_4(R,S, {I, R, Nr, T}k(R,S));
+ recv_5(S,R, {I, R, Nr}k(R,S));
+
+ claim_R1(R,Nisynch);
+ }
+
+ role S
+ {
+ var Nr: Nonce;
+
+ recv_4(R,S, {I, R, Nr,{I,R,Nr}k(I,S)}k(R,S));
+ send_5(S,R, {I, R, Nr}k(R,S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/woo-lam.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/woo-lam.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..7e28057801d960a6e5dee165249df7a1b2320362
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/woo-lam.spdl
@@ -0,0 +1,64 @@
+# Woo and Lam Mutual Authentication
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/wooLamMutual.html
+#
+
+
+usertype SessionKey;
+
+const Fresh: Function;
+const Compromised: Function;
+
+protocol woolam(I,R,S)
+{
+ role I
+ {
+ fresh N1: Nonce;
+ var Kir: SessionKey;
+ var N2: Nonce;
+
+ send_1(I,R, I, N1);
+ recv_2(R,I, R, N2);
+ send_3(I,R, {I, R, N1, N2}k(I,S));
+ recv_6(R,I, {R, N1, N2, Kir}k(I,S), {N1,N2}Kir);
+ send_7(I,R, {N2}Kir);
+
+
+ claim_I1(I,Secret,Kir);
+ claim_I2(I,Nisynch);
+ claim_I3(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ fresh N2: Nonce;
+ var N1: Nonce;
+ var Kir: SessionKey;
+ var T1,T2: Ticket;
+
+ recv_1(I,R, I, N1);
+ send_2(R,I, R, N2);
+ recv_3(I,R, T1);
+ send_4(R,S, T1, {I, R, N1, N2}k(R,S));
+ recv_5(S,R, T2, {I, N1, N2, Kir}k(R,S));
+ send_6(R,I, T2, {N1,N2}Kir);
+ recv_7(I,R, {N2}Kir);
+
+ claim_R1(R,Secret,Kir);
+ claim_R2(R,Nisynch);
+ claim_R3(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ fresh Kir: SessionKey;
+ var N1,N2: Nonce;
+
+ recv_4(R,S, {I, R, N1, N2}k(I,S), {I, R, N1, N2}k(R,S));
+ send_5(S,R, {R, N1, N2, Kir}k(I,S), {I, N1, N2, Kir}k(R,S));
+ }
+}
+
+
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/yahalom-ban-paulson-modified.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/yahalom-ban-paulson-modified.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..13d62a6240e0c03d85dbda88565864d510f405bd
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/yahalom-ban-paulson-modified.spdl
@@ -0,0 +1,49 @@
+// BAN modified version of the yahalom protocol
+//
+// Modeled as version in Paulson's paper:
+// "Relations Between Secrets: Two Formal Analyses of the Yahalom
+// Protocol"
+//
+// Modified (improved) version from page 16.
+
+usertype Server;
+usertype SessionKey;
+
+protocol yahalom-BAN-Paulson-modified(A,B,S)
+{
+ role A
+ {
+ fresh na: Nonce;
+ var nb: Nonce;
+ var ticket: Ticket;
+ var kab: SessionKey;
+
+ send_1(A,B, A,na);
+ recv_3(S,A, nb, {B,kab,na}k(A,S), ticket );
+ send_4(A,B, ticket, {nb}kab );
+ claim_5(A, Secret,kab);
+ }
+
+ role B
+ {
+ fresh nb: Nonce;
+ var na: Nonce;
+ var ticket: Ticket;
+ var kab: SessionKey;
+
+ recv_1(A,B, A,na);
+ send_2(B,S, B, nb, {A,na}k(B,S) );
+ recv_4(A,B, {A,B,kab,nb}k(B,S) , {nb}kab );
+ claim_6(B, Secret,kab);
+ }
+
+ role S
+ {
+ fresh kab: SessionKey;
+ var na,nb: Nonce;
+
+ recv_2(B,S, B, nb, {A,na}k(B,S) );
+ send_3(S,A, nb, {B,kab,na}k(A,S), {A,B,kab,nb}k(B,S) );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/yahalom-ban-paulson.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/yahalom-ban-paulson.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..7d312ec5019ab680f1e6e1be5462f6b61ec29186
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/yahalom-ban-paulson.spdl
@@ -0,0 +1,47 @@
+// BAN modified version of the yahalom protocol
+//
+// Modeled as version in Paulson's paper:
+// "Relations Between Secrets: Two Formal Analyses of the Yahalom
+// Protocol"
+
+usertype Server;
+usertype SessionKey;
+
+protocol yahalom-BAN-Paulson(A,B,S)
+{
+ role A
+ {
+ fresh na: Nonce;
+ var nb: Nonce;
+ var ticket: Ticket;
+ var kab: SessionKey;
+
+ send_1(A,B, A,na);
+ recv_3(S,A, {B,kab,na,nb}k(A,S), ticket );
+ send_4(A,B, ticket, {nb}kab );
+ claim_5(A, Secret,kab);
+ }
+
+ role B
+ {
+ fresh nb: Nonce;
+ var na: Nonce;
+ var ticket: Ticket;
+ var kab: SessionKey;
+
+ recv_1(A,B, A,na);
+ send_2(B,S, B, {A,na,nb}k(B,S) );
+ recv_4(A,B, {A,kab}k(B,S) , {nb}kab );
+ claim_6(B, Secret,kab);
+ }
+
+ role S
+ {
+ fresh kab: SessionKey;
+ var na,nb: Nonce;
+
+ recv_2(B,S, B, {A,na,nb}k(B,S) );
+ send_3(S,A, {B,kab,na,nb}k(A,S), {A,kab}k(B,S) );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/yahalom-ban.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/yahalom-ban.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..3fa5f84aa0e6160fc0ceddaa175d54ab7f77336f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/yahalom-ban.spdl
@@ -0,0 +1,55 @@
+# BAN simplified version of Yahalom
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/yahalomBAN.html
+#
+
+usertype SessionKey;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol yahalom-BAN(I,R,S)
+{
+ role I
+ {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+ var T: Ticket;
+ var Kir: SessionKey;
+
+ send_1(I,R, I,Ni);
+ recv_3(S,I, Nr, {R,Kir,Ni}k(I,S), T );
+ send_4(I,R, T, {Nr}Kir );
+
+ claim_I1(I, Secret,Kir);
+ claim_I2(I, Nisynch);
+ claim_I3(I, Empty, (Fresh,Kir));
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var Ni: Nonce;
+ var T: Ticket;
+ var Kir: SessionKey;
+
+ recv_1(I,R, I,Ni);
+ send_2(R,S, R, Nr, {I,Ni}k(R,S) );
+ recv_4(I,R, {I,Kir,Nr}k(R,S) , {Nr}Kir );
+
+ claim_R1(R, Secret,Kir);
+ claim_R2(R, Nisynch);
+ claim_R3(R, Empty, (Fresh,Kir));
+ }
+
+ role S
+ {
+ fresh Kir: SessionKey;
+ var Ni,Nr: Nonce;
+
+ recv_2(R,S, R, Nr, {I,Ni}k(R,S) );
+ send_3(S,I, Nr, {R,Kir,Ni}k(I,S), {I,Kir,Nr}k(R,S) );
+ }
+}
+
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/yahalom-lowe.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/yahalom-lowe.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..651389d35695a15963733db796cf9ab3445e97ab
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/yahalom-lowe.spdl
@@ -0,0 +1,53 @@
+# Lowe's modified version of Yahalom
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/yahalomLowe.html
+#
+#
+
+usertype SessionKey;
+
+
+protocol yahalom-Lowe(I,R,S)
+{
+ role I
+ {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+ var Kir: SessionKey;
+
+ send_1(I,R, I,Ni);
+ recv_3(S,I, {R,Kir,Ni,Nr}k(I,S) );
+ send_5(I,R, {I, R, S, Nr}Kir );
+
+ claim_I1(I, Secret,Kir);
+ claim_I2(I, Nisynch);
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var Ni: Nonce;
+ var Kir: SessionKey;
+
+ recv_1(I,R, I,Ni);
+ send_2(R,S, {I,Ni,Nr}k(R,S) );
+ recv_4(S,R, {I,Kir}k(R,S));
+ recv_5(I,R, {I, R, S, Nr}Kir);
+
+ claim_R1(R, Secret,Kir);
+ claim_R2(R, Nisynch);
+ }
+
+ role S
+ {
+ fresh Kir: SessionKey;
+ var Ni,Nr: Nonce;
+
+ recv_2(R,S, {I,Ni,Nr}k(R,S) );
+ send_3(S,I, {R,Kir,Ni,Nr}k(I,S));
+ send_4(S,R, {I,Kir}k(R,S));
+ }
+}
+
+
diff --git a/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/yahalom.spdl b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/yahalom.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..063817fd13578148dc149004508f58ff1208364d
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/MultiProtocolAttacks/yahalom.spdl
@@ -0,0 +1,52 @@
+# Yahalom
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/yahalom.html
+#
+#
+
+usertype SessionKey;
+
+protocol yahalom(I,R,S)
+{
+ role I
+ {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+ var T: Ticket;
+ var Kir: SessionKey;
+
+ send_1(I,R, I,Ni);
+ recv_3(S,I, {R,Kir,Ni,Nr}k(I,S), T );
+ send_4(I,R, T, {Nr}Kir );
+
+ claim_I1(I, Secret,Kir);
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var Ni: Nonce;
+ var T: Ticket;
+ var Kir: SessionKey;
+
+ recv_1(I,R, I,Ni);
+ send_2(R,S, R, {I,Ni,Nr}k(R,S) );
+ recv_4(I,R, {I,Kir}k(R,S) , {Nr}Kir );
+
+ claim_R1(R, Secret,Kir);
+ }
+
+ role S
+ {
+ fresh Kir: SessionKey;
+ var Ni,Nr: Nonce;
+
+ recv_2(R,S, R, {I,Ni,Nr}k(R,S) );
+ send_3(S,I, {R,Kir,Ni,Nr}k(I,S), {I,Kir}k(R,S) );
+
+ claim(S, Secret, Ni);
+ claim(S, Secret, Nr);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/NotModelled.txt b/Vagrant Files/files/scyther/Protocols/NotModelled.txt
new file mode 100644
index 0000000000000000000000000000000000000000..120e55f9df7edbaa6885fe8a2cc0082a10372df7
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/NotModelled.txt
@@ -0,0 +1,23 @@
+The following protocols have not been modelled for use in Scyther:
+
+- CAM http://www.lsv.ens-cachan.fr/spore/cam.html
+This protocol only consists of one message and corresponding database actions.
+The description given in SPORE is unsuitable for formalisation.
+
+- Diffie Helman http://www.lsv.ens-cachan.fr/spore/diffieHelman.html
+This protocol relies on algebraic properties that can not be modelled in
+scyther.
+
+- GJM http://www.lsv.ens-cachan.fr/spore/gjm.html
+This protocol contains complicated if-then-else constructions that can
+not be modelled in scyther.
+
+- Gong http://www.lsv.ens-cachan.fr/spore/gong.html
+This protocol relies on algebraic properties that can not be modelled in
+scyther.
+
+- SK3
+This protocol relies on algebraic properties that can not be modelled in
+scyther. It also has the notion of channels that can not be attacked,
+which can not be modelled in scyther either.
+
diff --git a/Vagrant Files/files/scyther/Protocols/andrew-ban-concrete.spdl b/Vagrant Files/files/scyther/Protocols/andrew-ban-concrete.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..48f52d8f450814a116b7291bdfea1475800f311f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/andrew-ban-concrete.spdl
@@ -0,0 +1,67 @@
+# BAN concrete Andrew Secure RPC
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/andrewBAN2.html
+#
+# Note:
+# The shared key between I and R is modelled as k(I,R) currently
+# there is no way to express that this key is equal to k(R,I)
+# In order to overcome this a 'dummy' role X has been hadded that recrypts
+# a given term crypted with k(I,R) with k(R,I)
+#
+# Note:
+# Recv 4 by the Initatior has been placed after the synchronisation claim
+# as it allows trivial synchronisation attacks otherwise (the message is
+# completely fresh and can therefore always be replaced by an arbitrary value
+# created by the intruder) which are not considered in SPORE
+#
+
+usertype SessionKey;
+const Fresh: Function;
+
+protocol @swapkey(X)
+{
+ # Protocol added to work around the symmetry problems where k(I,R) != k(R,I)
+ role X
+ {
+ var I,R: Agent;
+ var T:Ticket;
+ recv_!X1(X,X,I,R,{T}k(I,R));
+ send_!X2(X,X,{T}k(R,I));
+ }
+}
+
+protocol andrew-Concrete(I,R)
+{
+
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+ var kir: SessionKey;
+
+ send_1(I,R, I,ni );
+ recv_2(R,I, {ni,kir}k(I,R) );
+ send_3(I,R, {ni}kir);
+ claim_I1(I,Secret,kir);
+ claim_I2(I,Nisynch);
+ claim_I3(I,Empty,(Fresh,kir));
+ recv_6(R,I, nr);
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+ fresh kir: SessionKey;
+
+ recv_1(I,R, I,ni );
+ send_2(R,I, {ni,kir}k(I,R) );
+ recv_3(I,R, {ni}kir);
+ send_6(R,I, nr);
+ claim_R1(R,Secret,kir);
+ claim_R2(R,Nisynch);
+ claim_R3(R,Empty,(Fresh,kir));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/andrew-ban.spdl b/Vagrant Files/files/scyther/Protocols/andrew-ban.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..9ebd566ef451da3ab554d9d1369707272197ff14
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/andrew-ban.spdl
@@ -0,0 +1,54 @@
+# BAN modified Andrew Secure RPC
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/andrewBAN.html
+#
+# Note:
+# The shared key between I and R is modelled as k(I,R) currently
+# there is no way to express that this key is equal to k(R,I)
+# So it is possile that certain attacks that use this property are not found
+#
+# Note:
+# According to SPORE there are no known attacks on this protocol
+#
+usertype SessionKey;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol andrew-Ban(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr,nr2: Nonce;
+ var kir: SessionKey;
+
+ send_1(I,R, I,{ni}k(I,R) );
+ recv_2(R,I, {ni,nr}k(I,R) );
+ send_3(I,R, {nr}k(I,R) );
+ recv_4(R,I, {kir,nr2,ni}k(I,R) );
+ claim_I1(I,Nisynch);
+ claim_I2(I,Niagree);
+ claim_I3(I,Secret, kir);
+ claim_I4(I,Secret, k(I,R));
+ claim_I5(I,Empty, (Fresh,kir));
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr,nr2: Nonce;
+ fresh kir: SessionKey;
+
+ recv_1(I,R, I,{ni}k(I,R) );
+ send_2(R,I, {ni,nr}k(I,R) );
+ recv_3(I,R, {nr}k(I,R) );
+ send_4(R,I, {kir,nr2,ni}k(I,R) );
+ claim_R1(R,Nisynch);
+ claim_R2(R,Niagree);
+ claim_R3(R,Secret, kir);
+ claim_R4(R,Secret, k(I,R));
+ claim_R5(R,Empty, (Fresh,kir));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/andrew-lowe-ban.spdl b/Vagrant Files/files/scyther/Protocols/andrew-lowe-ban.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..04e15f27a67bbe57cd026848e0b715e9602e407b
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/andrew-lowe-ban.spdl
@@ -0,0 +1,57 @@
+# Lowe modified BAN concrete Andrew Secure RPC
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/andrewLowe.html
+#
+# Note:
+# The shared key between I and R is modelled as k(I,R) currently
+# there is no way to express that this key is equal to k(R,I)
+# So it is possile that certain attacks that use this property are not found
+#
+# Note:
+# Recv 4 by the Initatior has been placed after the synchronisation claim
+# as it allows trivial synchronisation attacks otherwise (the message is
+# completely fresh and can therefore always be replaced by an arbitrary value
+# created by the intruder) which are not considered in SPORE
+#
+# Note:
+# According to SPORE there are no known attacks on this protocol
+#
+
+usertype SessionKey;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol andrew-LoweBan(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+ var kir: SessionKey;
+
+ send_1(I,R, I,ni );
+ recv_2(R,I, {ni,kir,R}k(I,R) );
+ send_3(I,R, {ni}kir );
+ claim_I1(I,Nisynch);
+ claim_I2(I,Secret, kir);
+ claim_I3(I,Empty, (Fresh,kir));
+ recv_4(R,I, nr );
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+ fresh kir: SessionKey;
+
+ recv_1(I,R, I,ni );
+ send_2(R,I, {ni,kir,R}k(I,R) );
+ recv_3(I,R, {ni}kir );
+ send_4(R,I, nr );
+ claim_R1(R,Nisynch);
+ claim_R2(R,Secret, kir);
+ claim_R3(R,Empty, (Fresh,kir));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/andrew.spdl b/Vagrant Files/files/scyther/Protocols/andrew.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..b2e663c9ed696af76879b5b0a7c8d474d35e8e96
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/andrew.spdl
@@ -0,0 +1,50 @@
+# Andrew Secure RPC
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/andrew.html
+#
+# Note:
+# The shared key between I and R is modelled as k(I,R) currently
+# there is no way to express that this key is equal to k(R,I)
+# So it is possile that certain attacks that use this property are not found
+#
+
+usertype SessionKey;
+const succ: Function;
+const Fresh: Function;
+
+protocol andrew(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr,nr2: Nonce;
+ var kir: SessionKey;
+
+ send_1(I,R, I,{ni}k(I,R) );
+ recv_2(R,I, {succ(ni),nr}k(I,R) );
+ send_3(I,R, {succ(nr)}k(I,R) );
+ recv_4(R,I, {kir,nr2}k(I,R) );
+ claim_I1(I,Secret,kir);
+ claim_I2(I,Nisynch);
+ claim_I3(I,Niagree);
+ claim_I4(I,Empty,(Fresh,kir));
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr,nr2: Nonce;
+ fresh kir: SessionKey;
+
+ recv_1(I,R, I,{ni}k(I,R) );
+ send_2(R,I, {succ(ni),nr}k(I,R) );
+ recv_3(I,R, {succ(nr)}k(I,R) );
+ send_4(R,I, {kir,nr2}k(I,R) );
+ claim_R1(R,Secret,kir);
+ claim_R2(R,Nisynch);
+ claim_R3(R,Niagree);
+ claim_R4(R,Empty,(Fresh,kir));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ccitt509-1.spdl b/Vagrant Files/files/scyther/Protocols/ccitt509-1.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..29c665ad94b915cc64744e658de3554e987842b8
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ccitt509-1.spdl
@@ -0,0 +1,35 @@
+# CCITT X.509 (1)
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/ccittx509_1.html
+#
+# Note:
+# The attack in SPORE is not found as this is not an attack against
+# synchronisation, but an attack against the freshness of Xa and Ya
+# which can currently not be modelled in scyther
+#
+
+usertype Timestamp;
+
+protocol ccitt509-1(I,R)
+{
+ role I
+ {
+ fresh Ta: Timestamp;
+ fresh Na,Xa,Ya: Nonce;
+ send_1(I,R, I,{Ta, Na, R, Xa,{Ya}pk(R)}sk(I));
+ # claim_2(I,Nisynch);
+ # This claim is useless as there are no preceding recv events
+ }
+
+ role R
+ {
+ var Ta: Timestamp;
+ var Na,Xa,Ya: Nonce;
+
+ recv_1(I,R, I,{Ta, Na, R, Xa,{Ya}pk(R)}sk(I));
+ claim_3(R,Nisynch);
+ # There should also be Fresh Xa and Fresh Ya claims here
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ccitt509-1c.spdl b/Vagrant Files/files/scyther/Protocols/ccitt509-1c.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..b75e069dfdf0989720f0e0cb52139cd0d78a3e71
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ccitt509-1c.spdl
@@ -0,0 +1,34 @@
+# CCITT X.509 (1c)
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/ccittx509_1c.html
+#
+# Note:
+# According to SPORE there are no known attacks on this protocol
+#
+
+hashfunction hash;
+usertype Timestamp;
+
+protocol ccitt509-1c(I,R)
+{
+ role I
+ {
+ fresh Ta: Timestamp;
+ fresh Na,Xa,Ya: Nonce;
+ send_1(I,R, I,{Ta, Na, R, Xa,{Ya,{hash(Ya)}sk(I)}pk(R)}sk(I));
+ # claim_2(I,Nisynch);
+ # This claim is useless as there are no preceding receive events
+ }
+
+ role R
+ {
+ var Ta: Timestamp;
+ var Na,Xa,Ya: Nonce;
+
+ recv_1(I,R, I,{Ta, Na, R, Xa,{Ya,{hash(Ya)}sk(I)}pk(R)}sk(I));
+ claim_3(R,Nisynch);
+ # There should also be Fresh Xa and Fresh Ya claims here
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ccitt509-3.spdl b/Vagrant Files/files/scyther/Protocols/ccitt509-3.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..9ad1d3f4361e9f657b1ed06e2b6a252f569fc78f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ccitt509-3.spdl
@@ -0,0 +1,45 @@
+# CCITT X.509 (3)
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/ccittx509_3.html
+#
+# Note:
+# The protocol description also states that Xa and Ya should be fresh
+# this can not be verified using scyther
+#
+
+usertype Timestamp;
+
+protocol ccitt509-3(I,R)
+{
+ role I
+ {
+ fresh Ta: Timestamp;
+ var Tb: Timestamp;
+ fresh Na,Xa,Ya: Nonce;
+ var Xb,Nb,Yb: Nonce;
+ send_1(I,R, I,{Ta, Na, R, Xa,{Ya}pk(R)}sk(I));
+ recv_2(R,I, R,{Tb, Nb, I, Na, Xb,{Yb}pk(I)}sk(R));
+ send_3(I,R, I, {Nb}sk(I));
+ claim_I1(I,Nisynch);
+ claim_I2(I,Secret,Ya);
+ claim_I3(I,Secret,Yb);
+ }
+
+ role R
+ {
+ var Ta: Timestamp;
+ fresh Tb: Timestamp;
+ var Na,Xa,Ya: Nonce;
+ fresh Xb,Yb,Nb: Nonce;
+
+ recv_1(I,R, I,{Ta, Na, R, Xa,{Ya}pk(R)}sk(I));
+ send_2(R,I, R,{Tb, Nb, I, Na, Xb,{Yb}pk(I)}sk(R));
+ recv_3(I,R, I, {Nb}sk(I));
+ claim_R1(R,Nisynch);
+ claim_R2(R,Secret,Ya);
+ claim_R3(R,Secret,Yb);
+ # There should also be Fresh Xa and Fresh Ya claims here
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ccitt509-ban3.spdl b/Vagrant Files/files/scyther/Protocols/ccitt509-ban3.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..bdf146dd74c09e6b53acff463737d53a19ec83bb
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ccitt509-ban3.spdl
@@ -0,0 +1,39 @@
+# BAN modified version of CCITT X.509 (3)
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/ccittx509_3BAN.html
+#
+# Note:
+# The protocol description also states that Xa and Ya should be fresh
+# this can not be verified using scyther
+#
+# Note:
+# According to SPORE there are no known attacks on this protocol
+#
+
+protocol ccitt509-ban3(I,R)
+{
+ role I
+ {
+ fresh Na,Xa,Ya: Nonce;
+ var Xb,Nb,Yb: Nonce;
+
+ send_1(I,R, I,{Na, R, Xa,{Ya}pk(R)}sk(I));
+ recv_2(R,I, R,{Nb, I, Na, Xb,{Yb}pk(I)}sk(R));
+ send_3(I,R, I,{R, Nb}sk(I));
+ claim_4(I,Nisynch);
+ }
+
+ role R
+ {
+ var Na,Xa,Ya: Nonce;
+ fresh Xb,Yb,Nb: Nonce;
+
+ recv_1(I,R, I,{Na, R, Xa,{Ya}pk(R)}sk(I));
+ send_2(R,I, R,{Nb, I, Na, Xb,{Yb}pk(I)}sk(R));
+ recv_3(I,R, I,{R, Nb}sk(I));
+ claim_5(R,Nisynch);
+ # There should also be Fresh Xa and Fresh Ya claims here
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/denning-sacco-lowe.spdl b/Vagrant Files/files/scyther/Protocols/denning-sacco-lowe.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..761c22be95b6521645e97635df3c95bab5ba150a
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/denning-sacco-lowe.spdl
@@ -0,0 +1,67 @@
+# Lowe modified Denning-Sacco shared key
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/denningSaccoLowe.html
+#
+# Note:
+# According to SPORE there are no attacks on this protocol. Scyther
+# finds a straightforward pre-play attack on the first message, which
+# violates synchronisation. However, this does not seem to be a
+# practical attack unless consistency is required, e.g., for logging or
+# auditing.
+
+usertype Key;
+usertype SessionKey;
+usertype TimeStamp;
+usertype ExpiredTimeStamp;
+usertype PseudoFunction;
+const dec: PseudoFunction;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol denningSacco-Lowe(I,R,S)
+{
+ role I
+ {
+ var W: Ticket;
+ var Kir: SessionKey;
+ var T: TimeStamp;
+ var Nr: Nonce;
+
+ send_1(I,S, I,R );
+ recv_2(S,I, {R, Kir, T, W}k(I,S) );
+ send_3(I,R, W);
+ recv_4(R,I, {Nr}Kir);
+ send_5(I,R, {{Nr}dec}Kir);
+ claim_I1(I,Niagree);
+ claim_I2(I,Nisynch);
+ claim_I3(I,SKR,Kir);
+ claim_I4(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ var Kir: SessionKey;
+ var T: TimeStamp;
+ fresh Nr: Nonce;
+
+ recv_3(I,R, {Kir,I,T}k(R,S));
+ send_4(R,I, {Nr}Kir);
+ recv_5(I,R, {{Nr}dec}Kir);
+ claim_R1(R,Niagree);
+ claim_R2(R,Nisynch);
+ claim_R3(R,Secret,Kir);
+ claim_R4(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ var W: Ticket;
+ fresh Kir: SessionKey;
+ fresh T: TimeStamp;
+
+ recv_1(I,S, I,R );
+ send_2(S,I, {R, Kir, T, {Kir, I,T}k(R,S)}k(I,S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/denning-sacco.spdl b/Vagrant Files/files/scyther/Protocols/denning-sacco.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..d77402f93a5f42e016850cd0d73876effacc7286
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/denning-sacco.spdl
@@ -0,0 +1,53 @@
+# Denning-Sacco shared key
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/denningSacco.html
+#
+
+usertype Key;
+usertype SessionKey;
+usertype TimeStamp;
+usertype ExpiredTimeStamp;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol denningSacco(I,R,S)
+{
+ role I
+ {
+ var W: Ticket;
+ var Kir: SessionKey;
+ var T: TimeStamp;
+
+ send_1(I,S, I,R );
+ recv_2(S,I, {R, Kir, T, W}k(I,S) );
+ send_3(I,R, W);
+ claim_I1(I,Niagree);
+ claim_I2(I,Nisynch);
+ claim_I3(I,Secret,Kir);
+ claim_I4(I,Empty, (Fresh,Kir));
+ }
+
+ role R
+ {
+ var Kir: SessionKey;
+ var T: TimeStamp;
+
+ recv_3(I,R, {Kir,I,T}k(R,S));
+ claim_R1(R,Niagree);
+ claim_R2(R,Nisynch);
+ claim_R3(R,Secret,Kir);
+ claim_R4(R,Empty, (Fresh,Kir));
+ }
+
+ role S
+ {
+ var W: Ticket;
+ fresh Kir: SessionKey;
+ fresh T: TimeStamp;
+
+ recv_1(I,S, I,R );
+ send_2(S,I, {R, Kir, T, {Kir, I,T}k(R,S)}k(I,S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/kaochow-v2.spdl b/Vagrant Files/files/scyther/Protocols/kaochow-v2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..638a54b7cdd3722fbac37a1b9241b855246d4ea7
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/kaochow-v2.spdl
@@ -0,0 +1,55 @@
+# Kao Chow Authentication v.2
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/kaoChow2.html
+#
+
+usertype SessionKey;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol kaochow-2(I,R,S)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+ var kir,kt: SessionKey;
+
+ send_1 (I,S, I,R,ni);
+ recv_3 (R,I, R, {I,R,ni,kir,kt}k(I,S), {ni, kir}kt, nr );
+ send_4 (I,R, {nr,kir}kt );
+
+ claim_I1 (I, Nisynch);
+ claim_I2 (I, Niagree);
+ claim_I3 (I, Secret, kir);
+ claim_I4 (I, Empty, (Fresh,kir));
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+ var kir,kt: SessionKey;
+ var T: Ticket;
+
+ recv_2 (S,R, T, { I,R,ni,kir,kt }k(R,S) );
+ send_3 (R,I, R, T, {ni, kir}kt, nr );
+ recv_4 (I,R, {nr,kir}kt );
+
+ claim_R1 (R, Nisynch);
+ claim_R2 (R, Niagree);
+ claim_R3 (R, Secret, kir);
+ claim_R4 (R, Empty, (Fresh,kir));
+ }
+
+ role S
+ {
+ var ni: Nonce;
+ fresh kir, kt: SessionKey;
+
+ recv_1 (I,S, I,R,ni);
+ send_2 (S,R, {I,R,ni,kir,kt}k(I,S), { I,R,ni,kir,kt }k(R,S) );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/kaochow-v3.spdl b/Vagrant Files/files/scyther/Protocols/kaochow-v3.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..88cef24fd8e955769d166e75f879caed7f30f7fe
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/kaochow-v3.spdl
@@ -0,0 +1,59 @@
+# Kao Chow Authentication v.3
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/kaoChow3.html
+#
+
+usertype SessionKey;
+usertype ExpiredTimeStamp;
+usertype TimeStamp;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol kaochow-3(I,R,S)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+ var kir,kt: SessionKey;
+ var T2: Ticket;
+
+ send_1 (I,S, I,R,ni);
+ recv_3 (R,I, {I,R,ni,kir,kt}k(I,S), {ni, kir}kt, nr, T2 );
+ send_4 (I,R, {nr,kir}kt, T2 );
+
+ claim_I1 (I, Nisynch);
+ claim_I2 (I, Niagree);
+ claim_I3 (I, Secret, kir);
+ claim_I4 (I, Empty, (Fresh,kir));
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+ var kir,kt: SessionKey;
+ var T: Ticket;
+ fresh tr: TimeStamp;
+
+ recv_2 (S,R, T, { I,R,ni,kir,kt }k(R,S) );
+ send_3 (R,I, T, {ni, kir}kt, nr, {I,R,tr,kir}k(R,S) );
+ recv_4 (I,R, {nr,kir}kt, {I,R,tr,kir}k(R,S) );
+
+ claim_R1 (R, Nisynch);
+ claim_R2 (R, Niagree);
+ claim_R3 (R, Secret, kir);
+ claim_R4 (R, Empty, (Fresh,kir));
+ }
+
+ role S
+ {
+ var ni: Nonce;
+ fresh kir, kt: SessionKey;
+
+ recv_1 (I,S, I,R,ni);
+ send_2 (S,R, {I,R,ni,kir,kt}k(I,S), { I,R,ni,kir,kt }k(R,S) );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/kaochow.spdl b/Vagrant Files/files/scyther/Protocols/kaochow.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..1c6c827982ce289073ffc12103fe5accd1b95462
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/kaochow.spdl
@@ -0,0 +1,55 @@
+# Kao Chow Authentication v.1
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/kaoChow1.html
+#
+
+usertype SessionKey;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol kaochow(I,R,S)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+ var kir: SessionKey;
+
+ send_1 (I,S, I,R,ni);
+ recv_3 (R,I, {I,R,ni,kir}k(I,S), {ni}kir, nr );
+ send_4 (I,R, {nr}kir );
+
+ claim_I1 (I, Nisynch);
+ claim_I2 (I, Niagree);
+ claim_I3 (I, Secret, kir);
+ claim_I4 (I, Empty, (Fresh,kir));
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+ var kir: SessionKey;
+ var T;
+
+ recv_2 (S,R, T, { I,R,ni,kir }k(R,S) );
+ send_3 (R,I, T, {ni}kir, nr );
+ recv_4 (I,R, {nr}kir );
+
+ claim_R1 (R, Nisynch);
+ claim_R2 (R, Niagree);
+ claim_R3 (R, Secret, kir);
+ claim_R4 (R, Empty, (Fresh,kir));
+ }
+
+ role S
+ {
+ var ni: Nonce;
+ fresh kir: SessionKey;
+
+ recv_1 (I,S, I,R,ni);
+ send_2 (S,R, {I,R,ni,kir}k(I,S), { I,R,ni,kir }k(R,S) );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ksl-lowe.spdl b/Vagrant Files/files/scyther/Protocols/ksl-lowe.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..29996d84cf4ef0760dcd4b3fd43d76ad09014867
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ksl-lowe.spdl
@@ -0,0 +1,73 @@
+# Lowe modified KSL
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/kslLowe.html
+#
+# Note:
+# According to SPORE there are no attacks on this protocol, scyther
+# finds one however. This has to be investigated further.
+
+usertype Server, SessionKey, TimeStamp, TicketKey;
+usertype ExpiredTimeStamp;
+
+const Fresh: Function;
+const Compromised: Function;
+
+protocol ksl-Lowe(I,R,S)
+{
+ role I
+ {
+ fresh Ni, Mi: Nonce;
+ var Nc, Mr: Nonce;
+ var T: Ticket;
+ var Kir: SessionKey;
+
+ send_1(I,R, Ni, I);
+ recv_4(R,I, { Ni,R,Kir }k(I,S), T, Nc, {R,Ni}Kir );
+ send_5(I,R, { Nc }Kir );
+
+ send_6(I,R, Mi,T );
+ recv_7(R,I, Mr,{Mi, R}Kir );
+ send_8(I,R, {I,Mr}Kir );
+
+ claim_I1(I,Secret, Kir);
+ claim_I2(I,Niagree);
+ claim_I3(I,Nisynch);
+ claim_I4(I,Empty, (Fresh,Kir));
+ }
+
+ role R
+ {
+ var Ni,Mi: Nonce;
+ fresh Nr,Nc,Mr: Nonce;
+ var Kir: SessionKey;
+ fresh Kbb: TicketKey;
+ fresh Tr: TimeStamp;
+ var T: Ticket;
+
+ recv_1(I,R, Ni, I);
+ send_2(R,S, Ni, I, Nr, R );
+ recv_3(S,R, { I, Nr, Kir }k(R,S), T );
+ send_4(R,I, T, { Tr, I, Kir }Kbb, Nc, {R, Ni}Kir );
+ recv_5(I,R, { Nc }Kir );
+
+ recv_6(I,R, Mi,{ Tr, I, Kir }Kbb );
+ send_7(R,I, Mr,{Mi,R}Kir );
+ recv_8(I,R, {I,Mr}Kir );
+
+ claim_R1(R,Secret, Kir);
+ claim_R2(R,Niagree);
+ claim_R3(R,Nisynch);
+ claim_R4(R,Empty, (Fresh,Kir));
+ }
+
+ role S
+ {
+ var Ni, Nr: Nonce;
+ fresh Kir: SessionKey;
+
+ recv_2(R,S, Ni, I, Nr, R );
+ send_3(S,R, { I, Nr, Kir }k(R,S), { Ni,R,Kir }k(I,S) );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/ksl.spdl b/Vagrant Files/files/scyther/Protocols/ksl.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..7cfca44d4280a938a3d1be97003088bfdf924796
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/ksl.spdl
@@ -0,0 +1,72 @@
+# KSL
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/ksl.html
+#
+#
+
+
+usertype Server, SessionKey, TimeStamp, TicketKey;
+usertype ExpiredTimeStamp;
+
+const Fresh: Function;
+const Compromised: Function;
+
+protocol ksl(I,R,S)
+{
+ role I
+ {
+ fresh Ni, Mi: Nonce;
+ var Nc, Mr: Nonce;
+ var T: Ticket;
+ var Kir: SessionKey;
+
+ send_1(I,R, Ni, I);
+ recv_4(R,I, { Ni,R,Kir }k(I,S), T, Nc, {Ni}Kir );
+ send_5(I,R, { Nc }Kir );
+
+ send_6(I,R, Mi,T );
+ recv_7(R,I, Mr,{Mi}Kir );
+ send_8(I,R, {Mr}Kir );
+
+ claim_I1(I,Secret, Kir);
+ claim_I2(I,Niagree);
+ claim_I3(I,Nisynch);
+ claim_I4(I,Empty, (Fresh, Kir));
+ }
+
+ role R
+ {
+ var Ni,Mi: Nonce;
+ fresh Nr,Nc,Mr: Nonce;
+ var Kir: SessionKey;
+ fresh Kbb: TicketKey;
+ fresh Tr: TimeStamp;
+ var T: Ticket;
+
+ recv_1(I,R, Ni, I);
+ send_2(R,S, Ni, I, Nr, R );
+ recv_3(S,R, { Nr, I, Kir }k(R,S), T );
+ send_4(R,I, T, { Tr, I, Kir }Kbb, Nc, {Ni}Kir );
+ recv_5(I,R, { Nc }Kir );
+
+ recv_6(I,R, Mi,{ Tr, I, Kir }Kbb );
+ send_7(R,I, Mr,{Mi}Kir );
+ recv_8(I,R, {Mr}Kir );
+
+ claim_R1(R,Secret, Kir);
+ claim_R2(R,Niagree);
+ claim_R3(R,Nisynch);
+ claim_R4(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ var Ni, Nr: Nonce;
+ fresh Kir: SessionKey;
+
+ recv_2(R,S, Ni, I, Nr, R );
+ send_3(S,R, { Nr, I, Kir }k(R,S), { Ni,R,Kir }k(I,S) );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/multi-NSL/heuristics-results.txt b/Vagrant Files/files/scyther/Protocols/multi-NSL/heuristics-results.txt
new file mode 100644
index 0000000000000000000000000000000000000000..cc55c31afa6b5e067be78a61d642e5dd623b1a3a
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/multi-NSL/heuristics-results.txt
@@ -0,0 +1,776 @@
+Slave1:multiparty% ./test-heuristics.py
+Starting with [11, 15]
+Testing using P 3 and 5 runs.
+Testing protocol 11.
+Heuristic 0:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=0 --timer=20
+states 7488
+attack NoClaim
+time 2.007e+01
+st/sec 3.731e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 1:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=1 --timer=20
+states 3869
+attack NoClaim
+time 2.004e+01
+st/sec 1.931e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 2:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=2 --timer=20
+states 6543
+attack NoClaim
+time 2.006e+01
+st/sec 3.262e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 3:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=3 --timer=20
+states 9003
+attack NoClaim
+time 2.005e+01
+st/sec 4.490e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 1 correct: bounded_proof
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 4:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=4 --timer=20
+states 6375
+attack NoClaim
+time 2.008e+01
+st/sec 3.175e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 5:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=5 --timer=20
+states 4282
+attack NoClaim
+time 2.007e+01
+st/sec 2.134e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 4 correct: bounded_proof time=20
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 6:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=6 --timer=20
+states 6791
+attack NoClaim
+time 2.002e+01
+st/sec 3.392e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 7:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=7 --timer=20
+states 8115
+attack NoClaim
+time 2.004e+01
+st/sec 4.049e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 14 correct: bounded_proof time=20
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 8:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=8 --timer=20
+states 9649
+attack NoClaim
+time 2.003e+01
+st/sec 4.817e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 9:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=9 --timer=20
+states 3873
+attack NoClaim
+time 2.005e+01
+st/sec 1.932e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 10:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=10 --timer=20
+states 11954
+attack NoClaim
+time 2.007e+01
+st/sec 5.956e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 11:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=11 --timer=20
+states 7367
+attack NoClaim
+time 2.003e+01
+st/sec 3.678e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 12:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=12 --timer=20
+states 6271
+attack NoClaim
+time 2.005e+01
+st/sec 3.128e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 13:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=13 --timer=20
+states 4729
+attack NoClaim
+time 2.006e+01
+st/sec 2.357e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 14:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=14 --timer=20
+states 7566
+attack NoClaim
+time 2.002e+01
+st/sec 3.779e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 15:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=15 --timer=20
+states 8496
+attack NoClaim
+time 2.005e+01
+st/sec 4.237e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 16:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=16 --timer=20
+states 7453
+attack NoClaim
+time 2.003e+01
+st/sec 3.721e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 17:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=17 --timer=20
+states 3888
+attack NoClaim
+time 2.004e+01
+st/sec 1.940e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 18:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=18 --timer=20
+states 6582
+attack NoClaim
+time 2.003e+01
+st/sec 3.286e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 19:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=19 --timer=20
+states 9022
+attack NoClaim
+time 2.001e+01
+st/sec 4.509e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 1 correct: bounded_proof
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 20:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=20 --timer=20
+states 6393
+attack NoClaim
+time 2.003e+01
+st/sec 3.192e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 21:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=21 --timer=20
+states 4284
+attack NoClaim
+time 2.002e+01
+st/sec 2.140e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 4 correct: bounded_proof time=20
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 22:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=22 --timer=20
+states 6769
+attack NoClaim
+time 2.001e+01
+st/sec 3.383e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 23:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=23 --timer=20
+states 8175
+attack NoClaim
+time 2.002e+01
+st/sec 4.083e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 14 correct: bounded_proof time=20
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 24:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=24 --timer=20
+states 9625
+attack NoClaim
+time 2.003e+01
+st/sec 4.805e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 25:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=25 --timer=20
+states 3883
+attack NoClaim
+time 2.002e+01
+st/sec 1.940e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 26:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=26 --timer=20
+states 11992
+attack NoClaim
+time 2.004e+01
+st/sec 5.984e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 27:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=27 --timer=20
+states 7361
+attack NoClaim
+time 2.004e+01
+st/sec 3.673e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 28:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=28 --timer=20
+states 6277
+attack NoClaim
+time 2.004e+01
+st/sec 3.132e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 29:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=29 --timer=20
+states 4728
+attack NoClaim
+time 2.005e+01
+st/sec 2.358e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 30:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=30 --timer=20
+states 7610
+attack NoClaim
+time 2.004e+01
+st/sec 3.797e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 31:
+./multinsl-generator.py 3 11 | scyther -a -r5 -m2 --summary --goal-select=31 --timer=20
+states 8506
+attack NoClaim
+time 2.003e+01
+st/sec 4.247e+02
+claim mnsl3v11 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v11 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v11 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v11 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v11 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Testing protocol 15.
+Heuristic 0:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=0 --timer=20
+states 7499
+attack NoClaim
+time 2.003e+01
+st/sec 3.744e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 1:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=1 --timer=20
+states 3866
+attack NoClaim
+time 2.004e+01
+st/sec 1.929e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 2:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=2 --timer=20
+states 6558
+attack NoClaim
+time 2.003e+01
+st/sec 3.274e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 3:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=3 --timer=20
+states 8933
+attack NoClaim
+time 2.002e+01
+st/sec 4.462e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 1 correct: bounded_proof
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 4:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=4 --timer=20
+states 6354
+attack NoClaim
+time 2.002e+01
+st/sec 3.174e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 5:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=5 --timer=20
+states 4278
+attack NoClaim
+time 2.004e+01
+st/sec 2.135e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 4 correct: bounded_proof time=20
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 6:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=6 --timer=20
+states 6749
+attack NoClaim
+time 2.002e+01
+st/sec 3.371e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 7:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=7 --timer=20
+states 8166
+attack NoClaim
+time 2.003e+01
+st/sec 4.077e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 14 correct: bounded_proof time=20
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 8:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=8 --timer=20
+states 9805
+attack NoClaim
+time 2.006e+01
+st/sec 4.888e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 9:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=9 --timer=20
+states 3873
+attack NoClaim
+time 2.004e+01
+st/sec 1.933e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 10:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=10 --timer=20
+states 10729
+attack NoClaim
+time 2.006e+01
+st/sec 5.348e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 11:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=11 --timer=20
+states 6679
+attack NoClaim
+time 2.005e+01
+st/sec 3.331e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 12:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=12 --timer=20
+states 6119
+attack NoClaim
+time 2.005e+01
+st/sec 3.052e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 13:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=13 --timer=20
+states 3513
+attack NoClaim
+time 2.009e+01
+st/sec 1.749e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 14:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=14 --timer=20
+states 7548
+attack NoClaim
+time 2.004e+01
+st/sec 3.766e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 15:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=15 --timer=20
+states 8461
+attack NoClaim
+time 2.002e+01
+st/sec 4.226e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 16:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=16 --timer=20
+states 7503
+attack NoClaim
+time 2.003e+01
+st/sec 3.746e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 17:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=17 --timer=20
+states 3837
+attack NoClaim
+time 2.003e+01
+st/sec 1.916e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 18:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=18 --timer=20
+states 6537
+attack NoClaim
+time 2.005e+01
+st/sec 3.260e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 19:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=19 --timer=20
+states 8893
+attack NoClaim
+time 2.004e+01
+st/sec 4.438e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 1 correct: bounded_proof
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 20:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=20 --timer=20
+states 6325
+attack NoClaim
+time 2.003e+01
+st/sec 3.158e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 21:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=21 --timer=20
+states 4253
+attack NoClaim
+time 2.005e+01
+st/sec 2.121e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 4 correct: bounded_proof time=20
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 22:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=22 --timer=20
+states 6756
+attack NoClaim
+time 2.004e+01
+st/sec 3.371e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 23:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=23 --timer=20
+states 8149
+attack NoClaim
+time 2.003e+01
+st/sec 4.068e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 14 correct: bounded_proof time=20
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 24:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=24 --timer=20
+states 9785
+attack NoClaim
+time 2.004e+01
+st/sec 4.883e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 25:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=25 --timer=20
+states 3832
+attack NoClaim
+time 2.006e+01
+st/sec 1.910e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 26:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=26 --timer=20
+states 10699
+attack NoClaim
+time 2.009e+01
+st/sec 5.326e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 27:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=27 --timer=20
+states 6672
+attack NoClaim
+time 2.006e+01
+st/sec 3.326e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 28:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=28 --timer=20
+states 6136
+attack NoClaim
+time 2.010e+01
+st/sec 3.053e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 29:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=29 --timer=20
+states 3521
+attack NoClaim
+time 2.009e+01
+st/sec 1.753e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 30:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=30 --timer=20
+states 7584
+attack NoClaim
+time 2.006e+01
+st/sec 3.781e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+Heuristic 31:
+./multinsl-generator.py 3 15 | scyther -a -r5 -m2 --summary --goal-select=31 --timer=20
+states 8369
+attack NoClaim
+time 2.004e+01
+st/sec 4.176e+02
+claim mnsl3v15 R2V Nisynch_R2b found: 0 correct: does_not_occur
+claim mnsl3v15 R2V Secret_R2a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R1V Nisynch_R1b found: 0 correct: does_not_occur
+claim mnsl3v15 R1V Secret_R1a found: 1 correct: bounded_proof time=20
+claim mnsl3v15 R0V Nisynch_R0b found: 0 correct: does_not_occur
+claim mnsl3v15 R0V Secret_R0a found: 1 correct: bounded_proof time=20
+
+
+13,25 work well.
diff --git a/Vagrant Files/files/scyther/Protocols/multi-NSL/mnsl-results.txt b/Vagrant Files/files/scyther/Protocols/multi-NSL/mnsl-results.txt
new file mode 100644
index 0000000000000000000000000000000000000000..a04a56f8cf33f9caafa445e7b4f55613f19ac337
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/multi-NSL/mnsl-results.txt
@@ -0,0 +1,33 @@
+Report:
+-------
+
+Using P 3 and 2 runs, we find attacks on [1, 5, 9, 13, 18, 22, 26, 30]
+Using P 3 and 3 runs, we find attacks on [0, 3, 4, 7, 16, 19, 20, 23]
+Using P 3 and 4 runs, we find attacks on [2, 6, 10, 14, 17, 21, 27, 31]
+Using P 3 and 5 runs, we find attacks on [25, 29]
+Using P 4 and 3 runs, we find attacks on [8, 24]
+Using P 4 and 5 runs, we find attacks on [12, 28]
+
+Log:
+----
+Slave1:multiparty% ./test-variants.py
+Testing using P 3 and 2 runs.
+Using P 3 and 2 runs, we find attacks on [1, 5, 9, 13, 18, 22, 26, 30]
+Therefore, we are left with 24 candidates: [0, 2, 3, 4, 6, 7, 8, 10, 11, 12, 14, 15, 16, 17, 19, 20, 21, 23, 24, 25, 27, 28, 29, 31]
+Testing using P 3 and 3 runs.
+Using P 3 and 3 runs, we find attacks on [0, 3, 4, 7, 16, 19, 20, 23]
+Therefore, we are left with 16 candidates: [2, 6, 8, 10, 11, 12, 14, 15, 17, 21, 24, 25, 27, 28, 29, 31]
+Testing using P 3 and 4 runs.
+Using P 3 and 4 runs, we find attacks on [2, 6, 10, 14, 17, 21, 27, 31]
+Therefore, we are left with 8 candidates: [8, 11, 12, 15, 24, 25, 28, 29]
+Testing using P 3 and 5 runs.
+Using P 3 and 5 runs, we find attacks on [25, 29]
+Therefore, we are left with 6 candidates: [8, 11, 12, 15, 24, 28]
+Testing using P 4 and 3 runs.
+Using P 4 and 3 runs, we find attacks on [8, 24]
+Therefore, we are left with 4 candidates: [11, 12, 15, 28]
+Testing using P 4 and 4 runs.
+Testing using P 4 and 5 runs.
+Using P 4 and 5 runs, we find attacks on [12, 28]
+Therefore, we are left with 2 candidates: [11, 15]
+Testing using P 4 and 6 runs.
diff --git a/Vagrant Files/files/scyther/Protocols/multi-NSL/multinsl-generator.py b/Vagrant Files/files/scyther/Protocols/multi-NSL/multinsl-generator.py
new file mode 100644
index 0000000000000000000000000000000000000000..ad44870559288c663b6e450cd3beeba9dc2b401d
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/multi-NSL/multinsl-generator.py
@@ -0,0 +1,345 @@
+#!/usr/bin/python
+#
+# Generate Multi-party NSL protocol description for n parties
+#
+# Input: P variant
+#
+# variant uses some bits:
+# bit mask meaning if set to '1'
+# (message type 1)
+# 0 1 nonces in reverse
+# 1 2 nonces after agents
+# 2 4 agents in reverse
+# 3 8 interleaved variant
+# (message type 2)
+# 4 16 nonces in reverse in message 2
+#
+# Convention similar to e.g. Prolog: capitals indicate open variables;
+# in particular, they can be bound by _any_ value during the run,
+# assuming full type flaws.
+#
+import sys
+from optparse import OptionParser
+
+def parseArgs():
+ usage = "usage: %s [opts] Parties Variant" % sys.argv[0]
+ parser = OptionParser(usage=usage)
+ parser.add_option('-p','--protocol', dest='protocol',
+ help='Generate another protocol [nsl,bke]', default="nsl",
+ action='store')
+ (opts, args) = parser.parse_args()
+ if len(args) != 2:
+ parser.print_help()
+ sys.exit(0)
+ if opts.protocol not in ["nsl","bke","nsl-priv-noprop","nsl-pub-nap","bke-nap"]:
+ print "I don't know the %s protocol." % (opts.protocol)
+ sys.exit(0)
+ return (opts,args)
+
+
+def variablerole (r, inrole):
+ if r == inrole or inrole == 0:
+ return False
+ else:
+ return True
+
+def role (r,inrole):
+ global P
+
+ return "r%i" % (r % P)
+
+def zeroconst ():
+
+ """ This is 0 or some other stupid constant """
+
+ return "zeroconst"
+
+def nonce (r,inrole):
+ global P
+
+ if r == inrole:
+ # nonce of our own
+ return "n%i" % (r % P)
+ else:
+ # a variable: we want to see this in the notation
+ return "N%i" % (r % P)
+
+def extend (s1, s2):
+ if s1 == "":
+ return s2
+ else:
+ return s1 + "," + s2
+
+def weavel (l1,l2,reverse1,swap,reverse2,interleave):
+ """ l1 is typically a list of nonces, l2 might be empty (names) """
+ global variant
+
+ if reverse1:
+ l1.reverse()
+ if l2 == []:
+ return l1
+ else:
+ if reverse2:
+ l2.reverse()
+ if swap:
+ # swap
+ l3 = l1
+ l1 = l2
+ l2 = l3
+ if interleave:
+ rl = []
+ largest = max(len(l1),len(l2))
+ for i in range (0,largest):
+ if i < len(l1):
+ rl.append(l1[i])
+ if i < len(l2):
+ rl.append(l2[i])
+ return rl
+ else:
+ return l1 + l2
+
+def message1 (label,inrole):
+ global P,variant,opts
+
+ if opts.protocol in ['bke','nsl']:
+ noncelist = []
+ for i in range(0,label+1):
+ noncelist.append(nonce(i,inrole))
+ rolelist = []
+ for i in range(0,P):
+ if i != (label+1) % P:
+ rolelist.append(role(i,inrole))
+
+ return ",".join(weavel(noncelist,rolelist,
+ (variant & 1 != 0),
+ (variant & 2 != 0),
+ (variant & 4 != 0),
+ (variant & 8 != 0)
+ ))
+ elif opts.protocol == 'nsl-priv-noprop':
+
+ list = []
+ for i in range(0,P):
+ list.append(role(i,inrole))
+ list.append(nonce(0,inrole))
+ msg = ",".join(list)
+
+ for i in range(1,label+1):
+ msg = "{ %s,%s }sk(%s)" % (msg,nonce(i,inrole),role(i,inrole))
+
+ return msg
+
+ elif opts.protocol == 'nsl-pub-nap':
+
+ list = []
+ for i in range(0,P):
+ list.append(role(i,inrole))
+ list.append(nonce(0,inrole))
+ msg = ",".join(list)
+
+ for i in range(1,label+1):
+ msg = "{ %s }sk(%s), %s" % (msg,role(i,inrole),nonce(i,inrole))
+
+ msg = "{ %s }pk(%s)" % (msg,role(label+1,inrole))
+
+ return msg
+ elif opts.protocol == 'bke-nap':
+
+ list = []
+ for i in range(0,P):
+ list.append(role(i,inrole))
+ list.append(nonce(0,inrole))
+ msg = ",".join(list)
+
+ for i in range(1,label+1):
+ msg = "{ %s }sk(%s), %s" % (msg,role(i,inrole),nonce(i,inrole))
+
+ msg = "{ %s }pk(%s)" % (msg,role(label+1,inrole))
+
+ return msg
+ else:
+ print "Hmm, I don't know how to create the first message for protocol %s" % (opts.protocol)
+
+def message2 (label,inrole):
+ global P,variant,opts
+
+ if opts.protocol == "nsl":
+ noncelist = []
+ for i in range (((label + 1) % P),P):
+ noncelist.append(nonce(i,inrole))
+
+ return ",".join(weavel(noncelist,[],
+ (variant & 16 != 0),
+ False,
+ False,
+ False
+ ))
+ elif opts.protocol == "bke":
+ noncelist = []
+ for i in range (((label + 1) % P) + 1,P):
+ noncelist.append(nonce(i,inrole))
+ if len(noncelist) == 0:
+ noncelist.append(zeroconst())
+
+ return ",".join(weavel(noncelist,[],
+ (variant & 16 != 0),
+ False,
+ False,
+ False
+ ))
+ elif opts.protocol in ['nsl-priv-noprop','nsl-pub-nap']:
+ msg = message1(P-1,inrole)
+ for i in range(0,label-P+1):
+ msg = "{ %s }sk(%s)" % (msg,role(i,inrole))
+
+ if opts.protocol == 'nsl-pub-nap':
+ msg = "{ %s }pk(%s)" % (msg,role(label+1,inrole))
+
+ return msg
+ elif opts.protocol == 'bke-nap':
+ msg = message1(P-1,inrole)
+ for i in range(0,label-P+1):
+ msg = "{ %s }sk(%s)" % (msg,role(i,inrole))
+
+ msg = "{ %s }%s" % (msg,nonce((label+1) % P,inrole))
+
+ return msg
+ else:
+ print "Hmm, I don't know how to create the final message for protocol %s" % (opts.protocol)
+
+def message (label,inrole):
+ global P,opts
+
+ if opts.protocol in ['bke','nsl']:
+ s = "{ "
+ if label < P:
+ s = s + message1 (label,inrole)
+ else:
+ s = s + message2 (label,inrole)
+
+ if opts.protocol == "bke" and not (label < P):
+ s = s + " }" + nonce((label+1) % P, inrole)
+ else:
+ s = s + " }pk(%s)" % role(label+1,inrole)
+ return s
+ else:
+ if label < P:
+ return message1 (label,inrole)
+ else:
+ return message2 (label,inrole)
+
+
+def action (event,label,inrole):
+ s = "\t\t%s_%i(%s,%s, " % (event,label, role(label,inrole),
+ role(label+1,inrole))
+ s += message (label,inrole)
+ s += " );\n"
+ return s
+
+def recv (label,inrole):
+ return action ("recv", label,inrole)
+
+
+def send (label,inrole):
+ return action ("send", label,inrole)
+
+def roledef (r):
+ global P,opts
+
+ s = ""
+ s += "\trole " + role(r,r) + "\n\t{\n"
+
+ # constants for this role
+
+ s += "\t\tconst " + nonce (r,r) + ": Nonce;\n"
+
+ # variables
+
+ s += "\t\tvar "
+ nr = 0
+ for i in range (0,P):
+ if r != i:
+ if nr > 0:
+ s += ","
+ s += nonce(i,r)
+ nr += 1
+
+ s += ": Nonce;\n"
+
+ # implicit role variables
+
+ rolevars = []
+ for i in range (0,P):
+ if variablerole(i,r):
+ rolevars.append(role(i,r))
+
+ if rolevars != []:
+ s += "\t\t// Implicit role variables: "
+ s += ",".join(rolevars)
+ s += ": Role;\n"
+
+ # actions
+
+ s += "\n"
+ if r > 0:
+ # Initial recv
+ s += recv(r-1,r)
+ s += send(r,r)
+ s += recv(P+r-1,r)
+ if r < (P-1):
+ # Final send
+ s += send(P+r,r)
+
+ # claims
+
+ if opts.protocol in ['bke','nsl','nsl-pub-nap','bke-nap']:
+ s += "\t\tclaim_%sa( %s, Secret, %s );\n" % (role(r,r), role(r,r),
+ nonce(r,r))
+ s += "\t\tclaim_%sb( %s, Nisynch );\n" % (role(r,r), role(r,r))
+
+ # close
+ s += "\t}\n\n"
+ return s
+
+
+def protocol (args):
+ global P,variant,opts
+
+ P = int(args[0])
+ variant = int(args[1])
+
+ s = ""
+ s += "// Generalized %s protocol for %i parties\n\n" % (opts.protocol,P)
+ s += "// " + str(opts) + "\n\n"
+ s += "// Variant %i\n" % variant
+
+ if opts.protocol == "bke":
+ s += "usertype Globalconstant;\n"
+ s += "const %s: Globalconstant;\n" % (zeroconst())
+
+ s += "\n"
+
+ s += "protocol mnsl%iv%i(" % (P,variant)
+ for i in range (0,P):
+ if i > 0:
+ s += ","
+ s += role(i,i)
+ s += ")\n{\n"
+
+ for i in range (0,P):
+ s += roledef(i)
+
+ s += "}\n\n"
+
+ s += "\n"
+ return s
+
+def main():
+ global opts
+
+ (opts,args) = parseArgs()
+ print protocol(args)
+
+# Only if main stuff
+if __name__ == '__main__':
+ main()
diff --git a/Vagrant Files/files/scyther/Protocols/multi-NSL/test-heuristics.py b/Vagrant Files/files/scyther/Protocols/multi-NSL/test-heuristics.py
new file mode 100644
index 0000000000000000000000000000000000000000..34c03fc5abe89998e790981f56c3fc78ba7233bf
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/multi-NSL/test-heuristics.py
@@ -0,0 +1,69 @@
+#!/usr/bin/python
+#
+#
+# Idea:
+#
+# We test all options for the heuristics [0..31] to compare,
+# and sincerely hope on gives a complete proof.
+# we slowly refine the tests.
+#
+import commands
+
+def startset():
+ mainlist = [11, 15]
+ print "Starting with", mainlist
+ return mainlist
+
+def tuplingchoice(heur,variant,P,runs,latupling):
+ # variant is in range [0..64>,
+ # where we use the highest bid to signify the
+ # associativity of the tupling.
+
+ extraflags = ""
+ if latupling:
+ extraflags += " --la-tupling"
+
+ # Choose heuristics
+ extraflags += " --goal-select=%i" % (heur)
+
+ # Time limit
+ extraflags += " --timer=20"
+
+ s = "./multinsl-generator.py"
+ s += " %i %i" % (P,variant)
+ s += " | scyther -a -r%i -m2 --summary %s" % (runs, extraflags)
+
+ ## Old stuff
+ #s += " | scyther -a -r%i --summary" % runs
+
+ # Show what we're doing
+ print s
+
+ #s += " | grep \"complete\""
+ out = commands.getoutput(s)
+ if out == "":
+ #print "Okay"
+ return False
+ else:
+ print out
+ return True
+
+def testvariant(h,v,p,r):
+ if tuplingchoice (h,v,p,r, False):
+ return True
+ else:
+ return tuplingchoice (h,v,p,r, True)
+
+def scan(testlist, P, runs):
+ print "Testing using P %i and %i runs." % (P,runs)
+ for i in testlist:
+ print "Testing protocol %i." % (i)
+ for h in range (0,32):
+ print "Heuristic %i:" % (h)
+ testvariant (h,i,P,runs)
+
+def main():
+ candidates = startset()
+ scan(candidates,3,5)
+
+main()
diff --git a/Vagrant Files/files/scyther/Protocols/multi-NSL/test-variants.py b/Vagrant Files/files/scyther/Protocols/multi-NSL/test-variants.py
new file mode 100644
index 0000000000000000000000000000000000000000..ae00ce71877c9fc71c11fc4fa5ed89756082e99f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/multi-NSL/test-variants.py
@@ -0,0 +1,79 @@
+#!/usr/bin/python
+#
+#
+# Idea:
+#
+# We test all variants [0..31] until we are sure they work. Thus,
+# we slowly refine the tests.
+#
+import commands
+
+def startset():
+ return range(0,32)
+
+ mainlist = [11, 15]
+ print "Starting with", mainlist
+ return mainlist
+
+def tuplingchoice(variant,P,runs,latupling):
+ # variant is in range [0..64>,
+ # where we use the highest bid to signify the
+ # associativity of the tupling.
+
+ extraflags = ""
+ if latupling:
+ extraflags += " --la-tupling"
+
+ s = "./multinsl-generator.py"
+ s += " %i %s" % (P,variant)
+ s += " | scyther -r%i --untyped %s" % (runs, extraflags)
+ #s += " | scyther -a -r%i --summary" % runs
+ #print s
+ s += " | grep \"Fail\""
+ out = commands.getoutput(s)
+ if out == "":
+ #print "Okay"
+ return True
+ else:
+ #print out
+ # Thus, MultiNSL P variant has the first attack for n runs
+ return False
+
+def testvariant(v,p,r):
+ if not tuplingchoice (v,p,r, False):
+ return False
+ else:
+ return tuplingchoice (v,p,r, True)
+
+def removeattacks (testlist, P, runs):
+ okaylist = []
+ for v in testlist:
+ if testvariant (v, P, runs):
+ okaylist.append(v)
+ return okaylist
+
+def scan(testlist, P, runs):
+ print "Testing using P %i and %i runs." % (P,runs)
+ results = removeattacks (testlist, P, runs)
+ if len(results) < len(testlist):
+ attacked = []
+ for i in range(0,len(testlist)):
+ if testlist[i] not in results:
+ attacked.append(testlist[i])
+ print "Using P %i and %i runs, we find attacks on %s" % (P,runs, str(attacked))
+ print "Therefore, we are left with %i candidates: " % (len(results)), results
+
+ return results
+
+def main():
+ candidates = startset()
+ for P in range(3,7):
+ for rundiff in range(0,5):
+ candidates = scan(candidates,P,P+rundiff)
+
+ print
+ print "Good variants:"
+ print candidates
+
+
+main()
diff --git a/Vagrant Files/files/scyther/Protocols/needham-schroeder-lowe.spdl b/Vagrant Files/files/scyther/Protocols/needham-schroeder-lowe.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..fabb522b2a82b61d38acbaba18caef4df68494b2
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/needham-schroeder-lowe.spdl
@@ -0,0 +1,53 @@
+# Lowe's fixed version of Needham Schroeder Public Key
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/nspkLowe.html
+#
+#
+# Note:
+# The modelling in SPORE includes a server to distribute the public keys
+# of the agents, this is not necessary and it allows for attacks against
+# synchronisation and agreement, because the keys that the server sends
+# out can be replayed.
+
+protocol needhamschroederpk-Lowe(I,R,S)
+{
+ role I
+ {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+
+ send_1(I,S, (I,R));
+ recv_2(S,I, {pk(R), R}sk(S));
+ send_3(I,R,{Ni,I}pk(R));
+ recv_6(R,I, {Ni,Nr,R}pk(I));
+ send_7(I,R, {Nr}pk(R));
+ claim_I1(I,Secret,Ni);
+ claim_I2(I,Secret,Nr);
+ claim_I3(I,Nisynch);
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var Ni: Nonce;
+
+ recv_3(I,R,{Ni,I}pk(R));
+ send_4(R,S,(R,I));
+ recv_5(S,R,{pk(I),I}sk(S));
+ send_6(R,I,{Ni,Nr,R}pk(I));
+ recv_7(I,R,{Nr}pk(R));
+ claim_R1(R,Secret,Nr);
+ claim_R2(R,Secret,Ni);
+ claim_R3(R,Nisynch);
+ }
+
+ role S
+ {
+ recv_1(I,S,(I,R));
+ send_2(S,I,{pk(R),R}sk(S));
+ recv_4(R,S,(R,I));
+ send_5(S,R,{pk(I),I}sk(S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/needham-schroeder-sk-amend.spdl b/Vagrant Files/files/scyther/Protocols/needham-schroeder-sk-amend.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..189093d107295d32d8bc177f455d9246d0059bf0
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/needham-schroeder-sk-amend.spdl
@@ -0,0 +1,66 @@
+# Amended Needham Schroeder Symmetric Key
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/nssk_amended.html
+#
+#
+# Note:
+# According to SPORE there are no attacks on this protocol, scyther
+# finds one however. This has to be investigated further.
+
+
+
+# Model dec that is invertible by inc
+const dec,inc: Function;
+inversekeys(dec,inc);
+usertype SessionKey;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol needhamschroedersk-amend(I,R,S)
+{
+ role I
+ {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+ var Kir: SessionKey;
+ var T,T2: Ticket;
+
+ send_1(I,R,I);
+ recv_2(R,I,T);
+ send_3(I,S,(I,R,Ni,T));
+ recv_4(S,I, {Ni,R,Kir,T2}k(I,S));
+ send_5(I,R,T2);
+ recv_6(R,I,{Nr}Kir);
+ send_7(I,R,{{Nr}dec}Kir);
+
+ claim_I2(I,Secret,Kir);
+ claim_I3(I,Nisynch);
+ claim_I4(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var Kir: SessionKey;
+
+ recv_1(I,R,I);
+ send_2(R,I,{I,Nr}k(R,S));
+ recv_5(I,R,{Kir,Nr,I}k(R,S));
+ send_6(R,I,{Nr}Kir);
+ recv_7(I,R,{{Nr}dec}Kir);
+ claim_R1(R,Secret,Nr);
+ claim_R3(R,Nisynch);
+ claim_R4(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ var Ni,Nr: Nonce;
+ fresh Kir: SessionKey;
+ recv_3(I,S,(I,R,Ni,{I,Nr}k(R,S)));
+ send_4(S,I,{Ni,R,Kir,{Kir,Nr,I}k(R,S)}k(I,S));
+ }
+
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/needham-schroeder-sk.spdl b/Vagrant Files/files/scyther/Protocols/needham-schroeder-sk.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..71a7e6c3ca031a129edced11e2ed78a1e78ceb37
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/needham-schroeder-sk.spdl
@@ -0,0 +1,56 @@
+# Needham Schroeder Symmetric Key
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/nssk.html
+#
+#
+
+
+# Model dec that is invertible by inc
+const dec,inc: Function;
+inversekeys(dec,inc);
+usertype SessionKey;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol needhamschroedersk(I,R,S)
+{
+ role I
+ {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+ var Kir: SessionKey;
+ var T: Ticket;
+
+ send_1(I,S,(I,R,Ni));
+ recv_2(S,I, {Ni,R,Kir,T}k(I,S));
+ send_3(I,R,T);
+ recv_4(R,I,{Nr}Kir);
+ send_5(I,R,{{Nr}dec}Kir);
+ claim_I2(I,Secret,Kir);
+ claim_I3(I,Nisynch);
+ claim_I4(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var Kir: SessionKey;
+
+ recv_3(I,R,{Kir,I}k(R,S));
+ send_4(R,I,{Nr}Kir);
+ recv_5(I,R,{{Nr}dec}Kir);
+ claim_R1(R,Secret,Kir);
+ claim_R3(R,Nisynch);
+ claim_R4(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ var Ni: Nonce;
+ fresh Kir: SessionKey;
+ recv_1(I,S,(I,R,Ni));
+ send_2(S,I,{Ni,R,Kir,{Kir,I}k(R,S)}k(I,S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/needham-schroeder.spdl b/Vagrant Files/files/scyther/Protocols/needham-schroeder.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..ea148542a688157e282405a8266e42226da8bf95
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/needham-schroeder.spdl
@@ -0,0 +1,53 @@
+# Needham Schroeder Public Key
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/nspk.html
+#
+#
+# Note:
+# The modelling in SPORE includes a server to distribute the public keys
+# of the agents, this is not necessary and it allows for attacks against
+# synchronisation and agreement, because the keys that the server sends
+# out can be replayed.
+
+protocol needhamschroederpk(I,R,S)
+{
+ role I
+ {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+
+ send_1(I,S,(I,R));
+ recv_2(S,I, {pk(R), R}sk(S));
+ send_3(I,R,{Ni,I}pk(R));
+ recv_6(R,I, {Ni, Nr}pk(I));
+ send_7(I,R, {Nr}pk(R));
+ claim_I1(I,Secret,Ni);
+ claim_I2(I,Secret,Nr);
+ claim_I3(I,Nisynch);
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var Ni: Nonce;
+
+ recv_3(I,R,{Ni,I}pk(R));
+ send_4(R,S,(R,I));
+ recv_5(S,R,{pk(I),I}sk(S));
+ send_6(R,I,{Ni,Nr}pk(I));
+ recv_7(I,R,{Nr}pk(R));
+ claim_R1(R,Secret,Nr);
+ claim_R2(R,Secret,Ni);
+ claim_R3(R,Nisynch);
+ }
+
+ role S
+ {
+ recv_1(I,S,(I,R));
+ send_2(S,I,{pk(R),R}sk(S));
+ recv_4(R,S,(R,I));
+ send_5(S,R,{pk(I),I}sk(S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/neumannstub-guttman-hwang.spdl b/Vagrant Files/files/scyther/Protocols/neumannstub-guttman-hwang.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..bcb48d286b9dd3b8b78a05fb886ab55fdb58e822
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/neumannstub-guttman-hwang.spdl
@@ -0,0 +1,105 @@
+# Neumann Stubblebine
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/neumannStubblebine.html
+#
+# Note:
+# In SPORE this protocol is not described correctly, there are in fact 2
+# different protocols (the key establishment protocol and the repeated
+# authentication protocol)
+
+usertype Server, SessionKey, TimeStamp, TicketKey;
+usertype ExpiredTimeStamp;
+
+const Fresh: Function;
+const Compromised: Function;
+
+protocol neustub-GuttmanHwang^Repeat(I,R,S)
+{
+ fresh Kir: SessionKey;
+
+ role I
+ {
+ fresh Mi: Nonce;
+ var Mr: Nonce;
+ fresh Kir: SessionKey;
+ fresh Tr: TimeStamp;
+
+ send_5(I,R,Mi,{I,Kir,Tr}k(R,S));
+ recv_6(R,I,{Mi,Mr}Kir);
+ send_7(I,R,{I,Mr}Kir);
+ claim_I1(I,Secret, Kir);
+ claim_I2(I,Niagree);
+ claim_I3(I,Nisynch);
+ claim_I4(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ fresh Mr: Nonce;
+ var Tr: TimeStamp;
+ var Kir: SessionKey;
+ var Mi: Nonce;
+
+ recv_5(I,R,Mi,{I,Kir,Tr}k(R,S));
+ send_6(R,I,{Mi,Mr}Kir);
+ recv_7(I,R,{I,Mr}Kir);
+ claim_R1(R,Secret, Kir);
+ claim_R2(R,Niagree);
+ claim_R3(R,Nisynch);
+ claim_R4(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ }
+}
+protocol neustub-GuttmanHwang(I,R,S)
+{
+ role I
+ {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+ var T: Ticket;
+ var Tb: TimeStamp;
+ var Kir: SessionKey;
+
+ send_1(I,R, I, Ni);
+ recv_!3(S,I, { R,Ni,Kir,Tb}k(I,S), T, Nr);
+ send_!4(I,R,T,{Nr}Kir);
+
+ claim_I1(I,Secret, Kir);
+ claim_I2(I,Niagree);
+ claim_I3(I,Nisynch);
+ claim_I4(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ var Ni,Mi: Nonce;
+ fresh Nr,Mr: Nonce;
+ var Kir: SessionKey;
+ fresh Tb: TimeStamp;
+ var T: Ticket;
+
+ recv_1(I,R, I, Ni);
+ send_!2(R,S, R, {I, Ni, Tb ,Nr}k(R,S));
+ recv_!4(I,R,{I,Kir,Tb}k(R,S),{Nr}Kir);
+
+ claim_R1(R,Secret, Kir);
+ claim_R2(R,Niagree);
+ claim_R3(R,Nisynch);
+ claim_R4(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ var Ni, Nr: Nonce;
+ fresh Kir: SessionKey;
+ var Tb: TimeStamp;
+
+ recv_!2(R,S, R, {I,Ni,Tb,Nr}k(R,S));
+ send_!3(S,I, { R, Ni, Kir, Tb}k(I,S), { I,Kir,Tb}k(R,S),Nr );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/neumannstub-guttman.spdl b/Vagrant Files/files/scyther/Protocols/neumannstub-guttman.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..09e7f6ee57f096735383dfb9247b210d68cb444c
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/neumannstub-guttman.spdl
@@ -0,0 +1,105 @@
+# Neumann Stubblebine
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/neumannStubblebine.html
+#
+# Note:
+# In SPORE this protocol is not described correctly, there are in fact 2
+# different protocols (the key establishment protocol and the repeated
+# authentication protocol)
+
+usertype Server, SessionKey, TimeStamp, TicketKey;
+usertype ExpiredTimeStamp;
+
+const Fresh: Function;
+const Compromised: Function;
+
+protocol neustub^Repeat(I,R,S)
+{
+ fresh Kir: SessionKey;
+
+ role I
+ {
+ fresh Mi: Nonce;
+ var Mr: Nonce;
+ fresh Kir: SessionKey;
+ fresh Tr: TimeStamp;
+
+ send_5(I,R,Mi,{I,Kir,Tr}k(R,S));
+ recv_6(R,I,{Mi,Mr}Kir);
+ send_7(I,R,{I,Mr}Kir);
+ claim_I1(I,Secret, Kir);
+ claim_I2(I,Niagree);
+ claim_I3(I,Nisynch);
+ claim_I4(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ fresh Mr: Nonce;
+ var Tr: TimeStamp;
+ var Kir: SessionKey;
+ var Mi: Nonce;
+
+ recv_5(I,R,Mi,{I,Kir,Tr}k(R,S));
+ send_6(R,I,{Mi,Mr}Kir);
+ recv_7(I,R,{I,Mr}Kir);
+ claim_R1(R,Secret, Kir);
+ claim_R2(R,Niagree);
+ claim_R3(R,Nisynch);
+ claim_R4(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ }
+}
+protocol neustub(I,R,S)
+{
+ role I
+ {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+ var T: Ticket;
+ var Tb: TimeStamp;
+ var Kir: SessionKey;
+
+ send_1(I,R, I, Ni);
+ recv_!3(S,I, { R,Ni,Kir,Tb}k(I,S), T, Nr);
+ send_4(I,R,T,{Nr}Kir);
+
+ claim_I1(I,Secret, Kir);
+ claim_I2(I,Niagree);
+ claim_I3(I,Nisynch);
+ claim_I4(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ var Ni,Mi: Nonce;
+ fresh Nr,Mr: Nonce;
+ var Kir: SessionKey;
+ fresh Tb: TimeStamp;
+ var T: Ticket;
+
+ recv_1(I,R, I, Ni);
+ send_!2(R,S, R, {I, Ni, Tb}k(R,S),Nr);
+ recv_4(I,R,{I,Kir,Tb}k(R,S),{Nr}Kir);
+
+ claim_R1(R,Secret, Kir);
+ claim_R2(R,Niagree);
+ claim_R3(R,Nisynch);
+ claim_R4(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ var Ni, Nr: Nonce;
+ fresh Kir: SessionKey;
+ var Tb: TimeStamp;
+
+ recv_!2(R,S, R, {I,Ni,Tb}k(R,S), Nr);
+ send_!3(S,I, { R, Ni, Kir, Tb}k(I,S), { I,Kir,Tb}k(R,S),Nr );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/neumannstub-hwang.spdl b/Vagrant Files/files/scyther/Protocols/neumannstub-hwang.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..1546b405b39ecc2a147cdca5563c9eb30faeb945
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/neumannstub-hwang.spdl
@@ -0,0 +1,71 @@
+# Hwang modified Neumann Stubblebine
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/neumannStubblebineHwang.html
+#
+# Note:
+# According to SPORE there are no attacks on this protocol, scyther
+# finds one however. This has to be investigated further.
+
+
+usertype Server, SessionKey, TimeStamp, TicketKey;
+usertype ExpiredTimeStamp;
+
+const Fresh: Function;
+const Compromised: Function;
+
+protocol neustub-Hwang(I,R,S)
+{
+ role I
+ {
+ fresh Ni,Mi: Nonce;
+ var Nr,Mr: Nonce;
+ var T: Ticket;
+ var Tb: TimeStamp;
+ var Kir: SessionKey;
+
+ send_1(I,R, I, Ni);
+ recv_!3(S,I, { R,Ni,Kir,Tb}k(I,S), T, Nr);
+ send_4(I,R,T,{Nr}Kir);
+ send_5(I,R,Mi,T);
+ recv_6(R,I,Mr,{Mi}Kir);
+ send_7(I,R,{Mr}Kir);
+
+ claim_I1(I,Secret, Kir);
+ claim_I2(I,Niagree);
+ claim_I3(I,Nisynch);
+ claim_I4(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ var Ni,Mi: Nonce;
+ fresh Nr,Mr: Nonce;
+ var Kir: SessionKey;
+ fresh Tb: TimeStamp;
+ var T: Ticket;
+
+ recv_1(I,R, I, Ni);
+ send_!2(R,S, R, {I, Ni, Tb, Nr}k(R,S));
+ recv_4(I,R,{I,Kir,Tb}k(R,S),{Nr}Kir);
+ recv_5(I,R,Mi,T);
+ send_6(R,I,Mr,{Mi}Kir);
+ recv_7(I,R,{Mr}Kir);
+
+ claim_R1(R,Secret, Kir);
+ claim_R2(R,Niagree);
+ claim_R3(R,Nisynch);
+ claim_R4(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ var Ni, Nr: Nonce;
+ fresh Kir: SessionKey;
+ var Tb: TimeStamp;
+
+ recv_!2(R,S, R, {I,Ni,Tb,Nr}k(R,S));
+ send_!3(S,I, { R, Ni, Kir, Tb}k(I,S), { I,Kir,Tb}k(R,S),Nr );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/neumannstub-keycompromise.spdl b/Vagrant Files/files/scyther/Protocols/neumannstub-keycompromise.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..d8031504dcd56311f1dd9e10ecce824fd0a3b41f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/neumannstub-keycompromise.spdl
@@ -0,0 +1,105 @@
+# Neumann Stubblebine
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/neumannStubblebine.html
+#
+# Note:
+# In SPORE this protocol is not described correctly, there are in fact 2
+# different protocols (the key establishment protocol and the repeated
+# authentication protocol)
+
+usertype Server, SessionKey, TimeStamp, TicketKey;
+usertype ExpiredTimeStamp;
+
+const Fresh: Function;
+const Compromised: Function;
+
+protocol neustub^Repeat(I,R,S)
+{
+ fresh Kir: SessionKey;
+
+ role I
+ {
+ fresh Mi: Nonce;
+ var Mr: Nonce;
+ fresh Kir: SessionKey;
+ fresh Tr: TimeStamp;
+
+ send_5(I,R,Mi,{I,Kir,Tr}k(R,S));
+ recv_6(R,I,Mr,{Mi}Kir);
+ send_7(I,R,{Mr}Kir);
+ claim_I1(I,Secret, Kir);
+ claim_I2(I,Niagree);
+ claim_I3(I,Nisynch);
+ claim_I4(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ fresh Mr: Nonce;
+ var Tr: TimeStamp;
+ var Kir: SessionKey;
+ var Mi: Nonce;
+
+ recv_5(I,R,Mi,{I,Kir,Tr}k(R,S));
+ send_6(R,I,Mr,{Mi}Kir);
+ recv_7(I,R,{Mr}Kir);
+ claim_R1(R,Secret, Kir);
+ claim_R2(R,Niagree);
+ claim_R3(R,Nisynch);
+ claim_R4(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ }
+}
+protocol neustub(I,R,S)
+{
+ role I
+ {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+ var T: Ticket;
+ var Tb: TimeStamp;
+ var Kir: SessionKey;
+
+ send_1(I,R, I, Ni);
+ recv_3(S,I, { R,Ni,Kir,Tb}k(I,S), T, Nr);
+ send_4(I,R,T,{Nr}Kir);
+
+ claim_I1(I,Secret, Kir);
+ claim_I2(I,Niagree);
+ claim_I3(I,Nisynch);
+ claim_I4(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ var Ni,Mi: Nonce;
+ fresh Nr,Mr: Nonce;
+ var Kir: SessionKey;
+ fresh Tb: TimeStamp;
+ var T: Ticket;
+
+ recv_1(I,R, I, Ni);
+ send_2(R,S, R, {I, Ni, Tb}k(R,S),Nr);
+ recv_4(I,R,{I,Kir,Tb}k(R,S),{Nr}Kir);
+
+ claim_R1(R,Secret, Kir);
+ claim_R2(R,Niagree);
+ claim_R3(R,Nisynch);
+ claim_R4(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ var Ni, Nr: Nonce;
+ fresh Kir: SessionKey;
+ var Tb: TimeStamp;
+
+ recv_2(R,S, R, {I,Ni,Tb}k(R,S), Nr);
+ send_3(S,I, { R, Ni, Kir, Tb}k(I,S), { I,Kir,Tb}k(R,S),Nr );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/neumannstub.spdl b/Vagrant Files/files/scyther/Protocols/neumannstub.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..d1d0ee1fd2b52cf8a9ff91365aa54ea747b8d98e
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/neumannstub.spdl
@@ -0,0 +1,98 @@
+# Neumann Stubblebine
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/neumannStubblebine.html
+#
+# Note:
+# In SPORE this protocol is not described correctly, there are in fact 2
+# different protocols (the key establishment protocol and the repeated
+# authentication protocol)
+
+usertype Server, SessionKey, TimeStamp, TicketKey;
+usertype ExpiredTimeStamp;
+
+protocol neustub^Repeat(I,R,S)
+{
+ fresh Kir: SessionKey;
+
+ role I
+ {
+ fresh Mi: Nonce;
+ var Mr: Nonce;
+ fresh Kir: SessionKey;
+ fresh Tr: TimeStamp;
+
+ send_5(I,R,Mi,{I,Kir,Tr}k(R,S));
+ recv_6(R,I,Mr,{Mi}Kir);
+ send_7(I,R,{Mr}Kir);
+ claim_I1(I,Secret, Kir);
+ claim_I2(I,Niagree);
+ claim_I3(I,Nisynch);
+ }
+
+ role R
+ {
+ fresh Mr: Nonce;
+ var Tr: TimeStamp;
+ var Kir: SessionKey;
+ var Mi: Nonce;
+
+ recv_5(I,R,Mi,{I,Kir,Tr}k(R,S));
+ send_6(R,I,Mr,{Mi}Kir);
+ recv_7(I,R,{Mr}Kir);
+ claim_R1(R,Secret, Kir);
+ claim_R2(R,Niagree);
+ claim_R3(R,Nisynch);
+ }
+
+ role S
+ {
+ }
+}
+protocol neustub(I,R,S)
+{
+ role I
+ {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+ var T: Ticket;
+ var Tb: TimeStamp;
+ var Kir: SessionKey;
+
+ send_1(I,R, I, Ni);
+ recv_!3(S,I, { R,Ni,Kir,Tb}k(I,S), T, Nr);
+ send_4(I,R,T,{Nr}Kir);
+
+ claim_I1(I,Secret, Kir);
+ claim_I2(I,Niagree);
+ claim_I3(I,Nisynch);
+ }
+
+ role R
+ {
+ var Ni,Mi: Nonce;
+ fresh Nr,Mr: Nonce;
+ var Kir: SessionKey;
+ fresh Tb: TimeStamp;
+ var T: Ticket;
+
+ recv_1(I,R, I, Ni);
+ send_!2(R,S, R, {I, Ni, Tb}k(R,S),Nr);
+ recv_4(I,R,{I,Kir,Tb}k(R,S),{Nr}Kir);
+
+ claim_R1(R,Secret, Kir);
+ claim_R2(R,Niagree);
+ claim_R3(R,Nisynch);
+ }
+
+ role S
+ {
+ var Ni, Nr: Nonce;
+ fresh Kir: SessionKey;
+ var Tb: TimeStamp;
+
+ recv_!2(R,S, R, {I,Ni,Tb}k(R,S), Nr);
+ send_!3(S,I, { R, Ni, Kir, Tb}k(I,S), { I,Kir,Tb}k(R,S),Nr );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/otwayrees.spdl b/Vagrant Files/files/scyther/Protocols/otwayrees.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..bed12addbb962630e674c20705162c706183767c
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/otwayrees.spdl
@@ -0,0 +1,56 @@
+# Otway Rees
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/otwayRees.html
+#
+
+
+const Fresh: Function;
+const Compromised: Function;
+
+usertype String,SessionKey;
+
+protocol otwayrees(I,R,S)
+{
+ role I
+ {
+ fresh Ni : Nonce;
+ fresh M : String;
+ var Kir : SessionKey;
+
+ send_1(I,R, M,I,R,{Ni,M,I,R}k(I,S) );
+ recv_4(R,I, M,{Ni,Kir}k(I,S) );
+
+ claim_I1(I, Secret,Kir);
+ claim_I2(I, Nisynch);
+ claim_I3(I, Empty, (Fresh,Kir));
+ }
+
+ role R
+ {
+ var M : String;
+ fresh Nr : Nonce;
+ var Kir : SessionKey;
+ var T1,T2: Ticket;
+
+ recv_1(I,R, M,I,R, T1 );
+ send_2(R,S, M,I,R, T1, { Nr,M,I,R }k(R,S) );
+ recv_3(S,R, M, T2, { Nr,Kir }k(R,S) );
+ send_4(R,I, M, T2 );
+
+ claim_R1(R, Secret,Kir);
+ claim_R2(R, Nisynch);
+ claim_R3(R, Empty, (Fresh,Kir));
+ }
+
+ role S
+ {
+ var Ni,Nr : Nonce;
+ var M : String;
+ fresh Kir : SessionKey;
+
+ recv_2(R,S, M,I,R, { Ni,M,I,R}k(I,S), { Nr,M,I,R }k(R,S) );
+ send_3(S,R, M, { Ni,Kir }k(I,S) , { Nr,Kir }k(R,S) );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/smartright.spdl b/Vagrant Files/files/scyther/Protocols/smartright.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..e3a97192f22f84e745ec1f9c3106e47f591a3244
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/smartright.spdl
@@ -0,0 +1,46 @@
+# SmartRight view-only
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/smartright_viewonly.html
+#
+# Note:
+# According to SPORE there are no known attacks on this protocol
+#
+# Note:
+# Scyther finds an attack because the value of VoR in te last message can
+# be replaced with an arbitrary value
+
+hashfunction hash;
+usertype SessionKey;
+usertype XorKey;
+const Vor: XorKey;
+
+protocol smartright(I,R)
+{
+ role I
+ {
+ fresh VoKey: SessionKey;
+ fresh VoR: XorKey;
+ fresh CW;
+ var VoRi: Nonce;
+
+ send_1(I,R, {VoKey,{CW}VoR}k(I,R));
+ recv_2(R,I, VoRi);
+ send_3(I,R, VoR, {{VoRi}hash}VoKey);
+ }
+
+ role R
+ {
+ var T: Ticket;
+ var VoR: XorKey;
+ var VoKey: SessionKey;
+ fresh VoRi: Nonce;
+
+ recv_1(I,R, {VoKey,T}k(I,R));
+ send_2(R,I, VoRi);
+ recv_3(I,R, VoR,{{VoRi}hash}VoKey);
+
+ claim_R1(R,Nisynch);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/splice-as-cj.spdl b/Vagrant Files/files/scyther/Protocols/splice-as-cj.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..b393294a0e2524970c0bd0be27db7a38404ce592
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/splice-as-cj.spdl
@@ -0,0 +1,66 @@
+# Clark and Jacob modified Hwang and Chen modified SPLICE/AS
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/spliceas3.html
+#
+# Note:
+# The assumptions made here do not comply with those in SPORE
+# SPORE assumes that the agents do not know the pk function, but only
+# their own public key values.
+# This can currently not be modelled.
+
+
+usertype TimeStamp, LifeTime;
+
+const inc,dec: Function;
+inversekeys (inc,dec);
+
+protocol spliceAS-CJ(I,R,S)
+{
+ role I
+ {
+ fresh N1,N2: Nonce;
+ fresh T: TimeStamp;
+ fresh L: LifeTime;
+
+ send_1(I,S, I, R, N1 );
+ recv_2(S,I, S, {S, I, N1, R, pk(R)}sk(S) );
+ send_3(I,R, I, R, {T, L, {I, N2}pk(R)}sk(I) );
+ recv_6(R,I, R, I, {{N2}inc}pk(I) );
+
+ claim_7(I, Secret, N2);
+ claim_9(I, Niagree);
+ claim_10(I, Nisynch);
+ }
+
+ role S
+ {
+ var N1,N3: Nonce;
+
+ recv_1(I,S, I, R, N1 );
+ send_2(S,I, S, {S, I, N1, R, pk(R)}sk(S) );
+ recv_4(R,S, R, I, N3 );
+ send_5(S,R, S, {S, R, N3, pk(I)}sk(S) );
+ }
+
+ role R
+ {
+ fresh N3: Nonce;
+ var N2: Nonce;
+ var T: TimeStamp;
+ var L: LifeTime;
+
+ var ni: Nonce;
+ fresh nr: Nonce;
+
+ recv_3(I,R, I, R, {T, L, {I, N2}pk(R)}sk(I) );
+ send_4(R,S, R, I, N3 );
+ recv_5(S,R, S, {S, R, N3, pk(I)}sk(S) );
+ send_6(R,I, R, I, {{N2}inc}pk(I) );
+
+ claim_8(R, Secret, N2);
+ claim_11(R, Niagree);
+ claim_12(R, Nisynch);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/splice-as-hc.spdl b/Vagrant Files/files/scyther/Protocols/splice-as-hc.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..2f975ad29dad1faaa6150ad4e56dfc83b9c20fb5
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/splice-as-hc.spdl
@@ -0,0 +1,61 @@
+# Hwang and Chen Modified SPLICE/AS
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/spliceas2.html
+#
+
+
+usertype TimeStamp, LifeTime;
+
+const inc,dec: Function;
+inversekeys (inc,dec);
+
+protocol spliceAS-HC(I,R,S)
+{
+ role I
+ {
+ fresh N1,N2: Nonce;
+ fresh T: TimeStamp;
+ fresh L: LifeTime;
+
+ send_1(I,S, I, R, N1 );
+ recv_2(S,I, S, {S, I, N1, R, pk(R)}sk(S) );
+ send_3(I,R, I, R, {I, T, L, {N2}pk(R)}sk(I) );
+ recv_6(R,I, R, I, {R, {N2}inc}pk(I) );
+
+ claim_7(I, Secret, N2);
+ claim_9(I, Niagree);
+ claim_10(I, Nisynch);
+ }
+
+ role S
+ {
+ var N1,N3: Nonce;
+
+ recv_1(I,S, I, R, N1 );
+ send_2(S,I, S, {S, I, N1, R, pk(R)}sk(S) );
+ recv_4(R,S, R, I, N3 );
+ send_5(S,R, S, {S, R, N3, I, pk(I)}sk(S) );
+ }
+
+ role R
+ {
+ fresh N3: Nonce;
+ var N2: Nonce;
+ var T: TimeStamp;
+ var L: LifeTime;
+
+ var ni: Nonce;
+ fresh nr: Nonce;
+
+ recv_3(I,R, I, R, {I, T, L, {N2}pk(R)}sk(I) );
+ send_4(R,S, R, I, N3 );
+ recv_5(S,R, S, {S, R, N3, I, pk(I)}sk(S) );
+ send_6(R,I, R, I, {R, {N2}inc}pk(I) );
+
+ claim_8(R, Secret, N2);
+ claim_11(R, Niagree);
+ claim_12(R, Nisynch);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/splice-as.spdl b/Vagrant Files/files/scyther/Protocols/splice-as.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..b1d8e181dee03a611e57770eae47e84b0d9238f3
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/splice-as.spdl
@@ -0,0 +1,66 @@
+# SPLICE/AS
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/spliceas.html
+#
+# Note:
+# The assumptions made here do not comply with those in SPORE
+# SPORE assumes that the agents do not know the pk function, but only
+# their own public key values.
+# This can currently not be modelled.
+
+
+usertype TimeStamp, LifeTime;
+
+const inc,dec: Function;
+inversekeys (inc,dec);
+
+protocol spliceAS(I,R,S)
+{
+ role I
+ {
+ fresh N1,N2: Nonce;
+ fresh T: TimeStamp;
+ fresh L: LifeTime;
+
+ send_1(I,S, I, R, N1 );
+ recv_2(S,I, S, {S, I, N1, pk(R)}sk(S) );
+ send_3(I,R, I, R, {I, T, L, {N2}pk(R)}sk(I) );
+ recv_6(R,I, R, I, {R, {N2}inc}pk(I) );
+
+ claim_7(I, Secret, N2);
+ claim_9(I, Niagree);
+ claim_10(I, Nisynch);
+ }
+
+ role S
+ {
+ var N1,N3: Nonce;
+
+ recv_1(I,S, I, R, N1 );
+ send_2(S,I, S, {S, I, N1, pk(R)}sk(S) );
+ recv_4(R,S, R, I, N3 );
+ send_5(S,R, S, {S, R, N3, pk(I)}sk(S) );
+ }
+
+ role R
+ {
+ fresh N3: Nonce;
+ var N2: Nonce;
+ var T: TimeStamp;
+ var L: LifeTime;
+
+ var ni: Nonce;
+ fresh nr: Nonce;
+
+ recv_3(I,R, I, R, {I, T, L, {N2}pk(R)}sk(I) );
+ send_4(R,S, R, I, N3 );
+ recv_5(S,R, S, {S, R, N3, pk(I)}sk(S) );
+ send_6(R,I, R, I, {R, {N2}inc}pk(I) );
+
+ claim_8(R, Secret, N2);
+ claim_11(R, Niagree);
+ claim_12(R, Nisynch);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/tmn.spdl b/Vagrant Files/files/scyther/Protocols/tmn.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..c6fb55fecbe88e8ce642f86260ee5bceca08b443
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/tmn.spdl
@@ -0,0 +1,51 @@
+# TMN
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/tmn.html
+#
+# Note:
+# According to Boyd and Mathuria Kb is the session key this is not clear
+# from the description in SPORE
+usertype SessionKey;
+
+const Fresh: Function;
+const Compromised: Function;
+
+protocol tmn(I,R,S)
+{
+ role I
+ {
+ fresh Ki: SessionKey;
+ var Kr: SessionKey;
+
+ send_1(I,S, R,{Ki}pk(S) );
+ recv_4(S,I, R,{Kr}Ki );
+
+ claim_I1(I,Secret,Kr);
+ claim_I2(I,Nisynch);
+ claim_I3(I,Empty,(Fresh,Kr));
+ }
+
+ role R
+ {
+ fresh Kr: SessionKey;
+
+ recv_2(S,R, I );
+ send_3(R,S, I, { Kr }pk(S) );
+
+ claim_R1(R,Secret,Kr);
+ claim_R2(R,Nisynch);
+ claim_R3(R,Empty,(Fresh,Kr));
+ }
+
+ role S
+ {
+ var Ki,Kr: SessionKey;
+
+ recv_1(I,S, R,{Ki}pk(S) );
+ send_2(S,R, I );
+ recv_3(R,S, I, { Kr }pk(S) );
+ send_4(S,I, R,{Kr}Ki );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/wmf-lowe.spdl b/Vagrant Files/files/scyther/Protocols/wmf-lowe.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..86b34e314d8042531df77a01926f8a38f3739d31
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/wmf-lowe.spdl
@@ -0,0 +1,63 @@
+# Lowe modified Wide Mouthed Frog
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/wideMouthedFrogLowe.html
+#
+# Note:
+# According to SPORE there are no known attacks on this protocol, scyther
+# finds one however this has to do with the unusual assumption that every
+# agent can recognise and will reject to messages that it has created
+# itself.
+
+usertype SessionKey;
+usertype TimeStamp;
+usertype ExpiredTimeStamp;
+const succ,pred: Function;
+inversekeys (succ,pred);
+const Fresh: Function;
+const Compromised: Function;
+
+protocol wmf-Lowe(I,R,S)
+{
+ role I
+ {
+ fresh Kir: SessionKey;
+ fresh Ti: TimeStamp;
+ var Kr: SessionKey;
+ var Nr: Nonce;
+
+ send_1(I,S, I, {Ti, R, Kir}k(I,S));
+ recv_3(R,I,{Nr}Kir);
+ send_4(I,R,{{Nr}succ}Kir);
+
+ claim_I1(I,Secret,Kir);
+ claim_I2(I,Nisynch);
+ claim_I3(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ var Ts: TimeStamp;
+ var Kir: SessionKey;
+ fresh Nr: Nonce;
+
+ recv_2(S,R, {Ts, I, Kir}k(R,S) );
+ send_3(R,I, {Nr}Kir);
+ recv_4(I,R, {{Nr}succ}Kir);
+
+ claim_R1(R,Secret,Kir);
+ claim_R2(R,Nisynch);
+ claim_R3(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ var Kir: SessionKey;
+ fresh Ts: TimeStamp;
+ var Ti: TimeStamp;
+
+ recv_1(I,S, I,{Ti, R, Kir}k(I,S) );
+ send_2(S,R, {Ts, I, Kir}k(R,S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/wmf.spdl b/Vagrant Files/files/scyther/Protocols/wmf.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..758843ad8db42af3b4250060d47b14d88444938f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/wmf.spdl
@@ -0,0 +1,54 @@
+# Wide Mouthed Frog
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/wideMouthedFrog.html
+#
+# Note
+# The name of the party that has generated a message was added in order
+# to model the property described in SPORE that an agent can identify
+# its own messages and will reject them.
+
+usertype SessionKey;
+usertype TimeStamp;
+usertype ExpiredTimeStamp;
+
+const Fresh: Function;
+const Compromised: Function;
+
+protocol wmf(I,R,S)
+{
+ role I
+ {
+ fresh Kir: SessionKey;
+ fresh Ti: TimeStamp;
+ var Kr: SessionKey;
+
+ send_1(I,S, I, {I, Ti, R, Kir}k(I,S));
+
+ claim_I1(I,Secret,Kir);
+ claim_I2(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ var Ts: TimeStamp;
+ var Kir: SessionKey;
+
+ recv_2(S,R, {S, Ts, I, Kir}k(R,S) );
+
+ claim_R1(R,Secret,Kir);
+ claim_R2(R,Nisynch);
+ claim_R3(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ var Kir: SessionKey;
+ fresh Ts: TimeStamp;
+ var Ti: TimeStamp;
+
+ recv_1(I,S, I,{I, Ti, R, Kir}k(I,S) );
+ send_2(S,R, {S, Ts, I, Kir}k(R,S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/woo-lam-pi-1.spdl b/Vagrant Files/files/scyther/Protocols/woo-lam-pi-1.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..7e4e09dc56a0317935e27247354bacd062a41d78
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/woo-lam-pi-1.spdl
@@ -0,0 +1,41 @@
+# Woo and Lam Pi 1
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/wooLamPi1.html
+#
+
+protocol woolamPi-1(I,R,S)
+{
+ role I
+ {
+ var Nr: Nonce;
+
+ send_1(I,R, I);
+ recv_2(R,I, Nr);
+ send_3(I,R, {I,R,Nr}k(I,S));
+
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var T: Ticket;
+
+ recv_1(I,R, I);
+ send_2(R,I, Nr);
+ recv_3(I,R, T);
+ send_4(R,S, {I,R, T}k(R,S));
+ recv_5(S,R, {I,R, Nr}k(R,S));
+
+ claim_R1(R,Nisynch);
+ }
+
+ role S
+ {
+ var Nr: Nonce;
+
+ recv_4(R,S, {I,R, {I,R,Nr}k(I,S)}k(R,S));
+ send_5(S,R, {I,R,Nr}k(R,S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/woo-lam-pi-2.spdl b/Vagrant Files/files/scyther/Protocols/woo-lam-pi-2.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..5d767d614d01b5755e0b81f4d2eade5f6cb3e776
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/woo-lam-pi-2.spdl
@@ -0,0 +1,41 @@
+# Woo and Lam Pi 2
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/wooLamPi2.html
+#
+
+protocol woolamPi-2(I,R,S)
+{
+ role I
+ {
+ var Nr: Nonce;
+
+ send_1(I,R, I);
+ recv_2(R,I, Nr);
+ send_3(I,R, {I,Nr}k(I,S));
+
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var T: Ticket;
+
+ recv_1(I,R, I);
+ send_2(R,I, Nr);
+ recv_3(I,R, T);
+ send_4(R,S, {I, T}k(R,S));
+ recv_5(S,R, {I, Nr}k(R,S));
+
+ claim_R1(R,Nisynch);
+ }
+
+ role S
+ {
+ var Nr: Nonce;
+
+ recv_4(R,S, {I, {I,Nr}k(I,S)}k(R,S));
+ send_5(S,R, {I,Nr}k(R,S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/woo-lam-pi-3.spdl b/Vagrant Files/files/scyther/Protocols/woo-lam-pi-3.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..1db544e1b58b303e4c51014525bef6096465416a
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/woo-lam-pi-3.spdl
@@ -0,0 +1,41 @@
+# Woo and Lam Pi 2
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/wooLamPi3.html
+#
+
+protocol woolamPi-3(I,R,S)
+{
+ role I
+ {
+ var Nr: Nonce;
+
+ send_1(I,R, I);
+ recv_2(R,I, Nr);
+ send_3(I,R, {Nr}k(I,S));
+
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var T: Ticket;
+
+ recv_1(I,R, I);
+ send_2(R,I, Nr);
+ recv_3(I,R, T);
+ send_4(R,S, {I, T}k(R,S));
+ recv_5(S,R, {I, Nr}k(R,S));
+
+ claim_R1(R,Nisynch);
+ }
+
+ role S
+ {
+ var Nr: Nonce;
+
+ recv_4(R,S, {I, {Nr}k(I,S)}k(R,S));
+ send_5(S,R, {I,Nr}k(R,S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/woo-lam-pi-f.spdl b/Vagrant Files/files/scyther/Protocols/woo-lam-pi-f.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..22f028c0e8edc3654b2f162471de803271f53228
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/woo-lam-pi-f.spdl
@@ -0,0 +1,41 @@
+# Woo and Lam Pi f
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/wooLamPif.html
+#
+
+protocol woolamPi-f(I,R,S)
+{
+ role I
+ {
+ var Nr: Nonce;
+
+ send_1(I,R, I);
+ recv_2(R,I, Nr);
+ send_3(I,R, {I,R,Nr}k(I,S));
+
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var T: Ticket;
+
+ recv_1(I,R, I);
+ send_2(R,I, Nr);
+ recv_3(I,R, T);
+ send_4(R,S, {I, R, Nr, T}k(R,S));
+ recv_5(S,R, {I, R, Nr}k(R,S));
+
+ claim_R1(R,Nisynch);
+ }
+
+ role S
+ {
+ var Nr: Nonce;
+
+ recv_4(R,S, {I, R, Nr,{I,R,Nr}k(I,S)}k(R,S));
+ send_5(S,R, {I, R, Nr}k(R,S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/woo-lam-pi.spdl b/Vagrant Files/files/scyther/Protocols/woo-lam-pi.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..0c01c27968bc9d7d61f7ba99f48893a2e136b640
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/woo-lam-pi.spdl
@@ -0,0 +1,45 @@
+# Woo and Lam Pi
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/wooLamPi.html
+#
+# Note:
+# Scyther finds an attack that appears to be legit, but is not present in
+# SPORE.
+#
+
+protocol woolamPi(I,R,S)
+{
+ role I
+ {
+ var Nr: Nonce;
+
+ send_1(I,R, I);
+ recv_2(R,I, Nr);
+ send_3(I,R, {Nr}k(I,S));
+
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var T: Ticket;
+
+ recv_1(I,R, I);
+ send_2(R,I, Nr);
+ recv_3(I,R, T);
+ send_4(R,S, {I, T}k(R,S));
+ recv_5(S,R, {Nr}k(R,S));
+
+ claim_R1(R,Nisynch);
+ }
+
+ role S
+ {
+ var Nr: Nonce;
+
+ recv_4(R,S, {I,{Nr}k(I,S)}k(R,S));
+ send_5(S,R, {Nr}k(R,S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/woo-lam.spdl b/Vagrant Files/files/scyther/Protocols/woo-lam.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..7e28057801d960a6e5dee165249df7a1b2320362
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/woo-lam.spdl
@@ -0,0 +1,64 @@
+# Woo and Lam Mutual Authentication
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/wooLamMutual.html
+#
+
+
+usertype SessionKey;
+
+const Fresh: Function;
+const Compromised: Function;
+
+protocol woolam(I,R,S)
+{
+ role I
+ {
+ fresh N1: Nonce;
+ var Kir: SessionKey;
+ var N2: Nonce;
+
+ send_1(I,R, I, N1);
+ recv_2(R,I, R, N2);
+ send_3(I,R, {I, R, N1, N2}k(I,S));
+ recv_6(R,I, {R, N1, N2, Kir}k(I,S), {N1,N2}Kir);
+ send_7(I,R, {N2}Kir);
+
+
+ claim_I1(I,Secret,Kir);
+ claim_I2(I,Nisynch);
+ claim_I3(I,Empty,(Fresh,Kir));
+ }
+
+ role R
+ {
+ fresh N2: Nonce;
+ var N1: Nonce;
+ var Kir: SessionKey;
+ var T1,T2: Ticket;
+
+ recv_1(I,R, I, N1);
+ send_2(R,I, R, N2);
+ recv_3(I,R, T1);
+ send_4(R,S, T1, {I, R, N1, N2}k(R,S));
+ recv_5(S,R, T2, {I, N1, N2, Kir}k(R,S));
+ send_6(R,I, T2, {N1,N2}Kir);
+ recv_7(I,R, {N2}Kir);
+
+ claim_R1(R,Secret,Kir);
+ claim_R2(R,Nisynch);
+ claim_R3(R,Empty,(Fresh,Kir));
+ }
+
+ role S
+ {
+ fresh Kir: SessionKey;
+ var N1,N2: Nonce;
+
+ recv_4(R,S, {I, R, N1, N2}k(I,S), {I, R, N1, N2}k(R,S));
+ send_5(S,R, {R, N1, N2, Kir}k(I,S), {I, N1, N2, Kir}k(R,S));
+ }
+}
+
+
+
diff --git a/Vagrant Files/files/scyther/Protocols/yahalom-ban.spdl b/Vagrant Files/files/scyther/Protocols/yahalom-ban.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..b865362c98d2a908d1f05e32a228bbb81daf7069
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/yahalom-ban.spdl
@@ -0,0 +1,54 @@
+# BAN simplified version of Yahalom
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/yahalomBAN.html
+#
+
+usertype SessionKey;
+const Fresh: Function;
+const Compromised: Function;
+
+protocol yahalom-BAN(I,R,S)
+{
+ role I
+ {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+ var T: Ticket;
+ var Kir: SessionKey;
+
+ send_1(I,R, I,Ni);
+ recv_3(S,I, Nr, {R,Kir,Ni}k(I,S), T );
+ send_4(I,R, T, {Nr}Kir );
+
+ claim_I1(I, Secret,Kir);
+ claim_I2(I, Nisynch);
+ claim_I3(I, Empty, (Fresh,Kir));
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var Ni: Nonce;
+ var T: Ticket;
+ var Kir: SessionKey;
+
+ recv_1(I,R, I,Ni);
+ send_2(R,S, R, Nr, {I,Ni}k(R,S) );
+ recv_4(I,R, {I,Kir,Nr}k(R,S) , {Nr}Kir );
+
+ claim_R1(R, Secret,Kir);
+ claim_R2(R, Nisynch);
+ claim_R3(R, Empty, (Fresh,Kir));
+ }
+
+ role S
+ {
+ fresh Kir: SessionKey;
+ var Ni,Nr: Nonce;
+
+ recv_2(R,S, R, Nr, {I,Ni}k(R,S) );
+ send_3(S,I, Nr, {R,Kir,Ni}k(I,S), {I,Kir,Nr}k(R,S) );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/yahalom-lowe.spdl b/Vagrant Files/files/scyther/Protocols/yahalom-lowe.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..308a62abe081f271e859b6d8618f2084c685557d
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/yahalom-lowe.spdl
@@ -0,0 +1,52 @@
+# Lowe's modified version of Yahalom
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/yahalomLowe.html
+#
+#
+
+usertype SessionKey;
+
+
+protocol yahalom-Lowe(I,R,S)
+{
+ role I
+ {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+ var Kir: SessionKey;
+
+ send_1(I,R, I,Ni);
+ recv_3(S,I, {R,Kir,Ni,Nr}k(I,S) );
+ send_5(I,R, {I, R, S, Nr}Kir );
+
+ claim_I1(I, Secret,Kir);
+ claim_I2(I, Nisynch);
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var Ni: Nonce;
+ var Kir: SessionKey;
+
+ recv_1(I,R, I,Ni);
+ send_2(R,S, {I,Ni,Nr}k(R,S) );
+ recv_4(S,R, {I,Kir}k(R,S));
+ recv_5(I,R, {I, R, S, Nr}Kir);
+
+ claim_R1(R, Secret,Kir);
+ claim_R2(R, Nisynch);
+ }
+
+ role S
+ {
+ fresh Kir: SessionKey;
+ var Ni,Nr: Nonce;
+
+ recv_2(R,S, {I,Ni,Nr}k(R,S) );
+ send_3(S,I, {R,Kir,Ni,Nr}k(I,S));
+ send_4(S,R, {I,Kir}k(R,S));
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/yahalom-paulson.spdl b/Vagrant Files/files/scyther/Protocols/yahalom-paulson.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..a8dfe1e4400e0b18d8146af6a2930672e97d4b43
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/yahalom-paulson.spdl
@@ -0,0 +1,56 @@
+# Paulson's strengthened version of Yahalom
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/yahalomPaulson.html
+#
+#
+
+const Fresh: Function;
+const Compromised: Function;
+
+usertype SessionKey;
+
+protocol yahalom-Paulson(I,R,S)
+{
+ role I
+ {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+ var T: Ticket;
+ var Kir: SessionKey;
+
+ send_1(I,R, I,Ni);
+ recv_3(S,I, Nr, {R,Kir,Ni}k(I,S), T );
+ send_4(I,R, T, {Nr}Kir );
+
+ claim_I1(I, Secret,Kir);
+ claim_I2(I, Nisynch);
+ claim_I3(I, Empty, (Fresh,Kir));
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var Ni: Nonce;
+ var T: Ticket;
+ var Kir: SessionKey;
+
+ recv_1(I,R, I,Ni);
+ send_2(R,S, R, Nr, {I,Ni}k(R,S) );
+ recv_4(I,R, {I,R, Kir, Nr}k(R,S) , {Nr}Kir );
+
+ claim_R1(R, Secret,Kir);
+ claim_R2(R, Nisynch);
+ claim_R3(R, Empty, (Fresh,Kir));
+ }
+
+ role S
+ {
+ fresh Kir: SessionKey;
+ var Ni,Nr: Nonce;
+
+ recv_2(R,S, R, Nr, {I,Ni}k(R,S) );
+ send_3(S,I, Nr, {R,Kir,Ni}k(I,S), {I,R,Kir,Nr}k(R,S) );
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/Protocols/yahalom.spdl b/Vagrant Files/files/scyther/Protocols/yahalom.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..063817fd13578148dc149004508f58ff1208364d
--- /dev/null
+++ b/Vagrant Files/files/scyther/Protocols/yahalom.spdl
@@ -0,0 +1,52 @@
+# Yahalom
+#
+# Modelled after the description in the SPORE library
+# http://www.lsv.ens-cachan.fr/spore/yahalom.html
+#
+#
+
+usertype SessionKey;
+
+protocol yahalom(I,R,S)
+{
+ role I
+ {
+ fresh Ni: Nonce;
+ var Nr: Nonce;
+ var T: Ticket;
+ var Kir: SessionKey;
+
+ send_1(I,R, I,Ni);
+ recv_3(S,I, {R,Kir,Ni,Nr}k(I,S), T );
+ send_4(I,R, T, {Nr}Kir );
+
+ claim_I1(I, Secret,Kir);
+ }
+
+ role R
+ {
+ fresh Nr: Nonce;
+ var Ni: Nonce;
+ var T: Ticket;
+ var Kir: SessionKey;
+
+ recv_1(I,R, I,Ni);
+ send_2(R,S, R, {I,Ni,Nr}k(R,S) );
+ recv_4(I,R, {I,Kir}k(R,S) , {Nr}Kir );
+
+ claim_R1(R, Secret,Kir);
+ }
+
+ role S
+ {
+ fresh Kir: SessionKey;
+ var Ni,Nr: Nonce;
+
+ recv_2(R,S, R, {I,Ni,Nr}k(R,S) );
+ send_3(S,I, {R,Kir,Ni,Nr}k(I,S), {I,Kir}k(R,S) );
+
+ claim(S, Secret, Ni);
+ claim(S, Secret, Nr);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/README.md b/Vagrant Files/files/scyther/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..706df8d39fc2bbe14616a3a6bbd07a083b4d3229
--- /dev/null
+++ b/Vagrant Files/files/scyther/README.md
@@ -0,0 +1,66 @@
+The Scyther tool
+================
+
+Scyther is a tool for the symbolic analysis of security protocols. It is
+developed by Cas Cremers, and is available from
+<http://www.cs.ox.ac.uk/people/cas.cremers/scyther/index.html>.
+
+The below instructions apply only to the *distribution version* of
+the Scyther tool. If you are working from the source files, some paths may be
+slightly different, and it is recommended to follow the instructions in [../README.md](../README.md).
+
+Running the scyther tool
+------------------------
+
+### Graphical user interface ###
+
+The graphical user interface can be started by running `scyther-gui.py`,
+e.g., enter the following in a terminal and press return
+
+ python ./scyther-gui.py
+
+### Command-line usage ###
+
+In the directory `./Scyther` there should be an executable for the
+Scyther backend. Its name depends on the platform:
+
+ * `scyther-linux` (Linux)
+ * `scyther-w32` (Windows)
+ * `scyther-mac` (Mac OS X)
+
+If this executable does not exist, you probably downloaded the source
+files, and will need to compile it first. See `../README.md` for further
+details.
+
+There are also various test scripts (for usage in Linux) in this
+directory.
+
+Obtaining the sources
+----------------------
+
+Scyther is being developed on *Github*, and its complete source files are
+availabe from
+<https://github.com/cascremers/scyther>.
+
+Manual
+------
+
+We are currently rewriting the manual. The current (incomplete)
+distribution version of the manual can be found here:
+
+ * [./scyther-manual.pdf](scyther-manual.pdf)
+
+
+Protocol Models
+---------------
+
+The protocol models have the extension `.spdl` and can be found in the following directories:
+
+ * [./Protocols](Protocols) and its subdirectories.
+
+License
+-------
+
+Currently the Scyther tool is licensed under the GPL 2, as indicated in
+the source code. Contact Cas Cremers if you have any questions.
+
diff --git a/Vagrant Files/files/scyther/Scripts/regression-test.py b/Vagrant Files/files/scyther/Scripts/regression-test.py
new file mode 100644
index 0000000000000000000000000000000000000000..beabc7401a41f03adaac01670a93a0854594bb71
--- /dev/null
+++ b/Vagrant Files/files/scyther/Scripts/regression-test.py
@@ -0,0 +1,91 @@
+#!/usr/bin/env python
+
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+def testSet(blacklist=[]):
+ import os
+
+ prefix = "../Protocols/"
+ dl = os.listdir(prefix)
+ fl = []
+ for fn in dl:
+ if fn.endswith(".spdl"):
+ okay = True
+ for fb in blacklist:
+ if fn.startswith(fb):
+ okay = False
+ break
+ if okay:
+ fl.append((prefix,fn))
+ return fl
+
+def evaluate(fn,prefix=""):
+ import subprocess
+ import tempfile
+
+ cmd = "../Scyther/scyther-linux"
+ args = [cmd,"--max-runs=4","--plain",fn]
+
+ fstdout = tempfile.TemporaryFile()
+ fstderr = tempfile.TemporaryFile()
+
+ subprocess.call(args,stdout=fstdout,stderr=fstderr)
+
+ fstdout.seek(0)
+ fstderr.seek(0)
+
+ res = ""
+ for l in fstdout.xreadlines():
+ res += prefix + l.strip() + "\n"
+ #for l in fstderr.xreadlines():
+ # print l
+
+ fstdout.close()
+ fstderr.close()
+ return res
+
+
+def main():
+ dest = "regression-test.txt"
+ output = "regression-test.txt.tmp"
+
+ fp = open(output, 'w')
+
+ fl = testSet(blacklist=['ksl'])
+ cnt = 1
+ tres = ""
+ for (prefix,fn) in sorted(fl):
+ print "Evaluating %s (%i/%i)" % (fn,cnt,len(fl))
+ res = evaluate(prefix+fn, "%s\t" % (fn))
+ fp.write(res)
+ tres += res
+ cnt += 1
+ fp.close()
+
+ fp = open(dest, 'w')
+ fp.write(tres)
+ fp.close()
+
+ print res
+
+
+
+if __name__ == '__main__':
+ main()
diff --git a/Vagrant Files/files/scyther/Scripts/regression-test.txt b/Vagrant Files/files/scyther/Scripts/regression-test.txt
new file mode 100644
index 0000000000000000000000000000000000000000..3fa247fe3833c1427d9322dab08b5fb6eb34ceb6
--- /dev/null
+++ b/Vagrant Files/files/scyther/Scripts/regression-test.txt
@@ -0,0 +1,64 @@
+BKE.spdl claim bke,I SKR_4 kir Ok [no attack within bounds]
+BKE.spdl claim bke,R SKR_7 kir Ok [no attack within bounds]
+TLS-Paulson.spdl claim tlspaulson,a SKR_9a hash(sid,hash(pms,na,nb),na,pa,a,nb,pb,b,true) Ok [no attack within bounds]
+TLS-Paulson.spdl claim tlspaulson,a SKR_9b hash(sid,hash(pms,na,nb),na,pa,a,nb,pb,b,false) Ok [no attack within bounds]
+TLS-Paulson.spdl claim tlspaulson,b SKR_10a hash(sid,hash(pms,na,nb),na,pa,a,nb,pb,b,true) Ok [no attack within bounds]
+TLS-Paulson.spdl claim tlspaulson,b SKR_10b hash(sid,hash(pms,na,nb),na,pa,a,nb,pb,b,false) Ok [no attack within bounds]
+ccitt509-1.spdl claim ccitt509-1,R Nisynch_3 - Ok [proof of correctness]
+ccitt509-1c.spdl claim ccitt509-1c,R Nisynch_3 - Ok [proof of correctness]
+ccitt509-3.spdl claim ccitt509-3,I Nisynch_I1 - Ok [proof of correctness]
+ccitt509-3.spdl claim ccitt509-3,I Secret_I2 Ya Ok [proof of correctness]
+ccitt509-3.spdl claim ccitt509-3,I Secret_I3 Yb Ok [proof of correctness]
+ccitt509-3.spdl claim ccitt509-3,R Nisynch_R1 - Fail [at least 3 attacks]
+ccitt509-3.spdl claim ccitt509-3,R Secret_R2 Ya Ok [no attack within bounds]
+ccitt509-3.spdl claim ccitt509-3,R Secret_R3 Yb Ok [no attack within bounds]
+ccitt509-ban3.spdl claim ccitt509-ban3,I Nisynch_4 - Ok [proof of correctness]
+ccitt509-ban3.spdl claim ccitt509-ban3,R Nisynch_5 - Ok [no attack within bounds]
+needham-schroeder-lowe.spdl claim needhamschroederpk-Lowe,I Secret_I1 Ni Ok [no attack within bounds]
+needham-schroeder-lowe.spdl claim needhamschroederpk-Lowe,I Secret_I2 Nr Ok [no attack within bounds]
+needham-schroeder-lowe.spdl claim needhamschroederpk-Lowe,I Nisynch_I3 - Fail [at least 3 attacks]
+needham-schroeder-lowe.spdl claim needhamschroederpk-Lowe,R Secret_R1 Nr Ok [no attack within bounds]
+needham-schroeder-lowe.spdl claim needhamschroederpk-Lowe,R Secret_R2 Ni Ok [no attack within bounds]
+needham-schroeder-lowe.spdl claim needhamschroederpk-Lowe,R Nisynch_R3 - Fail [at least 3 attacks]
+needham-schroeder.spdl claim needhamschroederpk,I Secret_I1 Ni Ok [no attack within bounds]
+needham-schroeder.spdl claim needhamschroederpk,I Secret_I2 Nr Ok [no attack within bounds]
+needham-schroeder.spdl claim needhamschroederpk,I Nisynch_I3 - Fail [at least 3 attacks]
+needham-schroeder.spdl claim needhamschroederpk,R Secret_R1 Nr Fail [at least 5 attacks]
+needham-schroeder.spdl claim needhamschroederpk,R Secret_R2 Ni Fail [at least 5 attacks]
+needham-schroeder.spdl claim needhamschroederpk,R Nisynch_R3 - Fail [at least 3 attacks]
+smartright.spdl claim smartright,R Nisynch_R1 - Fail [at least 1 attack]
+splice-as-cj.spdl claim spliceAS-CJ,I Secret_7 N2 Ok [no attack within bounds]
+splice-as-cj.spdl claim spliceAS-CJ,I Niagree_9 - Fail [at least 1 attack]
+splice-as-cj.spdl claim spliceAS-CJ,I Nisynch_10 - Fail [at least 1 attack]
+splice-as-cj.spdl claim spliceAS-CJ,R Secret_8 N2 Ok [no attack within bounds]
+splice-as-cj.spdl claim spliceAS-CJ,R Niagree_11 - Fail [at least 1 attack]
+splice-as-cj.spdl claim spliceAS-CJ,R Nisynch_12 - Fail [at least 1 attack]
+splice-as-hc.spdl claim spliceAS-HC,I Secret_7 N2 Ok [no attack within bounds]
+splice-as-hc.spdl claim spliceAS-HC,I Niagree_9 - Fail [at least 1 attack]
+splice-as-hc.spdl claim spliceAS-HC,I Nisynch_10 - Fail [at least 1 attack]
+splice-as-hc.spdl claim spliceAS-HC,R Secret_8 N2 Ok [no attack within bounds]
+splice-as-hc.spdl claim spliceAS-HC,R Niagree_11 - Fail [at least 1 attack]
+splice-as-hc.spdl claim spliceAS-HC,R Nisynch_12 - Fail [at least 1 attack]
+splice-as.spdl claim spliceAS,I Secret_7 N2 Ok [no attack within bounds]
+splice-as.spdl claim spliceAS,I Niagree_9 - Fail [at least 1 attack]
+splice-as.spdl claim spliceAS,I Nisynch_10 - Fail [at least 1 attack]
+splice-as.spdl claim spliceAS,R Secret_8 N2 Ok [no attack within bounds]
+splice-as.spdl claim spliceAS,R Niagree_11 - Fail [at least 1 attack]
+splice-as.spdl claim spliceAS,R Nisynch_12 - Fail [at least 1 attack]
+woo-lam-pi-1.spdl claim woolamPi-1,R Nisynch_R1 - Fail [at least 2 attacks]
+woo-lam-pi-2.spdl claim woolamPi-2,R Nisynch_R1 - Fail [at least 3 attacks]
+woo-lam-pi-3.spdl claim woolamPi-3,R Nisynch_R1 - Fail [at least 2 attacks]
+woo-lam-pi-f.spdl claim woolamPi-f,R Nisynch_R1 - Fail [at least 1 attack]
+woo-lam-pi.spdl claim woolamPi,R Nisynch_R1 - Fail [at least 2 attacks]
+yahalom-ban-paulson-modified.spdl claim yahalom-BAN-Paulson-modified,A Secret_5 kab Ok [no attack within bounds]
+yahalom-ban-paulson-modified.spdl claim yahalom-BAN-Paulson-modified,B Secret_6 kab Ok [no attack within bounds]
+yahalom-ban-paulson.spdl claim yahalom-BAN-Paulson,A SKR_5 kab Ok [no attack within bounds]
+yahalom-ban-paulson.spdl claim yahalom-BAN-Paulson,B SKR_6 kab Ok [no attack within bounds]
+yahalom-lowe.spdl claim yahalom-Lowe,I Secret_I1 Kir Ok [proof of correctness]
+yahalom-lowe.spdl claim yahalom-Lowe,I Nisynch_I2 - Ok [proof of correctness]
+yahalom-lowe.spdl claim yahalom-Lowe,R Secret_R1 Kir Ok [proof of correctness]
+yahalom-lowe.spdl claim yahalom-Lowe,R Nisynch_R2 - Ok [no attack within bounds]
+yahalom.spdl claim yahalom,I Secret_I1 Kir Ok [no attack within bounds]
+yahalom.spdl claim yahalom,R Secret_R1 Kir Ok [no attack within bounds]
+yahalom.spdl claim yahalom,S Secret_S1 Ni Fail [at least 1 attack]
+yahalom.spdl claim yahalom,S Secret_S2 Nr Ok [no attack within bounds]
diff --git a/Vagrant Files/files/scyther/Scripts/scytherview.py b/Vagrant Files/files/scyther/Scripts/scytherview.py
new file mode 100644
index 0000000000000000000000000000000000000000..99738673234fb3b223aabd92128f89e878981842
--- /dev/null
+++ b/Vagrant Files/files/scyther/Scripts/scytherview.py
@@ -0,0 +1,113 @@
+#!/usr/bin/python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+#
+# Convert scyther dot output to a printable PDF and display it
+#
+# This is a simple hack to be able to quickly use the graphical output
+# of Scyther if one only has graphviz, but not elementtree and wxPython.
+#
+# Note 1: only works under Linux currently, because of silly assumptions
+# on temporary directories and pdf viewers.
+#
+# Note 2: this code assumes that both scyther-linux and dot can be found in the
+# environment (i.e. PATH variable)
+#
+import os,sys,commands
+import os.path
+
+tempcount = 0
+
+def generateTemp(extension='tmp'):
+ # We need a temporary file to hold the generated postscript stuff before
+ # it is converted to pdf
+ global tempcount
+
+ tempcount = tempcount + 1
+ tmp = '/tmp/output_dot_%s_%i.%s' % (os.getpid(),tempcount,extension)
+
+ try:
+ os.unlink(tmp)
+ except:
+ pass
+ return tmp
+
+def scyther_to_dotfile():
+ """ Run Scyther, return dotfile name """
+
+ mydir = os.path.dirname(__file__)
+ scythername = os.path.join(mydir, "../Scyther/scyther-linux")
+
+ args = " ".join(sys.argv[1:])
+ tmpdotfile = generateTemp('dot')
+
+ command = "%s --plain --dot-output %s > %s" % (scythername, args, tmpdotfile)
+ output = commands.getoutput(command)
+ return (output,tmpdotfile)
+
+def dotfile_to_pdffile(dotfile,outfile=None):
+ """ Generate a PDF file (name is returned) from an input dotfile
+ name """
+
+ tmp = generateTemp('ps')
+
+ # First split the input per digraph and call dot with -Gsize arguments to make
+ # it fit to a landscape page
+ dotdata = open(dotfile, "r")
+ f = None
+ for line in dotdata.xreadlines():
+ if (line.find('digraph') == 0):
+ f = os.popen("dot -Gsize='11.0,8.0' -Gratio=fill -Tps >>%s" % (tmp),'w')
+ print >>f, line
+ dotdata.close()
+
+ if not f:
+ return None
+ f.close()
+
+ if not outfile:
+ outfile = generateTemp('pdf')
+
+ # Now convert the resulting stuff to a pdf
+ os.system('ps2pdf -sPAPERSIZE=a4 -g7014x5300 -r600 %s %s' % (tmp,outfile))
+ #os.system('ps2pdf -g8300x6250 -r600 %s %s' % (tmp,outf))
+
+ # And remove the temp file
+ os.unlink(tmp)
+
+ return outfile
+
+def main():
+ (output,dotfile) = scyther_to_dotfile()
+ print output
+ pdffile = dotfile_to_pdffile(dotfile)
+ os.unlink(dotfile)
+ if pdffile:
+ commands.getoutput("kpdf %s" % pdffile)
+ os.unlink(pdffile)
+ else:
+ print "No graphs generated."
+
+if __name__ == '__main__':
+ if len(sys.argv) > 1:
+ main()
+ else:
+ print "Please provide the name of an input file."
+
diff --git a/Vagrant Files/files/scyther/Scyther/.gitignore b/Vagrant Files/files/scyther/Scyther/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..c7e14a4cf54018ddb0f3361712aea1965fd4ba3e
--- /dev/null
+++ b/Vagrant Files/files/scyther/Scyther/.gitignore
@@ -0,0 +1,3 @@
+scyther-mac
+scyther-linux
+scyther-w32.exe
diff --git a/Vagrant Files/files/scyther/Scyther/Attack.py b/Vagrant Files/files/scyther/Scyther/Attack.py
new file mode 100644
index 0000000000000000000000000000000000000000..d07ee6e50f7d35ac57c98bf154557f04bc968b2d
--- /dev/null
+++ b/Vagrant Files/files/scyther/Scyther/Attack.py
@@ -0,0 +1,71 @@
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+#
+# Attack
+#
+
+import Trace
+import Term
+#import Classification
+from Misc import *
+
+class Attack(object):
+ def __init__(self):
+ self.broken = []
+ self.match = None
+ self.initialKnowledge = []
+ self.inverseKeys = []
+ self.protocol = None
+ self.semiTrace = Trace.SemiTrace()
+ self.variables = []
+ self.protocoldescr = {}
+ self.id = None
+ self.knowledge = None
+ self.untrusted = []
+ self.typeflaws = False
+ self.commandline = ''
+ self.scytherDot = None
+ self.claim = None # refers to parent claim
+
+ def getInvolvedAgents(self):
+ result = []
+ for run in self.semiTrace.runs:
+ for agent in run.roleAgents.values():
+ result.append(agent)
+ return uniq(result)
+
+ def buildKnowledge(self):
+ if not self.knowledge:
+ self.knowledge = Term.Knowledge(self)
+ self.knowledge.buildKnowledge()
+
+ def getPrecedingLabelSet(self,event):
+ return self.protocoldescr[str(event.label[0])].getPrecedingLabelSet(event.label)
+
+ def getPrecedingRoleSet(self,event):
+ return self.protocoldescr[str(event.label[0])].getPrecedingRoleSet(event.label)
+
+ #def classify(self):
+ # classification = Classification.Classification(self)
+ # classification.classifyClaims()
+ # classification.classifyInitiations()
+ # classification.classifyComplexity()
+ # classification.classifyTypeflaws()
+ # return classification
diff --git a/Vagrant Files/files/scyther/Scyther/Claim.py b/Vagrant Files/files/scyther/Scyther/Claim.py
new file mode 100644
index 0000000000000000000000000000000000000000..c0487894b4f7242507cdcaea53ea986f6a27663f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Scyther/Claim.py
@@ -0,0 +1,197 @@
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+#
+# Claim
+#
+
+import Term
+
+def stateDescription(okay,n=1,caps=False):
+ if okay:
+ s = "trace pattern"
+ if n != 1:
+ s += "s"
+ else:
+ s = "attack"
+ if n != 1:
+ s += "s"
+ if caps:
+ s = s[0].upper() + s[1:]
+ return s
+
+
+class Claim(object):
+ def __init__(self):
+ self.id = None # a unique id string, consisting of 'protocol,label'
+ self.claimtype = None
+ self.label = None
+ self.shortlabel = None
+ self.protocol = None
+ self.role = None
+ self.parameter = None
+ self.failed = 0
+ self.count = 0
+ self.states = 0
+ self.complete = False
+ self.timebound = False
+ self.attacks = []
+ self.state = False # if true, it is a state, not an attack
+ self.okay = None # true if good, false if bad
+
+ # derived info
+ self.foundstates = False
+ self.foundproof = False
+
+ def analyze(self):
+
+ # determine short label
+ # We need the rightmost thingy here
+ label = self.label
+ while isinstance(label,Term.TermTuple):
+ label = label[1]
+ self.shortlabel = label
+
+ # determine id
+ self.id = "%s,%s" % (self.protocol,self.shortlabel)
+
+ # some additional properties
+ if str(self.claimtype) == 'Reachable':
+ self.state = True
+ if self.failed > 0:
+ self.foundstates = True
+ if self.complete:
+ self.foundproof = True
+
+ # status
+ # normally, with attacks, okay means none
+ self.okay = (self.failed == 0)
+ if self.state:
+ # but the logic reverses when it is states and not
+ # attacks...
+ self.okay = (not self.okay)
+
+ def stateName(self,count=1,caps=False):
+ return stateDescription(self.state,count,caps)
+
+ def getRank(self):
+ """
+ Return claim rank
+ 0 - really failed
+ 1 - probably failed
+ 2 - probably okay
+ 3 - really okay
+ """
+ n = len(self.attacks)
+ if not self.okay:
+ # not okay
+ if (self.state and self.complete) or ((not self.state) and (n > 0)):
+ return 0
+ else:
+ return 1
+ else:
+ # okay!
+ if not ((self.state and (n > 0)) or ((not self.state) and self.complete)):
+ return 2
+ else:
+ return 3
+
+ def getVerified(self):
+ """
+ returns an element of [None,'Verified','Falsified']
+ """
+ opts = ['Falsified',None,None,'Verified']
+ return opts[self.getRank()]
+
+
+ def getColour(self):
+ """
+ Returns a colour that expresses the state
+ """
+ colours = ['#FF0000',
+ '#800000',
+ '#005800',
+ '#00B000']
+ return colours[self.getRank()]
+
+ def getOkay(self):
+ """
+ Returns a very brief statement about the claim.
+
+ Originally the two mid options had a question mark appended, but
+ from a users' point of view this might only be more confusing,
+ so I took them out again.
+ """
+ colours = ['Fail',
+ 'Fail',
+ 'Ok',
+ 'Ok']
+ return colours[self.getRank()]
+
+ def getComment(self):
+ """
+ returns a sentence describing the results for this claim
+ """
+ n = len(self.attacks)
+ atxt = self.stateName(n)
+ remark = ""
+ if not self.complete:
+ if n == 0:
+ # no attacks, no states within bounds
+ remark = "No %s within bounds" % (atxt)
+ else:
+ # some attacks/states within bounds
+ remark = "At least %i %s" % (n,atxt)
+ else:
+ if n == 0:
+ # no attacks, no states
+ remark = "No %s" % (atxt)
+ else:
+ # there exist n states/attacks (within any number of runs)
+ remark = "Exactly %i %s" % (n,atxt)
+ return remark + "."
+
+ def triplet(self):
+ """
+ Return protocol,role,label triplet
+ """
+ return (self.protocol, self.role, self.shortlabel)
+
+ def describe(self):
+ s = str(self.claimtype)
+ if self.parameter:
+ s+= "(%s)" % self.parameter
+
+ return s
+
+ def roledescribe(self):
+ return "%s: %s" % (self.role,self.describe())
+
+ def __str__(self):
+ """
+ Resulting string
+ """
+ s = "claim id [%s], %s" % (self.id,self.describe())
+
+ # determine status
+ s+= "\t: %s" % self.getComment()
+
+ return s
+
+
diff --git a/Vagrant Files/files/scyther/Scyther/Error.py b/Vagrant Files/files/scyther/Scyther/Error.py
new file mode 100644
index 0000000000000000000000000000000000000000..88f5db8cb19cda4b053b3bc1b8d4abdb8ca22315
--- /dev/null
+++ b/Vagrant Files/files/scyther/Scyther/Error.py
@@ -0,0 +1,121 @@
+#!/usr/bin/python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+#
+# Scyther interface error classes
+#
+
+#---------------------------------------------------------------------------
+
+class Error(Exception):
+ """Base class for exceptions in this module."""
+ pass
+
+class ScytherError(Error):
+ """Exception raised for errors generated by the backend
+
+ Attributes:
+ errorlist -- list of error lines are retrieved from the
+ backend
+ """
+
+ def __init__(self, errorlist,filenames=None,options=None):
+ self.errorlist = errorlist
+ self.filenames = filenames
+ self.options = options
+
+ def __str__(self):
+ s = "Scyther backend reported errors"
+ if len(self.filenames) == 0:
+ s = s + " for unknown files."
+ if len(self.filenames) == 1:
+ s = s + " for file %s" % (self.filenames)
+ if len(self.filenames) > 1:
+ s = s + " for files %s" % (self.filenames)
+ s = s + "\n"
+ s = s + "Options: '%s'\n\n" % (self.options)
+ S = s + "Error details:\n"
+ s = s + "\n".join(self.errorlist)
+ return s
+
+class InputError(Error):
+ """Exception raised for errors in the input.
+
+ Attributes:
+ expression -- input expression in which the error occurred
+ message -- explanation of the error
+ """
+
+ def __init__(self, expression, message):
+ self.expression = expression
+ self.message = message
+
+class BinaryError(Error):
+ """Raised when the Scyther executable is not found.
+
+ Attributes:
+ file -- file location at which we should have been able to find it.
+ """
+
+ def __init__(self, file):
+ self.file = file
+
+ def __str__(self):
+ return "Could not find Scyther executable at '%s'" % (self.file)
+
+
+class NoBinaryError(Error):
+ """Raised when the Scyther executable is not defined.
+
+ Attributes:
+ None.
+ """
+
+ def __str__(self):
+ return "Scyther class attribute 'program' was not defined."
+
+
+class UnknownPlatformError(Error):
+ """Raised when the platform is not supported yet.
+
+ Attributes:
+ platform -- string describing the platform.
+ """
+
+ def __init__(self, platform):
+ self.platform = platform
+
+ def __str__(self):
+ return "The %s platform is currently unsupported." % self.platform
+
+class StringListError(Error):
+ """Raised when the a string should be a list of strings or a string
+
+ Attributes:
+ obj -- object that did not fit
+ """
+
+ def __init__(self, obj):
+ self.obj = obj
+
+ def __str__(self):
+ return "Got '%s', which is type '%s' instead of a (list of) string." % (self.obj, type(self.obj))
+
+# vim: set ts=4 sw=4 et list lcs=tab\:>-:
diff --git a/Vagrant Files/files/scyther/Scyther/FindDot.py b/Vagrant Files/files/scyther/Scyther/FindDot.py
new file mode 100644
index 0000000000000000000000000000000000000000..c70c3ff413fea106d810ed81ab315bf246bd3758
--- /dev/null
+++ b/Vagrant Files/files/scyther/Scyther/FindDot.py
@@ -0,0 +1,129 @@
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+#
+# FindDot.py
+#
+# Since version 2.31, GraphViz no longer sets the PATH environment variable on Windows.
+# The sole reason of existence for this file is to solve this issue automatically if possible.
+
+#---------------------------------------------------------------------------
+""" Import externals """
+import sys
+import os
+#---------------------------------------------------------------------------
+""" Import internals """
+import Misc
+#---------------------------------------------------------------------------
+
+DOTLOCATION = None
+
+#---------------------------------------------------------------------------
+
+def testDot(fpath):
+
+ try:
+ cmd = "%s -V" % (fpath)
+ (sts,sout,serr) = Misc.safeCommandOutput(cmd)
+ if sts != -1:
+ if "version" in sout + serr:
+ return True
+ except:
+ pass
+
+ return False
+
+#---------------------------------------------------------------------------
+
+def scanPrefix(pf,name):
+
+ if pf.endswith("*"):
+ import glob
+
+ gl = glob.glob(pf)
+ for pf in gl:
+ for root,dirs,files in os.walk(pf):
+ for d in dirs:
+ npf = os.path.join(root,d)
+ res = scanPrefix(npf,name)
+ if res != None:
+ return res
+
+ return None
+
+ fpath = os.path.join(pf,name)
+ if len(pf) > 0:
+ fpath = "\"%s\"" % (fpath)
+ if testDot(fpath) == True:
+ return fpath
+
+ return None
+
+
+def scanLocations():
+ if sys.platform.startswith("win"):
+ prefixes = ["", \
+ "C:\Program Files\Graphviz*", \
+ "C:\Program Files (x86)\Graphviz*" ]
+ name = "dot.exe"
+ else:
+ prefixes = [""]
+ name = "dot"
+
+ for pf in prefixes:
+ path = scanPrefix(pf,name)
+ if path != None:
+ return path
+
+ return None
+
+#---------------------------------------------------------------------------
+
+def findDot():
+ global DOTLOCATION
+
+ # Cache the results
+ if DOTLOCATION != None:
+ return DOTLOCATION
+
+ DOTLOCATION = scanLocations()
+ if DOTLOCATION == None:
+ Misc.panic("""
+Could not find the required 'dot' program, which is part of the Graphviz suite.
+Please install it from http://www.graphviz.org/
+
+Ubuntu users: install the 'graphviz' package.
+
+Windows users: make sure that Graphviz is installed and
+ that the location of the 'dot' program is in
+ the PATH environment variable.
+
+Restarting your system may be needed for Scyther to locate any newly installed
+programs.
+ """)
+ return DOTLOCATION
+
+#---------------------------------------------------------------------------
+
+if __name__ == '__main__':
+ Misc.panic(findDot())
+
+#---------------------------------------------------------------------------
+
+# vim: set ts=4 sw=4 et list lcs=tab\:>-:
diff --git a/Vagrant Files/files/scyther/Scyther/Misc.py b/Vagrant Files/files/scyther/Scyther/Misc.py
new file mode 100644
index 0000000000000000000000000000000000000000..e41abd8be8b78adf5da1a74bd3448dcee65effa5
--- /dev/null
+++ b/Vagrant Files/files/scyther/Scyther/Misc.py
@@ -0,0 +1,158 @@
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+#
+# Misc.py
+# Various helper functions
+
+#---------------------------------------------------------------------------
+
+""" Import externals """
+import sys
+import os.path
+try:
+ from subprocess import Popen,PIPE
+except:
+ panic("""
+Cannot import 'subprocess.Popen' module.
+
+You need at least Python 2.4 to use this program.
+""")
+
+#---------------------------------------------------------------------------
+
+def confirm(question):
+ answer = ''
+ while answer not in ('y','n'):
+ print question,
+ answer = raw_input().lower()
+ return answer == 'y'
+
+def exists(func,list):
+ return len(filter(func,list)) > 0
+
+def forall(func,list):
+ return len(filter(func,list)) == len(list)
+
+def uniq(li):
+ result = []
+ for elem in li:
+ if (not elem in result):
+ result.append(elem)
+ return result
+
+# Return a sorted copy of a list
+def sorted(li):
+ result = li[:]
+ result.sort()
+ return result
+
+
+# ensurePath: wraps os.makedirs
+def ensurePath(pt):
+ """
+ Make sure the path exists: if not, create the directories one by one
+
+ By example:
+
+ Call with "dog/cat/bone" ensures that afterwards, this subdirectory structure (dog/cat/bone) exists, with 'bone' a directory.
+ It ensures this by doing the procedure for "dog", then "dog/cat", etc...
+ """
+
+ if not os.path.isdir(pt):
+ # Note that os.path.exists(pt) may still hold. In this case the next command will cause an error.
+ os.makedirs(pt)
+
+
+# path
+def mypath(file):
+ """ Construct a file path relative to the scyther-gui main directory
+ """
+ # Determine base directory (taking symbolic links into account)
+ cmd_file = os.path.realpath(os.path.abspath(inspect.getfile( inspect.currentframe() )))
+ basedir = os.path.split(cmd_file)[0]
+ return os.path.join(basedir,file)
+
+def getShell():
+ """
+ Determine if we want a shell for Popen
+ """
+ if sys.platform.startswith("win"):
+ shell=False
+ else:
+ # Needed to handle the string input correctly (as opposed to a sequence where the first element is the executable)
+ # This is not needed on Windows, where it has a different effect altogether.
+ # See http://docs.python.org/library/subprocess.html?highlight=subprocess#module-subprocess
+ shell=True
+ return shell
+
+def safeCommandOutput(cmd, storePopen=None):
+ """ Execute a command and return (sts,sout,serr).
+ Meant for short outputs, as output is stored in memory and
+ not written to a file.
+ """
+ p = Popen(cmd, shell=getShell(), stdout=PIPE, stderr=PIPE)
+ if storePopen != None:
+ storePopen(p)
+ (sout,serr) = p.communicate()
+
+ return (p.returncode,sout,serr)
+
+def safeCommand(cmd, storePopen=None):
+ """ Execute a command with some arguments. Safe cross-platform
+ version, I hope. """
+
+ try:
+ p = Popen(cmd, shell=getShell())
+ if storePopen != None:
+ storePopen(p)
+ sts = p.wait()
+ except KeyboardInterrupt, EnvironmentError:
+ raise
+ except:
+ print "Wile processing [%s] we had an" % (cmd)
+ print "unexpected error:", sys.exc_info()[0]
+ print
+ sts = -1
+ raise # For now still raise
+
+ return sts
+
+
+def panic(text):
+ """
+ Errors that occur before we even are sure about wxPython etc. are dumped
+ on the command line and reported using Tkinter.
+ """
+
+ try:
+ import Tkinter
+ except:
+ print text
+ sys.exit(-1)
+
+ print text
+
+ root = Tkinter.Tk()
+ w = Tkinter.Label(root, justify=Tkinter.LEFT, padx = 10, text=text)
+ w.pack()
+ root.mainloop()
+
+ sys.exit(-1)
+
diff --git a/Vagrant Files/files/scyther/Scyther/Scyther.py b/Vagrant Files/files/scyther/Scyther/Scyther.py
new file mode 100644
index 0000000000000000000000000000000000000000..0de9bb6c597a59919d9a11df1de16aed34c6c406
--- /dev/null
+++ b/Vagrant Files/files/scyther/Scyther/Scyther.py
@@ -0,0 +1,648 @@
+#!/usr/bin/python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+#
+# Scyther interface
+#
+
+#---------------------------------------------------------------------------
+
+""" Import externals """
+import os
+import os.path
+import sys
+import StringIO
+import tempfile
+try:
+ import hashlib
+ HASHLIB = True
+except ImportError:
+ HASHLIB = False
+ pass
+
+#---------------------------------------------------------------------------
+
+""" Import scyther components """
+import XMLReader
+import Error
+import Claim
+from Misc import *
+
+#---------------------------------------------------------------------------
+
+"""
+Globals
+"""
+
+FirstCheck = True
+
+#---------------------------------------------------------------------------
+
+"""
+Get current directory (for this file)
+"""
+def getMyDir():
+ return os.path.dirname( os.path.realpath( __file__ ) )
+
+"""
+The default path for the binaries is the current one.
+"""
+def getBinDir():
+ return getMyDir()
+
+"""
+Return Cache prefix path
+Returns None if not existent
+"""
+def getCacheDir():
+
+ tmpdir = None
+
+ # Check if user chose the path
+ cachedirkey = "SCYTHERCACHEDIR"
+ if cachedirkey in os.environ.keys():
+ tmpdir = os.environ[cachedirkey]
+ if tmpdir == "":
+ # Special value: if the variable is present, but equals the empty string, we disable caching.
+ return None
+ else:
+ # Otherwise take from path
+ tmpdir = tempfile.gettempdir()
+
+ # If not none, append special name
+ if tmpdir != None:
+ tmpdir = os.path.join(tmpdir,"Scyther-cache")
+
+ return tmpdir
+
+
+
+#---------------------------------------------------------------------------
+
+def Check():
+ """
+ Various dynamic checks that can be performed before starting the
+ backend.
+ """
+
+ global FirstCheck
+
+ # First time
+ if FirstCheck:
+ """
+ Perform any checks that only need to be done the first time.
+ """
+ FirstCheck = False
+
+ # Every time
+
+ # Check Scyther backend program availability
+ program = getScytherBackend()
+ CheckSanity(program)
+
+
+#---------------------------------------------------------------------------
+
+def CheckSanity(program):
+ """
+ This is where the existence is checked of the Scyther backend.
+ """
+
+ if not os.path.isfile(program):
+ raise Error.BinaryError, program
+
+#---------------------------------------------------------------------------
+
+def EnsureString(x,sep=" "):
+ """
+ Takes a thing that is either a list or a string.
+ Turns it into a string. If it was a list, <sep> is inserted, and the
+ process iterats.
+
+ TODO does not accept unicode yet, that is something that must be
+ handled to or we run into wxPython problems eventually.
+ """
+ if type(x) is str:
+ return x
+
+ elif type(x) is list:
+ newlist = []
+ for el in x:
+ newlist.append(EnsureString(el,sep))
+ return sep.join(newlist)
+
+ else:
+ raise Error.StringListError, x
+
+
+#---------------------------------------------------------------------------
+
+def getScytherBackend():
+ # Where is my executable?
+ #
+ # Auto-detect platform and infer executable name from that
+ #
+ if "linux" in sys.platform:
+
+ """ linux """
+ scythername = "scyther-linux"
+
+ elif "darwin" in sys.platform:
+
+ """ OS X """
+ scythername = "scyther-mac"
+
+ elif sys.platform.startswith('win'):
+
+ """ Windows """
+ scythername = "scyther-w32.exe"
+
+ else:
+
+ """ Unsupported"""
+ raise Error.UnknownPlatformError, sys.platform
+
+ program = os.path.join(getBinDir(),scythername)
+ return program
+
+
+#---------------------------------------------------------------------------
+
+class Scyther(object):
+ def __init__ ( self):
+
+ # Init
+ self.program = getScytherBackend()
+ self.spdl = None
+ self.inputfile = None
+ self.filenames = []
+ self.options = ""
+ self.claims = None
+ self.errors = None
+ self.errorcount = 0
+ self.warnings = None
+ self.run = False
+ self.output = None
+ self.cmd = None
+
+ # defaults
+ self.xml = True # this results in a claim end, otherwise we simply get the output
+
+ def setInput(self,spdl):
+ self.spdl = spdl
+ self.inputfile = None
+ self.guessFileNames()
+
+ def setFile(self,filename):
+ self.inputfile = filename
+ self.filenames = [self.inputfile]
+ self.spdl = ""
+ fp = open(filename,"r")
+ for l in fp.readlines():
+ self.spdl += l
+ fp.close()
+
+ def addFile(self,filename):
+ self.inputfile = None
+ if not self.spdl:
+ self.spdl = ""
+ fp = open(filename,"r")
+ for l in fp.readlines():
+ self.spdl += l
+ fp.close()
+ self.guessFileNames()
+
+ def guessFileNames(self,spdl=None):
+ """
+ Try to extract filenames (well, actually, protocol names) sloppily from some spdl script.
+
+ There are two modes:
+
+ [init] : If the spdl parameter is empty or None, we reset the filenames and extract from self.spdl
+ [add] : If the spdl parameter is non-empty, add the extracted filenames to an existing list
+
+ """
+
+ if (spdl == None) or (len(spdl) == 0):
+ spdl = self.spdl
+ if spdl == None:
+ spdl = ""
+ self.filenames = []
+
+ for sl in spdl.splitlines():
+ l = sl.strip()
+ prefix = "protocol "
+ postfix = "("
+ x = l.find(prefix)
+ if x >= 0:
+ # The prefix occurs
+ y = l.find(postfix,x+len(prefix))
+ if y >= 0:
+ gn = l[x+len(prefix):y]
+ # check for helper protocols
+ if not gn.startswith("@"):
+ if gn not in self.filenames:
+ self.filenames.append(gn)
+
+ def addArglist(self,arglist):
+ for arg in arglist:
+ self.options += " %s" % (arg)
+
+ def doScytherCommand(self, spdl, args, checkKnown=False, storePopen=None):
+ """
+ Cached version of the 'real' below
+
+ TODO: CC: One possible problem with the caching is the side-effect, e.g., scyther writing to specific named output files. These are not
+ captured in the cache. I don't have a good solution for that yet.
+ """
+ global HASHLIB
+
+ # Can we use the cache?
+ canCache = False
+ if HASHLIB:
+ cacheDir = getCacheDir()
+ if cacheDir != None:
+ canCache = True
+ else:
+ cacheDir = None
+
+ # If we cannot use the cache, we either need to compute or, if checking for cache presense,...
+ if not canCache:
+ if checkKnown == True:
+ # not using the cache, so we don't have it already
+ return False
+ else:
+ # Need to compute
+ return self.doScytherCommandReal(spdl,args, storePopen=storePopen)
+
+ # Apparently we are supporsed to be able to use the cache
+ m = hashlib.sha256()
+ if spdl == None:
+ m.update("[spdl:None]")
+ else:
+ m.update(spdl)
+ if args == None:
+ m.update("[args:None]")
+ else:
+ m.update(args)
+
+ uid = m.hexdigest()
+
+ # Split the uid to make 256 subdirectories with 256 subdirectories...
+ prefixlen = 2
+ uid1 = uid[:prefixlen]
+ uid2 = uid[prefixlen:prefixlen+2]
+ uid3 = uid[prefixlen+2:]
+
+ # Possibly we could also decide to store input and arguments in the cache to analyze things later
+
+ # Construct: cachePath/uid1/uid2/...
+ path = os.path.join(cacheDir,uid1,uid2)
+ name1 = "%s.out" % (uid3)
+ name2 = "%s.err" % (uid3)
+
+ fname1 = os.path.join(path, name1)
+ fname2 = os.path.join(path, name2)
+
+ try:
+ """
+ Try to retrieve the result from the cache
+ """
+ fh1 = open(fname1,"r")
+ out = fh1.read()
+ fh1.close()
+ fh2 = open(fname2,"r")
+ err = fh2.read()
+ fh2.close()
+ if checkKnown == True:
+ # We got to here, so we have it
+ return True
+ else:
+ # Not checking cache, we need the result
+ return (out,err)
+ except:
+ pass
+
+ """
+ Something went wrong, do the real thing and cache afterwards
+ """
+ if checkKnown == True:
+ # We were only checking, abort
+ return False
+
+ (out,err) = self.doScytherCommandReal(spdl,args, storePopen=storePopen)
+
+ try:
+ # Try to store result in cache
+ ensurePath(path)
+
+ fh1 = open(fname1,"w")
+ fh1.write(out)
+ fh1.close()
+
+ fh2 = open(fname2,"w")
+ fh2.write(err)
+ fh2.close()
+ except:
+ pass
+
+ return (out,err)
+
+
+ def doScytherCommandReal(self, spdl, args, storePopen=None):
+ """
+ Run Scyther backend on the input
+
+ Arguments:
+ spdl -- string describing the spdl text
+ args -- arguments for the command-line
+ storePopen -- callback function to register Popen objects (used for process kill by other threads)
+ Returns:
+ (output,errors)
+ output -- string which is the real output
+ errors -- string which captures the errors
+ """
+
+ if self.program == None:
+ raise Error.NoBinaryError
+
+ # Sanitize input somewhat
+ if spdl == "":
+ # Scyther hickups on completely empty input
+ spdl = "\n"
+
+ # Extract filenames for error reporting later
+ self.guessFileNames(spdl=spdl)
+
+ # Generate temporary files for the output.
+ # Requires Python 2.3 though.
+ (fde,fne) = tempfile.mkstemp() # errors
+ (fdo,fno) = tempfile.mkstemp() # output
+ if spdl:
+ (fdi,fni) = tempfile.mkstemp() # input
+
+ # Write (input) file
+ fhi = os.fdopen(fdi,'w+b')
+ fhi.write(spdl)
+ fhi.close()
+
+ # Generate command line for the Scyther process
+ self.cmd = ""
+ self.cmd += "\"%s\"" % self.program
+ self.cmd += " --append-errors=%s" % fne
+ self.cmd += " --append-output=%s" % fno
+ self.cmd += " %s" % args
+ if spdl:
+ self.cmd += " %s" % fni
+
+ # Only for debugging, really
+ ##print self.cmd
+
+ # Start the process
+ safeCommand(self.cmd, storePopen=storePopen)
+
+ # reseek
+ fhe = os.fdopen(fde)
+ fho = os.fdopen(fdo)
+ errors = fhe.read()
+ output = fho.read()
+
+ # clean up files
+ fhe.close()
+ fho.close()
+ os.remove(fne)
+ os.remove(fno)
+ if spdl:
+ os.remove(fni)
+
+ return (output,errors)
+
+ def sanitize(self):
+ """ Sanitize some of the input """
+ self.options = EnsureString(self.options)
+
+ def verify(self,extraoptions=None,checkKnown=False,storePopen=None):
+ """ Should return a list of results """
+ """ If checkKnown == True, we do not call Scyther, but just check the cache, and return True iff the result is in the cache """
+
+ # Cleanup first
+ self.sanitize()
+
+ # prepare arguments
+ args = ""
+ if self.xml:
+ args += " --dot-output --xml-output --plain"
+ args += " %s" % self.options
+ if extraoptions:
+ # extraoptions might need sanitizing
+ args += " %s" % EnsureString(extraoptions)
+
+ # Are we only checking the cache?
+ if checkKnown == True:
+ return self.doScytherCommand(self.spdl, args, checkKnown=checkKnown, storePopen=storePopen)
+
+ # execute
+ (output,errors) = self.doScytherCommand(self.spdl, args, storePopen=storePopen)
+ self.run = True
+
+ # process errors
+ self.errors = []
+ self.warnings = []
+ for l in errors.splitlines():
+ line = l.strip()
+ if len(line) > 0:
+ # filter out any non-errors (say maybe only claim etc) and count
+ # them.
+ if line.startswith("claim\t"):
+ # Claims are lost, reconstructed from the XML output
+ pass
+ elif line.startswith("warning"):
+ # Warnings are stored seperately
+ self.warnings.append(line)
+ else:
+ # otherwise it is an error
+ self.errors.append(line)
+
+ self.errorcount = len(self.errors)
+ if self.errorcount > 0:
+ raise Error.ScytherError(self.errors,filenames=self.filenames,options=self.options)
+
+ # process output
+ self.output = output
+ self.validxml = False
+ self.claims = []
+ if self.xml:
+ if len(output) > 0:
+ if output.startswith("<scyther>"):
+
+ # whoohee, xml
+ self.validxml = True
+
+ xmlfile = StringIO.StringIO(output)
+ reader = XMLReader.XMLReader()
+ self.claims = reader.readXML(xmlfile)
+
+ # Determine what should be the result
+ if self.xml:
+ return self.claims
+ else:
+ return self.output
+
+ def verifyOne(self,cl=None,checkKnown=False,storePopen=None):
+ """
+ Verify just a single claim with an ID retrieved from the
+ procedure below, 'scanClaims', or a full claim object
+
+ If checkKnown is True, return if the result is already known (but never recompute).
+ """
+ if cl:
+ # We accept either a claim or a claim id
+ if isinstance(cl,Claim.Claim):
+ cl = cl.id
+ return self.verify("--filter=%s" % cl, checkKnown=checkKnown,storePopen=storePopen)
+ else:
+ # If no claim, then its just normal verification
+ return self.verify(checkKnown=checkKnown,storePopen=storePopen)
+
+ def scanClaims(self):
+ """
+ Retrieve the list of claims. Of each element (a claim), claim.id
+ can be passed to --filter=X or 'verifyOne' later.
+ A result of 'None' means that some errors occurred.
+ """
+ self.verify("--scan-claims")
+ if self.errorcount > 0:
+ return None
+ else:
+ self.validxml = False # Signal that we should not interpret the output as XML
+ return self.claims
+
+ def getClaim(self,claimid):
+ if self.claims:
+ for cl in self.claims:
+ if cl.id == claimid:
+ return cl
+ return None
+
+ def __str__(self):
+ if self.run:
+ if self.errorcount > 0:
+ return "%i errors:\n%s" % (self.errorcount, "\n".join(self.errors))
+ else:
+ if self.xml and self.validxml:
+ s = "Verification results:\n"
+ for cl in self.claims:
+ s += str(cl) + "\n"
+ return s
+ else:
+ return self.output
+ else:
+ return "Scyther has not been run yet."
+
+#---------------------------------------------------------------------------
+
+def GetClaims(filelist, filterlist=None):
+ """
+ Given a list of file names in filelist,
+ returns a dictionary of filenames to lists claim names.
+ Filenames which yielded no claims are filtered out.
+
+ Filterlist may be None or a list of claim names (Secret, SKR, Niagree etc).
+ """
+
+ dict = {}
+ for fname in filelist:
+ try:
+ sc = Scyther()
+ sc.setFile(fname)
+ l = sc.scanClaims()
+ if l != None:
+ cl = []
+ for claim in l:
+ if filterlist == None:
+ cl.append(claim.id)
+ else:
+ if claim.claimtype in filterlist:
+ cl.append(claim.id)
+ dict[fname] = cl
+ except:
+ pass
+ return dict
+
+#---------------------------------------------------------------------------
+
+def FindProtocols(path="",filterProtocol=None):
+ """
+ Find a list of protocol names
+
+ Note: Unix only! Will not work under windows.
+ """
+
+ import commands
+
+ cmd = "find %s -iname '*.spdl'" % (path)
+ plist = commands.getoutput(cmd).splitlines()
+ nlist = []
+ for prot in plist:
+ if filterProtocol != None:
+ if filterProtocol(prot):
+ nlist.append(prot)
+ else:
+ nlist.append(prot)
+ return nlist
+
+#---------------------------------------------------------------------------
+
+def GetInfo(html=False):
+ """
+ Retrieve a tuple (location,string) with information about the tool,
+ retrieved from the --expert --version data
+ """
+
+ program = getScytherBackend()
+ arg = "--expert --version"
+ sc = Scyther()
+ (output,errors) = sc.doScytherCommand(spdl=None, args=arg)
+ if not html:
+ return (program,output)
+ else:
+ sep = "<br>\n"
+ html = "Backend: %s%s" % (program,sep)
+ for l in output.splitlines():
+ l.strip()
+ html += "%s%s" % (l,sep)
+ return html
+
+
+def GetLicense():
+ """
+ Retrieve license information.
+ """
+
+ program = getScytherBackend()
+ arg = "--license"
+ sc = Scyther()
+ (output,errors) = sc.doScytherCommand(spdl=None, args=arg)
+ return output
+
+
+#---------------------------------------------------------------------------
+
+# vim: set ts=4 sw=4 et list lcs=tab\:>-:
diff --git a/Vagrant Files/files/scyther/Scyther/Term.py b/Vagrant Files/files/scyther/Scyther/Term.py
new file mode 100644
index 0000000000000000000000000000000000000000..9369aa24ebcf518003261f0a3aafcf0b695563a7
--- /dev/null
+++ b/Vagrant Files/files/scyther/Scyther/Term.py
@@ -0,0 +1,223 @@
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+#
+# Term
+#
+import Trace
+from Misc import *
+
+class InvalidTerm(TypeError):
+ "Exception used to indicate that a given term is invalid"
+
+
+class Knowledge(object):
+ def __init__(self,attack):
+ self.attack = attack
+ self.knowledge = []
+
+ def getInverse(self,term):
+ for pair in self.attack.inverseKeys:
+ if term == pair[0]:
+ return pair[1]
+ if term == pair[1]:
+ return pair[0]
+
+ # Get the inverse key
+ def getInverseKey(self,term):
+ # First try to see if the entire term has an inverse
+ result = self.getInverse(term)
+ if result != None:
+ return result
+
+ # If it is an apply term, try to see if the function has an inverse
+ if isinstance(term,TermApply):
+ result = self.getInverse(term.function)
+ if result != None:
+ return TermApply(result,term.argument)
+
+ # No inverse found, so term is its own inverse
+ return term
+
+ # Add a term to the knowledge
+ def add(self,term):
+ if term == None:
+ return
+ added = False
+ for x in term.deriveTerms(self):
+ if not x in self.knowledge:
+ added = True
+ self.knowledge.append(x)
+
+ # Something new was added, maybe this can help us to decrypt a term
+ # that we could not decrypt before
+ if added:
+ for x in self.knowledge:
+ if isinstance(x,TermEncrypt):
+ self.add(x)
+
+ def canDerive(self,term):
+ # We can derive free variables, because we can even choose them
+ if isinstance(term,TermVariable) and term.isFree():
+ return True
+ # We can derive a term if it is in the knowledge
+ # or all terms required to construct it are in the knowledge
+ if exists(lambda x: x == term,self.knowledge):
+ return True
+ constructors = term.constructorTerms()
+
+ if len(constructors) == 1 and constructors[0] == term:
+ # This is a single term, there is no need to look at constructor
+ # terms as we have already looked at the complete term
+ return False
+
+ return forall(lambda x: self.canDerive(x),constructors)
+
+
+ # Knowledge is the initial knowledge and all messages in sends
+ def buildKnowledge(self):
+ self.knowledge = self.attack.initialKnowledge[:]
+ for run in self.attack.semiTrace.runs:
+ # Intruder actions do not add knowledge processing them
+ # is a waste of time
+ if run.intruder:
+ continue
+ for event in run:
+ if isinstance(event,Trace.EventSend):
+ self.add(event.message)
+ self.add(event.fr)
+ self.add(event.to)
+
+class Term(object):
+ def __init__(self):
+ self.types = None
+
+ def __str__(self):
+ raise InvalidTerm
+
+ def constructorTerms(self):
+ raise InvalidTerm
+
+ def deriveTerms(self,knowledge):
+ raise InvalidTerm
+
+ # Two terms are equal when their string rep is equal
+ def __cmp__(self,other):
+ return cmp(str(self),str(other))
+
+
+class TermConstant(Term):
+ def __init__(self, constant):
+ Term.__init__(self)
+ self.value = str(constant)
+
+ def deriveTerms(self,knowledge):
+ return [self]
+
+ def constructorTerms(self):
+ return [self]
+
+ def __str__(self):
+ return self.value
+
+class TermEncrypt(Term):
+ def __init__(self, value, key):
+ Term.__init__(self)
+ self.value = value
+ self.key = key
+
+ def deriveTerms(self,knowledge):
+ # In order to unpack an encrypted term we have to have the inverse key
+ inverse = knowledge.getInverseKey(self.key)
+ if knowledge.canDerive(inverse):
+ return [self] + [self.value] + self.value.deriveTerms(knowledge)
+ else:
+ return [self]
+
+ def constructorTerms(self):
+ return [self.value,self.key]
+
+ def __str__(self):
+ return "{%s}%s" % (self.value, self.key)
+
+class TermApply(Term):
+ def __init__(self, function, argument):
+ Term.__init__(self)
+ self.function = function
+ self.argument = argument
+
+ def constructorTerms(self):
+ return [self.function,self.argument]
+
+ def deriveTerms(self,knowledge):
+ return [self]
+
+ def __str__(self):
+ return "%s(%s)" % (self.function, self.argument)
+
+class TermVariable(Term):
+ def __init__(self, name, value):
+ Term.__init__(self)
+ self.name = name
+ self.value = value
+
+ def isFree(self):
+ return self.value == None
+
+ def constructorTerms(self):
+ if self.value != None:
+ return [self.value]
+ else:
+ return [self.name]
+
+ def deriveTerms(self,knowledge):
+ if self.value != None:
+ return [self,self.value] + self.value.deriveTerms(knowledge)
+ else:
+ return [self,self.name]
+
+ def __str__(self):
+ if (self.value != None):
+ return str(self.value)
+ else:
+ return str(self.name)
+
+class TermTuple(Term):
+ def __init__(self, op1, op2):
+ Term.__init__(self)
+ self.op1 = op1
+ self.op2 = op2
+
+ def __str__(self):
+ return "%s,%s" % (self.op1,self.op2)
+
+ def constructorTerms(self):
+ return [self.op1,self.op2]
+
+ def deriveTerms(self,knowledge):
+ return [self,self.op1,self.op2]+self.op1.deriveTerms(knowledge)+self.op2.deriveTerms(knowledge)
+
+ def __getitem__(self,index):
+ if index == 0:
+ return self.op1
+ elif index == 1:
+ return self.op2
+ else:
+ return self.op2.__getitem__(index-1)
+
diff --git a/Vagrant Files/files/scyther/Scyther/Trace.py b/Vagrant Files/files/scyther/Scyther/Trace.py
new file mode 100644
index 0000000000000000000000000000000000000000..31e31cc7be59e9a97da71df3415c3a29df28ad2f
--- /dev/null
+++ b/Vagrant Files/files/scyther/Scyther/Trace.py
@@ -0,0 +1,358 @@
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+#
+# Trace
+#
+from Misc import *
+
+class InvalidAction(TypeError):
+ "Exception used to indicate that a given action is invalid"
+
+class InvalidEvent(TypeError):
+ "Exception used to indicate that a given event is invalid"
+
+class SemiTrace(object):
+ def __init__(self):
+ self.runs = []
+
+ def totalCount(self):
+ count = 0
+ for run in self.runs:
+ count += len(run.eventList)
+ return count
+
+ def sortActions(self,actionlist):
+ newlist = actionlist[:]
+ newlist.sort(lambda x,y: self.getOrder(x,y))
+ return newlist
+
+ def getEnabled(self,previous):
+ enabled = []
+ for run in self.runs:
+ for event in run:
+ if event in previous or event in enabled:
+ continue
+ prec = self.getPrecedingEvents(event,previous)
+ if len(prec) == 0:
+ enabled.append(event)
+ return enabled
+
+ # Returns run,index tuples for all connections
+ def getConnections(self,event,removeIntruder=False):
+ if not removeIntruder:
+ return event.follows
+ result = []
+ if event.run.intruder:
+ for before in event.getBefore():
+ result.extend(self.getConnections(before,removeIntruder))
+
+ for x in event.follows:
+ fol = self.getEvent(x)
+ # If this is an intruder action descend into it
+ if fol.run.intruder:
+ result.extend(self.getConnections(fol,removeIntruder))
+ else:
+ result.append(x)
+ return uniq(result)
+
+ # Return the minimum set of preceding events for a given event
+ # that is the events before this event in the same run and all
+ # actions required by the partional ordering
+ # If previous is non empty remove all events already in previous
+ def getPrecedingEvents(self,event,previous=[]):
+ # If it is cached return cached version
+ if event.preceding != None:
+ return filter(lambda x: x not in previous,event.preceding)
+ preceding = []
+ for prec in event.getBefore():
+ preceding.append(prec)
+ preceding.extend(self.getPrecedingEvents(prec))
+ for x in event.follows:
+ fol = self.getEvent(x)
+ preceding.append(fol)
+ preceding.extend(self.getPrecedingEvents(fol))
+ preceding = uniq(preceding)
+ event.preceding = preceding
+ preceding = filter(lambda x: x not in previous,preceding)
+ return preceding
+
+ # Returns -1 if the first event has to be before the second one
+ # +1 if the second event has to be before the first one
+ # 0 if there is no order defined on the two events
+ def getOrder(self,event1,event2):
+ if (event1 in self.getPrecedingEvents(event2)):
+ return -1
+ if (event2 in self.getPrecedingEvents(event1)):
+ return 1
+ return 0
+
+ # Get event by run id and index
+ def getEvent(self,idx):
+ (rid,index) = idx
+ for run in self.runs:
+ if run.id != rid:
+ continue
+ for event in run:
+ if event.index == index:
+ return event
+ raise InvalidEvent
+
+ # Get all claim events in the trace
+ def getClaims(self):
+ claims = []
+ for run in self.runs:
+ for event in run:
+ if isinstance(event,EventClaim):
+ claims.append(event)
+ return claims
+
+ # Returns a list of all initiation events in the semitrace
+ def getInitiations(self):
+ initiations = []
+ for run in self.runs:
+ # Initiations are runs of honest agents
+ if (run.intruder):
+ continue
+ # Which contain no recvs before the first send
+ for action in run:
+ if (isinstance(action,EventRead)):
+ break
+ elif (isinstance(action,EventSend)):
+ initiations.append(action)
+ break
+ return initiations
+
+ # Get all runs performed by a specific agent
+ def getAgentRuns(self,agent):
+ result = []
+ for run in self.runs:
+ if run.getAgent() == agent:
+ result.append(run)
+ return result
+
+ # Return a list of all runs that are parallel with this run
+ def getParallelRuns(self,run):
+ parallel = []
+ first = run.getFirstAction()
+ # Process all events that are before the end of the run
+ for event in self.getPrecedingEvents(run.getLastAction()):
+ # Only count those we haven't found yet
+ if event.run in parallel or event.run == run:
+ continue
+ # If the event is also after the beginning of the run it is
+ # parallel
+ if self.getOrder(event,first) == 1:
+ parallel.append(event.run)
+ return parallel
+
+ def getRun(self,runid):
+ for run in self.runs:
+ if run.id == runid:
+ return run
+ return None
+
+class ProtocolDescription(object):
+ def __init__(self,protocol):
+ self.protocol = protocol
+ self.roledescr = {}
+
+ # Find event by label
+ def findEvent(self,eventlabel,eventType=None):
+ for (role,descr) in self.roledescr.items():
+ for event in descr:
+ if event.label == eventlabel:
+ if eventType == None or isinstance(event,eventType):
+ return event
+
+ # Return all events that should have occured before the given event
+ # if the protocol is executed exactly as specified
+ # (i.e. all previous events in the same run and the preceding events
+ # of the matching sends of all reads)
+ def getPrecedingEvents(self,eventlabel,eventType=None):
+ event = self.findEvent(eventlabel,eventType)
+ if event.preceding != None:
+ return event.preceding
+ preceding = event.getBefore()+[event]
+ for prev in preceding:
+ # For this event and all events that are before it in the run
+ # description see if it is a read and if it is also add the
+ # precedinglabelset of the matching send
+ if (isinstance(prev,EventRead)):
+ match = self.findEvent(prev.label,EventSend)
+ if match:
+ preceding.extend(self.getPrecedingEvents(match.label,EventSend))
+ preceding = uniq(preceding)
+ event.preceding = preceding
+ return preceding
+
+ # Calculate the preceding labelset that is all read events
+ # that are in the precedingEvents of a certain event
+ def getPrecedingLabelSet(self,eventlabel):
+ events = self.getPrecedingEvents(eventlabel)
+ events = filter(lambda x: isinstance(x,EventRead),events)
+ return [x.label for x in events]
+
+ # Calculate the roles in preceding labelset that is all roles that
+ # that are in the precedingEvents of a certain event
+ def getPrecedingRoleSet(self,eventlabel):
+ events = self.getPrecedingEvents(eventlabel)
+ roles = uniq([x.run.role for x in events])
+ return roles
+
+
+ def __str__(self):
+ s = ''
+ for x in self.roledescr.values():
+ for e in x:
+ s += str(e) + "\n"
+ return s
+
+class Run(object):
+ def __init__(self):
+ self.id = None
+ self.protocol = None
+ self.role = None
+ self.roleAgents = {}
+ self.eventList = []
+ self.intruder = False
+ self.attack = None
+ self.variables = []
+
+ def __iter__(self):
+ return iter(self.eventList)
+
+ def getAgent(self):
+ if self.intruder:
+ return None
+ return self.roleAgents[self.role]
+
+ def getFirstAction(self):
+ return self.eventList[0]
+
+ def getLastAction(self):
+ return self.eventList[-1]
+
+ def collapseIntruder(self):
+ """ TODO still working on this. """
+ if self.intruder:
+ shouldcollapse = False
+ for ev in self:
+ return
+
+class Event(object):
+ def __init__(self,index,label,follows):
+ self.index = index
+ self.label = label
+ self.follows = follows
+ self.run = None
+ self.preceding = None
+ self.rank = None
+
+ def shortLabel(self):
+ try:
+ return self.label[len(self.label)-1]
+ except:
+ return str(self.label)
+
+ def getBefore(self):
+ result = []
+ for event in self.run:
+ if (event == self):
+ return result
+ result.append(event)
+ # This should never happen
+ assert(False)
+
+class EventSend(Event):
+ def __init__(self,index,label,follows,fr,to,message):
+ Event.__init__(self,index,label,follows)
+ self.fr = fr
+ self.to = to
+ self.message = message
+
+ def __str__(self):
+ if self.run.intruder:
+ return "SEND(%s)" % self.message
+ else:
+ return "SEND_%s(%s,%s)" % (self.shortLabel(),self.to,self.message)
+
+class EventRead(Event):
+ def __init__(self,index,label,follows,fr,to,message):
+ Event.__init__(self,index,label,follows)
+ self.fr = fr
+ self.to = to
+ self.message = message
+
+ def __str__(self):
+ if self.run.intruder:
+ return "READ(%s)" % self.message
+ else:
+ return "READ_%s(%s,%s)" % (self.shortLabel(),self.fr, self.message)
+
+class EventClaim(Event):
+ def __init__(self,index,label,follows,role,type,argument):
+ Event.__init__(self,index,label,follows)
+ self.role = role
+ self.type = type
+ self.argument = argument
+ self.broken = None
+
+ # A Claim should be ignored if there is an untrusted agent in the role
+ # agents
+ def ignore(self):
+ for untrusted in self.run.attack.untrusted:
+ if untrusted in self.run.roleAgents.values():
+ return True
+ return False
+
+ # Return (protocol,role)
+ def protocolRole(self):
+ return "(%s,%s)" % (self.run.protocol,self.run.role)
+
+ def argstr(self):
+ if self.argument == None:
+ return '*'
+ else:
+ return str(self.argument)
+
+ def __str__(self):
+ return "CLAIM_%s(%s, %s)" % (self.shortLabel(),self.type,self.argstr())
+
+class EventIntruder(Event):
+ """
+ Intruder event extensions (allows for collapsing attacks later)
+ """
+ def __init__(self,follows,message,key,result):
+ Event.__init__(self,0,None,follows)
+ self.follows = follows
+ self.message = message
+ self.key = key
+ self.result = result
+ self.intruder = True
+
+class EventDecr(EventIntruder):
+ def __str__(self):
+ return "DECR(%s, %s, %s)" % (self.message, self.key, self.result)
+
+class EventEncr(EventIntruder):
+ def __str__(self):
+ return "ENCR(%s, %s, %s)" % (self.message, self.key, self.result)
+
+
diff --git a/Vagrant Files/files/scyther/Scyther/XMLReader.py b/Vagrant Files/files/scyther/Scyther/XMLReader.py
new file mode 100644
index 0000000000000000000000000000000000000000..ebafc4767de133a32edd0a0c59a976896debee6a
--- /dev/null
+++ b/Vagrant Files/files/scyther/Scyther/XMLReader.py
@@ -0,0 +1,357 @@
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+#
+# XMLReader
+#
+# Note:
+# This requires python elementtree to work
+# See: http://effbot.org/zone/element-index.htm
+#
+# On Fedora Core you can install this by installing the python-elementtree rpm
+# Things will be a lot faster and consume less memory if you install the
+# cElementTree module
+#
+# In python 2.5 cElementTree is in the core, so you don't need to install
+# extra packages
+#
+
+import sys
+
+# Check for cElementTree presence. Otherwise use ElementTree.
+useiter = True
+try:
+ # python 2.5 has cElementTree in the core
+ import xml.etree.cElementTree as cElementTree
+except:
+ # try the old way
+ try:
+ import cElementTree
+ except ImportError:
+ useiter = False
+ try:
+ from elementtree import ElementTree
+ except ImportError:
+ print """
+ERROR:
+
+Could not locate either the [elementtree] or the [cElementTree] package.
+Please install one of them in order to work with the Scyther python interface.
+The [cElementTree] packages can be found at http://effbot.org/zone/celementtree.htm
+
+Note that you can still use the Scyther binaries in the 'Bin' directory.
+ """
+ sys.exit(1)
+
+## Simply pick cElementTree
+#import cElementTree
+## Simply pick ElementTree
+#useiter = False
+#from elementtree import ElementTree
+
+import Term
+import Attack
+import Trace
+import Claim
+
+class XMLReader(object):
+
+ def __init__ (self):
+ self.varlist = []
+ pass
+
+ def readXML(self, input):
+ # Use iter parse when possble so we can clear the attack after reading
+ # it in order to preserve memory (this requires cElementTree)
+
+ attackbuffer = []
+ claims = []
+
+ if useiter:
+ parser = cElementTree.iterparse(input)
+ else:
+ parser = ElementTree.parse(input).findall('*')
+
+ for elem in parser:
+ # The iter parser receives the input in tuples (event and element)
+ # we only need the event
+ if useiter:
+ elem = elem[1]
+
+ if elem.tag == 'state':
+ attack = self.readAttack(elem)
+ attackbuffer.append(attack)
+ if useiter:
+ elem.clear()
+
+ if elem.tag == 'claimstatus':
+ claim = self.readClaim(elem)
+ claim.attacks = attackbuffer
+ claims.append(claim)
+
+ # link to parent
+ for attack in claim.attacks:
+ attack.claim = claim
+
+ attackbuffer = []
+ if useiter:
+ elem.clear()
+
+ return claims
+
+ # Read a term from XML
+ def readTerm(self,xml):
+ # If xml is None the term should also be none
+ if xml == None:
+ return None
+ # If this is a term variable read it directly
+ if (xml.tag in ('tuple','const','apply','encrypt','var')):
+ return self.readSubTerm(xml)
+ # Otherwise read from it's first child
+ children = xml.getchildren()
+ assert(len(children) == 1)
+ return self.readSubTerm(children[0])
+
+ def readSubTerm(self, tag):
+ if tag.tag == 'tuple':
+ return Term.TermTuple(self.readTerm(tag.find('op1')),self.readTerm(tag.find('op2')))
+ elif tag.tag == 'const':
+ return Term.TermConstant(tag.text)
+ elif tag.tag == 'apply':
+ return Term.TermApply(self.readTerm(tag.find('function')),self.readTerm(tag.find('arg')))
+ elif tag.tag == 'encrypt':
+ return Term.TermEncrypt(self.readTerm(tag.find('op')),self.readTerm(tag.find('key')))
+ elif tag.tag == 'var':
+ name = Term.TermConstant(tag.get('name'))
+ # Instantiate this variable if possible (note this list is empty while reading
+ # the variables section of the XML file)
+ for inst in self.varlist:
+ if inst.name == name:
+ return inst
+ # If it is not instantiated in varlist, just return a variable with this name and no
+ # value
+ return Term.TermVariable(name,None)
+ else:
+ raise Term.InvalidTerm, "Invalid term type in XML: %s" % tag.tag
+
+ def readEvent(self,xml):
+ label = self.readTerm(xml.find('label'))
+ follows = xml.findall('follows')
+ followlist = []
+ for follow in follows:
+ follow = follow.find('after')
+ if follow == None:
+ # Ignore follow definitions that do not contain after
+ continue
+ follow = (int(follow.get('run')),int(follow.get('index')))
+ followlist.append(follow)
+
+ (etype,index) = (xml.get('type'),int(xml.get('index')))
+ if etype in ('send','read','recv'):
+ fr = self.readTerm(xml.find('from'))
+ to = self.readTerm(xml.find('to'))
+ message = self.readTerm(xml.find('message'))
+ if (etype == 'send'):
+ return Trace.EventSend(index,label,followlist,fr,to,message)
+ else:
+ return Trace.EventRead(index,label,followlist,fr,to,message)
+ elif xml.get('type') == 'claim':
+ role = self.readTerm(xml.find('role'))
+ etype = self.readTerm(xml.find('type'))
+ argument = self.readTerm(xml.find('argument'))
+ # Freshness claims are implemented as Empty claims with
+ # (Fresh,Value) as arguments
+ try:
+ if etype == 'Empty' and argument[0] == 'Fresh':
+ etype = Term.TermConstant('Fresh')
+ argument = argument[1]
+ elif etype == 'Empty' and argument[0] == 'Compromised':
+ etype = Term.TermConstant('Compromised')
+ argument = argument[1]
+ except:
+ pass
+ return Trace.EventClaim(index,label,followlist,role,etype,argument)
+ else:
+ raise Trace.InvalidAction, "Invalid action in XML: %s" % (xml.get('type'))
+
+ def readRun(self,xml):
+ assert(xml.tag == 'run')
+ run = Trace.Run()
+ run.id = int(xml.find('runid').text)
+ # TODO why is protocol name a term??
+ run.protocol = str(self.readTerm(xml.find('protocol')))
+ run.intruder = xml.find('protocol').get('intruder') == 'true'
+ run.role = xml.find('rolename').text
+ for role in xml.find('roleagents'):
+ name = role.find('rolename').text
+ agent = self.readTerm(role.find('agent'))
+ run.roleAgents[name] = agent
+ for eventxml in xml.find('eventlist'):
+ action = self.readEvent(eventxml)
+ action.run = run
+ run.eventList.append(action)
+ for variable in xml.find('variables'):
+ # Read the variables one by one
+ assert(variable.tag == 'variable')
+ var = self.readTerm(variable.find('name').find('term'))
+ var.types = self.readTypeList(variable.find('name'))
+
+ substxml = variable.find('substitution')
+ # Read substitution if present
+ if substxml != None:
+ subst = self.readTerm(substxml.find('term'))
+ subst.types = self.readTypeList(substxml)
+ newvar = Term.TermVariable(var.name,subst)
+ newvar.types = var.types
+ var = newvar
+
+ run.variables.append(var)
+ return run
+
+ # Read protocol description for a certain role
+ def readRoleDescr(self,xml):
+ assert(xml.tag == 'role')
+ run = Trace.Run()
+ # We will need the last label later on to see if a
+ # run is complete
+ run.lastLabel = None
+ run.role = xml.find('rolename').text
+ for eventxml in xml.find('eventlist'):
+ action = self.readEvent(eventxml)
+ action.run = run
+ run.eventList.append(action)
+ run.lastLabel = action.label
+ return run
+
+ def readTypeList(self,xml):
+ result = []
+ vartypes = xml.find('type').find('termlist')
+ for vartype in vartypes:
+ # We will assume that types are simple strings
+ result.append(str(self.readTerm(vartype)))
+ return result
+
+ def readClaim(self, xml):
+ claim = Claim.Claim()
+ for event in xml.getchildren():
+ if event.tag == 'claimtype':
+ claim.claimtype = self.readTerm(event)
+ elif event.tag == 'label':
+ # We store the full protocol,label construct for
+ # consistency with the technical parts, so it is left to
+ # the __str__ of claim to select the right element
+ claim.label = self.readTerm(event)
+ elif event.tag == 'protocol':
+ claim.protocol = self.readTerm(event)
+ elif event.tag == 'role':
+ claim.role = self.readTerm(event)
+ elif event.tag == 'parameter':
+ claim.parameter = self.readTerm(event)
+
+ elif event.tag == 'failed':
+ claim.failed = int(event.text)
+ elif event.tag == 'count':
+ claim.count = int(event.text)
+ elif event.tag == 'states':
+ claim.states = int(event.text)
+
+ elif event.tag == 'complete':
+ claim.complete = True
+ elif event.tag == 'timebound':
+ claim.timebound = True
+ else:
+ print >>sys.stderr,"Warning unknown tag in claim: %s" % claim.tag
+
+ claim.analyze()
+ return claim
+
+ def readAttack(self, xml):
+ self.varlist = []
+ attack = Attack.Attack()
+ attack.id = int(xml.get('id'))
+ # A state contains 4 direct child nodes:
+ # broken, system, variables and semitrace
+ # optionally a fifth: dot
+ for event in xml.getchildren():
+ if event.tag == 'broken':
+ attack.broken.append((self.readTerm(event.find('claim')),
+ self.readTerm(event.find('label'))))
+ elif event.tag == 'system':
+ attack.match = int(event.find('match').text)
+ for term in event.find('commandline'):
+ if attack.commandline != '':
+ attack.commandline += ' '
+ attack.commandline += term.text
+ for term in event.find('untrusted').find('termlist'):
+ attack.untrusted.append(str(self.readTerm(term)))
+ for term in event.find('initialknowledge').find('termlist'):
+ attack.initialKnowledge.append(self.readTerm(term))
+ for keypair in event.find('inversekeys'):
+ inverse = []
+ for term in keypair:
+ inverse.append(self.readTerm(term))
+ assert(len(inverse) == 0 or len(inverse) == 2)
+ attack.inverseKeys.append(inverse)
+ # TODO why is protocol name a term??
+ for protocolxml in event.findall('protocol'):
+ protocol = str(self.readTerm(protocolxml.find('name')))
+ descr = Trace.ProtocolDescription(protocol)
+ attack.protocoldescr[protocol] = descr
+ for rolexml in protocolxml.findall('role'):
+ roledescr = self.readRoleDescr(rolexml)
+ descr.roledescr[roledescr.role] = roledescr
+
+ elif event.tag == 'semitrace':
+ for runxml in event:
+ run = self.readRun(runxml)
+ run.attack = attack
+ attack.semiTrace.runs.append(run)
+
+ elif event.tag == 'dot':
+ # Apparently Scyther already generated dot output,
+ # store
+ attack.scytherDot = event.text
+
+ elif event.tag == 'variables':
+ # Read the variables one by one
+ for varxml in event:
+ if varxml.get('typeflaw') == 'true':
+ attack.typeflaws = True
+ var = self.readTerm(varxml.find('name').find('term'))
+ var.types = self.readTypeList(varxml.find('name'))
+
+ substxml = varxml.find('substitution')
+ # Read substitution if present
+ if substxml != None:
+ subst = self.readTerm(substxml.find('term'))
+ subst.types = self.readTypeList(substxml)
+ newvar = Term.TermVariable(var.name,subst)
+ newvar.types = var.types
+ var = newvar
+
+ attack.variables.append(var)
+
+ # When all have been read set self.varlist so that when
+ # we read terms in the attacks they can be filled in using
+ # this list
+ self.varlist = attack.variables
+ else:
+ print >>sys.stderr,"Warning unknown tag in attack: %s" % event.tag
+ return attack
+
diff --git a/Vagrant Files/files/scyther/Scyther/__init__.py b/Vagrant Files/files/scyther/Scyther/__init__.py
new file mode 100644
index 0000000000000000000000000000000000000000..1fa659c3f150e2b87cd3c2451c68164162f6faf6
--- /dev/null
+++ b/Vagrant Files/files/scyther/Scyther/__init__.py
@@ -0,0 +1,29 @@
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+#
+# Init this module
+#
+# Set prefix for __all__
+#
+import Scyther
+
+# Provide scope
+__all__ = ["Scyther"]
+
diff --git a/Vagrant Files/files/scyther/Time/test.py b/Vagrant Files/files/scyther/Time/test.py
new file mode 100644
index 0000000000000000000000000000000000000000..50ea49ec7de77543cbb04bbf243ac90ba6796e4a
--- /dev/null
+++ b/Vagrant Files/files/scyther/Time/test.py
@@ -0,0 +1,63 @@
+#!/usr/bin/python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2008 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+#
+# test.py
+# experimenting with the constraint solver
+#
+# Ubuntu package: python-constraint
+#
+# http://labix.org/python-constraint
+#
+
+#---------------------------------------------------------------------------
+
+""" Import externals """
+import sys
+try:
+ from constraint import *
+except:
+ print "Could not import constraint solver module."
+ print "For more information, visit"
+ print " http://labix.org/python-constraint"
+ sys.exit()
+
+#---------------------------------------------------------------------------
+
+def test():
+ problem = Problem()
+ problem.addVariables(range(0, 16), range(1, 16+1))
+ problem.addConstraint(AllDifferentConstraint(), range(0, 16))
+ problem.addConstraint(ExactSumConstraint(34), [0,5,10,15])
+ problem.addConstraint(ExactSumConstraint(34), [3,6,9,12])
+ for row in range(4):
+ problem.addConstraint(ExactSumConstraint(34),
+ [row*4+i for i in range(4)])
+ for col in range(4):
+ problem.addConstraint(ExactSumConstraint(34),
+ [col+4*i for i in range(4)])
+ solutions = problem.getSolutions()
+ print solutions
+
+#---------------------------------------------------------------------------
+
+if __name__ == '__main__':
+ test()
+
diff --git a/Vagrant Files/files/scyther/batcher.sh b/Vagrant Files/files/scyther/batcher.sh
new file mode 100644
index 0000000000000000000000000000000000000000..6b430d39ae4c0b26b8563032c7609b97b1afa1cf
--- /dev/null
+++ b/Vagrant Files/files/scyther/batcher.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+#
+# batcher.sh
+#
+# usage: ./batcher.sh TEST_MPA_ARGUMENTS
+#
+# Tries to parallellize the jobs, and sends a mail afterwards
+
+echo "================================="
+echo " Phase 0: Setup"
+echo "================================="
+AWKSCRIPT=" { srand(); print int(1000000 * rand()) } "
+RND=`echo | awk "$AWKSCRIPT"`
+
+JOBNAME="test$RND"
+JSONFILE="$PWD/$JOBNAME.json"
+BATCHFILE="$PWD/$JOBNAME.sh"
+
+echo $JOBNAME
+echo $JSONFILE
+echo $BATCHFILE
+
+echo "================================="
+echo " Phase 1: generate jobs list"
+echo "================================="
+bsub -I -N -W 8:00 -J $JOBNAME ./test-mpa.py --pickle $JSONFILE $*
+
+echo "================================="
+echo " Phase 2a: precompute job outputs"
+echo "================================="
+# Each verification has a time limit of 600 seconds = 10 minutes
+# To fit in the one hour queue, that means 5 jobs maximum.
+bsub -I -N -W 8:00 -J $JOBNAME -oo $BATCHFILE ./make-bsub.py $JSONFILE 5 -W 1:00 -J $JOBNAME
+# Due to pending etc. the below may take a while.
+sleep 10
+bash $BATCHFILE
+echo "================================="
+echo " Phase 2b: perfom actual job"
+echo " (after precomputation is done"
+echo "================================="
+bsub -I -N -W 8:00 -J after$JOBNAME -w "ended($JOBNAME)" ./test-mpa.py $*
+
+
+echo "================================="
+echo " Done."
+echo "================================="
diff --git a/Vagrant Files/files/scyther/combos-book.sh b/Vagrant Files/files/scyther/combos-book.sh
new file mode 100644
index 0000000000000000000000000000000000000000..888db4516ce93ea571c6674da5ab268569127efa
--- /dev/null
+++ b/Vagrant Files/files/scyther/combos-book.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+bsub -W 8:00 -Jd "book-aa-t" -N ./test-mpa.py -m 2 --plain --latex book-aa-t Protocols/MultiProtocolAttacks/*.spdl
+bsub -W 8:00 -Jd "book-aa-b" -N ./test-mpa.py -m 2 --plain -b --latex book-aa-b Protocols/MultiProtocolAttacks/*.spdl
+bsub -W 8:00 -Jd "book-aa-u" -N ./test-mpa.py -m 2 --plain -u --latex book-aa-u Protocols/MultiProtocolAttacks/*.spdl
+bsub -W 8:00 -Jd "book-ex-t" -N ./test-mpa.py -m 2 --plain --extravert --latex book-ex-t Protocols/MultiProtocolAttacks/*.spdl
+bsub -W 8:00 -Jd "book-ex-b" -N ./test-mpa.py -m 2 --plain -b --extravert --latex book-ex-b Protocols/MultiProtocolAttacks/*.spdl
+bsub -W 8:00 -Jd "book-ex-u" -N ./test-mpa.py -m 2 --plain -u --extravert --latex book-ex-u Protocols/MultiProtocolAttacks/*.spdl
+bsub -W 8:00 -Jd "book-iu-t" -N ./test-mpa.py -m 2 --plain --init-unique --latex book-iu-t Protocols/MultiProtocolAttacks/*.spdl
+bsub -W 8:00 -Jd "book-iu-b" -N ./test-mpa.py -m 2 --plain -b --init-unique --latex book-iu-b Protocols/MultiProtocolAttacks/*.spdl
+bsub -W 8:00 -Jd "book-iu-u" -N ./test-mpa.py -m 2 --plain -u --init-unique --latex book-iu-u Protocols/MultiProtocolAttacks/*.spdl
diff --git a/Vagrant Files/files/scyther/combos-ike.sh b/Vagrant Files/files/scyther/combos-ike.sh
new file mode 100644
index 0000000000000000000000000000000000000000..515b20e3a64397b6f6bc925578b2ad09502800aa
--- /dev/null
+++ b/Vagrant Files/files/scyther/combos-ike.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+# Individual data
+./combos-ikev1.sh
+./combos-ikev2.sh
+
+# And combine
+./combos-ikev0.sh
diff --git a/Vagrant Files/files/scyther/combos-ikev0.sh b/Vagrant Files/files/scyther/combos-ikev0.sh
new file mode 100644
index 0000000000000000000000000000000000000000..389835ba5b9262acbc611bd798f747b8f645562c
--- /dev/null
+++ b/Vagrant Files/files/scyther/combos-ikev0.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+bsub -W 8:00 -Jd "ike0-aa-t" -N ./test-mpa.py -m 2 --plain --latex ike0-aa-t ~/src/ikev2/pp-results/mpa/ikev*.spdl
+bsub -W 8:00 -Jd "ike0-aa-b" -N ./test-mpa.py -m 2 --plain -b --latex ike0-aa-b ~/src/ikev2/pp-results/mpa/ikev*.spdl
+bsub -W 8:00 -Jd "ike0-aa-u" -N ./test-mpa.py -m 2 --plain -u --latex ike0-aa-u ~/src/ikev2/pp-results/mpa/ikev*.spdl
+bsub -W 8:00 -Jd "ike0-ex-t" -N ./test-mpa.py -m 2 --plain --extravert --latex ike0-ex-t ~/src/ikev2/pp-results/mpa/ikev*.spdl
+bsub -W 8:00 -Jd "ike0-ex-b" -N ./test-mpa.py -m 2 --plain -b --extravert --latex ike0-ex-b ~/src/ikev2/pp-results/mpa/ikev*.spdl
+bsub -W 8:00 -Jd "ike0-ex-u" -N ./test-mpa.py -m 2 --plain -u --extravert --latex ike0-ex-u ~/src/ikev2/pp-results/mpa/ikev*.spdl
+bsub -W 8:00 -Jd "ike0-iu-t" -N ./test-mpa.py -m 2 --plain --init-unique --latex ike0-iu-t ~/src/ikev2/pp-results/mpa/ikev*.spdl
+bsub -W 8:00 -Jd "ike0-iu-b" -N ./test-mpa.py -m 2 --plain -b --init-unique --latex ike0-iu-b ~/src/ikev2/pp-results/mpa/ikev*.spdl
+bsub -W 8:00 -Jd "ike0-iu-u" -N ./test-mpa.py -m 2 --plain -u --init-unique --latex ike0-iu-u ~/src/ikev2/pp-results/mpa/ikev*.spdl
+
diff --git a/Vagrant Files/files/scyther/combos-ikev1.sh b/Vagrant Files/files/scyther/combos-ikev1.sh
new file mode 100644
index 0000000000000000000000000000000000000000..a5743b996c7cb75d33edb5bccc2a6c32b13d82f6
--- /dev/null
+++ b/Vagrant Files/files/scyther/combos-ikev1.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+bsub -W 8:00 -Jd "ike1-aa-t" -N ./test-mpa.py -m 2 --plain --latex ike1-aa-t ~/src/ikev2/pp-results/mpa/ikev1*.spdl
+bsub -W 8:00 -Jd "ike1-aa-b" -N ./test-mpa.py -m 2 --plain -b --latex ike1-aa-b ~/src/ikev2/pp-results/mpa/ikev1*.spdl
+bsub -W 8:00 -Jd "ike1-aa-u" -N ./test-mpa.py -m 2 --plain -u --latex ike1-aa-u ~/src/ikev2/pp-results/mpa/ikev1*.spdl
+bsub -W 8:00 -Jd "ike1-ex-t" -N ./test-mpa.py -m 2 --plain --extravert --latex ike1-ex-t ~/src/ikev2/pp-results/mpa/ikev1*.spdl
+bsub -W 8:00 -Jd "ike1-ex-b" -N ./test-mpa.py -m 2 --plain -b --extravert --latex ike1-ex-b ~/src/ikev2/pp-results/mpa/ikev1*.spdl
+bsub -W 8:00 -Jd "ike1-ex-u" -N ./test-mpa.py -m 2 --plain -u --extravert --latex ike1-ex-u ~/src/ikev2/pp-results/mpa/ikev1*.spdl
+bsub -W 8:00 -Jd "ike1-iu-t" -N ./test-mpa.py -m 2 --plain --init-unique --latex ike1-iu-t ~/src/ikev2/pp-results/mpa/ikev1*.spdl
+bsub -W 8:00 -Jd "ike1-iu-b" -N ./test-mpa.py -m 2 --plain -b --init-unique --latex ike1-iu-b ~/src/ikev2/pp-results/mpa/ikev1*.spdl
+bsub -W 8:00 -Jd "ike1-iu-u" -N ./test-mpa.py -m 2 --plain -u --init-unique --latex ike1-iu-u ~/src/ikev2/pp-results/mpa/ikev1*.spdl
+
diff --git a/Vagrant Files/files/scyther/combos-ikev2.sh b/Vagrant Files/files/scyther/combos-ikev2.sh
new file mode 100644
index 0000000000000000000000000000000000000000..1da0bb158296e4872f8676ea2e4e49d34a718bc9
--- /dev/null
+++ b/Vagrant Files/files/scyther/combos-ikev2.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+bsub -W 8:00 -Jd "ike2-aa-t" -N ./test-mpa.py -m 2 --plain --latex ike2-aa-t ~/src/ikev2/pp-results/mpa/ikev2*.spdl
+bsub -W 8:00 -Jd "ike2-aa-b" -N ./test-mpa.py -m 2 --plain -b --latex ike2-aa-b ~/src/ikev2/pp-results/mpa/ikev2*.spdl
+bsub -W 8:00 -Jd "ike2-aa-u" -N ./test-mpa.py -m 2 --plain -u --latex ike2-aa-u ~/src/ikev2/pp-results/mpa/ikev2*.spdl
+bsub -W 8:00 -Jd "ike2-ex-t" -N ./test-mpa.py -m 2 --plain --extravert --latex ike2-ex-t ~/src/ikev2/pp-results/mpa/ikev2*.spdl
+bsub -W 8:00 -Jd "ike2-ex-b" -N ./test-mpa.py -m 2 --plain -b --extravert --latex ike2-ex-b ~/src/ikev2/pp-results/mpa/ikev2*.spdl
+bsub -W 8:00 -Jd "ike2-ex-u" -N ./test-mpa.py -m 2 --plain -u --extravert --latex ike2-ex-u ~/src/ikev2/pp-results/mpa/ikev2*.spdl
+bsub -W 8:00 -Jd "ike2-iu-t" -N ./test-mpa.py -m 2 --plain --init-unique --latex ike2-iu-t ~/src/ikev2/pp-results/mpa/ikev2*.spdl
+bsub -W 8:00 -Jd "ike2-iu-b" -N ./test-mpa.py -m 2 --plain -b --init-unique --latex ike2-iu-b ~/src/ikev2/pp-results/mpa/ikev2*.spdl
+bsub -W 8:00 -Jd "ike2-iu-u" -N ./test-mpa.py -m 2 --plain -u --init-unique --latex ike2-iu-u ~/src/ikev2/pp-results/mpa/ikev2*.spdl
+
+
diff --git a/Vagrant Files/files/scyther/combos-iso.sh b/Vagrant Files/files/scyther/combos-iso.sh
new file mode 100644
index 0000000000000000000000000000000000000000..b9fb2500a7d26bf52cb396464d3f2ceb9cd4dac7
--- /dev/null
+++ b/Vagrant Files/files/scyther/combos-iso.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+bsub -W 8:00 -Jd "iso-aa-t" -N ./test-mpa.py -m 2 --plain --latex iso-aa-t ~/papers/iso9798/scyther-models/*.spdl
+bsub -W 8:00 -Jd "iso-aa-b" -N ./test-mpa.py -m 2 --plain -b --latex iso-aa-b ~/papers/iso9798/scyther-models/*.spdl
+bsub -W 8:00 -Jd "iso-aa-u" -N ./test-mpa.py -m 2 --plain -u --latex iso-aa-u ~/papers/iso9798/scyther-models/*.spdl
+bsub -W 8:00 -Jd "iso-ex-t" -N ./test-mpa.py -m 2 --plain --extravert --latex iso-ex-t ~/papers/iso9798/scyther-models/*.spdl
+bsub -W 8:00 -Jd "iso-ex-b" -N ./test-mpa.py -m 2 --plain -b --extravert --latex iso-ex-b ~/papers/iso9798/scyther-models/*.spdl
+bsub -W 8:00 -Jd "iso-ex-u" -N ./test-mpa.py -m 2 --plain -u --extravert --latex iso-ex-u ~/papers/iso9798/scyther-models/*.spdl
+bsub -W 8:00 -Jd "iso-iu-t" -N ./test-mpa.py -m 2 --plain --init-unique --latex iso-iu-t ~/papers/iso9798/scyther-models/*.spdl
+bsub -W 8:00 -Jd "iso-iu-b" -N ./test-mpa.py -m 2 --plain -b --init-unique --latex iso-iu-b ~/papers/iso9798/scyther-models/*.spdl
+bsub -W 8:00 -Jd "iso-iu-u" -N ./test-mpa.py -m 2 --plain -u --init-unique --latex iso-iu-u ~/papers/iso9798/scyther-models/*.spdl
diff --git a/Vagrant Files/files/scyther/generate-attack-graphs.py b/Vagrant Files/files/scyther/generate-attack-graphs.py
new file mode 100644
index 0000000000000000000000000000000000000000..bad12b1da886ea2e86cd0d3001b275afd3b5a5f3
--- /dev/null
+++ b/Vagrant Files/files/scyther/generate-attack-graphs.py
@@ -0,0 +1,131 @@
+#!/usr/bin/env python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+"""
+Generate attacks for each claim
+
+To also generate resource usage details on linux, use something like:
+
+ xargs -a protocols.txt -n 1 -I {} /usr/bin/time -v -o {}.times ./generate-attack-graphs.py {}
+
+where 'protocols.txt' contains a protocol file per line.
+"""
+
+#---------------------------------------------------------------------------
+
+""" Import externals """
+import sys
+
+#---------------------------------------------------------------------------
+
+""" Import scyther components """
+import Scyther.Scyther as Scyther
+
+#---------------------------------------------------------------------------
+
+def create_file_prefix(fn,cid):
+ """
+ Create a filename prefix for fn,cid without extension
+ """
+
+ tcid = cid
+ i = tcid.rfind(",")
+ if i > 0:
+ if fn.find(tcid[:i]) >= 0:
+ tcid = tcid[i+1:]
+
+ tfn = fn.replace(".spdl","")
+ i = tfn.rfind("/")
+ if i >= 0:
+ tfn = tfn[i+1:]
+
+ pref = "%s-%s" % (tfn,tcid)
+ pref = pref.replace(",","_")
+
+ return pref
+
+
+def render_dot(fn,gtype):
+ """
+ Render .dot file called fn into gtype file
+ """
+ from subprocess import call
+
+ if len(gtype) > 5:
+ # Something is fishy, abort
+ return
+
+ base_name = fn
+ i = base_name.rfind(".")
+ if i > 0:
+ base_name = base_name[:i]
+
+ cmd = ["dot","-T" + gtype,"-o%s.%s" % (base_name,gtype),fn]
+ #print cmd
+
+ call(cmd)
+
+
+def render_best_attack(fn,cid):
+ """
+ Extract the best attack for this claim and file name
+ """
+ x = Scyther.Scyther()
+ x.setFile(fn)
+
+ x.options = "-r4 -T60"
+ x.verifyOne(cid)
+
+ pref = create_file_prefix(fn,cid)
+
+ for cl in x.claims:
+ cln = cl.claimtype
+ if cln == "Commit":
+ cln = "Data_agree"
+
+ if len(cl.attacks) > 0:
+ dotfile = "attack-%s-%s.dot" % (pref,cln)
+ fp = open(dotfile,'w')
+ fp.write(cl.attacks[-1].scytherDot)
+ fp.close()
+
+ render_dot(dotfile,"png")
+ render_dot(dotfile,"pdf")
+
+ print "%s; %s" % (fn,cl)
+
+def main():
+
+ filelist = sys.argv[1:]
+ # Compute dict of filenames to claim id's
+ cl = Scyther.GetClaims(filelist)
+
+ for fn in set(cl):
+ for cid in cl[fn]:
+
+ render_best_attack(fn,cid)
+
+
+
+if __name__ == '__main__':
+ main()
+
+#---------------------------------------------------------------------------
+# vim: set ts=4 sw=4 et list lcs=tab\:>-:
diff --git a/Vagrant Files/files/scyther/json-scyther.py b/Vagrant Files/files/scyther/json-scyther.py
new file mode 100644
index 0000000000000000000000000000000000000000..b8e23bd5def9b64736d9c605b557fb5d72fb7b12
--- /dev/null
+++ b/Vagrant Files/files/scyther/json-scyther.py
@@ -0,0 +1,66 @@
+#!/usr/bin/env python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+
+"""
+
+Author: Cas Cremers
+
+"""
+
+import sys
+import json
+from Scyther import Scyther
+
+
+def scyther_json(jsondata):
+ """
+ Decode json data into (protocollist,options,filter) and run scyther
+ """
+ s = Scyther.Scyther()
+
+ (protocollist,options,filter) = json.loads(jsondata)
+
+ s.options = str(options)
+ for protocol in sorted(protocollist):
+ s.addFile(protocol)
+ s.verifyOne(str(filter))
+
+def fileandline(fn,linenos):
+ fp = open(fn,"r")
+ ln = 1
+ done = 0
+ sz = len(linenos)
+ for l in fp.xreadlines():
+ if str(ln) in linenos:
+ print l
+ scyther_json(l)
+ done = done + 1
+ if done >= sz:
+ fp.close()
+ return
+ ln = ln + 1
+ fp.close()
+ return
+
+if __name__ == '__main__':
+ fileandline(sys.argv[1],set(sys.argv[2:]))
+
+
diff --git a/Vagrant Files/files/scyther/make-bsub.py b/Vagrant Files/files/scyther/make-bsub.py
new file mode 100644
index 0000000000000000000000000000000000000000..0897da157cddc70cd0ce1883f9d4d4331de9760d
--- /dev/null
+++ b/Vagrant Files/files/scyther/make-bsub.py
@@ -0,0 +1,69 @@
+#!/usr/bin/env python
+#
+import sys
+import json
+import math
+
+"""
+Given a file of Scyther verification tests to do (json file), create a shell file to run them all using bsub.
+
+Arguments:
+
+ [1] Filename of json stuff
+ [2] Step count: how many verification tasks go into one job
+ [3] Additional commands to send to bsub (e.g. "-W 1:00")
+
+"""
+
+def countlines(fn):
+ count = 0
+ fh = open(fn,'r')
+ for l in fh.xreadlines():
+ count = count + 1
+ fh.close()
+ return count
+
+def marker(jobcount,todo):
+ left = todo - jobcount
+ dperc = int((100 * jobcount) / todo)
+ print "echo \"Sent %i out of %i jobs, hence %i left. %i%% done.\"" % (jobcount,todo,left,dperc)
+
+def main(fn,step,optlist):
+
+ todo = math.ceil(countlines(fn) / int(step))
+
+ fh = open(fn,'r')
+ ln = 1
+ buf = 0
+ s = ""
+ jobcount = 0
+ done = 0
+
+ for l in fh.xreadlines():
+ if buf == 0:
+ s = "bsub %s ./json-scyther.py %s" % (" ".join(optlist),fn)
+ s += " %i" % (ln)
+ buf = buf + 1
+ done = done + 1
+ if buf >= int(step):
+ print (s)
+ s = ""
+ buf = 0
+ jobcount = jobcount + 1
+ if jobcount % 10 == 0:
+ """
+ After ten jobs, display progress info
+ """
+ marker(jobcount,todo)
+
+ ln = ln + 1
+ print (s)
+ marker(jobcount,todo)
+ fh.close()
+
+
+if __name__ == '__main__':
+ """ Usage: filename, step, options to send to bsub
+ """
+ main(sys.argv[1],sys.argv[2],sys.argv[3:])
+
diff --git a/Vagrant Files/files/scyther/mpa.spdl b/Vagrant Files/files/scyther/mpa.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..4913029f4daf23383d192b390e22b9f82a0e5b9d
--- /dev/null
+++ b/Vagrant Files/files/scyther/mpa.spdl
@@ -0,0 +1,79 @@
+/*
+ * Needham-Schroeder-Lowe protocol
+ */
+
+// The protocol description
+
+protocol nsl3(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+
+ send_1(I,R, {ni,I}pk(R) );
+ recv_2(R,I, {ni,nr,R}pk(I) );
+ send_3(I,R, {nr}pk(R) );
+
+ claim_i1(I,Secret,ni);
+ claim_i2(I,Secret,nr);
+ claim_i3(I,Niagree);
+ claim_i4(I,Nisynch);
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+
+ recv_1(I,R, {ni,I}pk(R) );
+ send_2(R,I, {ni,nr,R}pk(I) );
+ recv_3(I,R, {nr}pk(R) );
+
+ claim_r1(R,Secret,ni);
+ claim_r2(R,Secret,nr);
+ claim_r3(R,Niagree);
+ claim_r4(R,Nisynch);
+ }
+}
+
+/*
+ * Needham-Schroeder-Lowe protocol,
+ * broken version (wrong role name in first message)
+ */
+
+// The protocol description
+
+protocol nsl3-broken(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+
+ send_1(I,R, {ni,R}pk(R) );
+ recv_2(R,I, {ni,nr,R}pk(I) );
+ send_3(I,R, {nr}pk(R) );
+
+ claim_i1(I,Secret,ni);
+ claim_i2(I,Secret,nr);
+ claim_i3(I,Niagree);
+ claim_i4(I,Nisynch);
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+
+ recv_1(I,R, {ni,R}pk(R) );
+ send_2(R,I, {ni,nr,R}pk(I) );
+ recv_3(I,R, {nr}pk(R) );
+
+ claim_r1(R,Secret,ni);
+ claim_r2(R,Secret,nr);
+ claim_r3(R,Niagree);
+ claim_r4(R,Nisynch);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/notes-brutus-mpa.txt b/Vagrant Files/files/scyther/notes-brutus-mpa.txt
new file mode 100644
index 0000000000000000000000000000000000000000..b89e3938e66be4445e2f8a8071d21a0c4606bb27
--- /dev/null
+++ b/Vagrant Files/files/scyther/notes-brutus-mpa.txt
@@ -0,0 +1,181 @@
+run test-MPA with --pickle to some file FILE.
+
+Choose a STEP integer: how many verifications are batched into a single job.
+
+Then:
+
+./make-bsub.py FILE STEP -W 1:00 [OTHER BSUB OPTIONS] > tests.sh
+
+Then
+
+bash tests.sh
+
+
+When all is done, rerun the original thing without pickle.
+
+
+
+This invokes then:
+json-scyther.py
+in different batches
+
+
+
+
+
+Test run for real
+
+
+Fri Dec 31 16:33:20 CET 2010
+
+Login & screen on brutus3 node.
+
+bsub -W 2:00 ./test-mpa.py --pickle mpa-tests.json -A Protocols/MultiProtocolAttacks/*.spdl
+
+Fri Dec 31 18:48:29 CET 2010
+
+Given the 6 minutes timeout, decided to batch into the 1h queues. Thus 9
+verifications can safely go in a batch.
+
+./make-bsub.py mpa-tests.json 9 -W 1:00 >mpa-tests.sh
+
+bash mpa-tests.sh
+
+
+Hmm. For the 1h queue on Brutus, there is a 10.000 pending jobs limit. Thus my
+40.000+ jobs get stuck here.
+
+So I could have done the division such that the jobs can be pended at onces
+but it would have meant putting the jobs in the 8h or more queues.
+
+For the batching thing, it would be nice to print a counter every 10 bsubs so
+if it gets stuck, you can see where it is (or better: how much is left).
+
+The lsf.o* output files clog up the directory. Find a way to disable them!
+
+Woops, we get mail once in a while. Not good. Unclear under which conditions
+this occurs, it seems to be errors only. (Probably stale file pointers from
+the old watch & rm solution.)
+
+Sun Jan 2 10:54:23 CET 2011
+
+All jobs have been submitted, now only 3000 pending.
+
+There may be a limit for me of about 128 active jobs at the same time.
+
+Sun Jan 2 11:30:30 CET 2011
+
+2200 pending.
+
+Sun Jan 2 12:38:48 CET 2011
+
+1155 pending.
+(bjobs -p | grep PEND | wc -l)
+
+Sun Jan 2 13:59:04 CET 2011
+
+0 jobs pending, 32 jobs active.
+
+Sun Jan 2 14:18:11 CET 2011
+
+Done. Recomp started (without --pickle FILE above)
+Takes too long on login node. Killed at 14:40.
+
+Instead, rerunning with:
+
+bsub -I -N ./test-mpa.py -A Protocols/MultiProtocolAttacks/*.spdl
+
+-I for interactive, -N for mail at end.
+
+Sun Jan 2 14:45:04 CET 2011
+
+Above job is running. It also seems faster.
+
+Sun Jan 2 20:07:58 CET 2011
+
+Sigh. It got killed after one hour because no time limit was set.
+Rerunning with -W 6:00
+
+
+
+
+
+
+Sun Jan 2 14:30:19 CET 2011
+
+In parallel, starting new huge job; biggest possible using current script options.
+
+bsub -W 7:00 ./test-mpa.py --pickle test-full-mpa.json --self-communication -A Protocols/MultiProtocolAttacks/*.spdl
+
+Actually, these big jobs should be started with finishing e-mail notification
+or the switch that makes the bsub command only return after the jobs has
+finished, otherwise we end up watching bjobs all the time, which is boring.
+
+Sun Jan 2 14:40:08 CET 2011
+
+The above test generation is now running.
+
+Sun Jan 2 20:09:42 CET 2011
+
+The test generation seems to have finished at 15:31.
+
+./make-bsub.py test-full-mpa.json 10 -W 1:00 >test-full-mpa.sh
+
+This finished at 20:11.
+So now running
+
+nice bash test-full-mpa.sh
+
+G
+
+
+
+Sun Jan 2 15:07:13 CET 2011
+
+A third parallel test:
+
+batcher.sh OPTIONS_AND_FILES_FOR_TEST_MPA_SCRIPT
+
+Running with -L5. This should automate all of the previous stuff.
+
+
+
+
+Wed Jan 5 15:37:11 CET 2011
+
+Running for cryptrec (with new Scyther version and new batches of 5 things)
+./batcher.sh ~/papers/iso/*.spdl
+
+
+
+Tue Jan 18 17:10:49 CET 2011
+
+./batcher.sh -m 1 --all-types --self-communication ~/papers/iso/*.spdl
+The batcher has jobid 930582
+
+(error, reverting to os.makedirs(path))
+
+Tue Jan 18 23:45:15 CET 2011
+
+./test-iso-combo.sh
+
+Tue Jan 18 23:49:15 CET 2011
+
+./batcher.sh -m 2 --all-types --self-communication ~/papers/iso/*.spdl
+
+Solved: do "watch -n 10 ./WIPER.sh 11"
+(wiper.sh finds lsf files accessed longer ago than 11 minutes and wipes them)
+
+./test-mpa-alltypes.sh
+
+
+
+Mon Jan 24 14:55:23 CET 2011
+
+./batcher.sh -m 2 --all-types Protocols/MultiProtocolAttacks/*.spdl
+
+
+
+Sat Jan 29 13:35:22 CET 2011
+
+./batcher.sh -m 2 -A --self-communication Protocols/MultiProtocolAttacks/*.spdl
diff --git a/Vagrant Files/files/scyther/ns3.spdl b/Vagrant Files/files/scyther/ns3.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..edde4ab3c4b52e7026d2482594f5eb815bfbbfa3
--- /dev/null
+++ b/Vagrant Files/files/scyther/ns3.spdl
@@ -0,0 +1,47 @@
+/*
+ * Needham-Schroeder protocol
+ */
+
+// The protocol description
+
+protocol ns3(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+
+ send_1(I,R, {ni,I}pk(R) );
+ recv_2(R,I, {ni,nr}pk(I) );
+ claim(I,Running,R,ni,nr);
+ send_3(I,R, {nr}pk(R) );
+
+ claim(I,Secret,ni);
+ claim(I,Secret,nr);
+ claim(I,Alive);
+ claim(I,Weakagree);
+ claim(I,Commit,R,ni,nr);
+ claim(I,Niagree);
+ claim(I,Nisynch);
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+
+ recv_1(I,R, {ni,I}pk(R) );
+ claim(R,Running,I,ni,nr);
+ send_2(R,I, {ni,nr}pk(I) );
+ recv_3(I,R, {nr}pk(R) );
+
+ claim(R,Secret,ni);
+ claim(R,Secret,nr);
+ claim(R,Alive);
+ claim(R,Weakagree);
+ claim(R,Commit,I,ni,nr);
+ claim(R,Niagree);
+ claim(R,Nisynch);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/nsl3-broken.spdl b/Vagrant Files/files/scyther/nsl3-broken.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..3681cd9a41030e2a77957f0f85c5ab20e413f7fc
--- /dev/null
+++ b/Vagrant Files/files/scyther/nsl3-broken.spdl
@@ -0,0 +1,40 @@
+/*
+ * Needham-Schroeder-Lowe protocol,
+ * broken version (wrong role name in first message)
+ */
+
+// The protocol description
+
+protocol nsl3-broken(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+
+ send_1(I,R, {ni,R}pk(R) );
+ recv_2(R,I, {ni,nr,R}pk(I) );
+ send_3(I,R, {nr}pk(R) );
+
+ claim_i1(I,Secret,ni);
+ claim_i2(I,Secret,nr);
+ claim_i3(I,Niagree);
+ claim_i4(I,Nisynch);
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+
+ recv_1(I,R, {ni,R}pk(R) );
+ send_2(R,I, {ni,nr,R}pk(I) );
+ recv_3(I,R, {nr}pk(R) );
+
+ claim_r1(R,Secret,ni);
+ claim_r2(R,Secret,nr);
+ claim_r3(R,Niagree);
+ claim_r4(R,Nisynch);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/nsl3.spdl b/Vagrant Files/files/scyther/nsl3.spdl
new file mode 100644
index 0000000000000000000000000000000000000000..c393e73c3db93f066dd83588a2831656e723809c
--- /dev/null
+++ b/Vagrant Files/files/scyther/nsl3.spdl
@@ -0,0 +1,47 @@
+/*
+ * Needham-Schroeder-Lowe protocol
+ */
+
+// The protocol description
+
+protocol nsl3(I,R)
+{
+ role I
+ {
+ fresh ni: Nonce;
+ var nr: Nonce;
+
+ send_1(I,R, {ni,I}pk(R) );
+ recv_2(R,I, {ni,nr,R}pk(I) );
+ claim(I,Running,R,ni,nr);
+ send_3(I,R, {nr}pk(R) );
+
+ claim(I,Secret,ni);
+ claim(I,Secret,nr);
+ claim(I,Alive);
+ claim(I,Weakagree);
+ claim(I,Commit,R,ni,nr);
+ claim(I,Niagree);
+ claim(I,Nisynch);
+ }
+
+ role R
+ {
+ var ni: Nonce;
+ fresh nr: Nonce;
+
+ recv_1(I,R, {ni,I}pk(R) );
+ claim(R,Running,I,ni,nr);
+ send_2(R,I, {ni,nr,R}pk(I) );
+ recv_3(I,R, {nr}pk(R) );
+
+ claim(R,Secret,ni);
+ claim(R,Secret,nr);
+ claim(R,Alive);
+ claim(R,Weakagree);
+ claim(R,Commit,I,ni,nr);
+ claim(R,Niagree);
+ claim(R,Nisynch);
+ }
+}
+
diff --git a/Vagrant Files/files/scyther/precompute-ike.sh b/Vagrant Files/files/scyther/precompute-ike.sh
new file mode 100644
index 0000000000000000000000000000000000000000..7b7652fb88f2e6307740cf84ebcb18710efa6e3e
--- /dev/null
+++ b/Vagrant Files/files/scyther/precompute-ike.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+./batcher.sh -m 2 --all-types --self-communication ~/src/ikev2/pp-results/mpa/ikev1*.spdl
+./batcher.sh -m 2 --all-types --self-communication ~/src/ikev2/pp-results/mpa/ikev2*.spdl
+
diff --git a/Vagrant Files/files/scyther/progressbarDummy.py b/Vagrant Files/files/scyther/progressbarDummy.py
new file mode 100644
index 0000000000000000000000000000000000000000..9ddd7e9603a98a8eafcb31f39792dc16f814cb66
--- /dev/null
+++ b/Vagrant Files/files/scyther/progressbarDummy.py
@@ -0,0 +1,60 @@
+#!/usr/bin/env python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+
+"""
+
+Dummy.
+
+Author: Cas Cremers
+
+"""
+
+class ProgressBar(object):
+
+ def __init__(self,widgets=[],maxval=100):
+ self.widgets = widgets
+ self.maxval = maxval
+
+ def start(self):
+ if self.widgets:
+ if len(self.widgets) > 0:
+ print self.widgets[0],
+
+ def update(self,count):
+ pass
+
+ def finish(self):
+ print " Done."
+
+
+def SimpleProgress():
+ return
+
+def ETA():
+ return
+
+def Percentage():
+ return
+
+def Bar(marker,left,right):
+ return
+
+# vim: set ts=4 sw=4 et list lcs=tab\:>-:
diff --git a/Vagrant Files/files/scyther/scyther-gui.py b/Vagrant Files/files/scyther/scyther-gui.py
new file mode 100644
index 0000000000000000000000000000000000000000..d20be43b828fcccdb5ad79a4e1d635a3ab6a056b
--- /dev/null
+++ b/Vagrant Files/files/scyther/scyther-gui.py
@@ -0,0 +1,245 @@
+#!/usr/bin/env python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+
+#---------------------------------------------------------------------------
+# Try to get wxPython
+try:
+ import wx
+except ImportError,err:
+ from Scyther import Misc
+
+ errmsg = "Problem with importing the required [wxPython] package."
+
+ if 'No module' in str(err):
+ errmsg = """Could not find the required [wxPython] package.
+Please install this package in order to use the graphical user
+interface of Scyther.
+The [wxPython] packages can be found at http://www.wxpython.org/
+
+Ubuntu users: the wxPython packages are called 'python-wxgtk' followed by the
+version number."""
+ elif ('32-bit mode' in str(err)) or ('no matching architecture' in str(err)):
+ import os
+
+ key = "VERSIONER_PYTHON_PREFER_32_BIT"
+ data = "yes"
+
+ keyfound = False
+ try:
+ if sys.environment[key] == data:
+ keyfound = True
+ except:
+ pass
+
+ if keyfound:
+ """
+ We already tried to set the environment variable, but it is still not working.
+ """
+ import sys
+ #print "Key found. good job. no success."
+
+ errmsg = """Problem with importing the required [wxPython] package.
+
+ Possibly the problem is caused by wxPython only working in 32-bit mode currently.
+ You can try the following on the command line:
+
+ $ export VERSIONER_PYTHON_PREFER_32_BIT=yes
+ $ ./scyther-gui.py"""
+
+ else:
+ """
+ Key not found. Try if that works.
+ """
+ import sys
+ from subprocess import call
+
+ #print "Key not found. Trying to set it now."
+ # TODO: check for MAC's if we need something like 'pythonw'
+ call(sys.argv, shell=True, env={key: data})
+ sys.exit(0)
+
+
+ Misc.panic("""
+ERROR:
+
+%s
+
+Note that you can still use the Scyther binaries in the 'Scyther' directory.
+
+The exact error was:
+--------------------------------------------------------------------------------
+%s
+--------------------------------------------------------------------------------
+ """ % (errmsg,err))
+
+
+
+#---------------------------------------------------------------------------
+""" import externals """
+import sys
+import os
+from optparse import OptionParser, SUPPRESS_HELP
+from subprocess import *
+
+#---------------------------------------------------------------------------
+
+""" Import scyther-gui components """
+from Scyther import Scyther,Misc
+from Gui import About,Preference,Mainwindow
+
+#---------------------------------------------------------------------------
+
+def parseArgs():
+ usage = "usage: %s [options] [inputfile]" % sys.argv[0]
+ description = "scyther-gui is a graphical user interface for the scyther protocol verification tool."
+ parser = OptionParser(usage=usage,description=description)
+
+ # command
+ parser.add_option("-V","--verify",dest="command",default=None,action="store_const",const="verify",
+ help="Immediately verify the claims of the protocol (requires input file)")
+ parser.add_option("-s","--state-space",dest="command",default=None,action="store_const",const="statespace",
+ help="Immediately generate the complete characterization of the protocol (requires input file)")
+ parser.add_option("-a","--auto-claims",dest="command",default=None,action="store_const",const="autoverify",
+ help="Immediately verified protocol using default claims (requires input file)")
+ #parser.add_option("-c","--check",dest="command",default=None,action="store_const",const="check",
+ # help="Immediately check protocol (requires input file)")
+
+ # License
+ parser.add_option("-l","--license",dest="license",default=False,action="store_const",const=True,
+ help="Show license")
+
+ # no-splash
+ parser.add_option("-N","--no-splash",dest="splashscreen",default=True,action="store_const",const=False,
+ help="Do not show the splash screen")
+
+ # misc debug etc (not shown in the --help output)
+ parser.add_option("","--test",dest="test",default=False,action="store_true",
+ help=SUPPRESS_HELP)
+
+ return parser.parse_args()
+
+#---------------------------------------------------------------------------
+
+class MySplashScreen(wx.SplashScreen):
+ def __init__(self,basedir):
+ path = os.path.join(basedir,"Images")
+ image = os.path.join(path,"scyther-splash.png")
+ bmp = wx.Image(image).ConvertToBitmap()
+ wx.SplashScreen.__init__(self, bmp,
+ wx.SPLASH_CENTRE_ON_SCREEN | wx.SPLASH_TIMEOUT,
+ 5000, None, -1)
+ self.Bind(wx.EVT_CLOSE, self.OnClose)
+ self.fc = wx.FutureCall(2000, self.ShowMain)
+
+ def OnClose(self, evt):
+ # Make sure the default handler runs too so this window gets
+ # destroyed
+ evt.Skip()
+ self.Hide()
+
+ # if the timer is still running then go ahead and show the
+ # main frame now
+ if self.fc.IsRunning():
+ self.fc.Stop()
+ self.ShowMain()
+
+
+ def ShowMain(self):
+ if self.fc.IsRunning():
+ self.Raise()
+
+
+#---------------------------------------------------------------------------
+
+def isSplashNeeded(opts):
+ if not opts.command:
+ if opts.splashscreen and not (Preference.get('splashscreen') in ['false','off','disable','0']):
+ return True
+ return False
+
+#---------------------------------------------------------------------------
+
+class ScytherApp(wx.App):
+ def OnInit(self):
+ import os, inspect
+
+ wx.GetApp().SetAppName("Scyther-gui")
+
+ # Determine base directory (taking symbolic links into account)
+ cmd_file = os.path.realpath(os.path.abspath(inspect.getfile( inspect.currentframe() )))
+ basedir = os.path.split(cmd_file)[0]
+
+ # Parse arguments
+ (opts,args) = parseArgs()
+
+ # License option may abort here
+ if opts.license:
+ print Scyther.GetLicense()
+ sys.exit(0)
+
+ # Load preferences file
+ Preference.init()
+
+ #"""
+ #Create and show the splash screen. It will then create and show
+ #the main frame when it is time to do so.
+ #
+ #The splash screen is disabled for automatic commands, and also
+ #by a setting in the preferences file.
+ #"""
+ #if isSplashNeeded(opts):
+ # splash = MySplashScreen(basedir)
+ # splash.Show()
+
+ self.mainWindow = Mainwindow.MainWindow(opts,args)
+ self.SetTopWindow(self.mainWindow)
+ self.mainWindow.Show()
+
+ if isSplashNeeded(opts):
+ dlg = About.AboutScyther(self.mainWindow,basedir)
+ dlg.ShowModal()
+ dlg.Destroy()
+
+ return True
+
+ def OnExit(self):
+ """ Tear down """
+
+
+#---------------------------------------------------------------------------
+
+def CheckRequirements():
+ """ Check for any required programs """
+
+ """ We need 'dot', in the graphviz package """
+ from Scyther import FindDot
+
+ FindDot.findDot() # If Graphviz is not found, this function will call panic to complain.
+
+#---------------------------------------------------------------------------
+
+
+if __name__ == '__main__':
+ CheckRequirements()
+ scythergui = ScytherApp()
+ scythergui.MainLoop()
+
+# vim: set ts=4 sw=4 et list lcs=tab\:>-:
diff --git a/Vagrant Files/files/scyther/scyther-gui.rc b/Vagrant Files/files/scyther/scyther-gui.rc
new file mode 100644
index 0000000000000000000000000000000000000000..cd3a913e215297bcbc293f08c0a2f40c0bd205e0
--- /dev/null
+++ b/Vagrant Files/files/scyther/scyther-gui.rc
@@ -0,0 +1,4 @@
+wxicon icon Images/scyther-gui-64.ico
+wxicon icon Images/scyther-gui-32.ico
+wxicon icon Images/scyther-gui-16.ico
+#include "wx/msw/wx.rc"
diff --git a/Vagrant Files/files/scyther/scyther-manual.pdf b/Vagrant Files/files/scyther/scyther-manual.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..d35d7c3bb6da0afc2c2b6455db2070bfd28f3602
Binary files /dev/null and b/Vagrant Files/files/scyther/scyther-manual.pdf differ
diff --git a/Vagrant Files/files/scyther/scyther.py b/Vagrant Files/files/scyther/scyther.py
new file mode 100644
index 0000000000000000000000000000000000000000..ef99d75e3d9105d7c441e10f7ea0741bec9eb5aa
--- /dev/null
+++ b/Vagrant Files/files/scyther/scyther.py
@@ -0,0 +1,57 @@
+#!/usr/bin/env python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+#
+# python wrapper for the Scyther command-line tool
+#
+
+#---------------------------------------------------------------------------
+
+""" Import externals """
+import sys
+
+#---------------------------------------------------------------------------
+
+""" Import scyther components """
+import Scyther.Scyther as Scyther
+
+#---------------------------------------------------------------------------
+
+def usage():
+ x = Scyther.Scyther()
+ x.xml = False
+ x.options = "--help"
+ x.verify()
+ return x
+
+def simpleRun(args):
+ x = Scyther.Scyther()
+ x.options = args
+ x.verify()
+ return x
+
+if __name__ == '__main__':
+ pars = sys.argv[1:]
+ if len(pars) == 0:
+ print usage()
+ else:
+ print simpleRun(" ".join(pars))
+
+
diff --git a/Vagrant Files/files/scyther/test-delta.py b/Vagrant Files/files/scyther/test-delta.py
new file mode 100644
index 0000000000000000000000000000000000000000..863d13b18f0c2c7b7823b31a749fbebd9c0107a0
--- /dev/null
+++ b/Vagrant Files/files/scyther/test-delta.py
@@ -0,0 +1,181 @@
+#!/usr/bin/env python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+
+"""
+
+Example script to show how to perform large-scale tests using the
+Scyther Python API (contained in the Scyther subdirectory)
+
+In this example, we find the differences between two different switch
+settings for a large set of protocols.
+
+The notification triggers if claim lists differ, or when a claim is okay
+in one test but not in the other. Hence, we ignore differences between
+complete/bounded verification.
+
+Author: Cas Cremers
+
+
+Define the strings below.
+
+TEST0 is used for both, TEST1/2 define the difference between
+the tests.
+"""
+#---------------------------------------------------------------------------
+
+TEST0 = ""
+TEST1 = "--max-runs=1"
+TEST2 = "--max-runs=4"
+
+#---------------------------------------------------------------------------
+
+""" Import externals """
+import commands
+
+#---------------------------------------------------------------------------
+
+""" Import scyther components """
+from Scyther import Scyther
+
+#---------------------------------------------------------------------------
+
+def filterProtocol(protocol):
+ """
+ We may want to filter out some protocols.
+ This function allows that. Return True if it is okay (and should be
+ included) or False otherwise.
+ """
+ include = True
+ return include
+
+def simpleRun(args):
+ x = Scyther.Scyther()
+ x.options = args
+ x.verify()
+ return x
+
+def ScytherRes(protocol,args=""):
+ """
+ Run Scyther on a protocol and return a tuple with the
+ resulting object and claim list.
+ """
+ global TEST0
+
+ args = "%s %s %s" % (TEST0, args, protocol)
+ s = simpleRun(args)
+ return (s,s.claims)
+
+
+def findSameClaim(cl,claim):
+ """
+ Find in claim list the claim that corresponds to claim
+ """
+ for claim2 in cl:
+ if claim2.id == claim.id:
+ return claim2
+ return None
+
+
+def ScytherDiff(protocol):
+ """
+ Check whether the two different switch settings yield a different
+ result.
+ """
+ global TEST1, TEST2
+
+ (s1,cl1) = ScytherRes(protocol,TEST1)
+ (s2,cl2) = ScytherRes(protocol,TEST2)
+
+ res = ""
+ if len(cl1) != len(cl2):
+ res += "Different claim lists:\n%s\n%s\n" % (cl1,cl2)
+ else:
+ for claim1 in cl1:
+ claim2 = findSameClaim(cl2,claim1)
+ if claim2 == None:
+ res += "%s not in second test.\n" % (claim1)
+ else:
+ if claim1.okay != claim2.okay:
+ res += "Different results:\n%s\n%s\n" % (claim1,claim2)
+
+ if res == "":
+ return None
+ else:
+ return res
+
+
+def findProtocols():
+ """
+ Find a list of protocol names
+ """
+
+ cmd = "find -iname '*.spdl'"
+ plist = commands.getoutput(cmd).splitlines()
+ nlist = []
+ for prot in plist:
+ if filterProtocol(prot):
+ nlist.append(prot)
+ return nlist
+
+
+def main():
+ """
+ Simple test case with a few protocols
+ """
+ global TEST0,TEST1,TEST2
+
+ list = findProtocols()
+ print "Performing delta analysis"
+ print
+ print "String 0 (used for both): '%s'" % TEST0
+ print "String 1: '%s'" % TEST1
+ print "String 2: '%s'" % TEST2
+ print
+ print "After filtering, we are left with the following protocols:", list
+ print
+ maxcount = len(list)
+ count = 1
+ delta = 0
+ for prot in list:
+ perc = (100 * count) / maxcount
+ print "[%i%%] %s: " % (perc,prot),
+ res = ScytherDiff(prot)
+ if res != None:
+ print
+ print "-" * 72
+ print prot
+ print "-" * 72
+ print res
+ delta = delta + 1
+ else:
+ print "No interesting delta found."
+ count = count + 1
+
+ print
+ print "Analysis complete."
+ print "%i out of %i protocols differed [%i%%]." % (delta,maxcount,(100 * delta)/maxcount)
+
+
+if __name__ == '__main__':
+ main()
+
+
+# vim: set ts=4 sw=4 et list lcs=tab\:>-:
diff --git a/Vagrant Files/files/scyther/test-mpa.py b/Vagrant Files/files/scyther/test-mpa.py
new file mode 100644
index 0000000000000000000000000000000000000000..bf5a34432ed6ed8a8db0700bbdbff613f4e14ccb
--- /dev/null
+++ b/Vagrant Files/files/scyther/test-mpa.py
@@ -0,0 +1,896 @@
+#!/usr/bin/env python
+"""
+ Scyther : An automatic verifier for security protocols.
+ Copyright (C) 2007-2013 Cas Cremers
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation; either version 2
+ of the License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+"""
+
+
+"""
+
+Example script to show how to perform large-scale tests using the
+Scyther Python API (contained in the Scyther subdirectory)
+
+In this example, multi-protocol attack analysis is performed on a small
+test set.
+
+Author: Cas Cremers
+
+"""
+
+from Scyther import Scyther
+
+from optparse import OptionParser, OptionGroup, SUPPRESS_HELP
+import time
+import os.path
+import json
+
+try:
+ from progressbar import *
+ PROGRESSBAR = True
+except ImportError:
+ from progressbarDummy import *
+ PROGRESSBAR = False
+ print """
+Missing the progressbar library.
+
+It can be downloaded from:
+
+http://code.google.com/p/python-progressbar/
+
+"""
+
+FOUND = []
+ALLMPA = []
+ALLCLAIMS = []
+INVOLVED = []
+PROTFILETONAME = {}
+PROTNAMETOFILE = {}
+OPTS = None
+ARGS = None
+PICKLEDATA = set()
+
+
+#---------------------------------------------------------------------------
+
+def parseArgs():
+ usage = "usage: %prog [options] [inputfile]"
+ description = "test-mpa.py is a test script to help with multi-protocol analysis."
+ parser = OptionParser(usage=usage,description=description, version="%prog 2.0")
+
+ group = OptionGroup(parser, "Bounding the search space")
+ group.add_option("-m","--max-protocols",type="int",dest="maxprotocols",default=3,
+ help="Define maximum number of protocols in a multi-protocol attack [3].")
+
+ group.add_option("-r","--max-runs",type="int",dest="maxruns",default=4,
+ help="Define maximum number of runs in the analysis [4].")
+
+ group.add_option("-T","--timeout",type="int",dest="timeout",default=600,
+ help="Timeout in seconds for each analysis [600].")
+
+ group.add_option("-L","--limit",type="int",dest="limit",default=0,
+ help="Limit the length of the list of protocols [None].")
+ parser.add_option_group(group)
+
+ group = OptionGroup(parser, "Matching type options")
+ group.add_option("-t","--typed",dest="defoptarray",default=[],action="append_const",const="--match=0",
+ help="Verify protocols with respect to a typed model (-m 0) [default]")
+ group.add_option("-b","--basic-types",dest="defoptarray",default=[],action="append_const",const="--match=1",
+ help="Verify protocols with respect to basic type flaws only (-m 1)")
+ group.add_option("-u","--untyped",dest="defoptarray",default=[],action="append_const",const="--match=2",
+ help="Verify protocols with respect to an untyped model (-m 2)")
+ group.add_option("-A","--all-types",dest="alltypes",default=False,action="store_true",
+ help="Verify protocols with respect to all matching types")
+ parser.add_option_group(group)
+
+ group = OptionGroup(parser, "Restricting self-communication")
+ group.add_option("-U","--init-unique",dest="defoptarray",default=[],action="append_const",const="--init-unique",
+ help="Use Scythers --init-unique switch to filter out initiators talking to themselves.")
+ group.add_option("-E","--extravert",dest="defoptarray",default=[],action="append_const",const="--extravert",
+ help="Use Scythers --extravert switch to filter out agents talking to themselves.")
+ group.add_option("","--self-communication",dest="selfcommunication",default=False,action="store_true",
+ help="Explore all self-communication restrictions (as MPA-only option).")
+ parser.add_option_group(group)
+
+ # Misc
+ parser.add_option("","--pickle",dest="pickle",
+ help="Do not invoke Scyther but write intended calls to a file with the given name.") # action="store" and type="string" are defaults
+ parser.add_option("-l","--latex",dest="latex",
+ help="Output latex files with the given prefix.") # action="store" and type="string" are defaults
+ parser.add_option("-v","--verbose",dest="verbose",default=False,action="store_true",
+ help="Be more verbose.")
+ parser.add_option("-D","--debug",dest="debug",default=False,action="store_true",
+ help="Enable debugging features.")
+ parser.add_option("-p","--plain",dest="plain",default=False,action="store_true",
+ help="Ensure plain output, e.g., no progress bars.")
+
+ return parser.parse_args()
+
+#---------------------------------------------------------------------------
+
+class Attack(object):
+
+ def __init__(self,claim,mpalist):
+
+ self.claim = claim
+ self.mpalist = mpalist
+
+ def protocol(self):
+ return self.claim.protocol
+
+ def mpashort(self):
+
+ s = []
+ for fn in self.mpalist:
+ ptn = os.path.normpath(fn)
+ (head,tail) = os.path.split(ptn)
+ s.append(tail)
+
+ return s
+
+ def claimid(self):
+ return "%s" % (self.claim.id)
+
+ def __str__(self):
+ s = "(%s,%s)" % (self.claim.id, self.mpashort())
+ return s
+
+ def fullstr(self):
+ s = "%s,%s" % (self.claim.id, self.mpalist)
+ return s
+
+ def __cmp__(self,other):
+ s1 = self.fullstr()
+ s2 = other.fullstr()
+ if (s1 == s2):
+ return 0
+ else:
+ if s1 < s2:
+ return -1
+ else:
+ return 1
+
+
+#---------------------------------------------------------------------------
+
+
+def uniq(l):
+
+ ll = []
+ for x in l:
+ if x not in ll:
+ ll.append(x)
+ return ll
+
+
+def powerset(s):
+ """
+ s is a set
+ returns the powerset
+ """
+ pws = set([frozenset()])
+ for el in s:
+ # Double old powerset by adding its elements and also new ones
+ for s2 in pws.copy():
+ if len(s2) == 0:
+ pws.add(frozenset([el]))
+ else:
+ pws.add(frozenset([el]).union(s2))
+ return pws
+
+
+#---------------------------------------------------------------------------
+
+def MyScyther(protocollist,filt=None,options=[],checkpickle=True):
+ """
+ Evaluate the composition of the protocols in protocollist.
+ If there is a filter, i.e. "ns3,I1" then only this specific claim
+ will be evaluated.
+
+ By default, when Pickling, no evaluation is done (checkpickle=True).
+ Setting 'checkpickle' to False ignores this check and verifies anyway.
+ """
+ global OPTS
+ global PICKLEDATA
+
+ s = Scyther.Scyther()
+
+ # Standard
+ opts = OPTS.defoptarray + options
+
+ # Cover for caching issue where no --match= option is given (default to 0)
+ matchfound = False
+ for opt in opts:
+ if opt.startswith("--match="):
+ matchfound = True
+ break
+ if not matchfound:
+ opts.append("--match=0")
+
+ # Adding other command-line parameters (i.e. with arguments)
+ opts.append("-T %i" % (int(OPTS.timeout)))
+ opts.append("--max-runs=%i" % (int(OPTS.maxruns)))
+
+ # arguments to call
+ s.options = (" ".join(sorted(uniq(opts)))).strip()
+ if OPTS.debug:
+ print s.options
+
+ for protocol in sorted(protocollist):
+ s.addFile(protocol)
+ if checkpickle and OPTS.pickle:
+ # Do not really verify! Just dump request if not already known
+ if s.verifyOne(filt, checkKnown=True) == False:
+ PICKLEDATA.add((tuple(sorted(protocollist)),s.options,filt))
+ else:
+ # Verify results
+ s.verifyOne(filt)
+ return s
+
+
+def getCorrectIsolatedClaims(protocolset,options=[]):
+ """
+ Given a set of protocols, determine the correct claims when run in
+ isolation.
+ Returns a tuple, consisting of
+ - a list of compiling protocols
+ - a list of tuples (protocol,claimid) wich denote correct claims
+ """
+ correctclaims = []
+ goodprotocols = []
+
+ if not OPTS.plain:
+ widgets = ['Scanning for claims that are correct in isolation: ', SimpleProgress(), ' protocols (', Percentage(), ') ',
+ Bar(marker='#',left='[',right=']')
+ ]
+ pbar = ProgressBar(widgets=widgets, maxval=len(protocolset))
+ pbar.start()
+ count = 0
+ cpcount = 0
+ for protocol in protocolset:
+ # verify protocol in isolation
+ s = MyScyther([protocol],options=options,checkpickle=False)
+ # investigate the results
+ goodprotocols.append(protocol)
+ allfalse = True
+ for claim in s.claims:
+ global ALLCLAIMS
+ global PROTFILETONAME
+ global PROTNAMETOFILE
+
+ if claim not in ALLCLAIMS:
+ ALLCLAIMS.append(claim)
+
+ if claim.okay:
+ correctclaims.append((protocol,claim.id))
+ allfalse = False
+
+ PROTFILETONAME[protocol] = str(claim.protocol)
+ PROTNAMETOFILE[str(claim.protocol)] = protocol
+
+ count += 1
+ if not allfalse:
+ cpcount += 1
+ if not OPTS.plain:
+ pbar.update(count)
+
+ if not OPTS.plain:
+ pbar.finish()
+ return (goodprotocols,correctclaims,cpcount)
+
+
+def verifyProtList(protlist,claimid,options=[]):
+ """
+ Check attacks on this protocol list.
+ Returns True if no attack ("correct") and False if an attack is found.
+ """
+ s = MyScyther(protlist,claimid,options)
+ claim = s.getClaim(claimid)
+ if claim:
+ if not claim.okay:
+ return False
+ return True
+
+
+
+def verifyProtSubSet(protlist,claimid,options=[]):
+ """
+ Check attacks on true subsets of this list.
+ Note subsets must include the claim id
+ """
+ global OPTS
+
+ ps = powerset(set(protlist))
+ for s in ps:
+ if (len(s) > 0) and (len(s) < len(protlist)):
+ res = verifyProtList(list(s),claimid,options)
+ if res == False:
+ """
+ If an attack is found we're actually done but for pickle we
+ make an exception to generate all possible variants.
+ """
+ if not OPTS.pickle:
+ return False
+ return True
+
+
+def verifyMPAattack(mpalist,claimid,options=[]):
+ """
+ Check for Multi-Protocol Attacks on this protocol list.
+ Returns True if no attack ("correct") and False if an MPA attack is found.
+
+ First consider subsets, so if there is an attack there, don't consider others.
+ """
+ global OPTS
+
+ res = verifyProtSubSet(mpalist,claimid,options)
+ if res or OPTS.pickle:
+ """
+ Only really needed when no attack found but for pickle we make an
+ exception to generate all possible variants.
+ """
+ return verifyProtList(mpalist,claimid,options)
+ return True
+
+
+def verifyMPAlist(mpalist,claimid,options=[]):
+ """
+ Check the existence of a multi-protocol attack in this context
+
+ If an attack is found, we return False, otherwise True. This is
+ needed for the iteration later.
+ """
+ global OPTS, ARGS
+
+ if OPTS.debug:
+ print time.asctime(), mpalist, claimid, options
+
+ if not verifyMPAattack(mpalist,claimid,options):
+ global FOUND
+ global ALLFOUND
+ global INVOLVED
+
+ claim = claimidToClaim(claimid)
+
+ # This is an MPA attack!
+ if OPTS.debug:
+ print "I've found a multi-protocol attack on claim %s in the context %s." % (claimid,str(mpalist))
+
+ att = Attack(claim,mpalist)
+ FOUND.append(att)
+ ALLFOUND.append(att)
+
+ inv = [claim.protocol]
+ for fn in mpalist:
+ global PROTFILETONAME
+ inv.append(PROTFILETONAME[fn])
+
+ for pn in inv:
+ if pn not in INVOLVED:
+ INVOLVED.append(pn)
+
+ #return False
+
+ return True
+
+
+def constructMPAlist(protocolset,claimid,mpalist,length,start,callback,options=[]):
+ """
+ Append a list of parallel protocols, without duplicates,
+ such that the added part is lexicographically ordered (from
+ index 'start' in the protocol list)
+ For each possible list, the function callback is called. If the
+ callback returns true, iteration proceeds (returning true in the
+ end), otherwise it aborts and returns false.
+ """
+ if len(mpalist) < length:
+ # list is not long enough yet
+ for pn in range(start,len(protocolset)):
+ p = protocolset[pn]
+ if p not in mpalist:
+ if not constructMPAlist(protocolset,claimid,mpalist + [p],length,pn+1,callback,options=options):
+ return False
+ return True
+ else:
+ # list is long enough: callback
+ return callback(mpalist,claimid,options)
+
+
+def findMPA(protocolset,protocol,claimid,options=[]):
+ """
+ The protocol claim is assumed to be correct. When does it break?
+ """
+ global OPTS
+
+ # First we examine 2-protocol attacks, and then increase the
+ # number of parallel protocols if we don't find any attacks on the
+ # claim.
+ maxcount = OPTS.maxprotocols
+ count = 2
+ if len(protocolset) < maxcount:
+ # we cannot have more protocols in parallel than there are
+ # protocols.
+ maxcount = len(protocolset)
+
+ # the actual incremental search loop
+ while count <= maxcount:
+ constructMPAlist(protocolset,claimid,[protocol],count,0,verifyMPAlist,options)
+ count += 1
+ return None
+
+
+def foundToDicts(attacklist = []):
+ """
+ Turn a list of attacks into a more structured dict of dicts
+ protocolname -> claimid -> P(attack)
+ """
+ res = {}
+ for att in attacklist:
+ pn = str(att.protocol())
+ cl = att.claimid()
+
+ if pn not in res.keys():
+ res[pn] = {}
+ if cl not in res[pn].keys():
+ res[pn][cl] = set()
+ res[pn][cl].add(att)
+ return res
+
+
+def findAllMPA(protocolset,options=[],mpaoptions=[]):
+ """
+ Given a set of protocols, find multi-protocol attacks
+ """
+
+ global FOUND
+ global OPTS, ARGS
+ global PROTNAMETOFILE
+ global ALLCLAIMS
+
+ FOUND = []
+
+ # Find all correct claims in each protocol
+ (protocolset,correct,cpcount) = getCorrectIsolatedClaims(protocolset,options)
+ print "Investigating %i correct claims in %i protocols." % (len(correct), cpcount)
+
+ mpaprots = []
+ res = []
+
+ if len(correct) == 0:
+ print "Nothing to do."
+ return res
+
+ if OPTS.verbose:
+ """
+ When verbose, list correct claims in protocols
+ """
+ pmapclaims = {}
+ for (protocol,claimid) in correct:
+ if protocol not in pmapclaims.keys():
+ pmapclaims[protocol] = set()
+ pmapclaims[protocol].add(claimid)
+ print "Protocols with correct claims:"
+ if len(pmapclaims.keys()) == 0:
+ print " None."
+ else:
+ for pk in pmapclaims.keys():
+ print " %s, %s" % (pk, pmapclaims[pk])
+ print
+ left = set()
+ for p in protocolset:
+ if p not in pmapclaims.keys():
+ left.add(p)
+ print "Protocols with no correct claims:"
+ if len(left) == 0:
+ print " None."
+ else:
+ for p in left:
+ print " %s" % (p)
+ print
+
+ # output of all claims (only if latex required)
+
+ if OPTS.latex:
+ clset = set()
+ for claim in ALLCLAIMS:
+ prot = str(claim.protocol)
+ file = PROTNAMETOFILE[prot]
+ clid = claim.id
+ descr = claim.roledescribe()
+
+ tup = (file,prot,clid,descr)
+ clset.add(tup)
+
+ fp = open("gen-%s-claims.txt" % (OPTS.latex),"w")
+
+ fp.write("%% OPTS: %s\n" % OPTS)
+ fp.write("%% ARGS: %s\n" % ARGS)
+
+ for (file,prot,clid,descr) in sorted(clset):
+ fp.write("%s; %s; %s; %s\n" % (file,prot,clid,descr))
+
+ fp.close()
+
+ # Latex output of protocols with correct claims
+ if OPTS.latex:
+ pmapclaims = {}
+ for (protocol,claimid) in correct:
+ if protocol not in pmapclaims.keys():
+ pmapclaims[protocol] = set()
+ pmapclaims[protocol].add(claimid)
+
+ fp = open("gen-%s-correctclaims.tex" % (OPTS.latex),"w")
+
+ fp.write("%% OPTS: %s\n" % OPTS)
+ fp.write("%% ARGS: %s\n" % ARGS)
+
+ fp.write("\\begin{tabular}{ll}\n")
+ fp.write("Protocol & Claims \\\\\n")
+ for protocol in sorted(pmapclaims.keys()):
+ fp.write("%s & " % (PROTFILETONAME[protocol]))
+ claims = sorted(pmapclaims[protocol])
+ latexcl = set()
+ for claimid in claims:
+ claim = claimidToClaim(claimid)
+ latexcl.add(claim.roledescribe())
+
+ fp.write("; ".join(sorted(latexcl)))
+ fp.write("\\\\\n")
+ fp.write("\\end{tabular}\n")
+ fp.close()
+
+ # For all these claims...
+ if not OPTS.plain:
+ widgets = ['Scanning for MPA attacks: ', SimpleProgress(), ' claims (', Percentage(), ') ',
+ Bar(marker='#',left='[',right=']'),
+ ETA()
+ ]
+ pbar = ProgressBar(widgets=widgets, maxval=len(correct))
+ pbar.start()
+ count = 0
+
+ # Concatenate options but add space iff needed
+ alloptions = options + mpaoptions
+
+ for (protocol,claimid) in correct:
+ # Try to find multi-protocol attacks
+ findMPA(protocolset,protocol,claimid,options=alloptions)
+ count += 1
+ if not OPTS.plain:
+ pbar.update(count)
+ if not OPTS.plain:
+ pbar.finish()
+
+ """
+ The below computation assumes protocol names are unique to files, but if
+ they are not, some other errors should have been reported by the Scyther
+ backend anyway (conflicting protocol definitions in MPA analysis).
+ """
+ for att in FOUND:
+ pn = att.protocol()
+ if pn not in mpaprots:
+ mpaprots.append(pn)
+ res.append(att)
+
+ """
+ Latex table of attacks
+
+ TODO : map file names to protocol names, write out claim details
+
+ TODO : remove main protocol from list (it's: "MPA attacks when run in parallel with")
+
+ TODO : Check whether current tests stop after finding *one* MPA attack or whether they find *all*.
+
+ """
+ if OPTS.latex and not OPTS.pickle:
+ fp = open("gen-%s-mpaattacks.tex" % (OPTS.latex),"w")
+
+ fp.write("%% OPTS: %s\n" % OPTS)
+ fp.write("%% ARGS: %s\n" % ARGS)
+
+ fp.write("\\begin{tabular}{lll}\n")
+ fp.write("Protocol & Claim & MPA attacks \\\\ \n")
+
+ # Convert to more useful structure (maybe move one level up)
+ res = foundToDicts(FOUND)
+
+ """
+ Scan per protocol in mpaprots (maybe sorted?)
+ """
+ for prot in sorted(res.keys()):
+ """
+ List claim and then attack scenarios (to some max?)
+ """
+ ltprot = prot
+ for claimid in sorted(res[prot].keys()):
+
+ firstclaim = True
+ for att in sorted(res[prot][claimid]):
+
+ if firstclaim:
+
+ ltclaim = att.claim.roledescribe()
+ firstclaim = False
+
+ attl = att.mpalist
+ ltattacks = []
+ for attprot in attl:
+ if PROTFILETONAME[attprot] != att.claim.protocol:
+ ltattacks.append(PROTFILETONAME[attprot])
+
+ fp.write("%s & %s & %s \\\\ \n" % (ltprot,ltclaim,sorted(ltattacks)))
+
+ # Erase for cleaner table
+ ltprot = ""
+ ltclaim = ""
+
+ fp.write("\\end{tabular}\n")
+ fp.close()
+
+ print "-" * 70
+ print "Summary:"
+ print
+ print "We scanned %i protocols with options [%s]." % (len(protocolset),options)
+ print "We found %i correct claims." % (len(correct))
+ print "We then scanned combinations of at most %i protocols with options [%s]." % (OPTS.maxprotocols,alloptions)
+ if OPTS.pickle:
+ print "However, just precomputing now, hence we are not drawing any conclusions."
+ else:
+ print "We found %i MPA attacks." % (len(FOUND))
+ print "The attacks involve the claims of %i protocols." % (len(mpaprots))
+ print "-" * 70
+ print
+
+ return res
+
+
+def claimidToClaim(claimid):
+ """
+ Return claim object given a claim id
+ """
+ global ALLCLAIMS
+
+ for claim in ALLCLAIMS:
+ if claim.id == claimid:
+ return claim
+
+
+
+def showDiff(reslist):
+ """
+ Show difference between (opts,mpaopts,attacklist) tuples in list
+ """
+ if len(reslist) == 0:
+ print "Comparison list is empty"
+ return
+
+ (opt1,mpaopt1,al1) = reslist[0]
+ print "-" * 70
+ print "Base case: attacks for \n [%s]:" % (opt1 + mpaopt1)
+ print
+ print len(al1)
+ for a in al1:
+ print "Base attack: %s" % (a)
+
+ print "-" * 70
+ print
+
+ for i in range(0,len(reslist)-1):
+ (opt1,mpaopt1,al1) = reslist[i]
+ (opt2,mpaopt2,al2) = reslist[i+1]
+
+ print "-" * 70
+ print "Comparing the attacks for \n [%s] with\n [%s]:" % (opt1 + mpaopt1, opt2 + mpaopt2)
+ print
+ print len(al1), len(al2)
+ for a in al2:
+ if a not in al1:
+ print "Added attack: %s" % (a)
+ for a in al1:
+ if a not in al2:
+ print "Removed attack: %s" % (a)
+
+ print "-" * 70
+ print
+
+
+
+
+
+
+def makeChoices():
+ """
+ Make choice grid.
+ Later options should (intuitively) give more attacks.
+
+ [ MPAonly, (text,switch)* ]
+ """
+
+ global OPTS, ARGS
+
+ choices = []
+
+ if OPTS.alltypes:
+
+ choices.append([ False, \
+ ("no type flaws",["--match=0"]), \
+ ("basic type flaws",["--match=1"]), \
+ ("all type flaws",["--match=2"]), \
+ ])
+
+ if OPTS.selfcommunication:
+
+ choices.append([ True, \
+ ("Disallow A-A",["--extravert"]), \
+ ("Allow responder A-A",["--init-unique"]), \
+ ("Allow A-A",[]) \
+ ])
+
+ return choices
+
+
+def exploreTree( i, choices , l, options = [], mpaoptions = []):
+ """
+ Each choice[x] is an array again:
+
+ MPAonly, (txt,arg)*
+ """
+
+ if i >= len(choices):
+ return [(options,mpaoptions,findAllMPA(l, options = options, mpaoptions = mpaoptions))]
+
+ mpaonly = choices[i][0]
+ cl = choices[i][1:]
+
+ res = []
+ for (txt,arg) in cl:
+
+ print "For choice %i, selecting options %s" % (i,txt)
+ if mpaonly:
+ o1 = []
+ o2 = arg
+ else:
+ o1 = arg
+ o2 = []
+ res = res + exploreTree(i+1, choices, l, options = options + o1, mpaoptions = mpaoptions + o2)
+
+ return res
+
+
+
+def fullScan(l, options = [], mpaoptions = []):
+
+ global OPTS
+ global ALLFOUND
+ global ALLCLAIMS
+ global INVOLVED
+ global PROTNAMETOFILE
+ global PROTFILETONAME
+
+ ALLFOUND = []
+ ALLCLAIMS = []
+ INVOLVED = []
+
+ if OPTS.limit > 0:
+ l = l[:OPTS.limit]
+
+ choices = makeChoices()
+ if len(choices) == 0:
+ """
+ No choices, just evaluate
+ """
+ res = findAllMPA(l, options = options, mpaoptions = mpaoptions)
+
+ else:
+ lres = exploreTree(0, choices, l, options = options, mpaoptions = mpaoptions)
+ if len(lres) > 1:
+ if not OPTS.pickle:
+ showDiff(lres)
+
+ allprots = set()
+ attprots = set()
+ invprots = set()
+ for att in ALLFOUND:
+ attprots.add(str(att.protocol()))
+ for cl in ALLCLAIMS:
+ allprots.add(str(cl.protocol))
+ for prot in INVOLVED:
+ invprots.add(str(prot))
+
+ if not OPTS.pickle:
+ print "The bottom line: we found %i protocols with multi-protocol attacks from a set of %i protocols." % (len(attprots),len(allprots))
+ print
+
+ print "Multi-protocol attacks were found on:"
+ for prot in sorted(list(allprots & attprots)):
+ print " %s" % (prot)
+ print
+
+ print "No multi-protocol attacks were found on these protocols, but they caused MPA attacks:"
+ for prot in sorted(list((allprots - attprots) & invprots)):
+ print " %s" % (prot)
+ print
+
+ print "These protocols were not involved in any MPA attacks:"
+ for prot in sorted(list((allprots - attprots) - invprots)):
+ print " %s\t[%s]" % (prot,PROTNAMETOFILE[prot])
+ print
+
+
+
+
+def bigTest():
+ """
+ Perform the tests as reported in the book.
+ """
+ import os
+
+ global OPTS, ARGS
+
+ l = []
+ nl = []
+
+ """
+ Check for any given filenames
+ """
+ if len(ARGS) == 0:
+ # No filenames given
+ testpath = "Protocols/MultiProtocolAttacks/"
+ fl = os.listdir(testpath)
+ for fn in fl:
+ if fn.endswith(".spdl"):
+ nl.append(fn)
+
+ # Prepend again the path
+ l = []
+ for fn in nl:
+ l.append(testpath+fn)
+ else:
+ for fn in ARGS:
+ l.append(fn)
+ nl = l
+
+ # Report list
+ print "Performing multi-protocol analysis for the following protocols:", nl
+
+ fullScan(l)
+
+
+
+def main():
+ global OPTS, ARGS, PICKLEDATA
+
+ (OPTS,ARGS) = parseArgs()
+ if OPTS.pickle:
+ PICKLEDATA = set()
+
+ bigTest()
+
+ #simpleTest()
+
+ if OPTS.pickle:
+ pf = open(OPTS.pickle,"wa")
+ for el in PICKLEDATA:
+ json.dump(el,pf)
+ pf.write("\n")
+ pf.close()
+
+
+if __name__ == '__main__':
+ main()
+
+
+# vim: set ts=4 sw=4 et list lcs=tab\:>-:
diff --git a/Vagrant Files/files/scyther/todo.txt b/Vagrant Files/files/scyther/todo.txt
new file mode 100644
index 0000000000000000000000000000000000000000..60e05afa63449ee5cd2599f34d0504405ce324d9
--- /dev/null
+++ b/Vagrant Files/files/scyther/todo.txt
@@ -0,0 +1,29 @@
+URGENT
+
+-
+
+TO BE DONE
+
+- Config file should use Python's confParse module.
+- Save preferences in local file on close.
+
+WOULD LIKE TO HAVE
+
+- Font selector for graphs.
+- Nice graph scaling for all platforms (now only supported under Linux
+ using the Python Imaging Library through postscript; currently
+ wxPython does not support any cross-platform vector format out of the
+ box, as SVG is still only a non-default build option.)
+- Support for using an external editor.
+ - toggle for 'watch file'.
+ - toggle for 'auto-verify on change' or something like that.
+- Ideally we somehow color the correct/incorrect tags in the editor.
+- Line numbering is needed for the editor window otherwise you cannot
+ interpret attacks. Probably use wx.Py editor things.
+- Scyther executable should be able to be set by means of preferences.
+
+IN AN IDEAL WORLD...
+
+- Use Python modules to generate the attack graphs from the XML, also
+ allow for eg. ASCII output.
+
diff --git a/Vagrant Files/files/scyther/wiper.sh b/Vagrant Files/files/scyther/wiper.sh
new file mode 100644
index 0000000000000000000000000000000000000000..11766f70e8bd4ad8586ec39c54625ce6f2d738e2
--- /dev/null
+++ b/Vagrant Files/files/scyther/wiper.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# Wipe Brutus artefacts.
+#
+# Run as 'watch -n 10 ./wiper.sh'
+
+find lsf.* -maxdepth 0 -amin +11 -print -delete 2>&1
+
+
diff --git a/Vagrant Files/files/test folder/guide.txt b/Vagrant Files/files/test folder/guide.txt
new file mode 100644
index 0000000000000000000000000000000000000000..e740c7a6aeaab478abe0ee0f3d090ff1b43baa88
--- /dev/null
+++ b/Vagrant Files/files/test folder/guide.txt
@@ -0,0 +1 @@
+These are where the scyther install instructions and user guide parts are going to go
\ No newline at end of file
diff --git a/Vagrant Files/scyther.sh b/Vagrant Files/scyther.sh
new file mode 100644
index 0000000000000000000000000000000000000000..b6585164f428a323d89dfea50f4bf30d2b36e069
--- /dev/null
+++ b/Vagrant Files/scyther.sh
@@ -0,0 +1,3 @@
+sudo apt-get update
+sudo apt-get -y install graphviz python python-wxgtk3.0
+chmod +x /home/vagrant/Desktop/scyther/scyther/scyther-gui.py
\ No newline at end of file