(herald "Third approx to TLS: Both praties get cert, then c sends pms encrypted and hash.") (comment "CPSA 2.2.11") (comment "All input read from tls2.scm") (defprotocol tls2 basic (defrole client (vars (pre_master_secret skey) (server_key client_key akey) (ca server_name client_name name)) (trace (recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (send (enc "client_version" pre_master_secret server_key)) (send (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pre_master_secret server_key))) (invk client_key)))) (non-orig (privk ca))) (defrole server (vars (pre_master_secret skey) (server_key client_key akey) (ca server_name client_name name)) (trace (recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (recv (enc "client_version" pre_master_secret server_key)) (recv (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pre_master_secret server_key))) (invk client_key)))) (non-orig (privk ca))) (defrole certificate_auth (vars (subject_name ca name)) (trace (send (cat subject_name (pubk subject_name) (enc (enc "hash_zero" (cat "cert" subject_name (pubk subject_name))) (privk ca))))))) (defskeleton tls2 (vars (ca s client_name name) (pms skey) (k client_key akey)) (defstrand client 4 (ca ca) (server_name s) (client_name client_name) (pre_master_secret pms) (server_key k) (client_key client_key)) (deflistener pms) (non-orig (invk k) (privk ca)) (uniq-orig pms) (comment "Confidentiality should be OK.") (traces ((recv (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (send (enc "client_version" pms k)) (send (enc (enc "hash_zero" (cat (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pms k))) (invk client_key)))) ((recv pms) (send pms))) (label 0) (unrealized (0 0) (0 1) (1 0)) (preskeleton) (comment "Not a skeleton")) (defskeleton tls2 (vars (ca s client_name name) (pms skey) (k client_key akey)) (defstrand client 4 (ca ca) (server_name s) (client_name client_name) (pre_master_secret pms) (server_key k) (client_key client_key)) (deflistener pms) (precedes ((0 2) (1 0))) (non-orig (invk k) (privk ca)) (uniq-orig pms) (traces ((recv (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (send (enc "client_version" pms k)) (send (enc (enc "hash_zero" (cat (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pms k))) (invk client_key)))) ((recv pms) (send pms))) (label 1) (parent 0) (unrealized (0 0) (0 1) (1 0)) (origs (pms (0 2))) (comment "empty cohort")) (comment "Nothing left to do") (defprotocol tls2 basic (defrole client (vars (pre_master_secret skey) (server_key client_key akey) (ca server_name client_name name)) (trace (recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (send (enc "client_version" pre_master_secret server_key)) (send (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pre_master_secret server_key))) (invk client_key)))) (non-orig (privk ca))) (defrole server (vars (pre_master_secret skey) (server_key client_key akey) (ca server_name client_name name)) (trace (recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (recv (enc "client_version" pre_master_secret server_key)) (recv (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pre_master_secret server_key))) (invk client_key)))) (non-orig (privk ca))) (defrole certificate_auth (vars (subject_name ca name)) (trace (send (cat subject_name (pubk subject_name) (enc (enc "hash_zero" (cat "cert" subject_name (pubk subject_name))) (privk ca))))))) (defskeleton tls2 (vars (ca s client_name name) (pms skey) (k client_key akey)) (defstrand client 4 (ca ca) (server_name s) (client_name client_name) (pre_master_secret pms) (server_key k) (client_key client_key)) (non-orig (invk k) (privk ca)) (uniq-orig pms) (comment "Authenticates CA.") (traces ((recv (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (send (enc "client_version" pms k)) (send (enc (enc "hash_zero" (cat (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pms k))) (invk client_key))))) (label 2) (unrealized (0 0) (0 1)) (origs (pms (0 2))) (comment "1 in cohort - 1 not yet seen")) (defskeleton tls2 (vars (ca s client_name name) (pms skey) (client_key akey)) (defstrand client 4 (ca ca) (server_name s) (client_name client_name) (pre_master_secret pms) (server_key (pubk s)) (client_key client_key)) (defstrand certificate_auth 1 (subject_name s) (ca ca)) (precedes ((1 0) (0 0))) (non-orig (privk ca) (privk s)) (uniq-orig pms) (operation encryption-test (added-strand certificate_auth 1) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca)) (0 0)) (traces ((recv (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (send (enc "client_version" pms (pubk s))) (send (enc (enc "hash_zero" (cat (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pms (pubk s)))) (invk client_key)))) ((send (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca)))))) (label 3) (parent 2) (unrealized (0 1)) (comment "2 in cohort - 2 not yet seen")) (defskeleton tls2 (vars (ca s name) (pms skey)) (defstrand client 4 (ca ca) (server_name s) (client_name s) (pre_master_secret pms) (server_key (pubk s)) (client_key (pubk s))) (defstrand certificate_auth 1 (subject_name s) (ca ca)) (precedes ((1 0) (0 0))) (non-orig (privk ca) (privk s)) (uniq-orig pms) (operation encryption-test (displaced 2 1 certificate_auth 1) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)) (0 1)) (traces ((recv (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca)))) (recv (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca)))) (send (enc "client_version" pms (pubk s))) (send (enc (enc "hash_zero" (cat (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))) (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))) (enc "client_version" pms (pubk s)))) (privk s)))) ((send (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca)))))) (label 4) (parent 3) (unrealized) (shape) (maps ((0) ((pms pms) (k (pubk s)) (ca ca) (s s) (client_key (pubk s)) (client_name s)))) (origs (pms (0 2)))) (defskeleton tls2 (vars (ca s client_name name) (pms skey)) (defstrand client 4 (ca ca) (server_name s) (client_name client_name) (pre_master_secret pms) (server_key (pubk s)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name s) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (precedes ((1 0) (0 0)) ((2 0) (0 1))) (non-orig (privk ca) (privk s)) (uniq-orig pms) (operation encryption-test (added-strand certificate_auth 1) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)) (0 1)) (traces ((recv (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (send (enc "client_version" pms (pubk s))) (send (enc (enc "hash_zero" (cat (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk s)))) (privk client_name)))) ((send (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))))) (label 5) (parent 3) (unrealized) (shape) (maps ((0) ((pms pms) (k (pubk s)) (ca ca) (s s) (client_key (pubk client_name)) (client_name client_name)))) (origs (pms (0 2)))) (comment "Nothing left to do") (defprotocol tls2 basic (defrole client (vars (pre_master_secret skey) (server_key client_key akey) (ca server_name client_name name)) (trace (recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (send (enc "client_version" pre_master_secret server_key)) (send (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pre_master_secret server_key))) (invk client_key)))) (non-orig (privk ca))) (defrole server (vars (pre_master_secret skey) (server_key client_key akey) (ca server_name client_name name)) (trace (recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (recv (enc "client_version" pre_master_secret server_key)) (recv (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pre_master_secret server_key))) (invk client_key)))) (non-orig (privk ca))) (defrole certificate_auth (vars (subject_name ca name)) (trace (send (cat subject_name (pubk subject_name) (enc (enc "hash_zero" (cat "cert" subject_name (pubk subject_name))) (privk ca))))))) (defskeleton tls2 (vars (ca s c ca-0 server_name client_name name) (pms skey) (k client_key server_key client_key-0 akey)) (defstrand client 4 (ca ca-0) (server_name s) (client_name c) (pre_master_secret pms) (server_key k) (client_key client_key)) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key server_key) (client_key client_key-0)) (non-orig (invk k) (privk ca) (privk c) (privk ca-0)) (uniq-orig pms) (comment "Authenticates CA and implicit auth for server.") (traces ((recv (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca-0)))) (recv (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca-0)))) (send (enc "client_version" pms k)) (send (enc (enc "hash_zero" (cat (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca-0))) (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca-0))) (enc "client_version" pms k))) (invk client_key)))) ((recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key-0 (enc (enc "hash_zero" (cat "cert" client_name client_key-0)) (privk ca)))) (recv (enc "client_version" pms server_key)) (recv (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key-0 (enc (enc "hash_zero" (cat "cert" client_name client_key-0)) (privk ca))) (enc "client_version" pms server_key))) (invk client_key-0))))) (label 6) (unrealized (0 0) (0 1) (1 0) (1 1) (1 2) (1 3)) (preskeleton) (comment "Not a skeleton")) (defskeleton tls2 (vars (ca s c ca-0 server_name client_name name) (pms skey) (k client_key server_key client_key-0 akey)) (defstrand client 4 (ca ca-0) (server_name s) (client_name c) (pre_master_secret pms) (server_key k) (client_key client_key)) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key server_key) (client_key client_key-0)) (precedes ((0 2) (1 2))) (non-orig (invk k) (privk ca) (privk c) (privk ca-0)) (uniq-orig pms) (traces ((recv (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca-0)))) (recv (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca-0)))) (send (enc "client_version" pms k)) (send (enc (enc "hash_zero" (cat (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca-0))) (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca-0))) (enc "client_version" pms k))) (invk client_key)))) ((recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key-0 (enc (enc "hash_zero" (cat "cert" client_name client_key-0)) (privk ca)))) (recv (enc "client_version" pms server_key)) (recv (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key-0 (enc (enc "hash_zero" (cat "cert" client_name client_key-0)) (privk ca))) (enc "client_version" pms server_key))) (invk client_key-0))))) (label 7) (parent 6) (unrealized (0 0) (0 1) (1 0) (1 1) (1 2) (1 3)) (origs (pms (0 2))) (comment "1 in cohort - 1 not yet seen")) (defskeleton tls2 (vars (ca s c ca-0 server_name client_name name) (pms skey) (k client_key client_key-0 akey)) (defstrand client 4 (ca ca-0) (server_name s) (client_name c) (pre_master_secret pms) (server_key k) (client_key client_key)) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key client_key-0)) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (precedes ((0 2) (1 2)) ((2 0) (1 0))) (non-orig (invk k) (privk ca) (privk c) (privk ca-0)) (uniq-orig pms) (operation encryption-test (added-strand certificate_auth 1) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)) (1 0)) (traces ((recv (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca-0)))) (recv (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca-0)))) (send (enc "client_version" pms k)) (send (enc (enc "hash_zero" (cat (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca-0))) (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca-0))) (enc "client_version" pms k))) (invk client_key)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name client_key-0 (enc (enc "hash_zero" (cat "cert" client_name client_key-0)) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name client_key-0 (enc (enc "hash_zero" (cat "cert" client_name client_key-0)) (privk ca))) (enc "client_version" pms (pubk server_name)))) (invk client_key-0)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))))) (label 8) (parent 7) (unrealized (0 0) (0 1) (1 1) (1 2) (1 3)) (comment "2 in cohort - 2 not yet seen")) (defskeleton tls2 (vars (ca s c ca-0 server_name name) (pms skey) (k client_key akey)) (defstrand client 4 (ca ca-0) (server_name s) (client_name c) (pre_master_secret pms) (server_key k) (client_key client_key)) (defstrand server 4 (ca ca) (server_name server_name) (client_name server_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk server_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (precedes ((0 2) (1 2)) ((2 0) (1 0))) (non-orig (invk k) (privk ca) (privk c) (privk ca-0)) (uniq-orig pms) (operation encryption-test (displaced 3 2 certificate_auth 1) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)) (1 1)) (traces ((recv (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca-0)))) (recv (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca-0)))) (send (enc "client_version" pms k)) (send (enc (enc "hash_zero" (cat (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca-0))) (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca-0))) (enc "client_version" pms k))) (invk client_key)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk server_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))))) (label 9) (parent 8) (unrealized (0 0) (0 1) (1 2) (1 3)) (comment "1 in cohort - 1 not yet seen")) (defskeleton tls2 (vars (ca s c ca-0 server_name client_name name) (pms skey) (k client_key akey)) (defstrand client 4 (ca ca-0) (server_name s) (client_name c) (pre_master_secret pms) (server_key k) (client_key client_key)) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (precedes ((0 2) (1 2)) ((2 0) (1 0)) ((3 0) (1 1))) (non-orig (invk k) (privk ca) (privk c) (privk ca-0)) (uniq-orig pms) (operation encryption-test (added-strand certificate_auth 1) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)) (1 1)) (traces ((recv (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca-0)))) (recv (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca-0)))) (send (enc "client_version" pms k)) (send (enc (enc "hash_zero" (cat (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca-0))) (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca-0))) (enc "client_version" pms k))) (invk client_key)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))))) (label 10) (parent 8) (unrealized (0 0) (0 1) (1 2) (1 3)) (comment "1 in cohort - 1 not yet seen")) (defskeleton tls2 (vars (ca s c ca-0 server_name name) (pms skey) (client_key akey)) (defstrand client 4 (ca ca-0) (server_name s) (client_name c) (pre_master_secret pms) (server_key (pubk server_name)) (client_key client_key)) (defstrand server 4 (ca ca) (server_name server_name) (client_name server_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk server_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (precedes ((0 2) (1 2)) ((2 0) (1 0))) (non-orig (privk ca) (privk c) (privk ca-0) (privk server_name)) (uniq-orig pms) (operation nonce-test (contracted (k (pubk server_name))) pms (1 2) (enc "client_version" pms (pubk server_name))) (traces ((recv (cat s (pubk server_name) (enc (enc "hash_zero" (cat "cert" s (pubk server_name))) (privk ca-0)))) (recv (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca-0)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat s (pubk server_name) (enc (enc "hash_zero" (cat "cert" s (pubk server_name))) (privk ca-0))) (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca-0))) (enc "client_version" pms (pubk server_name)))) (invk client_key)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk server_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))))) (label 11) (parent 9) (unrealized (0 0) (0 1) (1 3)) (comment "1 in cohort - 1 not yet seen")) (defskeleton tls2 (vars (ca s c ca-0 server_name client_name name) (pms skey) (client_key akey)) (defstrand client 4 (ca ca-0) (server_name s) (client_name c) (pre_master_secret pms) (server_key (pubk server_name)) (client_key client_key)) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (precedes ((0 2) (1 2)) ((2 0) (1 0)) ((3 0) (1 1))) (non-orig (privk ca) (privk c) (privk ca-0) (privk server_name)) (uniq-orig pms) (operation nonce-test (contracted (k (pubk server_name))) pms (1 2) (enc "client_version" pms (pubk server_name))) (traces ((recv (cat s (pubk server_name) (enc (enc "hash_zero" (cat "cert" s (pubk server_name))) (privk ca-0)))) (recv (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca-0)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat s (pubk server_name) (enc (enc "hash_zero" (cat "cert" s (pubk server_name))) (privk ca-0))) (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca-0))) (enc "client_version" pms (pubk server_name)))) (invk client_key)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))))) (label 12) (parent 10) (unrealized (0 0) (0 1)) (comment "3 in cohort - 3 not yet seen")) (defskeleton tls2 (vars (c ca name) (pms skey)) (defstrand client 4 (ca ca) (server_name c) (client_name c) (pre_master_secret pms) (server_key (pubk c)) (client_key (pubk c))) (defstrand server 4 (ca ca) (server_name c) (client_name c) (pre_master_secret pms) (server_key (pubk c)) (client_key (pubk c))) (defstrand certificate_auth 1 (subject_name c) (ca ca)) (precedes ((0 2) (1 2)) ((0 3) (1 3)) ((2 0) (1 0))) (non-orig (privk c) (privk ca)) (uniq-orig pms) (operation encryption-test (displaced 3 0 client 4) (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0))) (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0))) (enc "client_version" pms (pubk server_name)))) (privk server_name)) (1 3)) (traces ((recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (send (enc "client_version" pms (pubk c))) (send (enc (enc "hash_zero" (cat (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (enc "client_version" pms (pubk c)))) (privk c)))) ((recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (recv (enc "client_version" pms (pubk c))) (recv (enc (enc "hash_zero" (cat (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (enc "client_version" pms (pubk c)))) (privk c)))) ((send (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))))) (label 13) (parent 11) (unrealized (0 0) (0 1)) (comment "2 in cohort - 2 not yet seen")) (defskeleton tls2 (vars (ca c server_name client_name name) (pms skey) (client_key akey)) (defstrand client 4 (ca ca) (server_name server_name) (client_name c) (pre_master_secret pms) (server_key (pubk server_name)) (client_key client_key)) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (precedes ((0 2) (1 2)) ((2 0) (0 0)) ((2 0) (1 0)) ((3 0) (1 1))) (non-orig (privk ca) (privk c) (privk server_name)) (uniq-orig pms) (operation encryption-test (displaced 4 2 certificate_auth 1) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0)) (0 0)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca))) (enc "client_version" pms (pubk server_name)))) (invk client_key)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))))) (label 14) (parent 12) (unrealized (0 1)) (comment "3 in cohort - 3 not yet seen")) (defskeleton tls2 (vars (ca c client_name name) (pms skey) (client_key akey)) (defstrand client 4 (ca ca) (server_name client_name) (client_name c) (pre_master_secret pms) (server_key (pubk client_name)) (client_key client_key)) (defstrand server 4 (ca ca) (server_name client_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk client_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (precedes ((0 2) (1 2)) ((2 0) (1 0)) ((3 0) (0 0)) ((3 0) (1 1))) (non-orig (privk ca) (privk c) (privk client_name)) (uniq-orig pms) (operation encryption-test (displaced 4 3 certificate_auth 1) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0)) (0 0)) (traces ((recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca)))) (send (enc "client_version" pms (pubk client_name))) (send (enc (enc "hash_zero" (cat (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca))) (enc "client_version" pms (pubk client_name)))) (invk client_key)))) ((recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk client_name))) (recv (enc (enc "hash_zero" (cat (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk client_name)))) (privk client_name)))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))))) (label 15) (parent 12) (unrealized (0 1) (1 3)) (comment "1 in cohort - 1 not yet seen")) (defskeleton tls2 (vars (ca c ca-0 server_name client_name name) (pms skey) (client_key akey)) (defstrand client 4 (ca ca-0) (server_name server_name) (client_name c) (pre_master_secret pms) (server_key (pubk server_name)) (client_key client_key)) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (defstrand certificate_auth 1 (subject_name server_name) (ca ca-0)) (precedes ((0 2) (1 2)) ((2 0) (1 0)) ((3 0) (1 1)) ((4 0) (0 0))) (non-orig (privk ca) (privk c) (privk ca-0) (privk server_name)) (uniq-orig pms) (operation encryption-test (added-strand certificate_auth 1) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0)) (0 0)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0)))) (recv (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca-0)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0))) (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca-0))) (enc "client_version" pms (pubk server_name)))) (invk client_key)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0)))))) (label 16) (parent 12) (unrealized (0 1)) (comment "4 in cohort - 4 not yet seen")) (defskeleton tls2 (vars (c ca name) (pms skey)) (defstrand client 4 (ca ca) (server_name c) (client_name c) (pre_master_secret pms) (server_key (pubk c)) (client_key (pubk c))) (defstrand server 4 (ca ca) (server_name c) (client_name c) (pre_master_secret pms) (server_key (pubk c)) (client_key (pubk c))) (defstrand certificate_auth 1 (subject_name c) (ca ca)) (precedes ((0 2) (1 2)) ((0 3) (1 3)) ((2 0) (0 0)) ((2 0) (1 0))) (non-orig (privk c) (privk ca)) (uniq-orig pms) (operation encryption-test (displaced 3 2 certificate_auth 1) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 0)) (traces ((recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (send (enc "client_version" pms (pubk c))) (send (enc (enc "hash_zero" (cat (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (enc "client_version" pms (pubk c)))) (privk c)))) ((recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (recv (enc "client_version" pms (pubk c))) (recv (enc (enc "hash_zero" (cat (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (enc "client_version" pms (pubk c)))) (privk c)))) ((send (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))))) (label 17) (parent 13) (unrealized) (shape) (maps ((0 1) ((pms pms) (k (pubk c)) (ca ca) (s c) (c c) (client_key (pubk c)) (ca-0 ca) (server_key (pubk c)) (client_key-0 (pubk c)) (server_name c) (client_name c)))) (origs (pms (0 2)))) (defskeleton tls2 (vars (c ca name) (pms skey)) (defstrand client 4 (ca ca) (server_name c) (client_name c) (pre_master_secret pms) (server_key (pubk c)) (client_key (pubk c))) (defstrand server 4 (ca ca) (server_name c) (client_name c) (pre_master_secret pms) (server_key (pubk c)) (client_key (pubk c))) (defstrand certificate_auth 1 (subject_name c) (ca ca)) (defstrand certificate_auth 1 (subject_name c) (ca ca)) (precedes ((0 2) (1 2)) ((0 3) (1 3)) ((2 0) (1 0)) ((3 0) (0 0))) (non-orig (privk c) (privk ca)) (uniq-orig pms) (operation encryption-test (added-strand certificate_auth 1) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 0)) (traces ((recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (send (enc "client_version" pms (pubk c))) (send (enc (enc "hash_zero" (cat (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (enc "client_version" pms (pubk c)))) (privk c)))) ((recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (recv (enc "client_version" pms (pubk c))) (recv (enc (enc "hash_zero" (cat (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (enc "client_version" pms (pubk c)))) (privk c)))) ((send (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))) ((send (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))))) (label 18) (parent 13) (unrealized) (shape) (maps ((0 1) ((pms pms) (k (pubk c)) (ca ca) (s c) (c c) (client_key (pubk c)) (ca-0 ca) (server_key (pubk c)) (client_key-0 (pubk c)) (server_name c) (client_name c)))) (origs (pms (0 2)))) (defskeleton tls2 (vars (ca server_name client_name name) (pms skey)) (defstrand client 4 (ca ca) (server_name server_name) (client_name server_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk server_name))) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (precedes ((0 2) (1 2)) ((2 0) (0 0)) ((2 0) (1 0)) ((3 0) (1 1))) (non-orig (privk ca) (privk server_name)) (uniq-orig pms) (operation encryption-test (displaced 4 2 certificate_auth 1) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 1)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk server_name)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))))) (label 19) (parent 14) (unrealized) (shape) (maps ((0 1) ((pms pms) (k (pubk server_name)) (ca ca) (s server_name) (c server_name) (client_key (pubk server_name)) (ca-0 ca) (server_key (pubk server_name)) (client_key-0 (pubk client_name)) (server_name server_name) (client_name client_name)))) (origs (pms (0 2)))) (defskeleton tls2 (vars (ca server_name client_name name) (pms skey)) (defstrand client 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (precedes ((0 2) (1 2)) ((2 0) (0 0)) ((2 0) (1 0)) ((3 0) (0 1)) ((3 0) (1 1))) (non-orig (privk ca) (privk server_name) (privk client_name)) (uniq-orig pms) (operation encryption-test (displaced 4 3 certificate_auth 1) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 1)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))))) (label 20) (parent 14) (unrealized (1 3)) (comment "1 in cohort - 1 not yet seen")) (defskeleton tls2 (vars (ca c server_name client_name name) (pms skey)) (defstrand client 4 (ca ca) (server_name server_name) (client_name c) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk c))) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (defstrand certificate_auth 1 (subject_name c) (ca ca)) (precedes ((0 2) (1 2)) ((2 0) (0 0)) ((2 0) (1 0)) ((3 0) (1 1)) ((4 0) (0 1))) (non-orig (privk ca) (privk c) (privk server_name)) (uniq-orig pms) (operation encryption-test (added-strand certificate_auth 1) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 1)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk c)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))))) ((send (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))))) (label 21) (parent 14) (unrealized) (shape) (maps ((0 1) ((pms pms) (k (pubk server_name)) (ca ca) (s server_name) (c c) (client_key (pubk c)) (ca-0 ca) (server_key (pubk server_name)) (client_key-0 (pubk client_name)) (server_name server_name) (client_name client_name)))) (origs (pms (0 2)))) (defskeleton tls2 (vars (ca c name) (pms skey)) (defstrand client 4 (ca ca) (server_name c) (client_name c) (pre_master_secret pms) (server_key (pubk c)) (client_key (pubk c))) (defstrand server 4 (ca ca) (server_name c) (client_name c) (pre_master_secret pms) (server_key (pubk c)) (client_key (pubk c))) (defstrand certificate_auth 1 (subject_name c) (ca ca)) (defstrand certificate_auth 1 (subject_name c) (ca ca)) (precedes ((0 2) (1 2)) ((0 3) (1 3)) ((2 0) (1 0)) ((3 0) (0 0)) ((3 0) (1 1))) (non-orig (privk ca) (privk c)) (uniq-orig pms) (operation encryption-test (displaced 4 0 client 4) (enc (enc "hash_zero" (cat (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk client_name)))) (privk client_name)) (1 3)) (traces ((recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (send (enc "client_version" pms (pubk c))) (send (enc (enc "hash_zero" (cat (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (enc "client_version" pms (pubk c)))) (privk c)))) ((recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (recv (enc "client_version" pms (pubk c))) (recv (enc (enc "hash_zero" (cat (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (enc "client_version" pms (pubk c)))) (privk c)))) ((send (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))) ((send (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))))) (label 22) (parent 15) (seen 18) (unrealized) (comment "1 in cohort - 0 not yet seen")) (defskeleton tls2 (vars (ca server_name client_name name) (pms skey)) (defstrand client 4 (ca ca) (server_name server_name) (client_name server_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk server_name))) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (precedes ((0 2) (1 2)) ((2 0) (0 1)) ((2 0) (1 0)) ((3 0) (1 1)) ((4 0) (0 0))) (non-orig (privk ca) (privk server_name)) (uniq-orig pms) (operation encryption-test (displaced 5 2 certificate_auth 1) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca-0)) (0 1)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk server_name)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))))) (label 23) (parent 16) (unrealized) (comment "1 in cohort - 1 not yet seen")) (defskeleton tls2 (vars (ca server_name client_name name) (pms skey)) (defstrand client 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (precedes ((0 2) (1 2)) ((2 0) (1 0)) ((3 0) (0 1)) ((3 0) (1 1)) ((4 0) (0 0))) (non-orig (privk ca) (privk server_name) (privk client_name)) (uniq-orig pms) (operation encryption-test (displaced 5 3 certificate_auth 1) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca-0)) (0 1)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))))) (label 24) (parent 16) (unrealized (1 3)) (comment "1 in cohort - 1 not yet seen")) (defskeleton tls2 (vars (ca ca-0 server_name client_name name) (pms skey)) (defstrand client 4 (ca ca-0) (server_name server_name) (client_name server_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk server_name))) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (defstrand certificate_auth 1 (subject_name server_name) (ca ca-0)) (precedes ((0 2) (1 2)) ((2 0) (1 0)) ((3 0) (1 1)) ((4 0) (0 0))) (non-orig (privk ca) (privk ca-0) (privk server_name)) (uniq-orig pms) (operation encryption-test (displaced 5 4 certificate_auth 1) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca-0)) (0 1)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0)))) (recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0))) (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0))) (enc "client_version" pms (pubk server_name)))) (privk server_name)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0)))))) (label 25) (parent 16) (unrealized) (shape) (maps ((0 1) ((pms pms) (k (pubk server_name)) (ca ca) (s server_name) (c server_name) (client_key (pubk server_name)) (ca-0 ca-0) (server_key (pubk server_name)) (client_key-0 (pubk client_name)) (server_name server_name) (client_name client_name)))) (origs (pms (0 2)))) (defskeleton tls2 (vars (ca c ca-0 server_name client_name name) (pms skey)) (defstrand client 4 (ca ca-0) (server_name server_name) (client_name c) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk c))) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (defstrand certificate_auth 1 (subject_name server_name) (ca ca-0)) (defstrand certificate_auth 1 (subject_name c) (ca ca-0)) (precedes ((0 2) (1 2)) ((2 0) (1 0)) ((3 0) (1 1)) ((4 0) (0 0)) ((5 0) (0 1))) (non-orig (privk ca) (privk c) (privk ca-0) (privk server_name)) (uniq-orig pms) (operation encryption-test (added-strand certificate_auth 1) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca-0)) (0 1)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0)))) (recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca-0)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0))) (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca-0))) (enc "client_version" pms (pubk server_name)))) (privk c)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0))))) ((send (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca-0)))))) (label 26) (parent 16) (unrealized) (shape) (maps ((0 1) ((pms pms) (k (pubk server_name)) (ca ca) (s server_name) (c c) (client_key (pubk c)) (ca-0 ca-0) (server_key (pubk server_name)) (client_key-0 (pubk client_name)) (server_name server_name) (client_name client_name)))) (origs (pms (0 2)))) (defskeleton tls2 (vars (ca server_name client_name name) (pms skey)) (defstrand client 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (precedes ((0 2) (1 2)) ((0 3) (1 3)) ((2 0) (0 0)) ((2 0) (1 0)) ((3 0) (0 1)) ((3 0) (1 1))) (non-orig (privk ca) (privk server_name) (privk client_name)) (uniq-orig pms) (operation encryption-test (displaced 4 0 client 4) (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)) (1 3)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))))) (label 27) (parent 20) (unrealized) (shape) (maps ((0 1) ((pms pms) (k (pubk server_name)) (ca ca) (s server_name) (c client_name) (client_key (pubk client_name)) (ca-0 ca) (server_key (pubk server_name)) (client_key-0 (pubk client_name)) (server_name server_name) (client_name client_name)))) (origs (pms (0 2)))) (defskeleton tls2 (vars (ca server_name client_name name) (pms skey)) (defstrand client 4 (ca ca) (server_name server_name) (client_name server_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk server_name))) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (precedes ((0 2) (1 2)) ((2 0) (1 0)) ((3 0) (1 1)) ((4 0) (0 0))) (non-orig (privk ca) (privk server_name)) (uniq-orig pms) (operation generalization weakened ((2 0) (0 1))) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk server_name)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))))) (label 28) (parent 23) (seen 25) (unrealized) (comment "1 in cohort - 0 not yet seen")) (defskeleton tls2 (vars (ca server_name client_name name) (pms skey)) (defstrand client 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (precedes ((0 2) (1 2)) ((0 3) (1 3)) ((2 0) (1 0)) ((3 0) (0 1)) ((3 0) (1 1)) ((4 0) (0 0))) (non-orig (privk ca) (privk server_name) (privk client_name)) (uniq-orig pms) (operation encryption-test (displaced 5 0 client 4) (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)) (1 3)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))))) (label 29) (parent 24) (unrealized) (shape) (maps ((0 1) ((pms pms) (k (pubk server_name)) (ca ca) (s server_name) (c client_name) (client_key (pubk client_name)) (ca-0 ca) (server_key (pubk server_name)) (client_key-0 (pubk client_name)) (server_name server_name) (client_name client_name)))) (origs (pms (0 2)))) (comment "Nothing left to do") (defprotocol tls2 basic (defrole client (vars (pre_master_secret skey) (server_key client_key akey) (ca server_name client_name name)) (trace (recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (send (enc "client_version" pre_master_secret server_key)) (send (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pre_master_secret server_key))) (invk client_key)))) (non-orig (privk ca))) (defrole server (vars (pre_master_secret skey) (server_key client_key akey) (ca server_name client_name name)) (trace (recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (recv (enc "client_version" pre_master_secret server_key)) (recv (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pre_master_secret server_key))) (invk client_key)))) (non-orig (privk ca))) (defrole certificate_auth (vars (subject_name ca name)) (trace (send (cat subject_name (pubk subject_name) (enc (enc "hash_zero" (cat "cert" subject_name (pubk subject_name))) (privk ca))))))) (defskeleton tls2 (vars (ca server_name client_name name) (pms skey) (k client_key akey)) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key k) (client_key client_key)) (deflistener pms) (non-orig (invk k) (privk ca)) (uniq-orig pms) (comment "Neither confidentiality nor authentication guarantees to server") (traces ((recv (cat server_name k (enc (enc "hash_zero" (cat "cert" server_name k)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (recv (enc "client_version" pms k)) (recv (enc (enc "hash_zero" (cat (cat server_name k (enc (enc "hash_zero" (cat "cert" server_name k)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pms k))) (invk client_key)))) ((recv pms) (send pms))) (label 30) (unrealized (0 0) (0 1) (0 3)) (origs) (comment "1 in cohort - 1 not yet seen")) (defskeleton tls2 (vars (ca server_name client_name name) (pms skey) (client_key akey)) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key client_key)) (deflistener pms) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (precedes ((2 0) (0 0))) (non-orig (privk ca) (privk server_name)) (uniq-orig pms) (operation encryption-test (added-strand certificate_auth 1) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)) (0 0)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pms (pubk server_name)))) (invk client_key)))) ((recv pms) (send pms)) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))))) (label 31) (parent 30) (unrealized (0 1) (0 3)) (comment "2 in cohort - 2 not yet seen")) (defskeleton tls2 (vars (ca server_name name) (pms skey)) (defstrand server 4 (ca ca) (server_name server_name) (client_name server_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk server_name))) (deflistener pms) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (precedes ((2 0) (0 0))) (non-orig (privk ca) (privk server_name)) (uniq-orig pms) (operation encryption-test (displaced 3 2 certificate_auth 1) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)) (0 1)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk server_name)))) ((recv pms) (send pms)) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))))) (label 32) (parent 31) (unrealized (0 3)) (comment "1 in cohort - 1 not yet seen")) (defskeleton tls2 (vars (ca server_name client_name name) (pms skey)) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (deflistener pms) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (precedes ((2 0) (0 0)) ((3 0) (0 1))) (non-orig (privk ca) (privk server_name)) (uniq-orig pms) (operation encryption-test (added-strand certificate_auth 1) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)) (0 1)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((recv pms) (send pms)) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))))) (label 33) (parent 31) (unrealized) (shape) (maps ((0 1) ((pms pms) (k (pubk server_name)) (client_key (pubk client_name)) (ca ca) (server_name server_name) (client_name client_name)))) (origs)) (defskeleton tls2 (vars (ca server_name name) (pms skey)) (defstrand server 4 (ca ca) (server_name server_name) (client_name server_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk server_name))) (deflistener pms) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand client 4 (ca ca) (server_name server_name) (client_name server_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk server_name))) (precedes ((2 0) (0 0)) ((3 2) (0 2)) ((3 2) (1 0)) ((3 3) (0 3))) (non-orig (privk ca) (privk server_name)) (uniq-orig pms) (operation encryption-test (added-strand client 4) (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk server_name)) (0 3)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk server_name)))) ((recv pms) (send pms)) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk server_name))))) (label 34) (parent 32) (unrealized (1 0) (3 0) (3 1)) (comment "2 in cohort - 2 not yet seen")) (defskeleton tls2 (vars (ca server_name name) (pms skey)) (defstrand server 4 (ca ca) (server_name server_name) (client_name server_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk server_name))) (deflistener pms) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand client 4 (ca ca) (server_name server_name) (client_name server_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk server_name))) (precedes ((2 0) (0 0)) ((2 0) (3 0)) ((3 2) (0 2)) ((3 2) (1 0)) ((3 3) (0 3))) (non-orig (privk ca) (privk server_name)) (uniq-orig pms) (operation encryption-test (displaced 4 2 certificate_auth 1) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)) (3 0)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk server_name)))) ((recv pms) (send pms)) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk server_name))))) (label 35) (parent 34) (unrealized (1 0)) (comment "empty cohort")) (defskeleton tls2 (vars (ca server_name name) (pms skey)) (defstrand server 4 (ca ca) (server_name server_name) (client_name server_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk server_name))) (deflistener pms) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand client 4 (ca ca) (server_name server_name) (client_name server_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk server_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (precedes ((2 0) (0 0)) ((3 2) (0 2)) ((3 2) (1 0)) ((3 3) (0 3)) ((4 0) (3 0))) (non-orig (privk ca) (privk server_name)) (uniq-orig pms) (operation encryption-test (added-strand certificate_auth 1) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)) (3 0)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk server_name)))) ((recv pms) (send pms)) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk server_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))))) (label 36) (parent 34) (unrealized (1 0)) (comment "empty cohort")) (comment "Nothing left to do")