(herald "Needham-Schroeder Lowe Public-Key Protocol"
  (comment "This protocol eliminates the man-in-the-middle"
    "attack discovered by Gavin Lowe."))

(comment "CPSA 2.2.11")
(comment "All input read from nsl.scm")

(defprotocol ns basic
  (defrole init
    (vars (my_init_id yr_resp_id name) (n1 n2 text))
    (trace (send (enc n1 my_init_id (pubk yr_resp_id)))
      (recv (enc n1 n2 yr_resp_id (pubk my_init_id)))
      (send (enc n2 (pubk yr_resp_id)))))
  (defrole resp
    (vars (my_resp_id yr_init_id name) (n2 n1 text))
    (trace (recv (enc n1 yr_init_id (pubk my_resp_id)))
      (send (enc n1 n2 my_resp_id (pubk yr_init_id)))
      (recv (enc n2 (pubk my_resp_id)))))
  (comment "Needham-Schroeder"))

(defskeleton ns
  (vars (n1 n2 text) (a b name))
  (defstrand init 3 (n1 n1) (n2 n2) (my_init_id a) (yr_resp_id b))
  (non-orig (privk a) (privk b))
  (uniq-orig n1)
  (comment "Initiator point-of-view")
  (traces
    ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a)))
      (send (enc n2 (pubk b)))))
  (label 0)
  (unrealized (0 1))
  (origs (n1 (0 0)))
  (comment "1 in cohort - 1 not yet seen"))

(defskeleton ns
  (vars (n1 n2 n2-0 text) (a b name))
  (defstrand init 3 (n1 n1) (n2 n2) (my_init_id a) (yr_resp_id b))
  (defstrand resp 2 (n2 n2-0) (n1 n1) (my_resp_id b) (yr_init_id a))
  (precedes ((0 0) (1 0)) ((1 1) (0 1)))
  (non-orig (privk a) (privk b))
  (uniq-orig n1)
  (operation nonce-test (added-strand resp 2) n1 (0 1)
    (enc n1 a (pubk b)))
  (traces
    ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a)))
      (send (enc n2 (pubk b))))
    ((recv (enc n1 a (pubk b))) (send (enc n1 n2-0 b (pubk a)))))
  (label 1)
  (parent 0)
  (unrealized (0 1))
  (comment "1 in cohort - 1 not yet seen"))

(defskeleton ns
  (vars (n1 n2 text) (a b name))
  (defstrand init 3 (n1 n1) (n2 n2) (my_init_id a) (yr_resp_id b))
  (defstrand resp 2 (n2 n2) (n1 n1) (my_resp_id b) (yr_init_id a))
  (precedes ((0 0) (1 0)) ((1 1) (0 1)))
  (non-orig (privk a) (privk b))
  (uniq-orig n1)
  (operation nonce-test (contracted (n2-0 n2)) n1 (0 1)
    (enc n1 a (pubk b)) (enc n1 n2 b (pubk a)))
  (traces
    ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a)))
      (send (enc n2 (pubk b))))
    ((recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a)))))
  (label 2)
  (parent 1)
  (unrealized)
  (shape)
  (maps ((0) ((a a) (b b) (n1 n1) (n2 n2))))
  (origs (n1 (0 0))))

(comment "Nothing left to do")

(defprotocol ns basic
  (defrole init
    (vars (my_init_id yr_resp_id name) (n1 n2 text))
    (trace (send (enc n1 my_init_id (pubk yr_resp_id)))
      (recv (enc n1 n2 yr_resp_id (pubk my_init_id)))
      (send (enc n2 (pubk yr_resp_id)))))
  (defrole resp
    (vars (my_resp_id yr_init_id name) (n2 n1 text))
    (trace (recv (enc n1 yr_init_id (pubk my_resp_id)))
      (send (enc n1 n2 my_resp_id (pubk yr_init_id)))
      (recv (enc n2 (pubk my_resp_id)))))
  (comment "Needham-Schroeder"))

(defskeleton ns
  (vars (n2 n1 text) (a b name))
  (defstrand resp 3 (n2 n2) (n1 n1) (my_resp_id b) (yr_init_id a))
  (non-orig (privk a))
  (uniq-orig n2)
  (comment "Responder point-of-view")
  (traces
    ((recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a)))
      (recv (enc n2 (pubk b)))))
  (label 3)
  (unrealized (0 2))
  (origs (n2 (0 1)))
  (comment "1 in cohort - 1 not yet seen"))

(defskeleton ns
  (vars (n2 n1 text) (a b name))
  (defstrand resp 3 (n2 n2) (n1 n1) (my_resp_id b) (yr_init_id a))
  (defstrand init 3 (n1 n1) (n2 n2) (my_init_id a) (yr_resp_id b))
  (precedes ((0 1) (1 1)) ((1 2) (0 2)))
  (non-orig (privk a))
  (uniq-orig n2)
  (operation nonce-test (added-strand init 3) n2 (0 2)
    (enc n1 n2 b (pubk a)))
  (traces
    ((recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a)))
      (recv (enc n2 (pubk b))))
    ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a)))
      (send (enc n2 (pubk b)))))
  (label 4)
  (parent 3)
  (unrealized)
  (shape)
  (maps ((0) ((a a) (b b) (n2 n2) (n1 n1))))
  (origs (n2 (0 1))))

(comment "Nothing left to do")

(defprotocol ns basic
  (defrole init
    (vars (my_init_id yr_resp_id name) (n1 n2 text))
    (trace (send (enc n1 my_init_id (pubk yr_resp_id)))
      (recv (enc n1 n2 yr_resp_id (pubk my_init_id)))
      (send (enc n2 (pubk yr_resp_id)))))
  (defrole resp
    (vars (my_resp_id yr_init_id name) (n2 n1 text))
    (trace (recv (enc n1 yr_init_id (pubk my_resp_id)))
      (send (enc n1 n2 my_resp_id (pubk yr_init_id)))
      (recv (enc n2 (pubk my_resp_id)))))
  (comment "Needham-Schroeder"))

(defskeleton ns
  (vars (n1 n2 text) (a b name))
  (defstrand resp 3 (n2 n2) (n1 n1) (my_resp_id b) (yr_init_id a))
  (deflistener n2)
  (non-orig (privk a) (privk b))
  (uniq-orig n1 n2)
  (comment "Responder point-of-view, secrecy?")
  (traces
    ((recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a)))
      (recv (enc n2 (pubk b)))) ((recv n2) (send n2)))
  (label 5)
  (unrealized (0 2) (1 0))
  (preskeleton)
  (comment "Not a skeleton"))

(defskeleton ns
  (vars (n1 n2 text) (a b name))
  (defstrand resp 3 (n2 n2) (n1 n1) (my_resp_id b) (yr_init_id a))
  (deflistener n2)
  (precedes ((0 1) (1 0)))
  (non-orig (privk a) (privk b))
  (uniq-orig n1 n2)
  (traces
    ((recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a)))
      (recv (enc n2 (pubk b)))) ((recv n2) (send n2)))
  (label 6)
  (parent 5)
  (unrealized (0 2) (1 0))
  (origs (n2 (0 1)))
  (comment "1 in cohort - 1 not yet seen"))

(defskeleton ns
  (vars (n1 n2 text) (a b name))
  (defstrand resp 3 (n2 n2) (n1 n1) (my_resp_id b) (yr_init_id a))
  (deflistener n2)
  (defstrand init 3 (n1 n1) (n2 n2) (my_init_id a) (yr_resp_id b))
  (precedes ((0 1) (2 1)) ((2 0) (0 0)) ((2 2) (1 0)))
  (non-orig (privk a) (privk b))
  (uniq-orig n1 n2)
  (operation nonce-test (added-strand init 3) n2 (1 0)
    (enc n1 n2 b (pubk a)))
  (traces
    ((recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a)))
      (recv (enc n2 (pubk b)))) ((recv n2) (send n2))
    ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a)))
      (send (enc n2 (pubk b)))))
  (label 7)
  (parent 6)
  (unrealized (0 2) (1 0))
  (comment "empty cohort"))

(comment "Nothing left to do")

(defprotocol ns basic
  (defrole init
    (vars (my_init_id yr_resp_id name) (n1 n2 text))
    (trace (send (enc n1 my_init_id (pubk yr_resp_id)))
      (recv (enc n1 n2 yr_resp_id (pubk my_init_id)))
      (send (enc n2 (pubk yr_resp_id)))))
  (defrole resp
    (vars (my_resp_id yr_init_id name) (n2 n1 text))
    (trace (recv (enc n1 yr_init_id (pubk my_resp_id)))
      (send (enc n1 n2 my_resp_id (pubk yr_init_id)))
      (recv (enc n2 (pubk my_resp_id)))))
  (comment "Needham-Schroeder"))

(defskeleton ns
  (vars (n1 n2 text) (a b a1 b1 name))
  (defstrand resp 3 (n2 n2) (n1 n1) (my_resp_id b) (yr_init_id a))
  (defstrand init 3 (n1 n1) (n2 n2) (my_init_id a1) (yr_resp_id b1))
  (non-orig (privk a) (privk b))
  (uniq-orig n1 n2)
  (comment "Implicit auth, both nonces u.o.")
  (traces
    ((recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a)))
      (recv (enc n2 (pubk b))))
    ((send (enc n1 a1 (pubk b1))) (recv (enc n1 n2 b1 (pubk a1)))
      (send (enc n2 (pubk b1)))))
  (label 8)
  (unrealized (0 0) (0 2) (1 1))
  (preskeleton)
  (comment "Not a skeleton"))

(defskeleton ns
  (vars (n1 n2 text) (a b a1 b1 name))
  (defstrand resp 3 (n2 n2) (n1 n1) (my_resp_id b) (yr_init_id a))
  (defstrand init 3 (n1 n1) (n2 n2) (my_init_id a1) (yr_resp_id b1))
  (precedes ((0 1) (1 1)) ((1 0) (0 0)))
  (non-orig (privk a) (privk b))
  (uniq-orig n1 n2)
  (traces
    ((recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a)))
      (recv (enc n2 (pubk b))))
    ((send (enc n1 a1 (pubk b1))) (recv (enc n1 n2 b1 (pubk a1)))
      (send (enc n2 (pubk b1)))))
  (label 9)
  (parent 8)
  (unrealized (0 2) (1 1))
  (origs (n1 (1 0)) (n2 (0 1)))
  (comment "1 in cohort - 1 not yet seen"))

(defskeleton ns
  (vars (n1 n2 text) (a b name))
  (defstrand resp 3 (n2 n2) (n1 n1) (my_resp_id b) (yr_init_id a))
  (defstrand init 3 (n1 n1) (n2 n2) (my_init_id a) (yr_resp_id b))
  (precedes ((0 1) (1 1)) ((1 0) (0 0)))
  (non-orig (privk a) (privk b))
  (uniq-orig n1 n2)
  (operation nonce-test (contracted (a1 a) (b1 b)) n2 (1 1)
    (enc n1 n2 b (pubk a)))
  (traces
    ((recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a)))
      (recv (enc n2 (pubk b))))
    ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a)))
      (send (enc n2 (pubk b)))))
  (label 10)
  (parent 9)
  (unrealized (0 2))
  (origs (n1 (1 0)) (n2 (0 1)))
  (comment "1 in cohort - 1 not yet seen"))

(defskeleton ns
  (vars (n1 n2 text) (a b name))
  (defstrand resp 3 (n2 n2) (n1 n1) (my_resp_id b) (yr_init_id a))
  (defstrand init 3 (n1 n1) (n2 n2) (my_init_id a) (yr_resp_id b))
  (precedes ((0 1) (1 1)) ((1 0) (0 0)) ((1 2) (0 2)))
  (non-orig (privk a) (privk b))
  (uniq-orig n1 n2)
  (operation nonce-test (displaced 2 1 init 3) n2 (0 2)
    (enc n1 n2 b (pubk a)))
  (traces
    ((recv (enc n1 a (pubk b))) (send (enc n1 n2 b (pubk a)))
      (recv (enc n2 (pubk b))))
    ((send (enc n1 a (pubk b))) (recv (enc n1 n2 b (pubk a)))
      (send (enc n2 (pubk b)))))
  (label 11)
  (parent 10)
  (unrealized)
  (shape)
  (maps ((0 1) ((a a) (b b) (a1 a) (b1 b) (n1 n1) (n2 n2))))
  (origs (n1 (1 0)) (n2 (0 1))))

(comment "Nothing left to do")