(comment "CPSA 2.2.11") (comment "Extracted shapes") (herald "Third approx to TLS: Both praties get cert, then c sends pms encrypted and hash.") (comment "CPSA 2.2.11") (comment "All input read from tls2.scm")
Tree 0.
(defprotocol tls2 basic
(defrole client
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name))
(trace
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(send (enc "client_version" pre_master_secret server_key))
(send
(enc
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole server
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name))
(trace
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(recv (enc "client_version" pre_master_secret server_key))
(recv
(enc
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole certificate_auth
(vars (subject_name ca name))
(trace
(send
(cat subject_name (pubk subject_name)
(enc
(enc "hash_zero"
(cat "cert" subject_name (pubk subject_name)))
(privk ca)))))))
Item 0.
(defskeleton tls2
(vars (ca s client_name name) (pms skey) (k client_key akey))
(defstrand client 4 (ca ca) (server_name s) (client_name client_name)
(pre_master_secret pms) (server_key k) (client_key client_key))
(deflistener pms)
(non-orig (invk k) (privk ca))
(uniq-orig pms)
(comment "Confidentiality should be OK.")
(traces
((recv
(cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))) (send (enc "client_version" pms k))
(send
(enc
(enc "hash_zero"
(cat
(cat s k
(enc (enc "hash_zero" (cat "cert" s k)) (privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))) (enc "client_version" pms k)))
(invk client_key)))) ((recv pms) (send pms)))
(label 0)
(unrealized (0 0) (0 1) (1 0))
(preskeleton)
(comment "Not a skeleton"))
Tree 2.
(defprotocol tls2 basic
(defrole client
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name))
(trace
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(send (enc "client_version" pre_master_secret server_key))
(send
(enc
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole server
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name))
(trace
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(recv (enc "client_version" pre_master_secret server_key))
(recv
(enc
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole certificate_auth
(vars (subject_name ca name))
(trace
(send
(cat subject_name (pubk subject_name)
(enc
(enc "hash_zero"
(cat "cert" subject_name (pubk subject_name)))
(privk ca)))))))
(defskeleton tls2
(vars (ca s client_name name) (pms skey) (k client_key akey))
(defstrand client 4 (ca ca) (server_name s) (client_name client_name)
(pre_master_secret pms) (server_key k) (client_key client_key))
(non-orig (invk k) (privk ca))
(uniq-orig pms)
(comment "Authenticates CA.")
(traces
((recv
(cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))) (send (enc "client_version" pms k))
(send
(enc
(enc "hash_zero"
(cat
(cat s k
(enc (enc "hash_zero" (cat "cert" s k)) (privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))) (enc "client_version" pms k)))
(invk client_key)))))
(label 2)
(unrealized (0 0) (0 1))
(origs (pms (0 2)))
(comment "1 in cohort - 1 not yet seen"))
(defskeleton tls2
(vars (ca s name) (pms skey))
(defstrand client 4 (ca ca) (server_name s) (client_name s)
(pre_master_secret pms) (server_key (pubk s)) (client_key (pubk s)))
(defstrand certificate_auth 1 (subject_name s) (ca ca))
(precedes ((1 0) (0 0)))
(non-orig (privk ca) (privk s))
(uniq-orig pms)
(operation encryption-test (displaced 2 1 certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)) (0 1))
(traces
((recv
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))
(recv
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))
(send (enc "client_version" pms (pubk s)))
(send
(enc
(enc "hash_zero"
(cat
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s)))
(privk ca)))
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s)))
(privk ca))) (enc "client_version" pms (pubk s))))
(privk s))))
((send
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))))
(label 4)
(parent 2)
(unrealized)
(shape)
(maps
((0)
((pms pms) (k (pubk s)) (ca ca) (s s) (client_key (pubk s))
(client_name s))))
(origs (pms (0 2))))
(defskeleton tls2
(vars (ca s client_name name) (pms skey))
(defstrand client 4 (ca ca) (server_name s) (client_name client_name)
(pre_master_secret pms) (server_key (pubk s))
(client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name s) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(precedes ((1 0) (0 0)) ((2 0) (0 1)))
(non-orig (privk ca) (privk s))
(uniq-orig pms)
(operation encryption-test (added-strand certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)) (0 1))
(traces
((recv
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(send (enc "client_version" pms (pubk s)))
(send
(enc
(enc "hash_zero"
(cat
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca))) (enc "client_version" pms (pubk s))))
(privk client_name))))
((send
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca))))))
(label 5)
(parent 2)
(unrealized)
(shape)
(maps
((0)
((pms pms) (k (pubk s)) (ca ca) (s s)
(client_key (pubk client_name)) (client_name client_name))))
(origs (pms (0 2))))
Tree 6.
(defprotocol tls2 basic
(defrole client
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name))
(trace
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(send (enc "client_version" pre_master_secret server_key))
(send
(enc
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole server
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name))
(trace
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(recv (enc "client_version" pre_master_secret server_key))
(recv
(enc
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole certificate_auth
(vars (subject_name ca name))
(trace
(send
(cat subject_name (pubk subject_name)
(enc
(enc "hash_zero"
(cat "cert" subject_name (pubk subject_name)))
(privk ca)))))))
Item 6, Children: 17 18 19 21 25 26 27 29.
(defskeleton tls2
(vars (ca s c ca-0 server_name client_name name) (pms skey)
(k client_key server_key client_key-0 akey))
(defstrand client 4 (ca ca-0) (server_name s) (client_name c)
(pre_master_secret pms) (server_key k) (client_key client_key))
(defstrand server 4 (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key server_key) (client_key client_key-0))
(non-orig (invk k) (privk ca) (privk c) (privk ca-0))
(uniq-orig pms)
(comment "Authenticates CA and implicit auth for server.")
(traces
((recv
(cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca-0))))
(recv
(cat c client_key
(enc (enc "hash_zero" (cat "cert" c client_key))
(privk ca-0)))) (send (enc "client_version" pms k))
(send
(enc
(enc "hash_zero"
(cat
(cat s k
(enc (enc "hash_zero" (cat "cert" s k)) (privk ca-0)))
(cat c client_key
(enc (enc "hash_zero" (cat "cert" c client_key))
(privk ca-0))) (enc "client_version" pms k)))
(invk client_key))))
((recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key-0
(enc (enc "hash_zero" (cat "cert" client_name client_key-0))
(privk ca)))) (recv (enc "client_version" pms server_key))
(recv
(enc
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key-0
(enc
(enc "hash_zero"
(cat "cert" client_name client_key-0)) (privk ca)))
(enc "client_version" pms server_key)))
(invk client_key-0)))))
(label 6)
(unrealized (0 0) (0 1) (1 0) (1 1) (1 2) (1 3))
(preskeleton)
(comment "Not a skeleton"))
(defskeleton tls2
(vars (c ca name) (pms skey))
(defstrand client 4 (ca ca) (server_name c) (client_name c)
(pre_master_secret pms) (server_key (pubk c)) (client_key (pubk c)))
(defstrand server 4 (ca ca) (server_name c) (client_name c)
(pre_master_secret pms) (server_key (pubk c)) (client_key (pubk c)))
(defstrand certificate_auth 1 (subject_name c) (ca ca))
(precedes ((0 2) (1 2)) ((0 3) (1 3)) ((2 0) (0 0)) ((2 0) (1 0)))
(non-orig (privk c) (privk ca))
(uniq-orig pms)
(operation encryption-test (displaced 3 2 certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 0))
(traces
((recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(send (enc "client_version" pms (pubk c)))
(send
(enc
(enc "hash_zero"
(cat
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca)))
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca))) (enc "client_version" pms (pubk c))))
(privk c))))
((recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(recv (enc "client_version" pms (pubk c)))
(recv
(enc
(enc "hash_zero"
(cat
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca)))
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca))) (enc "client_version" pms (pubk c))))
(privk c))))
((send
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))))
(label 17)
(parent 6)
(unrealized)
(shape)
(maps
((0 1)
((pms pms) (k (pubk c)) (ca ca) (s c) (c c) (client_key (pubk c))
(ca-0 ca) (server_key (pubk c)) (client_key-0 (pubk c))
(server_name c) (client_name c))))
(origs (pms (0 2))))
(defskeleton tls2
(vars (c ca name) (pms skey))
(defstrand client 4 (ca ca) (server_name c) (client_name c)
(pre_master_secret pms) (server_key (pubk c)) (client_key (pubk c)))
(defstrand server 4 (ca ca) (server_name c) (client_name c)
(pre_master_secret pms) (server_key (pubk c)) (client_key (pubk c)))
(defstrand certificate_auth 1 (subject_name c) (ca ca))
(defstrand certificate_auth 1 (subject_name c) (ca ca))
(precedes ((0 2) (1 2)) ((0 3) (1 3)) ((2 0) (1 0)) ((3 0) (0 0)))
(non-orig (privk c) (privk ca))
(uniq-orig pms)
(operation encryption-test (added-strand certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 0))
(traces
((recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(send (enc "client_version" pms (pubk c)))
(send
(enc
(enc "hash_zero"
(cat
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca)))
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca))) (enc "client_version" pms (pubk c))))
(privk c))))
((recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(recv (enc "client_version" pms (pubk c)))
(recv
(enc
(enc "hash_zero"
(cat
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca)))
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca))) (enc "client_version" pms (pubk c))))
(privk c))))
((send
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))))
((send
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))))
(label 18)
(parent 6)
(unrealized)
(shape)
(maps
((0 1)
((pms pms) (k (pubk c)) (ca ca) (s c) (c c) (client_key (pubk c))
(ca-0 ca) (server_key (pubk c)) (client_key-0 (pubk c))
(server_name c) (client_name c))))
(origs (pms (0 2))))
(defskeleton tls2
(vars (ca server_name client_name name) (pms skey))
(defstrand client 4 (ca ca) (server_name server_name)
(client_name server_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk server_name)))
(defstrand server 4 (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(precedes ((0 2) (1 2)) ((2 0) (0 0)) ((2 0) (1 0)) ((3 0) (1 1)))
(non-orig (privk ca) (privk server_name))
(uniq-orig pms)
(operation encryption-test (displaced 4 2 certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 1))
(traces
((recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca))))
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(send (enc "client_version" pms (pubk server_name)))
(send
(enc
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk server_name))))
((recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca))))))
(label 19)
(parent 6)
(unrealized)
(shape)
(maps
((0 1)
((pms pms) (k (pubk server_name)) (ca ca) (s server_name)
(c server_name) (client_key (pubk server_name)) (ca-0 ca)
(server_key (pubk server_name))
(client_key-0 (pubk client_name)) (server_name server_name)
(client_name client_name))))
(origs (pms (0 2))))
(defskeleton tls2
(vars (ca c server_name client_name name) (pms skey))
(defstrand client 4 (ca ca) (server_name server_name) (client_name c)
(pre_master_secret pms) (server_key (pubk server_name))
(client_key (pubk c)))
(defstrand server 4 (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(defstrand certificate_auth 1 (subject_name c) (ca ca))
(precedes ((0 2) (1 2)) ((2 0) (0 0)) ((2 0) (1 0)) ((3 0) (1 1))
((4 0) (0 1)))
(non-orig (privk ca) (privk c) (privk server_name))
(uniq-orig pms)
(operation encryption-test (added-strand certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 1))
(traces
((recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca))))
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(send (enc "client_version" pms (pubk server_name)))
(send
(enc
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk c))))
((recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)))))
((send
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))))
(label 21)
(parent 6)
(unrealized)
(shape)
(maps
((0 1)
((pms pms) (k (pubk server_name)) (ca ca) (s server_name) (c c)
(client_key (pubk c)) (ca-0 ca) (server_key (pubk server_name))
(client_key-0 (pubk client_name)) (server_name server_name)
(client_name client_name))))
(origs (pms (0 2))))
(defskeleton tls2
(vars (ca ca-0 server_name client_name name) (pms skey))
(defstrand client 4 (ca ca-0) (server_name server_name)
(client_name server_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk server_name)))
(defstrand server 4 (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca-0))
(precedes ((0 2) (1 2)) ((2 0) (1 0)) ((3 0) (1 1)) ((4 0) (0 0)))
(non-orig (privk ca) (privk ca-0) (privk server_name))
(uniq-orig pms)
(operation encryption-test (displaced 5 4 certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca-0)) (0 1))
(traces
((recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca-0))))
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca-0))))
(send (enc "client_version" pms (pubk server_name)))
(send
(enc
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca-0)))
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca-0)))
(enc "client_version" pms (pubk server_name))))
(privk server_name))))
((recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca-0))))))
(label 25)
(parent 6)
(unrealized)
(shape)
(maps
((0 1)
((pms pms) (k (pubk server_name)) (ca ca) (s server_name)
(c server_name) (client_key (pubk server_name)) (ca-0 ca-0)
(server_key (pubk server_name))
(client_key-0 (pubk client_name)) (server_name server_name)
(client_name client_name))))
(origs (pms (0 2))))
(defskeleton tls2
(vars (ca c ca-0 server_name client_name name) (pms skey))
(defstrand client 4 (ca ca-0) (server_name server_name)
(client_name c) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk c)))
(defstrand server 4 (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca-0))
(defstrand certificate_auth 1 (subject_name c) (ca ca-0))
(precedes ((0 2) (1 2)) ((2 0) (1 0)) ((3 0) (1 1)) ((4 0) (0 0))
((5 0) (0 1)))
(non-orig (privk ca) (privk c) (privk ca-0) (privk server_name))
(uniq-orig pms)
(operation encryption-test (added-strand certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca-0)) (0 1))
(traces
((recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca-0))))
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca-0))))
(send (enc "client_version" pms (pubk server_name)))
(send
(enc
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca-0)))
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca-0)))
(enc "client_version" pms (pubk server_name))))
(privk c))))
((recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca-0)))))
((send
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca-0))))))
(label 26)
(parent 6)
(unrealized)
(shape)
(maps
((0 1)
((pms pms) (k (pubk server_name)) (ca ca) (s server_name) (c c)
(client_key (pubk c)) (ca-0 ca-0)
(server_key (pubk server_name))
(client_key-0 (pubk client_name)) (server_name server_name)
(client_name client_name))))
(origs (pms (0 2))))
(defskeleton tls2
(vars (ca server_name client_name name) (pms skey))
(defstrand client 4 (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand server 4 (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(precedes ((0 2) (1 2)) ((0 3) (1 3)) ((2 0) (0 0)) ((2 0) (1 0))
((3 0) (0 1)) ((3 0) (1 1)))
(non-orig (privk ca) (privk server_name) (privk client_name))
(uniq-orig pms)
(operation encryption-test (displaced 4 0 client 4)
(enc
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name)) (1 3))
(traces
((recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(send (enc "client_version" pms (pubk server_name)))
(send
(enc
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca))))))
(label 27)
(parent 6)
(unrealized)
(shape)
(maps
((0 1)
((pms pms) (k (pubk server_name)) (ca ca) (s server_name)
(c client_name) (client_key (pubk client_name)) (ca-0 ca)
(server_key (pubk server_name))
(client_key-0 (pubk client_name)) (server_name server_name)
(client_name client_name))))
(origs (pms (0 2))))
(defskeleton tls2
(vars (ca server_name client_name name) (pms skey))
(defstrand client 4 (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand server 4 (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(precedes ((0 2) (1 2)) ((0 3) (1 3)) ((2 0) (1 0)) ((3 0) (0 1))
((3 0) (1 1)) ((4 0) (0 0)))
(non-orig (privk ca) (privk server_name) (privk client_name))
(uniq-orig pms)
(operation encryption-test (displaced 5 0 client 4)
(enc
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name)) (1 3))
(traces
((recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(send (enc "client_version" pms (pubk server_name)))
(send
(enc
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca))))))
(label 29)
(parent 6)
(unrealized)
(shape)
(maps
((0 1)
((pms pms) (k (pubk server_name)) (ca ca) (s server_name)
(c client_name) (client_key (pubk client_name)) (ca-0 ca)
(server_key (pubk server_name))
(client_key-0 (pubk client_name)) (server_name server_name)
(client_name client_name))))
(origs (pms (0 2))))
Tree 30.
(defprotocol tls2 basic
(defrole client
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name))
(trace
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(send (enc "client_version" pre_master_secret server_key))
(send
(enc
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole server
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name))
(trace
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(recv (enc "client_version" pre_master_secret server_key))
(recv
(enc
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole certificate_auth
(vars (subject_name ca name))
(trace
(send
(cat subject_name (pubk subject_name)
(enc
(enc "hash_zero"
(cat "cert" subject_name (pubk subject_name)))
(privk ca)))))))
(defskeleton tls2
(vars (ca server_name client_name name) (pms skey)
(k client_key akey))
(defstrand server 4 (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms) (server_key k)
(client_key client_key))
(deflistener pms)
(non-orig (invk k) (privk ca))
(uniq-orig pms)
(comment
"Neither confidentiality nor authentication guarantees to server")
(traces
((recv
(cat server_name k
(enc (enc "hash_zero" (cat "cert" server_name k)) (privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))) (recv (enc "client_version" pms k))
(recv
(enc
(enc "hash_zero"
(cat
(cat server_name k
(enc (enc "hash_zero" (cat "cert" server_name k))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))) (enc "client_version" pms k)))
(invk client_key)))) ((recv pms) (send pms)))
(label 30)
(unrealized (0 0) (0 1) (0 3))
(origs)
(comment "1 in cohort - 1 not yet seen"))
(defskeleton tls2
(vars (ca server_name client_name name) (pms skey))
(defstrand server 4 (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(deflistener pms)
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(precedes ((2 0) (0 0)) ((3 0) (0 1)))
(non-orig (privk ca) (privk server_name))
(uniq-orig pms)
(operation encryption-test (added-strand certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)) (0 1))
(traces
((recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name)))) ((recv pms) (send pms))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca))))))
(label 33)
(parent 30)
(unrealized)
(shape)
(maps
((0 1)
((pms pms) (k (pubk server_name)) (client_key (pubk client_name))
(ca ca) (server_name server_name) (client_name client_name))))
(origs))