(comment "CPSA 2.2.11") (comment "Extracted shapes") (herald "Third approx to TLS: Both praties get cert, then c sends pms encrypted and hash.") (comment "CPSA 2.2.11") (comment "All input read from tls2.scm") (defprotocol tls2 basic (defrole client (vars (pre_master_secret skey) (server_key client_key akey) (ca server_name client_name name)) (trace (recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (send (enc "client_version" pre_master_secret server_key)) (send (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pre_master_secret server_key))) (invk client_key)))) (non-orig (privk ca))) (defrole server (vars (pre_master_secret skey) (server_key client_key akey) (ca server_name client_name name)) (trace (recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (recv (enc "client_version" pre_master_secret server_key)) (recv (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pre_master_secret server_key))) (invk client_key)))) (non-orig (privk ca))) (defrole certificate_auth (vars (subject_name ca name)) (trace (send (cat subject_name (pubk subject_name) (enc (enc "hash_zero" (cat "cert" subject_name (pubk subject_name))) (privk ca))))))) (defskeleton tls2 (vars (ca s client_name name) (pms skey) (k client_key akey)) (defstrand client 4 (ca ca) (server_name s) (client_name client_name) (pre_master_secret pms) (server_key k) (client_key client_key)) (deflistener pms) (non-orig (invk k) (privk ca)) (uniq-orig pms) (comment "Confidentiality should be OK.") (traces ((recv (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (send (enc "client_version" pms k)) (send (enc (enc "hash_zero" (cat (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pms k))) (invk client_key)))) ((recv pms) (send pms))) (label 0) (unrealized (0 0) (0 1) (1 0)) (preskeleton) (comment "Not a skeleton")) (comment "Nothing left to do") (defprotocol tls2 basic (defrole client (vars (pre_master_secret skey) (server_key client_key akey) (ca server_name client_name name)) (trace (recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (send (enc "client_version" pre_master_secret server_key)) (send (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pre_master_secret server_key))) (invk client_key)))) (non-orig (privk ca))) (defrole server (vars (pre_master_secret skey) (server_key client_key akey) (ca server_name client_name name)) (trace (recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (recv (enc "client_version" pre_master_secret server_key)) (recv (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pre_master_secret server_key))) (invk client_key)))) (non-orig (privk ca))) (defrole certificate_auth (vars (subject_name ca name)) (trace (send (cat subject_name (pubk subject_name) (enc (enc "hash_zero" (cat "cert" subject_name (pubk subject_name))) (privk ca))))))) (defskeleton tls2 (vars (ca s client_name name) (pms skey) (k client_key akey)) (defstrand client 4 (ca ca) (server_name s) (client_name client_name) (pre_master_secret pms) (server_key k) (client_key client_key)) (non-orig (invk k) (privk ca)) (uniq-orig pms) (comment "Authenticates CA.") (traces ((recv (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (send (enc "client_version" pms k)) (send (enc (enc "hash_zero" (cat (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pms k))) (invk client_key))))) (label 2) (unrealized (0 0) (0 1)) (origs (pms (0 2))) (comment "1 in cohort - 1 not yet seen")) (defskeleton tls2 (vars (ca s name) (pms skey)) (defstrand client 4 (ca ca) (server_name s) (client_name s) (pre_master_secret pms) (server_key (pubk s)) (client_key (pubk s))) (defstrand certificate_auth 1 (subject_name s) (ca ca)) (precedes ((1 0) (0 0))) (non-orig (privk ca) (privk s)) (uniq-orig pms) (operation encryption-test (displaced 2 1 certificate_auth 1) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)) (0 1)) (traces ((recv (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca)))) (recv (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca)))) (send (enc "client_version" pms (pubk s))) (send (enc (enc "hash_zero" (cat (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))) (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))) (enc "client_version" pms (pubk s)))) (privk s)))) ((send (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca)))))) (label 4) (parent 2) (unrealized) (shape) (maps ((0) ((pms pms) (k (pubk s)) (ca ca) (s s) (client_key (pubk s)) (client_name s)))) (origs (pms (0 2)))) (defskeleton tls2 (vars (ca s client_name name) (pms skey)) (defstrand client 4 (ca ca) (server_name s) (client_name client_name) (pre_master_secret pms) (server_key (pubk s)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name s) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (precedes ((1 0) (0 0)) ((2 0) (0 1))) (non-orig (privk ca) (privk s)) (uniq-orig pms) (operation encryption-test (added-strand certificate_auth 1) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)) (0 1)) (traces ((recv (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (send (enc "client_version" pms (pubk s))) (send (enc (enc "hash_zero" (cat (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk s)))) (privk client_name)))) ((send (cat s (pubk s) (enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))))) (label 5) (parent 2) (unrealized) (shape) (maps ((0) ((pms pms) (k (pubk s)) (ca ca) (s s) (client_key (pubk client_name)) (client_name client_name)))) (origs (pms (0 2)))) (comment "Nothing left to do") (defprotocol tls2 basic (defrole client (vars (pre_master_secret skey) (server_key client_key akey) (ca server_name client_name name)) (trace (recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (send (enc "client_version" pre_master_secret server_key)) (send (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pre_master_secret server_key))) (invk client_key)))) (non-orig (privk ca))) (defrole server (vars (pre_master_secret skey) (server_key client_key akey) (ca server_name client_name name)) (trace (recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (recv (enc "client_version" pre_master_secret server_key)) (recv (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pre_master_secret server_key))) (invk client_key)))) (non-orig (privk ca))) (defrole certificate_auth (vars (subject_name ca name)) (trace (send (cat subject_name (pubk subject_name) (enc (enc "hash_zero" (cat "cert" subject_name (pubk subject_name))) (privk ca))))))) (defskeleton tls2 (vars (ca s c ca-0 server_name client_name name) (pms skey) (k client_key server_key client_key-0 akey)) (defstrand client 4 (ca ca-0) (server_name s) (client_name c) (pre_master_secret pms) (server_key k) (client_key client_key)) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key server_key) (client_key client_key-0)) (non-orig (invk k) (privk ca) (privk c) (privk ca-0)) (uniq-orig pms) (comment "Authenticates CA and implicit auth for server.") (traces ((recv (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca-0)))) (recv (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca-0)))) (send (enc "client_version" pms k)) (send (enc (enc "hash_zero" (cat (cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca-0))) (cat c client_key (enc (enc "hash_zero" (cat "cert" c client_key)) (privk ca-0))) (enc "client_version" pms k))) (invk client_key)))) ((recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key-0 (enc (enc "hash_zero" (cat "cert" client_name client_key-0)) (privk ca)))) (recv (enc "client_version" pms server_key)) (recv (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key-0 (enc (enc "hash_zero" (cat "cert" client_name client_key-0)) (privk ca))) (enc "client_version" pms server_key))) (invk client_key-0))))) (label 6) (unrealized (0 0) (0 1) (1 0) (1 1) (1 2) (1 3)) (preskeleton) (comment "Not a skeleton")) (defskeleton tls2 (vars (c ca name) (pms skey)) (defstrand client 4 (ca ca) (server_name c) (client_name c) (pre_master_secret pms) (server_key (pubk c)) (client_key (pubk c))) (defstrand server 4 (ca ca) (server_name c) (client_name c) (pre_master_secret pms) (server_key (pubk c)) (client_key (pubk c))) (defstrand certificate_auth 1 (subject_name c) (ca ca)) (precedes ((0 2) (1 2)) ((0 3) (1 3)) ((2 0) (0 0)) ((2 0) (1 0))) (non-orig (privk c) (privk ca)) (uniq-orig pms) (operation encryption-test (displaced 3 2 certificate_auth 1) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 0)) (traces ((recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (send (enc "client_version" pms (pubk c))) (send (enc (enc "hash_zero" (cat (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (enc "client_version" pms (pubk c)))) (privk c)))) ((recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (recv (enc "client_version" pms (pubk c))) (recv (enc (enc "hash_zero" (cat (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (enc "client_version" pms (pubk c)))) (privk c)))) ((send (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))))) (label 17) (parent 6) (unrealized) (shape) (maps ((0 1) ((pms pms) (k (pubk c)) (ca ca) (s c) (c c) (client_key (pubk c)) (ca-0 ca) (server_key (pubk c)) (client_key-0 (pubk c)) (server_name c) (client_name c)))) (origs (pms (0 2)))) (defskeleton tls2 (vars (c ca name) (pms skey)) (defstrand client 4 (ca ca) (server_name c) (client_name c) (pre_master_secret pms) (server_key (pubk c)) (client_key (pubk c))) (defstrand server 4 (ca ca) (server_name c) (client_name c) (pre_master_secret pms) (server_key (pubk c)) (client_key (pubk c))) (defstrand certificate_auth 1 (subject_name c) (ca ca)) (defstrand certificate_auth 1 (subject_name c) (ca ca)) (precedes ((0 2) (1 2)) ((0 3) (1 3)) ((2 0) (1 0)) ((3 0) (0 0))) (non-orig (privk c) (privk ca)) (uniq-orig pms) (operation encryption-test (added-strand certificate_auth 1) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 0)) (traces ((recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (send (enc "client_version" pms (pubk c))) (send (enc (enc "hash_zero" (cat (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (enc "client_version" pms (pubk c)))) (privk c)))) ((recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (recv (enc "client_version" pms (pubk c))) (recv (enc (enc "hash_zero" (cat (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (enc "client_version" pms (pubk c)))) (privk c)))) ((send (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))) ((send (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))))) (label 18) (parent 6) (unrealized) (shape) (maps ((0 1) ((pms pms) (k (pubk c)) (ca ca) (s c) (c c) (client_key (pubk c)) (ca-0 ca) (server_key (pubk c)) (client_key-0 (pubk c)) (server_name c) (client_name c)))) (origs (pms (0 2)))) (defskeleton tls2 (vars (ca server_name client_name name) (pms skey)) (defstrand client 4 (ca ca) (server_name server_name) (client_name server_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk server_name))) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (precedes ((0 2) (1 2)) ((2 0) (0 0)) ((2 0) (1 0)) ((3 0) (1 1))) (non-orig (privk ca) (privk server_name)) (uniq-orig pms) (operation encryption-test (displaced 4 2 certificate_auth 1) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 1)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk server_name)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))))) (label 19) (parent 6) (unrealized) (shape) (maps ((0 1) ((pms pms) (k (pubk server_name)) (ca ca) (s server_name) (c server_name) (client_key (pubk server_name)) (ca-0 ca) (server_key (pubk server_name)) (client_key-0 (pubk client_name)) (server_name server_name) (client_name client_name)))) (origs (pms (0 2)))) (defskeleton tls2 (vars (ca c server_name client_name name) (pms skey)) (defstrand client 4 (ca ca) (server_name server_name) (client_name c) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk c))) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (defstrand certificate_auth 1 (subject_name c) (ca ca)) (precedes ((0 2) (1 2)) ((2 0) (0 0)) ((2 0) (1 0)) ((3 0) (1 1)) ((4 0) (0 1))) (non-orig (privk ca) (privk c) (privk server_name)) (uniq-orig pms) (operation encryption-test (added-strand certificate_auth 1) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 1)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk c)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))))) ((send (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))))) (label 21) (parent 6) (unrealized) (shape) (maps ((0 1) ((pms pms) (k (pubk server_name)) (ca ca) (s server_name) (c c) (client_key (pubk c)) (ca-0 ca) (server_key (pubk server_name)) (client_key-0 (pubk client_name)) (server_name server_name) (client_name client_name)))) (origs (pms (0 2)))) (defskeleton tls2 (vars (ca ca-0 server_name client_name name) (pms skey)) (defstrand client 4 (ca ca-0) (server_name server_name) (client_name server_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk server_name))) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (defstrand certificate_auth 1 (subject_name server_name) (ca ca-0)) (precedes ((0 2) (1 2)) ((2 0) (1 0)) ((3 0) (1 1)) ((4 0) (0 0))) (non-orig (privk ca) (privk ca-0) (privk server_name)) (uniq-orig pms) (operation encryption-test (displaced 5 4 certificate_auth 1) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca-0)) (0 1)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0)))) (recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0))) (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0))) (enc "client_version" pms (pubk server_name)))) (privk server_name)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0)))))) (label 25) (parent 6) (unrealized) (shape) (maps ((0 1) ((pms pms) (k (pubk server_name)) (ca ca) (s server_name) (c server_name) (client_key (pubk server_name)) (ca-0 ca-0) (server_key (pubk server_name)) (client_key-0 (pubk client_name)) (server_name server_name) (client_name client_name)))) (origs (pms (0 2)))) (defskeleton tls2 (vars (ca c ca-0 server_name client_name name) (pms skey)) (defstrand client 4 (ca ca-0) (server_name server_name) (client_name c) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk c))) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (defstrand certificate_auth 1 (subject_name server_name) (ca ca-0)) (defstrand certificate_auth 1 (subject_name c) (ca ca-0)) (precedes ((0 2) (1 2)) ((2 0) (1 0)) ((3 0) (1 1)) ((4 0) (0 0)) ((5 0) (0 1))) (non-orig (privk ca) (privk c) (privk ca-0) (privk server_name)) (uniq-orig pms) (operation encryption-test (added-strand certificate_auth 1) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca-0)) (0 1)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0)))) (recv (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca-0)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0))) (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca-0))) (enc "client_version" pms (pubk server_name)))) (privk c)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca-0))))) ((send (cat c (pubk c) (enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca-0)))))) (label 26) (parent 6) (unrealized) (shape) (maps ((0 1) ((pms pms) (k (pubk server_name)) (ca ca) (s server_name) (c c) (client_key (pubk c)) (ca-0 ca-0) (server_key (pubk server_name)) (client_key-0 (pubk client_name)) (server_name server_name) (client_name client_name)))) (origs (pms (0 2)))) (defskeleton tls2 (vars (ca server_name client_name name) (pms skey)) (defstrand client 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (precedes ((0 2) (1 2)) ((0 3) (1 3)) ((2 0) (0 0)) ((2 0) (1 0)) ((3 0) (0 1)) ((3 0) (1 1))) (non-orig (privk ca) (privk server_name) (privk client_name)) (uniq-orig pms) (operation encryption-test (displaced 4 0 client 4) (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)) (1 3)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))))) (label 27) (parent 6) (unrealized) (shape) (maps ((0 1) ((pms pms) (k (pubk server_name)) (ca ca) (s server_name) (c client_name) (client_key (pubk client_name)) (ca-0 ca) (server_key (pubk server_name)) (client_key-0 (pubk client_name)) (server_name server_name) (client_name client_name)))) (origs (pms (0 2)))) (defskeleton tls2 (vars (ca server_name client_name name) (pms skey)) (defstrand client 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (precedes ((0 2) (1 2)) ((0 3) (1 3)) ((2 0) (1 0)) ((3 0) (0 1)) ((3 0) (1 1)) ((4 0) (0 0))) (non-orig (privk ca) (privk server_name) (privk client_name)) (uniq-orig pms) (operation encryption-test (displaced 5 0 client 4) (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)) (1 3)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (send (enc "client_version" pms (pubk server_name))) (send (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))))) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))))) (label 29) (parent 6) (unrealized) (shape) (maps ((0 1) ((pms pms) (k (pubk server_name)) (ca ca) (s server_name) (c client_name) (client_key (pubk client_name)) (ca-0 ca) (server_key (pubk server_name)) (client_key-0 (pubk client_name)) (server_name server_name) (client_name client_name)))) (origs (pms (0 2)))) (comment "Nothing left to do") (defprotocol tls2 basic (defrole client (vars (pre_master_secret skey) (server_key client_key akey) (ca server_name client_name name)) (trace (recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (send (enc "client_version" pre_master_secret server_key)) (send (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pre_master_secret server_key))) (invk client_key)))) (non-orig (privk ca))) (defrole server (vars (pre_master_secret skey) (server_key client_key akey) (ca server_name client_name name)) (trace (recv (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (recv (enc "client_version" pre_master_secret server_key)) (recv (enc (enc "hash_zero" (cat (cat server_name server_key (enc (enc "hash_zero" (cat "cert" server_name server_key)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pre_master_secret server_key))) (invk client_key)))) (non-orig (privk ca))) (defrole certificate_auth (vars (subject_name ca name)) (trace (send (cat subject_name (pubk subject_name) (enc (enc "hash_zero" (cat "cert" subject_name (pubk subject_name))) (privk ca))))))) (defskeleton tls2 (vars (ca server_name client_name name) (pms skey) (k client_key akey)) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key k) (client_key client_key)) (deflistener pms) (non-orig (invk k) (privk ca)) (uniq-orig pms) (comment "Neither confidentiality nor authentication guarantees to server") (traces ((recv (cat server_name k (enc (enc "hash_zero" (cat "cert" server_name k)) (privk ca)))) (recv (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca)))) (recv (enc "client_version" pms k)) (recv (enc (enc "hash_zero" (cat (cat server_name k (enc (enc "hash_zero" (cat "cert" server_name k)) (privk ca))) (cat client_name client_key (enc (enc "hash_zero" (cat "cert" client_name client_key)) (privk ca))) (enc "client_version" pms k))) (invk client_key)))) ((recv pms) (send pms))) (label 30) (unrealized (0 0) (0 1) (0 3)) (origs) (comment "1 in cohort - 1 not yet seen")) (defskeleton tls2 (vars (ca server_name client_name name) (pms skey)) (defstrand server 4 (ca ca) (server_name server_name) (client_name client_name) (pre_master_secret pms) (server_key (pubk server_name)) (client_key (pubk client_name))) (deflistener pms) (defstrand certificate_auth 1 (subject_name server_name) (ca ca)) (defstrand certificate_auth 1 (subject_name client_name) (ca ca)) (precedes ((2 0) (0 0)) ((3 0) (0 1))) (non-orig (privk ca) (privk server_name)) (uniq-orig pms) (operation encryption-test (added-strand certificate_auth 1) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)) (0 1)) (traces ((recv (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca)))) (recv (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))) (recv (enc "client_version" pms (pubk server_name))) (recv (enc (enc "hash_zero" (cat (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))) (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca))) (enc "client_version" pms (pubk server_name)))) (privk client_name)))) ((recv pms) (send pms)) ((send (cat server_name (pubk server_name) (enc (enc "hash_zero" (cat "cert" server_name (pubk server_name))) (privk ca))))) ((send (cat client_name (pubk client_name) (enc (enc "hash_zero" (cat "cert" client_name (pubk client_name))) (privk ca)))))) (label 33) (parent 30) (unrealized) (shape) (maps ((0 1) ((pms pms) (k (pubk server_name)) (client_key (pubk client_name)) (ca ca) (server_name server_name) (client_name client_name)))) (origs)) (comment "Nothing left to do")