(comment "CPSA 2.2.11") (comment "Extracted shapes") (herald "Fifth approx to TLS: Both parties get cert, then c sends pms encrypted and hash. CA guarantees privk uncompromised. Session nonces used." (bound 14)) (comment "CPSA 2.2.11") (comment "All input read from tls4.scm") (comment "Strand count bounded at 14")
Tree 0.
(defprotocol tls4 basic
(defrole client
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name) (ns nc text))
(trace (send nc) (recv ns)
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(send (enc "client_version" pre_master_secret server_key))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole server
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name) (ns nc text))
(trace (recv nc) (send ns)
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(recv (enc "client_version" pre_master_secret server_key))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole certificate_auth
(vars (subject_name ca name))
(trace
(send
(cat subject_name (pubk subject_name)
(enc
(enc "hash_zero"
(cat "cert" subject_name (pubk subject_name)))
(privk ca)))))
(non-orig (privk subject_name))))
Item 0.
(defskeleton tls4
(vars (ns nc text) (ca s client_name name) (pms skey)
(k client_key akey))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name s)
(client_name client_name) (pre_master_secret pms) (server_key k)
(client_key client_key))
(deflistener pms)
(non-orig (invk k) (privk ca))
(uniq-orig pms)
(comment "Confidentiality should be OK.")
(traces
((send nc) (recv ns)
(recv
(cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))) (send (enc "client_version" pms k))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat s k
(enc (enc "hash_zero" (cat "cert" s k)) (privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))) (enc "client_version" pms k)))
(invk client_key)))) ((recv pms) (send pms)))
(label 0)
(unrealized (0 2) (0 3) (1 0))
(preskeleton)
(comment "Not a skeleton"))
Tree 2.
(defprotocol tls4 basic
(defrole client
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name) (ns nc text))
(trace (send nc) (recv ns)
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(send (enc "client_version" pre_master_secret server_key))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole server
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name) (ns nc text))
(trace (recv nc) (send ns)
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(recv (enc "client_version" pre_master_secret server_key))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole certificate_auth
(vars (subject_name ca name))
(trace
(send
(cat subject_name (pubk subject_name)
(enc
(enc "hash_zero"
(cat "cert" subject_name (pubk subject_name)))
(privk ca)))))
(non-orig (privk subject_name))))
(defskeleton tls4
(vars (ns nc text) (ca s client_name name) (pms skey)
(k client_key akey))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name s)
(client_name client_name) (pre_master_secret pms) (server_key k)
(client_key client_key))
(non-orig (invk k) (privk ca))
(uniq-orig pms)
(comment "Authenticates CA.")
(traces
((send nc) (recv ns)
(recv
(cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))) (send (enc "client_version" pms k))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat s k
(enc (enc "hash_zero" (cat "cert" s k)) (privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))) (enc "client_version" pms k)))
(invk client_key)))))
(label 2)
(unrealized (0 2) (0 3))
(origs (pms (0 4)))
(comment "1 in cohort - 1 not yet seen"))
(defskeleton tls4
(vars (ns nc text) (ca s name) (pms skey))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name s)
(client_name s) (pre_master_secret pms) (server_key (pubk s))
(client_key (pubk s)))
(defstrand certificate_auth 1 (subject_name s) (ca ca))
(precedes ((1 0) (0 2)))
(non-orig (privk ca) (privk s))
(uniq-orig pms)
(operation encryption-test (displaced 2 1 certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)) (0 3))
(traces
((send nc) (recv ns)
(recv
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))
(recv
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))
(send (enc "client_version" pms (pubk s)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s)))
(privk ca)))
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s)))
(privk ca))) (enc "client_version" pms (pubk s))))
(privk s))))
((send
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))))
(label 4)
(parent 2)
(unrealized)
(shape)
(maps
((0)
((pms pms) (k (pubk s)) (ca ca) (s s) (client_key (pubk s))
(client_name s) (ns ns) (nc nc))))
(origs (pms (0 4))))
(defskeleton tls4
(vars (ns nc text) (ca s client_name name) (pms skey))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name s)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk s)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name s) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(precedes ((1 0) (0 2)) ((2 0) (0 3)))
(non-orig (privk ca) (privk s) (privk client_name))
(uniq-orig pms)
(operation encryption-test (added-strand certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)) (0 3))
(traces
((send nc) (recv ns)
(recv
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(send (enc "client_version" pms (pubk s)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca))) (enc "client_version" pms (pubk s))))
(privk client_name))))
((send
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca))))))
(label 5)
(parent 2)
(unrealized)
(shape)
(maps
((0)
((pms pms) (k (pubk s)) (ca ca) (s s)
(client_key (pubk client_name)) (client_name client_name)
(ns ns) (nc nc))))
(origs (pms (0 4))))
Tree 6.
(defprotocol tls4 basic
(defrole client
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name) (ns nc text))
(trace (send nc) (recv ns)
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(send (enc "client_version" pre_master_secret server_key))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole server
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name) (ns nc text))
(trace (recv nc) (send ns)
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(recv (enc "client_version" pre_master_secret server_key))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole certificate_auth
(vars (subject_name ca name))
(trace
(send
(cat subject_name (pubk subject_name)
(enc
(enc "hash_zero"
(cat "cert" subject_name (pubk subject_name)))
(privk ca)))))
(non-orig (privk subject_name))))
Item 6, Children: 15 16 20 21 23 24.
(defskeleton tls4
(vars (ns nc ns-0 nc-0 text)
(ca s c ca-0 server_name client_name name) (pms skey)
(k client_key server_key client_key-0 akey))
(defstrand client 6 (ns ns) (nc nc) (ca ca-0) (server_name s)
(client_name c) (pre_master_secret pms) (server_key k)
(client_key client_key))
(defstrand server 6 (ns ns-0) (nc nc-0) (ca ca)
(server_name server_name) (client_name client_name)
(pre_master_secret pms) (server_key server_key)
(client_key client_key-0))
(non-orig (invk k) (privk ca) (privk c) (privk ca-0))
(uniq-orig pms)
(comment "Authenticates CA and implicit auth for server.")
(traces
((send nc) (recv ns)
(recv
(cat s k (enc (enc "hash_zero" (cat "cert" s k)) (privk ca-0))))
(recv
(cat c client_key
(enc (enc "hash_zero" (cat "cert" c client_key))
(privk ca-0)))) (send (enc "client_version" pms k))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat s k
(enc (enc "hash_zero" (cat "cert" s k)) (privk ca-0)))
(cat c client_key
(enc (enc "hash_zero" (cat "cert" c client_key))
(privk ca-0))) (enc "client_version" pms k)))
(invk client_key))))
((recv nc-0) (send ns-0)
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key-0
(enc (enc "hash_zero" (cat "cert" client_name client_key-0))
(privk ca)))) (recv (enc "client_version" pms server_key))
(recv
(enc nc-0 ns-0
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key-0
(enc
(enc "hash_zero"
(cat "cert" client_name client_key-0)) (privk ca)))
(enc "client_version" pms server_key)))
(invk client_key-0)))))
(label 6)
(unrealized (0 2) (0 3) (1 2) (1 3) (1 4) (1 5))
(preskeleton)
(comment "Not a skeleton"))
(defskeleton tls4
(vars (ns nc text) (c ca name) (pms skey))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name c)
(client_name c) (pre_master_secret pms) (server_key (pubk c))
(client_key (pubk c)))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name c)
(client_name c) (pre_master_secret pms) (server_key (pubk c))
(client_key (pubk c)))
(defstrand certificate_auth 1 (subject_name c) (ca ca))
(precedes ((0 4) (1 4)) ((0 5) (1 5)) ((2 0) (0 2)) ((2 0) (1 2)))
(non-orig (privk c) (privk ca))
(uniq-orig pms)
(operation encryption-test (displaced 3 2 certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 2))
(traces
((send nc) (recv ns)
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(send (enc "client_version" pms (pubk c)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca)))
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca))) (enc "client_version" pms (pubk c))))
(privk c))))
((recv nc) (send ns)
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(recv (enc "client_version" pms (pubk c)))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca)))
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca))) (enc "client_version" pms (pubk c))))
(privk c))))
((send
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))))
(label 15)
(parent 6)
(unrealized)
(shape)
(maps
((0 1)
((pms pms) (k (pubk c)) (ca ca) (s c) (c c) (client_key (pubk c))
(ca-0 ca) (ns ns) (nc nc) (server_key (pubk c))
(client_key-0 (pubk c)) (server_name c) (client_name c)
(ns-0 ns) (nc-0 nc))))
(origs (pms (0 4))))
(defskeleton tls4
(vars (ns nc text) (c ca name) (pms skey))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name c)
(client_name c) (pre_master_secret pms) (server_key (pubk c))
(client_key (pubk c)))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name c)
(client_name c) (pre_master_secret pms) (server_key (pubk c))
(client_key (pubk c)))
(defstrand certificate_auth 1 (subject_name c) (ca ca))
(defstrand certificate_auth 1 (subject_name c) (ca ca))
(precedes ((0 4) (1 4)) ((0 5) (1 5)) ((2 0) (1 2)) ((3 0) (0 2)))
(non-orig (privk c) (privk ca))
(uniq-orig pms)
(operation encryption-test (added-strand certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 2))
(traces
((send nc) (recv ns)
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(send (enc "client_version" pms (pubk c)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca)))
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca))) (enc "client_version" pms (pubk c))))
(privk c))))
((recv nc) (send ns)
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(recv (enc "client_version" pms (pubk c)))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca)))
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca))) (enc "client_version" pms (pubk c))))
(privk c))))
((send
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))))
((send
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))))
(label 16)
(parent 6)
(unrealized)
(shape)
(maps
((0 1)
((pms pms) (k (pubk c)) (ca ca) (s c) (c c) (client_key (pubk c))
(ca-0 ca) (ns ns) (nc nc) (server_key (pubk c))
(client_key-0 (pubk c)) (server_name c) (client_name c)
(ns-0 ns) (nc-0 nc))))
(origs (pms (0 4))))
(defskeleton tls4
(vars (ns nc text) (s c ca name) (pms skey))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name s)
(client_name c) (pre_master_secret pms) (server_key (pubk s))
(client_key (pubk c)))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name s)
(client_name c) (pre_master_secret pms) (server_key (pubk s))
(client_key (pubk c)))
(defstrand certificate_auth 1 (subject_name s) (ca ca))
(defstrand certificate_auth 1 (subject_name c) (ca ca))
(precedes ((0 4) (1 4)) ((0 5) (1 5)) ((2 0) (0 2)) ((2 0) (1 2))
((3 0) (0 3)) ((3 0) (1 3)))
(non-orig (privk s) (privk c) (privk ca))
(uniq-orig pms)
(operation encryption-test (displaced 4 3 certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 3))
(traces
((send nc) (recv ns)
(recv
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(send (enc "client_version" pms (pubk s)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s)))
(privk ca)))
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca))) (enc "client_version" pms (pubk s))))
(privk c))))
((recv nc) (send ns)
(recv
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(recv (enc "client_version" pms (pubk s)))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s)))
(privk ca)))
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca))) (enc "client_version" pms (pubk s))))
(privk c))))
((send
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca)))))
((send
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))))
(label 20)
(parent 6)
(unrealized)
(shape)
(maps
((0 1)
((pms pms) (k (pubk s)) (ca ca) (s s) (c c) (client_key (pubk c))
(ca-0 ca) (ns ns) (nc nc) (server_key (pubk s))
(client_key-0 (pubk c)) (server_name s) (client_name c)
(ns-0 ns) (nc-0 nc))))
(origs (pms (0 4))))
(defskeleton tls4
(vars (ns nc text) (s c ca name) (pms skey))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name s)
(client_name c) (pre_master_secret pms) (server_key (pubk s))
(client_key (pubk c)))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name s)
(client_name c) (pre_master_secret pms) (server_key (pubk s))
(client_key (pubk c)))
(defstrand certificate_auth 1 (subject_name s) (ca ca))
(defstrand certificate_auth 1 (subject_name c) (ca ca))
(defstrand certificate_auth 1 (subject_name c) (ca ca))
(precedes ((0 4) (1 4)) ((0 5) (1 5)) ((2 0) (0 2)) ((2 0) (1 2))
((3 0) (1 3)) ((4 0) (0 3)))
(non-orig (privk s) (privk c) (privk ca))
(uniq-orig pms)
(operation encryption-test (added-strand certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 3))
(traces
((send nc) (recv ns)
(recv
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(send (enc "client_version" pms (pubk s)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s)))
(privk ca)))
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca))) (enc "client_version" pms (pubk s))))
(privk c))))
((recv nc) (send ns)
(recv
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(recv (enc "client_version" pms (pubk s)))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s)))
(privk ca)))
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca))) (enc "client_version" pms (pubk s))))
(privk c))))
((send
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca)))))
((send
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))))
((send
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))))
(label 21)
(parent 6)
(unrealized)
(shape)
(maps
((0 1)
((pms pms) (k (pubk s)) (ca ca) (s s) (c c) (client_key (pubk c))
(ca-0 ca) (ns ns) (nc nc) (server_key (pubk s))
(client_key-0 (pubk c)) (server_name s) (client_name c)
(ns-0 ns) (nc-0 nc))))
(origs (pms (0 4))))
(defskeleton tls4
(vars (ns nc text) (s c ca name) (pms skey))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name s)
(client_name c) (pre_master_secret pms) (server_key (pubk s))
(client_key (pubk c)))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name s)
(client_name c) (pre_master_secret pms) (server_key (pubk s))
(client_key (pubk c)))
(defstrand certificate_auth 1 (subject_name s) (ca ca))
(defstrand certificate_auth 1 (subject_name c) (ca ca))
(defstrand certificate_auth 1 (subject_name s) (ca ca))
(precedes ((0 4) (1 4)) ((0 5) (1 5)) ((2 0) (1 2)) ((3 0) (0 3))
((3 0) (1 3)) ((4 0) (0 2)))
(non-orig (privk s) (privk c) (privk ca))
(uniq-orig pms)
(operation encryption-test (displaced 5 3 certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 3))
(traces
((send nc) (recv ns)
(recv
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(send (enc "client_version" pms (pubk s)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s)))
(privk ca)))
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca))) (enc "client_version" pms (pubk s))))
(privk c))))
((recv nc) (send ns)
(recv
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(recv (enc "client_version" pms (pubk s)))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s)))
(privk ca)))
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca))) (enc "client_version" pms (pubk s))))
(privk c))))
((send
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca)))))
((send
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))))
((send
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))))
(label 23)
(parent 6)
(unrealized)
(shape)
(maps
((0 1)
((pms pms) (k (pubk s)) (ca ca) (s s) (c c) (client_key (pubk c))
(ca-0 ca) (ns ns) (nc nc) (server_key (pubk s))
(client_key-0 (pubk c)) (server_name s) (client_name c)
(ns-0 ns) (nc-0 nc))))
(origs (pms (0 4))))
(defskeleton tls4
(vars (ns nc text) (s c ca name) (pms skey))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name s)
(client_name c) (pre_master_secret pms) (server_key (pubk s))
(client_key (pubk c)))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name s)
(client_name c) (pre_master_secret pms) (server_key (pubk s))
(client_key (pubk c)))
(defstrand certificate_auth 1 (subject_name s) (ca ca))
(defstrand certificate_auth 1 (subject_name c) (ca ca))
(defstrand certificate_auth 1 (subject_name s) (ca ca))
(defstrand certificate_auth 1 (subject_name c) (ca ca))
(precedes ((0 4) (1 4)) ((0 5) (1 5)) ((2 0) (1 2)) ((3 0) (1 3))
((4 0) (0 2)) ((5 0) (0 3)))
(non-orig (privk s) (privk c) (privk ca))
(uniq-orig pms)
(operation encryption-test (added-strand certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)) (0 3))
(traces
((send nc) (recv ns)
(recv
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(send (enc "client_version" pms (pubk s)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s)))
(privk ca)))
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca))) (enc "client_version" pms (pubk s))))
(privk c))))
((recv nc) (send ns)
(recv
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca))))
(recv
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))
(recv (enc "client_version" pms (pubk s)))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s)))
(privk ca)))
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c)))
(privk ca))) (enc "client_version" pms (pubk s))))
(privk c))))
((send
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca)))))
((send
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca)))))
((send
(cat s (pubk s)
(enc (enc "hash_zero" (cat "cert" s (pubk s))) (privk ca)))))
((send
(cat c (pubk c)
(enc (enc "hash_zero" (cat "cert" c (pubk c))) (privk ca))))))
(label 24)
(parent 6)
(unrealized)
(shape)
(maps
((0 1)
((pms pms) (k (pubk s)) (ca ca) (s s) (c c) (client_key (pubk c))
(ca-0 ca) (ns ns) (nc nc) (server_key (pubk s))
(client_key-0 (pubk c)) (server_name s) (client_name c)
(ns-0 ns) (nc-0 nc))))
(origs (pms (0 4))))
Tree 25.
(defprotocol tls4 basic
(defrole client
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name) (ns nc text))
(trace (send nc) (recv ns)
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(send (enc "client_version" pre_master_secret server_key))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole server
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name) (ns nc text))
(trace (recv nc) (send ns)
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(recv (enc "client_version" pre_master_secret server_key))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole certificate_auth
(vars (subject_name ca name))
(trace
(send
(cat subject_name (pubk subject_name)
(enc
(enc "hash_zero"
(cat "cert" subject_name (pubk subject_name)))
(privk ca)))))
(non-orig (privk subject_name))))
Item 25.
(defskeleton tls4
(vars (ns nc text) (ca server_name client_name name) (pms skey)
(k client_key akey))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms) (server_key k)
(client_key client_key))
(deflistener pms)
(non-orig (invk k) (privk ca))
(uniq-orig pms)
(comment "Confidentiality guarantees to server")
(traces
((recv nc) (send ns)
(recv
(cat server_name k
(enc (enc "hash_zero" (cat "cert" server_name k))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))) (recv (enc "client_version" pms k))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name k
(enc (enc "hash_zero" (cat "cert" server_name k))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))) (enc "client_version" pms k)))
(invk client_key)))) ((recv pms) (send pms)))
(label 25)
(unrealized (0 2) (0 3) (0 5))
(origs)
(comment "1 in cohort - 1 not yet seen"))
Tree 41.
(defprotocol tls4 basic
(defrole client
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name) (ns nc text))
(trace (send nc) (recv ns)
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(send (enc "client_version" pre_master_secret server_key))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole server
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name) (ns nc text))
(trace (recv nc) (send ns)
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(recv (enc "client_version" pre_master_secret server_key))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole certificate_auth
(vars (subject_name ca name))
(trace
(send
(cat subject_name (pubk subject_name)
(enc
(enc "hash_zero"
(cat "cert" subject_name (pubk subject_name)))
(privk ca)))))
(non-orig (privk subject_name))))
Item 41, Children: 47 48 52 53 55 56.
(defskeleton tls4
(vars (ns nc text) (ca server_name client_name name) (pms skey)
(k client_key akey))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms) (server_key k)
(client_key client_key))
(non-orig (invk k) (privk ca))
(uniq-orig pms)
(comment "Auth guarantees to server")
(traces
((recv nc) (send ns)
(recv
(cat server_name k
(enc (enc "hash_zero" (cat "cert" server_name k))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))) (recv (enc "client_version" pms k))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name k
(enc (enc "hash_zero" (cat "cert" server_name k))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))) (enc "client_version" pms k)))
(invk client_key)))))
(label 41)
(unrealized (0 2) (0 3) (0 5))
(origs)
(comment "1 in cohort - 1 not yet seen"))
(defskeleton tls4
(vars (ns nc text) (ca server_name name) (pms skey))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name server_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk server_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name server_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk server_name)))
(precedes ((1 0) (0 2)) ((1 0) (2 2)) ((2 4) (0 4)) ((2 5) (0 5)))
(non-orig (privk ca) (privk server_name))
(uniq-orig pms)
(operation encryption-test (displaced 3 1 certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)) (2 2))
(traces
((recv nc) (send ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk server_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send nc) (recv ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(send (enc "client_version" pms (pubk server_name)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk server_name)))))
(label 47)
(parent 41)
(unrealized)
(shape)
(maps
((0)
((pms pms) (k (pubk server_name)) (client_key (pubk server_name))
(ca ca) (server_name server_name) (client_name server_name)
(ns ns) (nc nc))))
(origs (pms (2 4))))
(defskeleton tls4
(vars (ns nc text) (ca server_name name) (pms skey))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name server_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk server_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name server_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk server_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(precedes ((1 0) (0 2)) ((2 4) (0 4)) ((2 5) (0 5)) ((3 0) (2 2)))
(non-orig (privk ca) (privk server_name))
(uniq-orig pms)
(operation encryption-test (added-strand certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)) (2 2))
(traces
((recv nc) (send ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk server_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send nc) (recv ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(send (enc "client_version" pms (pubk server_name)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk server_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca))))))
(label 48)
(parent 41)
(unrealized)
(shape)
(maps
((0)
((pms pms) (k (pubk server_name)) (client_key (pubk server_name))
(ca ca) (server_name server_name) (client_name server_name)
(ns ns) (nc nc))))
(origs (pms (2 4))))
(defskeleton tls4
(vars (ns nc text) (ca server_name client_name name) (pms skey))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(precedes ((1 0) (0 2)) ((1 0) (3 2)) ((2 0) (0 3)) ((2 0) (3 3))
((3 4) (0 4)) ((3 5) (0 5)))
(non-orig (privk ca) (privk server_name) (privk client_name))
(uniq-orig pms)
(operation encryption-test (displaced 4 2 certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)) (3 3))
(traces
((recv nc) (send ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)))))
((send nc) (recv ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(send (enc "client_version" pms (pubk server_name)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name)))))
(label 52)
(parent 41)
(unrealized)
(shape)
(maps
((0)
((pms pms) (k (pubk server_name)) (client_key (pubk client_name))
(ca ca) (server_name server_name) (client_name client_name)
(ns ns) (nc nc))))
(origs (pms (3 4))))
(defskeleton tls4
(vars (ns nc text) (ca server_name client_name name) (pms skey))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(precedes ((1 0) (0 2)) ((1 0) (3 2)) ((2 0) (0 3)) ((3 4) (0 4))
((3 5) (0 5)) ((4 0) (3 3)))
(non-orig (privk ca) (privk server_name) (privk client_name))
(uniq-orig pms)
(operation encryption-test (added-strand certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)) (3 3))
(traces
((recv nc) (send ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)))))
((send nc) (recv ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(send (enc "client_version" pms (pubk server_name)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca))))))
(label 53)
(parent 41)
(unrealized)
(shape)
(maps
((0)
((pms pms) (k (pubk server_name)) (client_key (pubk client_name))
(ca ca) (server_name server_name) (client_name client_name)
(ns ns) (nc nc))))
(origs (pms (3 4))))
(defskeleton tls4
(vars (ns nc text) (ca server_name client_name name) (pms skey))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(precedes ((1 0) (0 2)) ((2 0) (0 3)) ((2 0) (3 3)) ((3 4) (0 4))
((3 5) (0 5)) ((4 0) (3 2)))
(non-orig (privk ca) (privk server_name) (privk client_name))
(uniq-orig pms)
(operation encryption-test (displaced 5 2 certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)) (3 3))
(traces
((recv nc) (send ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)))))
((send nc) (recv ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(send (enc "client_version" pms (pubk server_name)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca))))))
(label 55)
(parent 41)
(unrealized)
(shape)
(maps
((0)
((pms pms) (k (pubk server_name)) (client_key (pubk client_name))
(ca ca) (server_name server_name) (client_name client_name)
(ns ns) (nc nc))))
(origs (pms (3 4))))
(defskeleton tls4
(vars (ns nc text) (ca server_name client_name name) (pms skey))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(precedes ((1 0) (0 2)) ((2 0) (0 3)) ((3 4) (0 4)) ((3 5) (0 5))
((4 0) (3 2)) ((5 0) (3 3)))
(non-orig (privk ca) (privk server_name) (privk client_name))
(uniq-orig pms)
(operation encryption-test (added-strand certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)) (3 3))
(traces
((recv nc) (send ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)))))
((send nc) (recv ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(send (enc "client_version" pms (pubk server_name)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca))))))
(label 56)
(parent 41)
(unrealized)
(shape)
(maps
((0)
((pms pms) (k (pubk server_name)) (client_key (pubk client_name))
(ca ca) (server_name server_name) (client_name client_name)
(ns ns) (nc nc))))
(origs (pms (3 4))))
Tree 57.
(defprotocol tls4 basic
(defrole client
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name) (ns nc text))
(trace (send nc) (recv ns)
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(send (enc "client_version" pre_master_secret server_key))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole server
(vars (pre_master_secret skey) (server_key client_key akey)
(ca server_name client_name name) (ns nc text))
(trace (recv nc) (send ns)
(recv
(cat server_name server_key
(enc (enc "hash_zero" (cat "cert" server_name server_key))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))))
(recv (enc "client_version" pre_master_secret server_key))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name server_key
(enc
(enc "hash_zero" (cat "cert" server_name server_key))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))
(enc "client_version" pre_master_secret server_key)))
(invk client_key))))
(non-orig (privk ca)))
(defrole certificate_auth
(vars (subject_name ca name))
(trace
(send
(cat subject_name (pubk subject_name)
(enc
(enc "hash_zero"
(cat "cert" subject_name (pubk subject_name)))
(privk ca)))))
(non-orig (privk subject_name))))
Item 57, Children: 74 75 92 93 95 96.
(defskeleton tls4
(vars (ns nc ns-0 nc-0 text)
(ca server_name client_name ca-0 server_name-0 client_name-0 name)
(pms skey) (k client_key server_key client_key-0 akey))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms) (server_key k)
(client_key client_key))
(defstrand server 6 (ns ns-0) (nc nc-0) (ca ca-0)
(server_name server_name-0) (client_name client_name-0)
(pre_master_secret pms) (server_key server_key)
(client_key client_key-0))
(non-orig (invk k) (privk ca) (privk ca-0))
(uniq-orig ns pms)
(comment "Session property?")
(traces
((recv nc) (send ns)
(recv
(cat server_name k
(enc (enc "hash_zero" (cat "cert" server_name k))
(privk ca))))
(recv
(cat client_name client_key
(enc (enc "hash_zero" (cat "cert" client_name client_key))
(privk ca)))) (recv (enc "client_version" pms k))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name k
(enc (enc "hash_zero" (cat "cert" server_name k))
(privk ca)))
(cat client_name client_key
(enc
(enc "hash_zero" (cat "cert" client_name client_key))
(privk ca))) (enc "client_version" pms k)))
(invk client_key))))
((recv nc-0) (send ns-0)
(recv
(cat server_name-0 server_key
(enc (enc "hash_zero" (cat "cert" server_name-0 server_key))
(privk ca-0))))
(recv
(cat client_name-0 client_key-0
(enc (enc "hash_zero" (cat "cert" client_name-0 client_key-0))
(privk ca-0)))) (recv (enc "client_version" pms server_key))
(recv
(enc nc-0 ns-0
(enc "hash_zero"
(cat
(cat server_name-0 server_key
(enc
(enc "hash_zero"
(cat "cert" server_name-0 server_key))
(privk ca-0)))
(cat client_name-0 client_key-0
(enc
(enc "hash_zero"
(cat "cert" client_name-0 client_key-0))
(privk ca-0))) (enc "client_version" pms server_key)))
(invk client_key-0)))))
(label 57)
(unrealized (0 2) (0 3) (0 5) (1 2) (1 3) (1 5))
(origs (ns (0 1)))
(comment "1 in cohort - 1 not yet seen"))
(defskeleton tls4
(vars (ns nc text) (ca server_name name) (pms skey))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name server_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk server_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name server_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk server_name)))
(precedes ((0 1) (2 1)) ((1 0) (0 2)) ((1 0) (2 2)) ((2 4) (0 4))
((2 5) (0 5)))
(non-orig (privk ca) (privk server_name))
(uniq-orig ns pms)
(operation encryption-test (displaced 3 1 certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)) (2 2))
(traces
((recv nc) (send ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk server_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send nc) (recv ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(send (enc "client_version" pms (pubk server_name)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk server_name)))))
(label 74)
(parent 57)
(unrealized)
(shape)
(maps
((0 0)
((pms pms) (k (pubk server_name)) (ns ns)
(client_key (pubk server_name)) (ca ca)
(server_name server_name) (client_name server_name) (nc nc)
(server_key (pubk server_name))
(client_key-0 (pubk server_name)) (ca-0 ca)
(server_name-0 server_name) (client_name-0 server_name)
(ns-0 ns) (nc-0 nc))))
(origs (pms (2 4)) (ns (0 1))))
(defskeleton tls4
(vars (ns nc text) (ca server_name name) (pms skey))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name server_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk server_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name server_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk server_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(precedes ((0 1) (2 1)) ((1 0) (0 2)) ((2 4) (0 4)) ((2 5) (0 5))
((3 0) (2 2)))
(non-orig (privk ca) (privk server_name))
(uniq-orig ns pms)
(operation encryption-test (added-strand certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)) (2 2))
(traces
((recv nc) (send ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk server_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send nc) (recv ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(send (enc "client_version" pms (pubk server_name)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk server_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca))))))
(label 75)
(parent 57)
(unrealized)
(shape)
(maps
((0 0)
((pms pms) (k (pubk server_name)) (ns ns)
(client_key (pubk server_name)) (ca ca)
(server_name server_name) (client_name server_name) (nc nc)
(server_key (pubk server_name))
(client_key-0 (pubk server_name)) (ca-0 ca)
(server_name-0 server_name) (client_name-0 server_name)
(ns-0 ns) (nc-0 nc))))
(origs (pms (2 4)) (ns (0 1))))
(defskeleton tls4
(vars (ns nc text) (ca server_name client_name name) (pms skey))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(precedes ((0 1) (3 1)) ((1 0) (0 2)) ((1 0) (3 2)) ((2 0) (0 3))
((2 0) (3 3)) ((3 4) (0 4)) ((3 5) (0 5)))
(non-orig (privk ca) (privk server_name) (privk client_name))
(uniq-orig ns pms)
(operation encryption-test (displaced 4 2 certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)) (3 3))
(traces
((recv nc) (send ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)))))
((send nc) (recv ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(send (enc "client_version" pms (pubk server_name)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name)))))
(label 92)
(parent 57)
(unrealized)
(shape)
(maps
((0 0)
((pms pms) (k (pubk server_name)) (ns ns)
(client_key (pubk client_name)) (ca ca)
(server_name server_name) (client_name client_name) (nc nc)
(server_key (pubk server_name))
(client_key-0 (pubk client_name)) (ca-0 ca)
(server_name-0 server_name) (client_name-0 client_name)
(ns-0 ns) (nc-0 nc))))
(origs (pms (3 4)) (ns (0 1))))
(defskeleton tls4
(vars (ns nc text) (ca server_name client_name name) (pms skey))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(precedes ((0 1) (3 1)) ((1 0) (0 2)) ((1 0) (3 2)) ((2 0) (0 3))
((3 4) (0 4)) ((3 5) (0 5)) ((4 0) (3 3)))
(non-orig (privk ca) (privk server_name) (privk client_name))
(uniq-orig ns pms)
(operation encryption-test (added-strand certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)) (3 3))
(traces
((recv nc) (send ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)))))
((send nc) (recv ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(send (enc "client_version" pms (pubk server_name)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca))))))
(label 93)
(parent 57)
(unrealized)
(shape)
(maps
((0 0)
((pms pms) (k (pubk server_name)) (ns ns)
(client_key (pubk client_name)) (ca ca)
(server_name server_name) (client_name client_name) (nc nc)
(server_key (pubk server_name))
(client_key-0 (pubk client_name)) (ca-0 ca)
(server_name-0 server_name) (client_name-0 client_name)
(ns-0 ns) (nc-0 nc))))
(origs (pms (3 4)) (ns (0 1))))
(defskeleton tls4
(vars (ns nc text) (ca server_name client_name name) (pms skey))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(precedes ((0 1) (3 1)) ((1 0) (0 2)) ((2 0) (0 3)) ((2 0) (3 3))
((3 4) (0 4)) ((3 5) (0 5)) ((4 0) (3 2)))
(non-orig (privk ca) (privk server_name) (privk client_name))
(uniq-orig ns pms)
(operation encryption-test (displaced 5 2 certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)) (3 3))
(traces
((recv nc) (send ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)))))
((send nc) (recv ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(send (enc "client_version" pms (pubk server_name)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca))))))
(label 95)
(parent 57)
(unrealized)
(shape)
(maps
((0 0)
((pms pms) (k (pubk server_name)) (ns ns)
(client_key (pubk client_name)) (ca ca)
(server_name server_name) (client_name client_name) (nc nc)
(server_key (pubk server_name))
(client_key-0 (pubk client_name)) (ca-0 ca)
(server_name-0 server_name) (client_name-0 client_name)
(ns-0 ns) (nc-0 nc))))
(origs (pms (3 4)) (ns (0 1))))
(defskeleton tls4
(vars (ns nc text) (ca server_name client_name name) (pms skey))
(defstrand server 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(defstrand client 6 (ns ns) (nc nc) (ca ca) (server_name server_name)
(client_name client_name) (pre_master_secret pms)
(server_key (pubk server_name)) (client_key (pubk client_name)))
(defstrand certificate_auth 1 (subject_name server_name) (ca ca))
(defstrand certificate_auth 1 (subject_name client_name) (ca ca))
(precedes ((0 1) (3 1)) ((1 0) (0 2)) ((2 0) (0 3)) ((3 4) (0 4))
((3 5) (0 5)) ((4 0) (3 2)) ((5 0) (3 3)))
(non-orig (privk ca) (privk server_name) (privk client_name))
(uniq-orig ns pms)
(operation encryption-test (added-strand certificate_auth 1)
(enc (enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)) (3 3))
(traces
((recv nc) (send ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(recv (enc "client_version" pms (pubk server_name)))
(recv
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca)))))
((send nc) (recv ns)
(recv
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name))) (privk ca))))
(recv
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name))) (privk ca))))
(send (enc "client_version" pms (pubk server_name)))
(send
(enc nc ns
(enc "hash_zero"
(cat
(cat server_name (pubk server_name)
(enc
(enc "hash_zero"
(cat "cert" server_name (pubk server_name)))
(privk ca)))
(cat client_name (pubk client_name)
(enc
(enc "hash_zero"
(cat "cert" client_name (pubk client_name)))
(privk ca)))
(enc "client_version" pms (pubk server_name))))
(privk client_name))))
((send
(cat server_name (pubk server_name)
(enc
(enc "hash_zero" (cat "cert" server_name (pubk server_name)))
(privk ca)))))
((send
(cat client_name (pubk client_name)
(enc
(enc "hash_zero" (cat "cert" client_name (pubk client_name)))
(privk ca))))))
(label 96)
(parent 57)
(unrealized)
(shape)
(maps
((0 0)
((pms pms) (k (pubk server_name)) (ns ns)
(client_key (pubk client_name)) (ca ca)
(server_name server_name) (client_name client_name) (nc nc)
(server_key (pubk server_name))
(client_key-0 (pubk client_name)) (ca-0 ca)
(server_name-0 server_name) (client_name-0 client_name)
(ns-0 ns) (nc-0 nc))))
(origs (pms (3 4)) (ns (0 1))))