├── protocols ├── manual ├── mscend.tex ├── copy-to-dest.sh ├── attackwindow.png ├── resultwindow.png ├── protocolwindow.png ├── mscstart.tex ├── preamble.tex ├── flow-simple.dot ├── scyther-manual.ilg ├── README.md ├── flow.dot └── macros.tex ├── dist ├── .gitignore └── releasescript ├── gui ├── .gitignore ├── Scyther │ ├── .gitignore │ ├── scyther-mac-arm │ └── __init__.py ├── test.py ├── scyther-manual.pdf ├── Images │ ├── scyther-gui-16.ico │ ├── scyther-gui-32.ico │ ├── scyther-gui-64.ico │ └── scyther-splash.png ├── combos-ike.sh ├── Protocols │ ├── MultiProtocolAttacks │ │ ├── new.txt │ │ ├── soph.spdl │ │ ├── wmf-brutus.spdl │ │ ├── nsl3.spdl │ │ ├── ns3.spdl │ │ ├── isoiec11770-2-13.spdl │ │ ├── BKE.spdl │ │ ├── woo-lam-pi-3.spdl │ │ ├── woo-lam-pi-2.spdl │ │ ├── woo-lam-pi-1.spdl │ │ ├── woo-lam-pi-f.spdl │ │ └── yahalom-ban-paulson.spdl │ ├── IKE │ │ ├── mpa │ │ │ └── README.txt │ │ ├── Makefile │ │ ├── pp.sh │ │ └── verify_all.sh │ ├── ISO-9798 │ │ ├── isoiec-9798-3-6-2.cpp │ │ ├── isoiec-9798-3-7-2.cpp │ │ ├── isoiec-9798-3-6-1.cpp │ │ ├── isoiec-9798-3-7-1.cpp │ │ ├── Makefile │ │ ├── isoiec-9798-3-1.spdl │ │ ├── isoiec-9798-2-1-udkey.spdl │ │ ├── isoiec-9798-4-1-udkey.spdl │ │ ├── isoiec-9798-3-2.spdl │ │ ├── isoiec-9798-2-2-udkey.spdl │ │ ├── isoiec-9798-4-2-udkey.spdl │ │ ├── isoiec-9798-3-3.spdl │ │ ├── isoiec-9798-4-3-udkey.spdl │ │ └── isoiec-9798-2-1.spdl │ ├── Demo │ │ ├── nsl3.spdl │ │ ├── ns3.spdl │ │ └── nsl3-broken.spdl │ ├── woo-lam-pi-2.spdl │ ├── woo-lam-pi-3.spdl │ ├── woo-lam-pi-1.spdl │ ├── woo-lam-pi-f.spdl │ ├── ccitt509-1c.spdl │ ├── woo-lam-pi.spdl │ ├── NotModelled.txt │ ├── ccitt509-1.spdl │ └── ccitt509-ban3.spdl ├── scyther-gui.rc ├── wiper.sh ├── precompute-ike.sh ├── nsl3-broken.spdl ├── Gui │ ├── __init__.py │ └── Version.py ├── ns3.spdl ├── nsl3.spdl ├── scyther-gui-venv.sh └── todo.txt ├── src ├── version.h ├── regression-tests │ ├── results │ │ ├── test-gui-mpa.spdl --timer=60 --plain.err │ │ ├── test-gui-nsl3.spdl --timer=60 --plain.err │ │ ├── test-src-ns3.spdl --timer=60 --plain.err │ │ ├── test-gui-nsl3-broken.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-andrew.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-kaochow.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-tmn.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-wmf.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-woo-lam.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-yahalom.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-Demo-ns3.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-Demo-nsl3.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-andrew-ban.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ccitt509-1.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ccitt509-1c.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ccitt509-3.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-kaochow-v2.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-kaochow-v3.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-neumannstub.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-smartright.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-splice-as-hc.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-splice-as.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-wmf-lowe.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-woo-lam-pi-1.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-woo-lam-pi-2.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-woo-lam-pi-3.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-woo-lam-pi-f.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-woo-lam-pi.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-yahalom-ban.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-yahalom-lowe.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-Demo-nsl3-broken.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-andrew-lowe-ban.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ccitt509-ban3.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-denning-sacco.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-needham-schroeder.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-neumannstub-hwang.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-yahalom-paulson.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-Demo-nsl3-updated-both.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-iso25-tag.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-andrew-ban-concrete.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-denning-sacco-lowe.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-needham-schroeder-lowe.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-neumannstub-guttman.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-1.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-2.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-3.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-4.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-1.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-2.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-3.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-4.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-5.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-6-1.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-6-2.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-7-1.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-7-2.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-4.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-needham-schroeder-sk-amend.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-neumannstub-guttman-hwang.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-neumannstub-keycompromise.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-1-udkey.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-2-udkey.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-3-udkey.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-4-udkey.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-1-udkey.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-2-udkey.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-3-udkey.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-4-udkey.spdl --timer=60 --plain.err │ │ ├── test-gui-mpa.spdl --timer=60 --plain.time │ │ ├── test-gui-nsl3.spdl --timer=60 --plain.time │ │ ├── test-src-ns3.spdl --timer=60 --plain.time │ │ ├── test-gui-nsl3-broken.spdl --timer=60 --plain.time │ │ ├── test-testing-ksl.spdl -r3 --timer=60 --plain.time │ │ ├── test-gui-Protocols-andrew.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-kaochow.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-tmn.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-wmf.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-yahalom.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-Demo-ns3.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-Demo-nsl3.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-andrew-ban.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ccitt509-1.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ccitt509-1c.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ccitt509-3.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-kaochow-v2.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-kaochow-v3.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-neumannstub.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-smartright.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-splice-as-hc.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-splice-as.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-wmf-lowe.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-woo-lam-pi-1.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-woo-lam-pi-2.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-woo-lam-pi-3.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-woo-lam-pi-f.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-woo-lam-pi.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-woo-lam.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-yahalom-ban.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-yahalom-lowe.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-Demo-nsl3-broken.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-andrew-lowe-ban.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ccitt509-ban3.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-denning-sacco.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-yahalom-paulson.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-Demo-nsl3-updated-both.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-iso25-tag.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-iso26-tag.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-andrew-ban-concrete.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-denning-sacco-lowe.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-needham-schroeder.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-neumannstub-guttman.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-neumannstub-hwang.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-1.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-2.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-3.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-4.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-5.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-6.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-1.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-2.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-3.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-4.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-5.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-6-1.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-6-2.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-7-1.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-7-2.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-1.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-2.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-3.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-4.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-needham-schroeder-lowe.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-needham-schroeder-sk-amend.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-neumannstub-guttman-hwang.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-neumannstub-keycompromise.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-1-udkey.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-2-udkey.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-3-udkey.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-4-udkey.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-1-udkey.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-2-udkey.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-3-udkey.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-4-udkey.spdl --timer=60 --plain.time │ │ ├── test-gui-Protocols-ccitt509-1.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-smartright.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-woo-lam-pi.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ccitt509-1c.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-woo-lam-pi-1.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-woo-lam-pi-2.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-woo-lam-pi-3.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-woo-lam-pi-f.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-neumannstub.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-neumannstub-guttman.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-iso26-tag.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-neumannstub-guttman-hwang.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-neumannstub-keycompromise.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-5.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-6.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-1.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-2.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-3.spdl --timer=60 --plain.err │ │ ├── test-gui-Protocols-ccitt509-ban3.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-wmf.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-tmn.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-1.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-2.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-1.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-2.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-1.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-2.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-woo-lam.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-wmf-lowe.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-yahalom.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-1-udkey.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-2-udkey.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-1-udkey.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-2-udkey.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-yahalom-ban.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-yahalom-lowe.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-andrew-lowe-ban.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-yahalom-paulson.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-andrew-ban-concrete.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-6-2.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-7-2.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-needham-schroeder-sk-amend.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-6-1.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-7-1.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-splice-as.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-andrew.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-kaochow.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-kaochow-v2.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-splice-as-hc.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ccitt509-3.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-kaochow-v3.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-denning-sacco.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-denning-sacco-lowe.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-neumannstub-hwang.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-Demo-ns3.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-needham-schroeder.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-Demo-nsl3.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-3.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-3.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-3.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-4.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-4.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-3-5.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-4.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-needham-schroeder-lowe.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-3-udkey.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-3-udkey.spdl --timer=60 --plain.out │ │ ├── test-gui-nsl3-broken.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-Demo-nsl3-broken.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-andrew-ban.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-4-udkey.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-4-4-udkey.spdl --timer=60 --plain.out │ │ ├── test-src-ns3.spdl --timer=60 --plain.out │ │ ├── test-gui-nsl3.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-5.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-isoiec-9798-2-6.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-iso25-tag.spdl --timer=60 --plain.out │ │ ├── test-gui-Protocols-ISO-9798-iso26-tag.spdl --timer=60 --plain.out │ │ ├── test-gui-mpa.spdl --timer=60 --plain.out │ │ └── test-gui-Protocols-Demo-nsl3-updated-both.spdl --timer=60 --plain.out │ └── Makefile ├── subbuild-unix-both.sh ├── .gitignore ├── count_trampolines.sh ├── reindent.sh ├── BuildMacArm.cmake ├── BuildMacIntel.cmake ├── BuildMacArm-MacIntel.cmake ├── subbuild-unix-w32.sh ├── subbuild-mac-intel.sh ├── subbuild-mac-arm.sh ├── BuildUnix.cmake ├── build.sh ├── subbuild-unix-unix.sh ├── build-brutus.sh ├── build-debug.sh ├── Build-Win32.cmake ├── BuildUnix-Win32.cmake ├── FindFLEX.cmake ├── ns3.spdl ├── FindBISON.cmake ├── bool.h ├── dotout.h ├── prune_bounds.h ├── prune_theorems.h ├── tempfile.h ├── cost.h ├── compile.txt ├── timer.h ├── heuristic.h ├── debug.h ├── intruderknowledge.h ├── mymalloc.h ├── color.h └── pheading.h ├── commit-template ├── Makefile ├── scripts ├── loop-spdl.sh └── if2spdl │ ├── if2spdl.py │ ├── notes.txt │ └── misc.py ├── testing ├── simplest.spdl ├── README.txt ├── onetrace.spdl ├── carkey-broken-limited.spdl ├── carkey-ni.spdl ├── carkey-broken.spdl ├── helloworld.spdl ├── soph.spdl ├── carkey-ni2.spdl ├── five-run-bound.spdl ├── soph-keyexch.spdl ├── spdl-defaults.inc ├── localclaims.spdl ├── athena-breaker.spdl ├── samasc-broken.spdl ├── wmf-brutus.spdl ├── f4.spdl ├── f5.spdl ├── compositionality-examples │ ├── th-1.spdl │ ├── th-2.spdl │ ├── th-1seq2.spdl │ ├── th-1seq2-rename-ni.spdl │ └── th-1seq2-rename-nr.spdl ├── nsl3-nisynch-rep.spdl ├── nsl3.spdl ├── spdl-intruder.inc ├── 2r890-ex3-b.spdl ├── tmn.spdl ├── 2r890-ex3-a.spdl ├── andrew-lowe-ban.spdl ├── tmn-Gijs.spdl ├── bke-one.spdl ├── broken1.spdl ├── bke.spdl ├── andrew-ban.spdl ├── speedtest.spdl ├── woolam-pi-f.spdl ├── bke-broken.spdl ├── isoiec11770-2-13.spdl ├── yahalom-ban.spdl ├── ccitt509-ban.spdl ├── ns3-brutus.spdl ├── ns3.spdl ├── bke-variation.spdl ├── kaochow.spdl ├── ibe.spdl ├── boyd-nsl-fix.spdl ├── kaochow-palm.spdl ├── bkepk-ce2.spdl ├── kaochow-v2.spdl ├── yahalom-lowe.spdl ├── protocol-list.txt ├── unknown2.spdl ├── yahalom-paulson.spdl ├── bkepk-ce.spdl └── localclaims-breaker.spdl ├── .gitignore └── .github └── ISSUE_TEMPLATE ├── feature_request.md └── bug_report.md /protocols: -------------------------------------------------------------------------------- 1 | gui/Protocols -------------------------------------------------------------------------------- /manual/mscend.tex: -------------------------------------------------------------------------------- 1 | \end{document} 2 | 3 | -------------------------------------------------------------------------------- /dist/.gitignore: -------------------------------------------------------------------------------- 1 | scyther*.zip 2 | scyther*.tgz 3 | *.swp 4 | -------------------------------------------------------------------------------- /gui/.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | progressbar.py 3 | Cache 4 | Cache-OLD 5 | -------------------------------------------------------------------------------- /src/version.h: -------------------------------------------------------------------------------- 1 | #define TAGVERSION "b'v1.2-27-g9315549-dirty'" 2 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-mpa.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-nsl3.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-src-ns3.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /gui/Scyther/.gitignore: -------------------------------------------------------------------------------- 1 | scyther-mac 2 | scyther-linux 3 | scyther-w32.exe 4 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-nsl3-broken.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-andrew.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-kaochow.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-tmn.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-wmf.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-woo-lam.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-yahalom.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /gui/test.py: -------------------------------------------------------------------------------- 1 | import pathlib 2 | 3 | print(pathlib.Path(__file__)).parent.resolve() 4 | -------------------------------------------------------------------------------- /manual/copy-to-dest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cp scyther-manual.pdf ../gui/ 4 | 5 | 6 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-Demo-ns3.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-Demo-nsl3.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-andrew-ban.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ccitt509-1.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ccitt509-1c.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ccitt509-3.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-kaochow-v2.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-kaochow-v3.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-neumannstub.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-smartright.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-splice-as-hc.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-splice-as.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-wmf-lowe.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-woo-lam-pi-1.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-woo-lam-pi-2.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-woo-lam-pi-3.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-woo-lam-pi-f.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-woo-lam-pi.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-yahalom-ban.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-yahalom-lowe.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-Demo-nsl3-broken.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-andrew-lowe-ban.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ccitt509-ban3.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-denning-sacco.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-needham-schroeder.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-neumannstub-hwang.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-yahalom-paulson.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /commit-template: -------------------------------------------------------------------------------- 1 | BUGFIX: 2 | MPA: 3 | NEW: 4 | GUI: 5 | EFFICIENCY: 6 | CLEANUP: 7 | SPDL: 8 | 9 | -------------------------------------------------------------------------------- /gui/scyther-manual.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cascremers/scyther/HEAD/gui/scyther-manual.pdf -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-Demo-nsl3-updated-both.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-iso25-tag.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-andrew-ban-concrete.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-denning-sacco-lowe.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-needham-schroeder-lowe.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-neumannstub-guttman.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /manual/attackwindow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cascremers/scyther/HEAD/manual/attackwindow.png -------------------------------------------------------------------------------- /manual/resultwindow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cascremers/scyther/HEAD/manual/resultwindow.png -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-1.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-2.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-3.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-4.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-1.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-2.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-3.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-4.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-5.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-6-1.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-6-2.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-7-1.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-7-2.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-4.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-needham-schroeder-sk-amend.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-neumannstub-guttman-hwang.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-neumannstub-keycompromise.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /gui/Scyther/scyther-mac-arm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cascremers/scyther/HEAD/gui/Scyther/scyther-mac-arm -------------------------------------------------------------------------------- /manual/protocolwindow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cascremers/scyther/HEAD/manual/protocolwindow.png -------------------------------------------------------------------------------- /src/regression-tests/Makefile: -------------------------------------------------------------------------------- 1 | 2 | results: 3 | python3 ./regression-test.py 4 | 5 | .PHONY: results 6 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-1-udkey.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-2-udkey.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-3-udkey.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-4-udkey.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-1-udkey.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-2-udkey.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-3-udkey.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-4-udkey.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /gui/Images/scyther-gui-16.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cascremers/scyther/HEAD/gui/Images/scyther-gui-16.ico -------------------------------------------------------------------------------- /gui/Images/scyther-gui-32.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cascremers/scyther/HEAD/gui/Images/scyther-gui-32.ico -------------------------------------------------------------------------------- /gui/Images/scyther-gui-64.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cascremers/scyther/HEAD/gui/Images/scyther-gui-64.ico -------------------------------------------------------------------------------- /gui/Images/scyther-splash.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cascremers/scyther/HEAD/gui/Images/scyther-splash.png -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-mpa.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-nsl3.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-src-ns3.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-nsl3-broken.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-testing-ksl.spdl -r3 --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-andrew.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 10 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-kaochow.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 1 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-tmn.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-wmf.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-yahalom.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-Demo-ns3.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-Demo-nsl3.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-andrew-ban.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ccitt509-1.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ccitt509-1c.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ccitt509-3.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-kaochow-v2.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 3 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-kaochow-v3.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 60 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-neumannstub.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-smartright.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-splice-as-hc.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 4 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-splice-as.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 4 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-wmf-lowe.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-woo-lam-pi-1.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-woo-lam-pi-2.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-woo-lam-pi-3.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-woo-lam-pi-f.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-woo-lam-pi.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-woo-lam.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 23 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-yahalom-ban.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-yahalom-lowe.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-Demo-nsl3-broken.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-andrew-lowe-ban.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ccitt509-ban3.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-denning-sacco.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-yahalom-paulson.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-Demo-nsl3-updated-both.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-iso25-tag.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 2 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-iso26-tag.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 22 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-andrew-ban-concrete.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-denning-sacco-lowe.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-needham-schroeder.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 18 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-neumannstub-guttman.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-neumannstub-hwang.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 60 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-1.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-2.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-3.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-4.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-5.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 60 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-6.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 39 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-1.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-2.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-3.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-4.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-5.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-6-1.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 60 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-6-2.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 6 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-7-1.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 60 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-7-2.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 5 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-1.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-2.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-3.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-4.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-needham-schroeder-lowe.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 15 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-needham-schroeder-sk-amend.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 1 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-neumannstub-guttman-hwang.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-neumannstub-keycompromise.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /gui/combos-ike.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Individual data 4 | ./combos-ikev1.sh 5 | ./combos-ikev2.sh 6 | 7 | # And combine 8 | ./combos-ikev0.sh 9 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-1-udkey.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-2-udkey.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-3-udkey.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-4-udkey.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-1-udkey.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-2-udkey.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-3-udkey.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-4-udkey.spdl --timer=60 --plain.time: -------------------------------------------------------------------------------- 1 | Passed wall time in seconds: 2 | 0 3 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ccitt509-1.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim ccitt509-1,R Nisynch_3 - Ok [proof of correctness] 2 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-smartright.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim smartright,R Nisynch_R1 - Fail [at least 1 attack] 2 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-woo-lam-pi.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim woolamPi,R Nisynch_R1 - Fail [at least 4 attacks] 2 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ccitt509-1c.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim ccitt509-1c,R Nisynch_3 - Ok [proof of correctness] 2 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-woo-lam-pi-1.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim woolamPi-1,R Nisynch_R1 - Fail [at least 2 attacks] 2 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-woo-lam-pi-2.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim woolamPi-2,R Nisynch_R1 - Fail [at least 3 attacks] 2 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-woo-lam-pi-3.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim woolamPi-3,R Nisynch_R1 - Fail [at least 2 attacks] 2 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-woo-lam-pi-f.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim woolamPi-f,R Nisynch_R1 - Fail [at least 1 attack] 2 | -------------------------------------------------------------------------------- /gui/Protocols/MultiProtocolAttacks/new.txt: -------------------------------------------------------------------------------- 1 | denning-sacco-lowe.spdl 2 | wmf.spdl 3 | wmf-lowe.spdl 4 | andrew-ban-concrete.spdl 5 | yahalom-ban-paulson.spdl 6 | -------------------------------------------------------------------------------- /manual/mscstart.tex: -------------------------------------------------------------------------------- 1 | \documentclass{article} 2 | \usepackage{a4wide} 3 | \usepackage{msc} 4 | 5 | 6 | \input{preamble} 7 | \begin{document} 8 | \input{macros} 9 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-neumannstub.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | error: fresh terms [Kir] should be declared inside roles, on line 16. 2 | -------------------------------------------------------------------------------- /src/subbuild-unix-both.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ./subbuild-unix-unix.sh 4 | ./subbuild-unix-w32.sh 5 | 6 | echo 7 | echo "Built both Linux and w32 versions." 8 | -------------------------------------------------------------------------------- /gui/scyther-gui.rc: -------------------------------------------------------------------------------- 1 | wxicon icon Images/scyther-gui-64.ico 2 | wxicon icon Images/scyther-gui-32.ico 3 | wxicon icon Images/scyther-gui-16.ico 4 | #include "wx/msw/wx.rc" 5 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-neumannstub-guttman.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | error: fresh terms [Kir] should be declared inside roles, on line 19. 2 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-iso26-tag.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | warning: protocol @keysymm26 has empty role definitions for the roles: [B, P] 2 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-neumannstub-guttman-hwang.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | error: fresh terms [Kir] should be declared inside roles, on line 19. 2 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-neumannstub-keycompromise.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | error: fresh terms [Kir] should be declared inside roles, on line 19. 2 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-5.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | warning: protocol @keysymm25 has empty role definitions for the roles: [B, P] 2 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-6.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | warning: protocol @keysymm26 has empty role definitions for the roles: [B, P] 2 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-1.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | warning: protocol @keysymm-41 has empty role definitions for the roles: [B] 2 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-2.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | warning: protocol @keysymm-42 has empty role definitions for the roles: [B] 2 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-3.spdl --timer=60 --plain.err: -------------------------------------------------------------------------------- 1 | warning: protocol @keysymm-43 has empty role definitions for the roles: [B] 2 | -------------------------------------------------------------------------------- /gui/wiper.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Wipe Brutus artefacts. 4 | # 5 | # Run as 'watch -n 10 ./wiper.sh' 6 | 7 | find lsf.* -maxdepth 0 -amin +11 -print -delete 2>&1 8 | 9 | 10 | -------------------------------------------------------------------------------- /manual/preamble.tex: -------------------------------------------------------------------------------- 1 | \usepackage{fancybox} 2 | \usepackage{fancyvrb} 3 | \usepackage{syntax} 4 | \usepackage{url} 5 | \usepackage{graphicx} 6 | \usepackage{amsmath} 7 | \usepackage{xspace} 8 | -------------------------------------------------------------------------------- /src/.gitignore: -------------------------------------------------------------------------------- 1 | *.o 2 | *~ 3 | CMakeFiles 4 | CMakeCache.txt 5 | Makefile 6 | cmake_install.cmake 7 | parser.c 8 | parser.h 9 | scanner.c 10 | scyther-linux 11 | scyther-mac 12 | scyther-w32.exe 13 | -------------------------------------------------------------------------------- /gui/Protocols/IKE/mpa/README.txt: -------------------------------------------------------------------------------- 1 | This directory is filled by the script 2 | 3 | `../make-mpa.py` 4 | 5 | It takes the `.spdl` files from the `..` directory and prepares them for 6 | multi-protocol analysis. 7 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ccitt509-ban3.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim ccitt509-ban3,I Nisynch_4 - Ok [proof of correctness] 2 | claim ccitt509-ban3,R Nisynch_5 - Ok [proof of correctness] 3 | -------------------------------------------------------------------------------- /gui/Protocols/IKE/Makefile: -------------------------------------------------------------------------------- 1 | CPPSRC= $(wildcard *.cpp) 2 | DEST= $(CPPSRC:.cpp=.spdl) 3 | 4 | default: $(DEST) 5 | 6 | %.spdl: %.cpp 7 | cpp $< >$@ 8 | 9 | mpa: $(DEST) make-mpa.py 10 | ./make-mpa.py 11 | 12 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Make recurse into 'src' directory 2 | .PHONY: default clean manual 3 | 4 | default: 5 | cd src; ./build.sh 6 | 7 | manual: 8 | cd manual; make 9 | 10 | clean: 11 | cd src; make clean 12 | 13 | 14 | -------------------------------------------------------------------------------- /gui/precompute-ike.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ./batcher.sh -m 2 --all-types --self-communication ~/src/ikev2/pp-results/mpa/ikev1*.spdl 4 | ./batcher.sh -m 2 --all-types --self-communication ~/src/ikev2/pp-results/mpa/ikev2*.spdl 5 | 6 | -------------------------------------------------------------------------------- /scripts/loop-spdl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Script to iterate over all .spdl files 4 | # 5 | # Usage: 6 | # 7 | # loop-spdl.sh command_to_iterate 8 | # 9 | CMD=$* 10 | 11 | find .. -name '*.spdl' | xargs -n 1 $CMD 12 | 13 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-wmf.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim wmf,I Secret_I1 Kir Ok [no attack within bounds] 2 | claim wmf,R Secret_R1 Kir Ok [no attack within bounds] 3 | claim wmf,R Nisynch_R2 - Fail [at least 3 attacks] 4 | -------------------------------------------------------------------------------- /src/count_trampolines.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | TMP1="trampolines-raw.out" 4 | TMP2="trampolines.out" 5 | 6 | make clean ; make 2>$TMP1 7 | cat $TMP1 | grep "warning: trampoline" | sort -u > $TMP2 8 | cat $TMP2 9 | echo 10 | wc -l $TMP2 11 | 12 | -------------------------------------------------------------------------------- /src/reindent.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Indent any files ending in .c or .h 4 | # 5 | # Apparently unstable behaviour is possible; a stupid fix for my 6 | # concrete problem was to always run it twice. 7 | # 8 | indent *.c *.h 9 | indent *.c *.h 10 | 11 | -------------------------------------------------------------------------------- /testing/simplest.spdl: -------------------------------------------------------------------------------- 1 | 2 | secret k: Nonce; 3 | 4 | protocol simplest(I) 5 | { 6 | role I 7 | { 8 | var x: Nonce; 9 | fresh n: Nonce; 10 | 11 | recv_!1(I,I, x); 12 | send_!2(I,I, n, {n, x}k ); 13 | claim_3(I, Secret, n); 14 | } 15 | } 16 | 17 | -------------------------------------------------------------------------------- /scripts/if2spdl/if2spdl.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import If 4 | import Ifparser 5 | import Spdl 6 | 7 | def main(): 8 | protocol = Ifparser.fileParse("NSPK_LOWE.if") 9 | print(Spdl.generator(protocol)) 10 | 11 | if __name__ == "__main__": 12 | main() 13 | -------------------------------------------------------------------------------- /testing/README.txt: -------------------------------------------------------------------------------- 1 | 2 | The protocols in this directory are experimental and are not considered 3 | to be stable in any way. Therefore, they should not be used as reference 4 | models for experimenting with Scyther. Rather, use the protocols in 5 | [../gui/Protocols] . 6 | 7 | 8 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-tmn.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim tmn,I Secret_I1 Kr Fail [at least 4 attacks] 2 | claim tmn,I Nisynch_I2 - Fail [at least 2 attacks] 3 | claim tmn,R Secret_R1 Kr Fail [at least 2 attacks] 4 | claim tmn,R Nisynch_R2 - Fail [exactly 1 attack] 5 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-1.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-2-1,B Commit_B1 (A,TNA,Text1) Ok [no attack within bounds] 2 | claim isoiec-9798-2-1,B Alive_B2 - Ok [no attack within bounds] 3 | claim isoiec-9798-2-1,B Weakagree_B3 - Ok [no attack within bounds] 4 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-2.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-2-2,B Commit_B1 (A,RB,Text2) Ok [no attack within bounds] 2 | claim isoiec-9798-2-2,B Alive_B2 - Ok [no attack within bounds] 3 | claim isoiec-9798-2-2,B Weakagree_B3 - Ok [no attack within bounds] 4 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-1.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-3-1,B Commit_B1 (A,TNA,Text1) Ok [no attack within bounds] 2 | claim isoiec-9798-3-1,B Alive_B2 - Ok [no attack within bounds] 3 | claim isoiec-9798-3-1,B Weakagree_B3 - Ok [no attack within bounds] 4 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-2.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-3-2,B Commit_B1 (A,Ra,Rb,Text2) Ok [no attack within bounds] 2 | claim isoiec-9798-3-2,B Alive_B2 - Ok [no attack within bounds] 3 | claim isoiec-9798-3-2,B Weakagree_B3 - Ok [no attack within bounds] 4 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-1.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-4-1,B Commit_B1 (A,TNA,Text1) Ok [no attack within bounds] 2 | claim isoiec-9798-4-1,B Alive_B2 - Ok [no attack within bounds] 3 | claim isoiec-9798-4-1,B Weakagree_B3 - Ok [no attack within bounds] 4 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-2.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-4-2,B Commit_B1 (A,Rb,Text2) Ok [no attack within bounds] 2 | claim isoiec-9798-4-2,B Alive_B2 - Ok [no attack within bounds] 3 | claim isoiec-9798-4-2,B Weakagree_B3 - Ok [no attack within bounds] 4 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-woo-lam.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim woolam,I Secret_I1 Kir Ok [no attack within bounds] 2 | claim woolam,I Nisynch_I2 - Fail [at least 2 attacks] 3 | claim woolam,R Secret_R1 Kir Ok [no attack within bounds] 4 | claim woolam,R Nisynch_R2 - Fail [at least 2 attacks] 5 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | manual/msc-file.dvi 2 | manual/scyther-manual-draft.idx 3 | manual/scyther-manual-draft.pdf 4 | manual/scyther-manual.idx 5 | manual/scyther-manual.pdf 6 | manual/flow-simple.epsi 7 | manual/flow.epsi 8 | manual/msc-file.dvi 9 | manual/msc-ns.eps 10 | manual/msc-ns.pdf 11 | gui/.venv 12 | dist/scyther-* 13 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-wmf-lowe.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim wmf-Lowe,I Secret_I1 Kir Ok [no attack within bounds] 2 | claim wmf-Lowe,I Nisynch_I2 - Fail [at least 3 attacks] 3 | claim wmf-Lowe,R Secret_R1 Kir Ok [no attack within bounds] 4 | claim wmf-Lowe,R Nisynch_R2 - Fail [at least 3 attacks] 5 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-yahalom.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim yahalom,I Secret_I1 Kir Ok [no attack within bounds] 2 | claim yahalom,R Secret_R1 Kir Ok [no attack within bounds] 3 | claim yahalom,S Secret_S1 Ni Fail [at least 1 attack] 4 | claim yahalom,S Secret_S2 Nr Ok [no attack within bounds] 5 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-1-udkey.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-2-1-udkey,B Commit_B1 (A,TNA,Text1) Ok [no attack within bounds] 2 | claim isoiec-9798-2-1-udkey,B Alive_B2 - Ok [no attack within bounds] 3 | claim isoiec-9798-2-1-udkey,B Weakagree_B3 - Ok [no attack within bounds] 4 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-2-udkey.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-2-2-udkey,B Commit_B1 (A,RB,Text2) Ok [no attack within bounds] 2 | claim isoiec-9798-2-2-udkey,B Alive_B2 - Ok [no attack within bounds] 3 | claim isoiec-9798-2-2-udkey,B Weakagree_B3 - Ok [no attack within bounds] 4 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-1-udkey.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-4-1-udkey,B Commit_B1 (A,TNA,Text1) Ok [no attack within bounds] 2 | claim isoiec-9798-4-1-udkey,B Alive_B2 - Ok [no attack within bounds] 3 | claim isoiec-9798-4-1-udkey,B Weakagree_B3 - Ok [no attack within bounds] 4 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-2-udkey.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-4-2-udkey,B Commit_B1 (A,Rb,Text2) Ok [no attack within bounds] 2 | claim isoiec-9798-4-2-udkey,B Alive_B2 - Ok [no attack within bounds] 3 | claim isoiec-9798-4-2-udkey,B Weakagree_B3 - Ok [no attack within bounds] 4 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-yahalom-ban.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim yahalom-BAN,I Secret_I1 Kir Ok [no attack within bounds] 2 | claim yahalom-BAN,I Nisynch_I2 - Fail [at least 1 attack] 3 | claim yahalom-BAN,R Secret_R1 Kir Ok [no attack within bounds] 4 | claim yahalom-BAN,R Nisynch_R2 - Fail [at least 2 attacks] 5 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-yahalom-lowe.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim yahalom-Lowe,I Secret_I1 Kir Ok [proof of correctness] 2 | claim yahalom-Lowe,I Nisynch_I2 - Ok [proof of correctness] 3 | claim yahalom-Lowe,R Secret_R1 Kir Ok [proof of correctness] 4 | claim yahalom-Lowe,R Nisynch_R2 - Ok [proof of correctness] 5 | -------------------------------------------------------------------------------- /testing/onetrace.spdl: -------------------------------------------------------------------------------- 1 | usertype String; 2 | 3 | const Alice,Bob,Charlie: Agent; 4 | const Hallo: String; 5 | 6 | protocol onetrace(I) 7 | { 8 | role I 9 | { 10 | var input: String; 11 | 12 | recv_!1(I,I, input); 13 | send_!2(I,I, Hallo); 14 | recv_!3(I,I, input); 15 | claim_4(I, Secret, input); 16 | } 17 | } 18 | 19 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-andrew-lowe-ban.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim andrew-LoweBan,I Nisynch_I1 - Ok [proof of correctness] 2 | claim andrew-LoweBan,I Secret_I2 kir Ok [proof of correctness] 3 | claim andrew-LoweBan,R Nisynch_R1 - Ok [proof of correctness] 4 | claim andrew-LoweBan,R Secret_R2 kir Ok [proof of correctness] 5 | -------------------------------------------------------------------------------- /gui/Protocols/MultiProtocolAttacks/soph.spdl: -------------------------------------------------------------------------------- 1 | 2 | protocol soph(I,R) 3 | { 4 | role I 5 | { 6 | fresh ni: Nonce; 7 | 8 | send_1(I,R, {I,ni}pk(R) ); 9 | recv_2(R,I, ni ); 10 | claim_3(I,Niagree); 11 | } 12 | 13 | role R 14 | { 15 | var ni: Nonce; 16 | 17 | recv_1(I,R, {I,ni}pk(R) ); 18 | send_2(R,I, ni ); 19 | } 20 | } 21 | 22 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-yahalom-paulson.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim yahalom-Paulson,I Secret_I1 Kir Ok [no attack within bounds] 2 | claim yahalom-Paulson,I Nisynch_I2 - Fail [at least 1 attack] 3 | claim yahalom-Paulson,R Secret_R1 Kir Ok [no attack within bounds] 4 | claim yahalom-Paulson,R Nisynch_R2 - Fail [at least 1 attack] 5 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-andrew-ban-concrete.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim andrew-Concrete,I Secret_I1 kir Ok [no attack within bounds] 2 | claim andrew-Concrete,I Nisynch_I2 - Fail [at least 1 attack] 3 | claim andrew-Concrete,R Secret_R1 kir Ok [no attack within bounds] 4 | claim andrew-Concrete,R Nisynch_R2 - Fail [at least 1 attack] 5 | -------------------------------------------------------------------------------- /testing/carkey-broken-limited.spdl: -------------------------------------------------------------------------------- 1 | const pk: Function; 2 | secret sk: Function; 3 | inversekeys (pk,sk); 4 | 5 | protocol carkeybrokenlim(I,R) 6 | { 7 | role I 8 | { 9 | fresh ni: Nonce; 10 | 11 | send_1(I,R, I,R ); 12 | } 13 | 14 | role R 15 | { 16 | var ni: Nonce; 17 | 18 | recv_1(I,R, I,R ); 19 | claim_2(R,Nisynch); 20 | } 21 | } 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /testing/carkey-ni.spdl: -------------------------------------------------------------------------------- 1 | const pk: Function; 2 | secret sk: Function; 3 | inversekeys (pk,sk); 4 | 5 | protocol carkeyni(I,R) 6 | { 7 | role I 8 | { 9 | fresh ni: Nonce; 10 | 11 | send_1(I,R, {R,ni}sk(I) ); 12 | } 13 | 14 | role R 15 | { 16 | var ni: Nonce; 17 | 18 | recv_1(I,R, {R,ni}sk(I) ); 19 | claim_2(R,Nisynch); 20 | } 21 | } 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /testing/carkey-broken.spdl: -------------------------------------------------------------------------------- 1 | const pk: Function; 2 | secret sk: Function; 3 | inversekeys (pk,sk); 4 | 5 | protocol carkeybroken(I,R) 6 | { 7 | role I 8 | { 9 | fresh ni: Nonce; 10 | 11 | send_1(I,R, {ni}sk(I) ); 12 | } 13 | 14 | role R 15 | { 16 | var ni: Nonce; 17 | 18 | recv_1(I,R, {ni}sk(I) ); 19 | claim_2(R,Nisynch); 20 | } 21 | } 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /testing/helloworld.spdl: -------------------------------------------------------------------------------- 1 | usertype String, World; 2 | secret HelloWorld, k: String; 3 | 4 | protocol hw(initiator,world) 5 | { 6 | role initiator 7 | { 8 | send_1(initiator, world, HelloWorld); 9 | /* claim_2(initiator, Secret, HelloWorld); */ 10 | } 11 | } 12 | 13 | const Alice, Bob: Agent; 14 | const Earth, Mars: World; 15 | 16 | run hw.initiator(Agent,World); 17 | 18 | -------------------------------------------------------------------------------- /gui/Protocols/ISO-9798/isoiec-9798-3-6-2.cpp: -------------------------------------------------------------------------------- 1 | #define NAME isoiec-9798-3-6-2 2 | #define IA A 3 | #define IB B 4 | #define ResA A,pk(A) 5 | #define ResB B,pk(B) 6 | #define TokenAB Rpa,Text9,TokenTA,{Rb,Ra,B,A,Text8}sk(A) 7 | #define TokenBA Ra,Rb,Text3,{B,Ra,Rb,A,Text2}sk(B) 8 | #define TokenTA ResA,ResB,{Rpa,Rb,ResA,ResB,Text5}sk(T) 9 | 10 | #include "isoiec-9798-3-6.template" 11 | 12 | 13 | -------------------------------------------------------------------------------- /gui/Protocols/ISO-9798/isoiec-9798-3-7-2.cpp: -------------------------------------------------------------------------------- 1 | #define NAME isoiec-9798-3-7-2 2 | #define IA A 3 | #define IB B 4 | #define ResA A,pk(A) 5 | #define ResB B,pk(B) 6 | #define TokenAB Rpa,Text7,TokenTA,{Rb,Ra,B,A,Text6}sk(A) 7 | #define TokenBA Ra,Rb,Text9,{Ra,Rb,A,B,Text8}sk(B) 8 | #define TokenTA ResA,ResB,{Rpa,Rb,ResA,ResB,Text3}sk(T) 9 | 10 | #include "isoiec-9798-3-7.template" 11 | 12 | 13 | -------------------------------------------------------------------------------- /manual/flow-simple.dot: -------------------------------------------------------------------------------- 1 | digraph scytherflow { 2 | 3 | subgraph normal { 4 | 5 | spdl [label="protocol description",shape=box,]; 6 | scyther [shape=box,label="Scyther",style=bold,fontsize=18]; 7 | summary [label="text summary\nof the results",shape=box]; 8 | spdl -> scyther [style=bold,weight=10.0]; 9 | scyther -> summary [style=bold,weight=10.0]; 10 | 11 | } 12 | 13 | } 14 | -------------------------------------------------------------------------------- /manual/scyther-manual.ilg: -------------------------------------------------------------------------------- 1 | This is makeindex, version 2.16 [TeX Live 2022] (kpathsea + Thai support). 2 | Scanning input file scyther-manual.idx....done (122 entries accepted, 0 rejected). 3 | Sorting entries....done (900 comparisons). 4 | Generating output file scyther-manual.ind....done (181 lines written, 0 warnings). 5 | Output written in scyther-manual.ind. 6 | Transcript written in scyther-manual.ilg. 7 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-6-2.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-3-6-2,A Commit_A2 (B,Ra,Rb,Text2) Ok [no attack within bounds] 2 | claim isoiec-9798-3-6-2,A Alive_A3 - Ok [no attack within bounds] 3 | claim isoiec-9798-3-6-2,B Commit_B2 (A,Ra,Rb,Text8) Ok [no attack within bounds] 4 | claim isoiec-9798-3-6-2,B Alive_B3 - Ok [no attack within bounds] 5 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-7-2.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-3-7-2,A Commit_A2 (B,Ra,Rb,Text8) Ok [no attack within bounds] 2 | claim isoiec-9798-3-7-2,A Alive_A3 - Ok [no attack within bounds] 3 | claim isoiec-9798-3-7-2,B Commit_B2 (A,Ra,Rb,Text6) Ok [no attack within bounds] 4 | claim isoiec-9798-3-7-2,B Alive_B3 - Ok [no attack within bounds] 5 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-needham-schroeder-sk-amend.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim needhamschroedersk-amend,I Secret_I2 Kir Ok [no attack within bounds] 2 | claim needhamschroedersk-amend,I Nisynch_I3 - Fail [at least 1 attack] 3 | claim needhamschroedersk-amend,R Secret_R1 Nr Ok [no attack within bounds] 4 | claim needhamschroedersk-amend,R Nisynch_R3 - Fail [at least 1 attack] 5 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-6-1.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-3-6-1,A Commit_A2 (B,Ra,Rb,Text2) Ok [no attack within bounds] time=60 2 | claim isoiec-9798-3-6-1,A Alive_A3 - Ok [does not occur] time=60 3 | claim isoiec-9798-3-6-1,B Commit_B2 (A,Ra,Rb,Text8) Ok [does not occur] time=60 4 | claim isoiec-9798-3-6-1,B Alive_B3 - Ok [does not occur] time=60 5 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-7-1.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-3-7-1,A Commit_A2 (B,Ra,Rb,Text8) Ok [no attack within bounds] time=60 2 | claim isoiec-9798-3-7-1,A Alive_A3 - Ok [does not occur] time=60 3 | claim isoiec-9798-3-7-1,B Commit_B2 (A,Ra,Rb,Text6) Ok [does not occur] time=60 4 | claim isoiec-9798-3-7-1,B Alive_B3 - Ok [does not occur] time=60 5 | -------------------------------------------------------------------------------- /testing/soph.spdl: -------------------------------------------------------------------------------- 1 | const pk: Function; 2 | secret sk: Function; 3 | inversekeys (pk,sk); 4 | 5 | protocol soph(I,R) 6 | { 7 | role I 8 | { 9 | fresh ni: Nonce; 10 | 11 | send_1(I,R, {I,ni}pk(R) ); 12 | recv_2(R,I, ni ); 13 | claim_3(I,Niagree); 14 | } 15 | 16 | role R 17 | { 18 | var ni: Nonce; 19 | 20 | recv_1(I,R, {I,ni}pk(R) ); 21 | send_2(R,I, ni ); 22 | } 23 | } 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /gui/Protocols/ISO-9798/isoiec-9798-3-6-1.cpp: -------------------------------------------------------------------------------- 1 | #define NAME isoiec-9798-3-6-1 2 | #define IA A 3 | #define IB B 4 | #define ResA A,pk(A) 5 | #define ResB B,pk(B) 6 | #define TokenAB Text9,ResA,{Rb,ResA,Text5}sk(T),{Rb,Ra,B,A,Text8}sk(A) 7 | #define TokenBA Ra,Rb,Text3,{B,Ra,Rb,A,Text2}sk(B) 8 | #define TokenTA ResA,ResB,{Rpa,ResB,Text6}sk(T),{Rb,ResA,Text5}sk(T) 9 | 10 | #include "isoiec-9798-3-6.template" 11 | 12 | 13 | -------------------------------------------------------------------------------- /gui/Protocols/ISO-9798/isoiec-9798-3-7-1.cpp: -------------------------------------------------------------------------------- 1 | #define NAME isoiec-9798-3-7-1 2 | #define IA A 3 | #define IB B 4 | #define ResA A,pk(A) 5 | #define ResB B,pk(B) 6 | #define TokenAB Text7,Ra,ResA,{Rb,ResA,Text3}sk(T),{Rb,Ra,B,A,Text6}sk(A) 7 | #define TokenBA Ra,Rb,Text9,{A,Ra,Rb,B,Text8}sk(B) 8 | #define TokenTA ResA,ResB,{Rpa,ResB,Text4}sk(T),{Rb,ResA,Text3}sk(T) 9 | 10 | #include "isoiec-9798-3-7.template" 11 | 12 | 13 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-splice-as.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim spliceAS,I Secret_7 N2 Fail [at least 7 attacks] 2 | claim spliceAS,I Niagree_9 - Fail [at least 1 attack] 3 | claim spliceAS,I Nisynch_10 - Fail [at least 1 attack] 4 | claim spliceAS,R Secret_8 N2 Fail [at least 7 attacks] 5 | claim spliceAS,R Niagree_11 - Fail [at least 1 attack] 6 | claim spliceAS,R Nisynch_12 - Fail [at least 1 attack] 7 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-andrew.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim andrew,I Secret_I1 kir Ok [no attack within bounds] 2 | claim andrew,I Nisynch_I2 - Fail [at least 1 attack] 3 | claim andrew,I Niagree_I3 - Fail [at least 1 attack] 4 | claim andrew,R Secret_R1 kir Ok [no attack within bounds] 5 | claim andrew,R Nisynch_R2 - Ok [no attack within bounds] 6 | claim andrew,R Niagree_R3 - Ok [no attack within bounds] 7 | -------------------------------------------------------------------------------- /gui/Protocols/ISO-9798/Makefile: -------------------------------------------------------------------------------- 1 | 2 | outputs= isoiec-9798-3-6-1.spdl isoiec-9798-3-6-2.spdl \ 3 | isoiec-9798-3-7-1.spdl isoiec-9798-3-7-2.spdl 4 | 5 | all: $(outputs) 6 | 7 | isoiec-9798-3-6-%.spdl: isoiec-9798-3-6-%.cpp isoiec-9798-3-6.template 8 | cpp -C -P $< >$@ 9 | 10 | isoiec-9798-3-7-%.spdl: isoiec-9798-3-7-%.cpp isoiec-9798-3-7.template 11 | cpp -C -P $< >$@ 12 | 13 | clean: 14 | \rm -f $(outputs) 15 | 16 | 17 | -------------------------------------------------------------------------------- /manual/README.md: -------------------------------------------------------------------------------- 1 | # Scyther Manual Draft 2 | 3 | ## TODO 4 | 5 | ### Build process 6 | 7 | - Ensure manual build is triggered from root directory Makefile, ideally after checking for the dependencies. (Partially done: `make manual` from root dir works now.) 8 | 9 | ### To document 10 | 11 | - Add running/commit/agreement explanation with where to put the signals. 12 | - Relevant environment variables 13 | - All switches 14 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-kaochow.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim kaochow,I Nisynch_I1 - Fail [at least 2 attacks] 2 | claim kaochow,I Niagree_I2 - Fail [at least 2 attacks] 3 | claim kaochow,I Secret_I3 kir Ok [no attack within bounds] 4 | claim kaochow,R Nisynch_R1 - Fail [at least 2 attacks] 5 | claim kaochow,R Niagree_R2 - Fail [at least 2 attacks] 6 | claim kaochow,R Secret_R3 kir Ok [no attack within bounds] 7 | -------------------------------------------------------------------------------- /testing/carkey-ni2.spdl: -------------------------------------------------------------------------------- 1 | const pk: Function; 2 | secret sk: Function; 3 | inversekeys (pk,sk); 4 | 5 | protocol carkeyni2(I,R) 6 | { 7 | role I 8 | { 9 | fresh ni: Nonce; 10 | 11 | send_1(I,R, {R,ni}sk(I) ); 12 | send_2(I,R, {R,ni}sk(I) ); 13 | } 14 | 15 | role R 16 | { 17 | var ni: Nonce; 18 | 19 | recv_1(I,R, {R,ni}sk(I) ); 20 | recv_2(I,R, {R,ni}sk(I) ); 21 | claim_4(R,Nisynch); 22 | } 23 | } 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /testing/five-run-bound.spdl: -------------------------------------------------------------------------------- 1 | const pk: Function; 2 | secret sk: Function; 3 | inversekeys (pk,sk); 4 | 5 | protocol r5bound(I,R) 6 | { 7 | role R 8 | { 9 | var k1: Nonce; 10 | var ni: Nonce; 11 | fresh k2: Nonce; 12 | 13 | recv_!1 (I,R, ni ); 14 | send_!2 (R,I, { ni }sk(R) ); 15 | recv_!3 (I,R, {{{ {k1}pk(R) }sk(I)}sk(I)}sk(I) ); 16 | send_!4 (R,I, {k2}k1 ); 17 | 18 | claim_6 (R, Secret, k2); 19 | } 20 | } 21 | 22 | 23 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-kaochow-v2.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim kaochow-2,I Nisynch_I1 - Fail [at least 2 attacks] 2 | claim kaochow-2,I Niagree_I2 - Fail [at least 2 attacks] 3 | claim kaochow-2,I Secret_I3 kir Ok [no attack within bounds] 4 | claim kaochow-2,R Nisynch_R1 - Fail [at least 2 attacks] 5 | claim kaochow-2,R Niagree_R2 - Fail [at least 2 attacks] 6 | claim kaochow-2,R Secret_R3 kir Ok [no attack within bounds] 7 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-splice-as-hc.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim spliceAS-HC,I Secret_7 N2 Fail [at least 7 attacks] 2 | claim spliceAS-HC,I Niagree_9 - Fail [at least 1 attack] 3 | claim spliceAS-HC,I Nisynch_10 - Fail [at least 1 attack] 4 | claim spliceAS-HC,R Secret_8 N2 Fail [at least 7 attacks] 5 | claim spliceAS-HC,R Niagree_11 - Fail [at least 1 attack] 6 | claim spliceAS-HC,R Nisynch_12 - Fail [at least 1 attack] 7 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ccitt509-3.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim ccitt509-3,I Nisynch_I1 - Ok [proof of correctness] 2 | claim ccitt509-3,I Secret_I2 Ya Ok [proof of correctness] 3 | claim ccitt509-3,I Secret_I3 Yb Ok [proof of correctness] 4 | claim ccitt509-3,R Nisynch_R1 - Fail [at least 3 attacks] 5 | claim ccitt509-3,R Secret_R2 Ya Ok [no attack within bounds] 6 | claim ccitt509-3,R Secret_R3 Yb Ok [no attack within bounds] 7 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-kaochow-v3.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim kaochow-3,I Nisynch_I1 - Fail [at least 2 attacks] 2 | claim kaochow-3,I Niagree_I2 - Fail [at least 2 attacks] 3 | claim kaochow-3,I Secret_I3 kir Ok [no attack within bounds] 4 | claim kaochow-3,R Nisynch_R1 - Fail [at least 2 attacks] 5 | claim kaochow-3,R Niagree_R2 - Fail [at least 2 attacks] 6 | claim kaochow-3,R Secret_R3 kir Ok [no attack within bounds] time=60 7 | -------------------------------------------------------------------------------- /gui/Protocols/IKE/pp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | FILES="$*" 4 | EXT="pp" 5 | #OUT=. 6 | OUT=pp-results 7 | 8 | if [ -n "$FILES" ]; then 9 | for file in $FILES; 10 | do 11 | if [ "$file" = "*.$EXT.*" ]; then 12 | echo "skipping $file" 13 | else 14 | echo "preprocessing $file" 15 | cpp $file | sed -e '/^(\#.*)*$/d' > $OUT/${file%%.*}.$EXT.spdl 16 | fi 17 | done 18 | else 19 | printf "Usage: %s: file...\n" $(basename $0) >&2 20 | exit 1 21 | fi 22 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-denning-sacco.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim denningSacco,I Niagree_I1 - Ok [no attack within bounds] 2 | claim denningSacco,I Nisynch_I2 - Fail [at least 1 attack] 3 | claim denningSacco,I Secret_I3 Kir Ok [no attack within bounds] 4 | claim denningSacco,R Niagree_R1 - Ok [no attack within bounds] 5 | claim denningSacco,R Nisynch_R2 - Fail [at least 1 attack] 6 | claim denningSacco,R Secret_R3 Kir Ok [no attack within bounds] 7 | -------------------------------------------------------------------------------- /src/BuildMacArm.cmake: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # Name: BuildMacArm.cmake 3 | # Purpose: Build MacArm binary 4 | # Author: Sam Jakob M. 5 | ################################################################ 6 | 7 | message (STATUS "Building Apple Mac ARM (Apple Silicon) version") 8 | set (scythername "scyther-mac") 9 | add_executable (${scythername} ${Scyther_sources}) 10 | set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mmacosx-version-min=10.15") 11 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-denning-sacco-lowe.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim denningSacco-Lowe,I Niagree_I1 - Ok [no attack within bounds] 2 | claim denningSacco-Lowe,I Nisynch_I2 - Fail [at least 1 attack] 3 | claim denningSacco-Lowe,I SKR_I3 Kir Ok [no attack within bounds] 4 | claim denningSacco-Lowe,R Niagree_R1 - Ok [no attack within bounds] 5 | claim denningSacco-Lowe,R Nisynch_R2 - Fail [at least 1 attack] 6 | claim denningSacco-Lowe,R Secret_R3 Kir Ok [no attack within bounds] 7 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-neumannstub-hwang.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim neustub-Hwang,I Secret_I1 Kir Ok [no attack within bounds] time=60 2 | claim neustub-Hwang,I Niagree_I2 - Ok [does not occur] time=60 3 | claim neustub-Hwang,I Nisynch_I3 - Ok [does not occur] time=60 4 | claim neustub-Hwang,R Secret_R1 Kir Ok [no attack within bounds] time=60 5 | claim neustub-Hwang,R Niagree_R2 - Ok [does not occur] time=60 6 | claim neustub-Hwang,R Nisynch_R3 - Ok [does not occur] time=60 7 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-Demo-ns3.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim ns3,I Secret_i1 ni Ok [proof of correctness] 2 | claim ns3,I Secret_i2 nr Ok [proof of correctness] 3 | claim ns3,I Niagree_i3 - Ok [proof of correctness] 4 | claim ns3,I Nisynch_i4 - Ok [proof of correctness] 5 | claim ns3,R Secret_r1 ni Fail [at least 1 attack] 6 | claim ns3,R Secret_r2 nr Fail [at least 1 attack] 7 | claim ns3,R Niagree_r3 - Fail [at least 1 attack] 8 | claim ns3,R Nisynch_r4 - Fail [at least 1 attack] 9 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-needham-schroeder.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim needhamschroederpk,I Secret_I1 Ni Ok [no attack within bounds] 2 | claim needhamschroederpk,I Secret_I2 Nr Ok [no attack within bounds] 3 | claim needhamschroederpk,I Nisynch_I3 - Fail [at least 3 attacks] 4 | claim needhamschroederpk,R Secret_R1 Nr Fail [at least 7 attacks] 5 | claim needhamschroederpk,R Secret_R2 Ni Fail [at least 7 attacks] 6 | claim needhamschroederpk,R Nisynch_R3 - Fail [at least 3 attacks] 7 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-Demo-nsl3.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim nsl3,I Secret_i1 ni Ok [proof of correctness] 2 | claim nsl3,I Secret_i2 nr Ok [proof of correctness] 3 | claim nsl3,I Niagree_i3 - Ok [proof of correctness] 4 | claim nsl3,I Nisynch_i4 - Ok [proof of correctness] 5 | claim nsl3,R Secret_r1 ni Ok [proof of correctness] 6 | claim nsl3,R Secret_r2 nr Ok [proof of correctness] 7 | claim nsl3,R Niagree_r3 - Ok [proof of correctness] 8 | claim nsl3,R Nisynch_r4 - Ok [proof of correctness] 9 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-3.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-2-3,A Commit_A2 (B,TNB,Text3) Fail [at least 1 attack] 2 | claim isoiec-9798-2-3,A Alive_A3 - Ok [no attack within bounds] 3 | claim isoiec-9798-2-3,A Weakagree_A4 - Ok [no attack within bounds] 4 | claim isoiec-9798-2-3,B Commit_B2 (A,TNA,Text1) Fail [at least 4 attacks] 5 | claim isoiec-9798-2-3,B Alive_B3 - Ok [no attack within bounds] 6 | claim isoiec-9798-2-3,B Weakagree_B4 - Ok [no attack within bounds] 7 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-3.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-3-3,A Commit_A2 (B,TNB,Text3) Fail [at least 6 attacks] 2 | claim isoiec-9798-3-3,A Alive_A3 - Ok [no attack within bounds] 3 | claim isoiec-9798-3-3,A Weakagree_A4 - Ok [no attack within bounds] 4 | claim isoiec-9798-3-3,B Commit_B2 (A,TNA,Text1) Fail [at least 3 attacks] 5 | claim isoiec-9798-3-3,B Alive_B3 - Ok [no attack within bounds] 6 | claim isoiec-9798-3-3,B Weakagree_B4 - Ok [no attack within bounds] 7 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-3.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-4-3,A Commit_A2 (B,TNb,Text3) Fail [at least 1 attack] 2 | claim isoiec-9798-4-3,A Alive_A3 - Ok [no attack within bounds] 3 | claim isoiec-9798-4-3,A Weakagree_A4 - Ok [no attack within bounds] 4 | claim isoiec-9798-4-3,B Commit_B2 (A,TNa,Text1) Fail [at least 4 attacks] 5 | claim isoiec-9798-4-3,B Alive_B3 - Ok [no attack within bounds] 6 | claim isoiec-9798-4-3,B Weakagree_B4 - Ok [no attack within bounds] 7 | -------------------------------------------------------------------------------- /src/BuildMacIntel.cmake: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # Name: BuildMacIntel.cmake 3 | # Purpose: Build MacIntel binary 4 | # Author: Cas Cremers 5 | ################################################################ 6 | 7 | message (STATUS "Building Apple Mac Intel version") 8 | set (scythername "scyther-mac") 9 | add_executable (${scythername} ${Scyther_sources}) 10 | set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mmacosx-version-min=10.6 -arch x86_64") 11 | set (CMAKE_OSX_ARCHITECTURES "x86_64") 12 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-4.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-2-4,A Commit_A2 (B,RA,RB,Text2,Text4) Ok [no attack within bounds] 2 | claim isoiec-9798-2-4,A Alive_A3 - Ok [no attack within bounds] 3 | claim isoiec-9798-2-4,A Weakagree_A4 - Ok [no attack within bounds] 4 | claim isoiec-9798-2-4,B Commit_B2 (A,RA,RB,Text2) Ok [no attack within bounds] 5 | claim isoiec-9798-2-4,B Alive_B3 - Ok [no attack within bounds] 6 | claim isoiec-9798-2-4,B Weakagree_B4 - Ok [no attack within bounds] 7 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-4.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-3-4,A Commit_A2 (B,RA,RB,Text2,Text4) Ok [no attack within bounds] 2 | claim isoiec-9798-3-4,A Alive_A3 - Ok [no attack within bounds] 3 | claim isoiec-9798-3-4,A Weakagree_A4 - Ok [no attack within bounds] 4 | claim isoiec-9798-3-4,B Commit_B2 (A,RA,RB,Text2) Ok [no attack within bounds] 5 | claim isoiec-9798-3-4,B Alive_B3 - Ok [no attack within bounds] 6 | claim isoiec-9798-3-4,B Weakagree_B4 - Ok [no attack within bounds] 7 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-3-5.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-3-5,A Commit_A2 (B,RA,RB,Text5) Ok [no attack within bounds] 2 | claim isoiec-9798-3-5,A Alive_A3 - Ok [no attack within bounds] 3 | claim isoiec-9798-3-5,A Weakagree_A4 - Ok [no attack within bounds] 4 | claim isoiec-9798-3-5,B Commit_B2 (A,RA,RB,Text3,Text5) Ok [no attack within bounds] 5 | claim isoiec-9798-3-5,B Alive_B3 - Ok [no attack within bounds] 6 | claim isoiec-9798-3-5,B Weakagree_B4 - Ok [no attack within bounds] 7 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-4.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-4-4,A Commit_A2 (B,Ra,Rb,Text2,Text4) Ok [no attack within bounds] 2 | claim isoiec-9798-4-4,A Alive_A3 - Ok [no attack within bounds] 3 | claim isoiec-9798-4-4,A Weakagree_A4 - Ok [no attack within bounds] 4 | claim isoiec-9798-4-4,B Commit_B2 (A,Ra,Rb,Text2) Ok [no attack within bounds] 5 | claim isoiec-9798-4-4,B Alive_B3 - Ok [no attack within bounds] 6 | claim isoiec-9798-4-4,B Weakagree_B4 - Ok [no attack within bounds] 7 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-needham-schroeder-lowe.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim needhamschroederpk-Lowe,I Secret_I1 Ni Ok [no attack within bounds] 2 | claim needhamschroederpk-Lowe,I Secret_I2 Nr Ok [no attack within bounds] 3 | claim needhamschroederpk-Lowe,I Nisynch_I3 - Fail [at least 3 attacks] 4 | claim needhamschroederpk-Lowe,R Secret_R1 Nr Ok [no attack within bounds] 5 | claim needhamschroederpk-Lowe,R Secret_R2 Ni Ok [no attack within bounds] 6 | claim needhamschroederpk-Lowe,R Nisynch_R3 - Fail [at least 3 attacks] 7 | -------------------------------------------------------------------------------- /src/BuildMacArm-MacIntel.cmake: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # Name: BuildMacIntel.cmake 3 | # Purpose: Build MacIntel binary 4 | # Author: Cas Cremers 5 | ################################################################ 6 | 7 | message (STATUS "Building Apple Mac Intel version (cross-compiling)") 8 | set (scythername "scyther-mac") 9 | add_executable (${scythername} ${Scyther_sources}) 10 | set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mmacosx-version-min=10.6 -arch x86_64") 11 | set (CMAKE_OSX_ARCHITECTURES "x86_64") 12 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-3-udkey.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-2-3-udkey,A Commit_A2 (B,TNB,Text3) Fail [at least 1 attack] 2 | claim isoiec-9798-2-3-udkey,A Alive_A3 - Ok [no attack within bounds] 3 | claim isoiec-9798-2-3-udkey,A Weakagree_A4 - Ok [no attack within bounds] 4 | claim isoiec-9798-2-3-udkey,B Commit_B2 (A,TNA,Text1) Fail [at least 3 attacks] 5 | claim isoiec-9798-2-3-udkey,B Alive_B3 - Ok [no attack within bounds] 6 | claim isoiec-9798-2-3-udkey,B Weakagree_B4 - Ok [no attack within bounds] 7 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-3-udkey.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-4-3-udkey,A Commit_A2 (B,TNb,Text3) Fail [at least 1 attack] 2 | claim isoiec-9798-4-3-udkey,A Alive_A3 - Ok [no attack within bounds] 3 | claim isoiec-9798-4-3-udkey,A Weakagree_A4 - Ok [no attack within bounds] 4 | claim isoiec-9798-4-3-udkey,B Commit_B2 (A,TNa,Text1) Fail [at least 3 attacks] 5 | claim isoiec-9798-4-3-udkey,B Alive_B3 - Ok [no attack within bounds] 6 | claim isoiec-9798-4-3-udkey,B Weakagree_B4 - Ok [no attack within bounds] 7 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-nsl3-broken.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim nsl3-broken,I Secret_i1 ni Fail [at least 1 attack] 2 | claim nsl3-broken,I Secret_i2 nr Fail [at least 1 attack] 3 | claim nsl3-broken,I Niagree_i3 - Fail [at least 1 attack] 4 | claim nsl3-broken,I Nisynch_i4 - Fail [at least 1 attack] 5 | claim nsl3-broken,R Secret_r1 ni Fail [at least 1 attack] 6 | claim nsl3-broken,R Secret_r2 nr Ok [proof of correctness] 7 | claim nsl3-broken,R Niagree_r3 - Ok [proof of correctness] 8 | claim nsl3-broken,R Nisynch_r4 - Ok [proof of correctness] 9 | -------------------------------------------------------------------------------- /src/subbuild-unix-w32.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | # Default flags 6 | CMFLAGS="-D CMAKE_BUILD_TYPE:STRING=Release" 7 | 8 | # Make for windows and linux 9 | cmake $CMFLAGS -D TARGETOS=Win32 . && make 10 | 11 | echo 12 | echo 13 | echo "---------------------------------------------------------" 14 | echo "Built the Windows binary" 15 | 16 | # Copy to the correct location 17 | cp scyther-w32.exe ../gui/Scyther/ 18 | 19 | echo Copied the file to the gui/Scyther directory 20 | echo "---------------------------------------------------------" 21 | 22 | -------------------------------------------------------------------------------- /gui/Protocols/MultiProtocolAttacks/wmf-brutus.spdl: -------------------------------------------------------------------------------- 1 | usertype SesKey, Server; 2 | 3 | /* Version from the Brutus reports 4 | */ 5 | 6 | protocol wmfbrutus(A,B,S) 7 | { 8 | role A 9 | { 10 | fresh kab : SesKey; 11 | 12 | send_1(A,S, A, { B,kab }k(A,S) ); 13 | } 14 | 15 | role B 16 | { 17 | var kab : SesKey; 18 | 19 | recv_2(S,B, { A, kab }k(B,S) ); 20 | 21 | claim_3(B, Secret,kab); 22 | } 23 | 24 | role S 25 | { 26 | var kab : SesKey; 27 | 28 | recv_1(A,S, A, { B,kab }k(A,S) ); 29 | send_2(S,B, { A, kab }k(B,S) ); 30 | } 31 | } 32 | 33 | -------------------------------------------------------------------------------- /src/subbuild-mac-intel.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | # Default flags 6 | CMFLAGS="-D CMAKE_BUILD_TYPE:STRING=Release" 7 | 8 | # Make for intel 9 | cmake $CMFLAGS -D TARGETOS=MacIntel . && make scyther-mac 10 | 11 | echo 12 | echo 13 | echo "---------------------------------------------------------" 14 | echo "Built the Mac intel binary" 15 | 16 | # Copy to the correct locations 17 | cp scyther-mac ../gui/Scyther/ 18 | 19 | echo Copied the files to their respective locations 20 | echo "---------------------------------------------------------" 21 | 22 | -------------------------------------------------------------------------------- /src/subbuild-mac-arm.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | # Default flags 6 | CMFLAGS="-D CMAKE_BUILD_TYPE:STRING=Release" 7 | 8 | # Make for intel 9 | cmake $CMFLAGS -D TARGETOS=MacArm . && make scyther-mac 10 | 11 | echo 12 | echo 13 | echo "---------------------------------------------------------" 14 | echo "Built the Mac ARM binary" 15 | 16 | # Copy to the correct locations 17 | cp scyther-mac ../gui/Scyther/scyther-mac-arm 18 | 19 | echo Copied the files to their respective locations 20 | echo "---------------------------------------------------------" 21 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-Demo-nsl3-broken.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim nsl3-broken,I Secret_i1 ni Fail [at least 1 attack] 2 | claim nsl3-broken,I Secret_i2 nr Fail [at least 1 attack] 3 | claim nsl3-broken,I Niagree_i3 - Fail [at least 1 attack] 4 | claim nsl3-broken,I Nisynch_i4 - Fail [at least 1 attack] 5 | claim nsl3-broken,R Secret_r1 ni Fail [at least 1 attack] 6 | claim nsl3-broken,R Secret_r2 nr Ok [proof of correctness] 7 | claim nsl3-broken,R Niagree_r3 - Ok [proof of correctness] 8 | claim nsl3-broken,R Nisynch_r4 - Ok [proof of correctness] 9 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-andrew-ban.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim andrew-Ban,I Nisynch_I1 - Ok [proof of correctness] 2 | claim andrew-Ban,I Niagree_I2 - Ok [proof of correctness] 3 | claim andrew-Ban,I Secret_I3 kir Ok [proof of correctness] 4 | claim andrew-Ban,I Secret_I4 k(I,R) Ok [proof of correctness] 5 | claim andrew-Ban,R Nisynch_R1 - Ok [proof of correctness] 6 | claim andrew-Ban,R Niagree_R2 - Ok [proof of correctness] 7 | claim andrew-Ban,R Secret_R3 kir Ok [proof of correctness] 8 | claim andrew-Ban,R Secret_R4 k(I,R) Ok [proof of correctness] 9 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-4-udkey.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-2-4-udkey,A Commit_A2 (B,RA,RB,Text2,Text4) Ok [no attack within bounds] 2 | claim isoiec-9798-2-4-udkey,A Alive_A3 - Ok [no attack within bounds] 3 | claim isoiec-9798-2-4-udkey,A Weakagree_A4 - Ok [no attack within bounds] 4 | claim isoiec-9798-2-4-udkey,B Commit_B2 (A,RA,RB,Text2) Ok [no attack within bounds] 5 | claim isoiec-9798-2-4-udkey,B Alive_B3 - Ok [no attack within bounds] 6 | claim isoiec-9798-2-4-udkey,B Weakagree_B4 - Ok [no attack within bounds] 7 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-4-4-udkey.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-4-4-udkey,A Commit_A2 (B,Ra,Rb,Text2,Text4) Ok [no attack within bounds] 2 | claim isoiec-9798-4-4-udkey,A Alive_A3 - Ok [no attack within bounds] 3 | claim isoiec-9798-4-4-udkey,A Weakagree_A4 - Ok [no attack within bounds] 4 | claim isoiec-9798-4-4-udkey,B Commit_B2 (A,Ra,Rb,Text2) Ok [no attack within bounds] 5 | claim isoiec-9798-4-4-udkey,B Alive_B3 - Ok [no attack within bounds] 6 | claim isoiec-9798-4-4-udkey,B Weakagree_B4 - Ok [no attack within bounds] 7 | -------------------------------------------------------------------------------- /src/BuildUnix.cmake: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # Name: BuildUnix.cmake 3 | # Purpose: Build Unix binary on self 4 | # Author: Cas Cremers 5 | ################################################################ 6 | 7 | # We call it linux, because that is what de-facto is the case. 8 | 9 | message (STATUS "Building Linux version") 10 | 11 | # Static where possible (i.e. only not on the APPLE) 12 | set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -static") 13 | 14 | set (scythername "scyther-linux") 15 | add_executable (${scythername} ${Scyther_sources}) 16 | 17 | -------------------------------------------------------------------------------- /testing/soph-keyexch.spdl: -------------------------------------------------------------------------------- 1 | usertype Sessionkey; 2 | const pk: Function; 3 | secret sk: Function; 4 | inversekeys (pk,sk); 5 | 6 | protocol sophkx(I,R) 7 | { 8 | role I 9 | { 10 | fresh ni: Nonce; 11 | fresh kir: Sessionkey; 12 | var nr: Nonce; 13 | 14 | send_1(I,R, ni, {I,kir}pk(R) ); 15 | recv_2(R,I, {ni}kir ); 16 | claim_4(I,Secret,kir); 17 | } 18 | 19 | role R 20 | { 21 | var ni: Nonce; 22 | var kir: Sessionkey; 23 | fresh nr: Nonce; 24 | 25 | recv_1(I,R, ni, {I,kir}pk(R) ); 26 | send_2(R,I, {ni}kir ); 27 | } 28 | } 29 | 30 | 31 | const ke: Sessionkey; 32 | 33 | -------------------------------------------------------------------------------- /testing/spdl-defaults.inc: -------------------------------------------------------------------------------- 1 | /* default includes */ 2 | 3 | /* asymmetric */ 4 | 5 | const pk,hash: Function; 6 | secret sk,unhash: Function; 7 | inversekeys (pk,sk); 8 | inversekeys (hash,unhash); 9 | 10 | 11 | /* symmetric */ 12 | 13 | usertype SessionKey; 14 | secret k: Function; 15 | 16 | /* agents */ 17 | 18 | const A,B,E: Agent; 19 | 20 | 21 | /* untrusted E */ 22 | 23 | untrusted E; 24 | compromised sk(E); 25 | const nE: Nonce; 26 | const kEE: SessionKey; 27 | 28 | compromised k(E,E); 29 | compromised k(E,A); 30 | compromised k(E,B); 31 | compromised k(A,E); 32 | compromised k(B,E); 33 | 34 | 35 | -------------------------------------------------------------------------------- /testing/localclaims.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Local claims 3 | */ 4 | 5 | // PKI infrastructure 6 | 7 | const pk: Function; 8 | secret sk: Function; 9 | inversekeys (pk,sk); 10 | 11 | // The protocol description 12 | 13 | protocol localclaims(I,R) 14 | { 15 | role I 16 | { 17 | fresh ni: Nonce; 18 | 19 | send_1(I,R, {ni}pk(R) ); 20 | 21 | claim_i1(I,Secret,ni); 22 | } 23 | 24 | role R 25 | { 26 | var ni: Nonce; 27 | 28 | recv_1(I,R, {ni}pk(R) ); 29 | 30 | claim_r1(R,Secret,ni); 31 | } 32 | } 33 | 34 | // The agents in the system 35 | 36 | 37 | // An untrusted agent, with leaked information 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /src/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Store version number in version.h 4 | ./describe-version.py 5 | 6 | # Different choice if on Darwin 7 | PLATFORM=`uname` 8 | echo "Platform: $PLATFORM" 9 | 10 | if [ "$PLATFORM" = "Darwin" ]; then 11 | ARCH=`arch` 12 | echo "Architecture: $ARCH" 13 | 14 | if [ "$ARCH" = "arm64" ]; then 15 | ./subbuild-mac-arm.sh 16 | else 17 | ./subbuild-mac-intel.sh 18 | fi 19 | else 20 | if [ "$PLATFORM" = "Linux" ]; then 21 | # Build linux version 22 | ./subbuild-unix-unix.sh 23 | else 24 | echo "I don't know platform $PLATFORM, so I won't do anything" 25 | fi 26 | fi 27 | 28 | -------------------------------------------------------------------------------- /testing/athena-breaker.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Athena breaker protocol 3 | */ 4 | 5 | // PKI infrastructure 6 | 7 | const pk: Function; 8 | secret sk: Function; 9 | inversekeys (pk,sk); 10 | 11 | // The protocol description 12 | 13 | protocol abreaker(I,R) 14 | { 15 | role I 16 | { 17 | fresh ni: Nonce; 18 | 19 | send_!1(I,R, {{I,ni}pk(R)}pk(R) ); 20 | 21 | claim_i1(I,Secret,ni); 22 | } 23 | 24 | role R 25 | { 26 | var T:Ticket; 27 | 28 | recv_!1(I,R, {T}pk(R) ); 29 | send_!2(R,I, T ); 30 | 31 | } 32 | } 33 | 34 | // The agents in the system 35 | 36 | 37 | // An untrusted agent, with leaked information 38 | 39 | 40 | -------------------------------------------------------------------------------- /testing/samasc-broken.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | Samasc broken 3 | */ 4 | 5 | usertype Key; 6 | 7 | const pk: Function; 8 | secret sk: Function; 9 | 10 | inversekeys (pk,sk); 11 | 12 | protocol samascbroken(I,R) 13 | { 14 | role R 15 | { 16 | fresh nr: Nonce; 17 | var kir: Key; 18 | 19 | recv_!1a (I,R, { kir,I }pk(R) ); 20 | send_!1b (R,I, {nr,R}pk(I) ); 21 | 22 | /* Commenting out these two lines yields an attack: */ 23 | recv_!2a (I,R, { nr }kir ); 24 | send_!2b (R,I, { I,R,nr }kir ); 25 | 26 | recv_!3 (I,R, { I,R }kir ); 27 | 28 | claim_4 (R, Secret, kir ); 29 | } 30 | } 31 | 32 | 33 | untrusted e; 34 | compromised sk(e); 35 | -------------------------------------------------------------------------------- /testing/wmf-brutus.spdl: -------------------------------------------------------------------------------- 1 | usertype SesKey, Server; 2 | secret fresh k : Function; 3 | 4 | /* Version from the Brutus reports 5 | */ 6 | 7 | protocol wmfbrutus(A,B,S) 8 | { 9 | role A 10 | { 11 | fresh kab : SesKey; 12 | 13 | send_1(A,S, A, { B,kab }k(A,S) ); 14 | } 15 | 16 | role B 17 | { 18 | var kab : SesKey; 19 | 20 | recv_2(S,B, { A, kab }k(B,S) ); 21 | 22 | claim_3(B, Secret,kab); 23 | } 24 | 25 | role S 26 | { 27 | var kab : SesKey; 28 | 29 | recv_1(A,S, A, { B,kab }k(A,S) ); 30 | send_2(S,B, { A, kab }k(B,S) ); 31 | } 32 | } 33 | 34 | const Alice, Bob, Eve: Agent; 35 | const Simon: Server; 36 | 37 | 38 | 39 | 40 | -------------------------------------------------------------------------------- /src/subbuild-unix-unix.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | # Default flags 6 | CMFLAGS="-D CMAKE_BUILD_TYPE:STRING=Release" 7 | 8 | # Make for linux 9 | cmake $CMFLAGS -D TARGETOS=Unix . && make 10 | 11 | echo 12 | echo 13 | echo "---------------------------------------------------------" 14 | echo "Built the Linux binary" 15 | 16 | # Copy to the correct location 17 | cp scyther-linux ../gui/Scyther/ 18 | 19 | # bonus... 20 | if [ -d ~/bin ] ; then 21 | cp scyther-linux ~/bin/ 22 | fi 23 | 24 | echo "Copied the file to the gui/Scyther directory and ~/bin (if present)" 25 | echo "---------------------------------------------------------" 26 | 27 | -------------------------------------------------------------------------------- /src/build-brutus.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Brutus-specific setup 4 | echo "If things don't work, try:" 5 | echo 6 | echo " module load cmake" 7 | echo " module load gcc" 8 | echo 9 | 10 | # Store version number in version.h 11 | ./describe-version.py 12 | 13 | # Default flags 14 | CMFLAGS="-D CMAKE_BUILD_TYPE:STRING=Release" 15 | 16 | # Make for windows and linux 17 | cmake $CMFLAGS -D TARGETOS=Unix . && make 18 | 19 | echo 20 | echo 21 | echo "---------------------------------------------------------" 22 | echo "Built the Linux binary for Brutus" 23 | 24 | # Copy to the correct locations 25 | cp scyther-linux ../gui/Scyther/ 26 | cp scyther-linux $HOME/bin/ 27 | 28 | -------------------------------------------------------------------------------- /testing/f4.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * f4.spdl 3 | * 4 | * Tailored protocol to show that any number of runs can be required to 5 | * find an attack. 6 | * 7 | * For this version, -m2 and -r4 are needed. 8 | * 9 | * April 2005, Cas Cremers 10 | */ 11 | 12 | const pk: Function; 13 | secret sk: Function; 14 | inversekeys (pk,sk); 15 | 16 | protocol f4(I,R) 17 | { 18 | role I 19 | { 20 | var nr: Nonce; 21 | 22 | recv_!1(R,I, nr ); 23 | send_!2(I,R, { nr }sk(I) ); 24 | recv_!3(R,I, {{{{ nr }sk(R)}sk(R)}sk(R)}sk(R) ); 25 | 26 | claim_i1(I,Reachable); 27 | } 28 | 29 | role R 30 | { 31 | fresh nr: Nonce; 32 | send_!1(R,I, nr ); 33 | } 34 | 35 | } 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /scripts/if2spdl/notes.txt: -------------------------------------------------------------------------------- 1 | Notes 2 | ----- 3 | 4 | Regarding the AVISPA IF report: 5 | 6 | - Messages do not seem to contain Varable' as an option, seems to be 7 | flaw in the BNF. 8 | - Authenticate has no parameters in it (only constants) 9 | STSecrecy 10 | matching_request 11 | 12 | Regarding translation: 13 | - Read/Send tuples with knowledge updates are horrible. 14 | Assuming a 1-1 mapping from after knowledge of step n with before 15 | knowledge of step n+1. 16 | - Public key status in role defs is that of a variable, possible fixes 17 | by substitutions from the scenario. That is plain ugly: scenario is 18 | needed to explain meaning of role definition. 19 | 20 | -------------------------------------------------------------------------------- /testing/f5.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * f5.spdl 3 | * 4 | * Tailored protocol to show that any number of runs can be required to 5 | * find an attack. 6 | * 7 | * For this version, -m2 and -r5 are needed. 8 | * 9 | * April 2005, Cas Cremers 10 | */ 11 | 12 | const pk: Function; 13 | secret sk: Function; 14 | inversekeys (pk,sk); 15 | 16 | protocol f5(I,R) 17 | { 18 | role I 19 | { 20 | var nr: Nonce; 21 | 22 | recv_!1(R,I, nr ); 23 | send_!2(I,R, { nr }sk(I) ); 24 | recv_!3(R,I, {{{{{ nr }sk(R)}sk(R)}sk(R)}sk(R)}sk(R) ); 25 | 26 | claim_i1(I,Reachable); 27 | } 28 | 29 | role R 30 | { 31 | fresh nr: Nonce; 32 | send_!1(R,I, nr ); 33 | } 34 | 35 | } 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /src/build-debug.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Store version number in version.h 4 | ./describe-version.py 5 | 6 | # Default flags 7 | CMFLAGS="-D CMAKE_BUILD_TYPE:STRING=Debug" 8 | 9 | # Make for linux 10 | cmake $CMFLAGS . && make 11 | 12 | echo 13 | echo 14 | echo "---------------------------------------------------------" 15 | echo "Built the Linux binary" 16 | 17 | # Copy to the correct location 18 | cp scyther-linux ../gui/Scyther/ 19 | 20 | # bonus... 21 | if [ -d ~/bin ] ; then 22 | cp scyther-linux ~/bin/ 23 | fi 24 | 25 | echo "Copied the file to the gui directory and \~/bin (if present)" 26 | echo "---------------------------------------------------------" 27 | 28 | -------------------------------------------------------------------------------- /testing/compositionality-examples/th-1.spdl: -------------------------------------------------------------------------------- 1 | const pk: Function; 2 | secret sk: Function; 3 | inversekeys (pk,sk); 4 | const P1; 5 | 6 | protocol nsl3th1(I,R) 7 | { 8 | role I 9 | { 10 | fresh ni: Nonce; 11 | var nr: Nonce; 12 | 13 | send_1(I,R, {P1,I,ni}pk(R) ); 14 | recv_1b(R,I, {nr}pk(I) ); 15 | recv_2(R,I, {P1,ni,nr,R}pk(I) ); 16 | send_3(I,R, {P1,nr}pk(R) ); 17 | 18 | claim_i(I,Nisynch); 19 | } 20 | 21 | role R 22 | { 23 | var ni: Nonce; 24 | fresh nr: Nonce; 25 | 26 | recv_1(I,R, {P1,I,ni}pk(R) ); 27 | send_1b(R,I, {nr}pk(I) ); 28 | send_2(R,I, {P1,ni,nr,R}pk(I) ); 29 | recv_3(I,R, {P1,nr}pk(R) ); 30 | 31 | claim_r(R,Nisynch); 32 | } 33 | } 34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /testing/compositionality-examples/th-2.spdl: -------------------------------------------------------------------------------- 1 | const pk: Function; 2 | secret sk: Function; 3 | inversekeys (pk,sk); 4 | const P2; 5 | 6 | protocol nsl3th2(I,R) 7 | { 8 | role I 9 | { 10 | fresh ni: Nonce; 11 | var nr: Nonce; 12 | 13 | send_1(I,R, {P2,I,ni}pk(R) ); 14 | recv_1b(R,I, {nr}pk(I) ); 15 | recv_2(R,I, {P2,ni,nr,R}pk(I) ); 16 | send_3(I,R, {P2,nr}pk(R) ); 17 | 18 | claim_i(I,Nisynch); 19 | } 20 | 21 | role R 22 | { 23 | var ni: Nonce; 24 | fresh nr: Nonce; 25 | 26 | recv_1(I,R, {P2,I,ni}pk(R) ); 27 | send_1b(R,I, {nr}pk(I) ); 28 | send_2(R,I, {P2,ni,nr,R}pk(I) ); 29 | recv_3(I,R, {P2,nr}pk(R) ); 30 | 31 | claim_r(R,Nisynch); 32 | } 33 | } 34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /testing/nsl3-nisynch-rep.spdl: -------------------------------------------------------------------------------- 1 | const pk: Function; 2 | secret sk: Function; 3 | inversekeys (pk,sk); 4 | 5 | protocol nsl3rep(I,R) 6 | { 7 | role I 8 | { 9 | fresh ni: Nonce; 10 | var nr: Nonce; 11 | 12 | send_1(I,R, {I,ni}pk(R) ); 13 | send_6(I,R, {I,ni}pk(R) ); 14 | recv_2(R,I, {ni,nr,R}pk(I) ); 15 | send_3(I,R, {nr}pk(R) ); 16 | claim_4(I,Niagree); 17 | claim_7(I,Nisynch); 18 | } 19 | 20 | role R 21 | { 22 | var ni: Nonce; 23 | fresh nr: Nonce; 24 | 25 | recv_1(I,R, {I,ni}pk(R) ); 26 | recv_6(I,R, {I,ni}pk(R) ); 27 | send_2(R,I, {ni,nr,R}pk(I) ); 28 | recv_3(I,R, {nr}pk(R) ); 29 | claim_5(R,Niagree); 30 | claim_8(R,Nisynch); 31 | } 32 | } 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /gui/Protocols/ISO-9798/isoiec-9798-3-1.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Modeled from ISO/IEC 9798 3 | * Modeler: Cas Cremers, Dec. 2010 4 | * 5 | * signature 6 | * one-pass 7 | * unilateral 8 | */ 9 | const Cert: Function; 10 | 11 | protocol isoiec-9798-3-1(A,B) 12 | { 13 | role A 14 | { 15 | fresh TNA: Nonce; 16 | fresh Text1,Text2: Ticket; 17 | 18 | claim(A,Running,B,TNA,Text1); 19 | send_1(A,B, Cert(A),TNA,B,Text2, { TNA, B, Text1 }sk(A) ); 20 | } 21 | role B 22 | { 23 | var TNA: Nonce; 24 | var Text1,Text2: Ticket; 25 | 26 | recv_1(A,B, Cert(A),TNA,B,Text2, { TNA, B, Text1 }sk(A) ); 27 | 28 | claim(B,Commit,A,TNA,Text1); 29 | claim(B,Alive); 30 | claim(B,Weakagree); 31 | } 32 | } 33 | 34 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /scripts/if2spdl/misc.py: -------------------------------------------------------------------------------- 1 | # 2 | # misc.py 3 | # Various helper functions 4 | 5 | def confirm(question): 6 | answer = '' 7 | while answer not in ('y','n'): 8 | print(question, end=' ') 9 | answer = input().lower() 10 | return answer == 'y' 11 | 12 | def exists(func,list): 13 | return len(list(filter(func,list))) > 0 14 | 15 | def forall(func,list): 16 | return len(list(filter(func,list))) == len(list) 17 | 18 | def uniq(li): 19 | result = [] 20 | for elem in li: 21 | if (not elem in result): 22 | result.append(elem) 23 | return result 24 | 25 | # Return a sorted copy of a list 26 | def sorted(li): 27 | result = li[:] 28 | result.sort() 29 | return result -------------------------------------------------------------------------------- /testing/nsl3.spdl: -------------------------------------------------------------------------------- 1 | const pk: Function; 2 | secret sk: Function; 3 | inversekeys (pk,sk); 4 | 5 | protocol nsl3(I,R) 6 | { 7 | role I 8 | { 9 | fresh ni: Nonce; 10 | var nr: Nonce; 11 | 12 | send_1(I,R, {I,ni}pk(R) ); 13 | recv_2(R,I, {ni,nr,R}pk(I) ); 14 | send_3(I,R, {nr}pk(R) ); 15 | 16 | claim_i1(I,Secret,ni); 17 | claim_i2(I,Secret,nr); 18 | claim_i3(I,Niagree); 19 | claim_i4(I,Nisynch); 20 | } 21 | 22 | role R 23 | { 24 | var ni: Nonce; 25 | fresh nr: Nonce; 26 | 27 | recv_1(I,R, {I,ni}pk(R) ); 28 | send_2(R,I, {ni,nr,R}pk(I) ); 29 | recv_3(I,R, {nr}pk(R) ); 30 | 31 | claim_r1(R,Secret,ni); 32 | claim_r2(R,Secret,nr); 33 | claim_r3(R,Niagree); 34 | claim_r4(R,Nisynch); 35 | } 36 | } 37 | 38 | 39 | 40 | -------------------------------------------------------------------------------- /gui/Protocols/Demo/nsl3.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Needham-Schroeder-Lowe protocol 3 | */ 4 | 5 | // The protocol description 6 | 7 | protocol nsl3(I,R) 8 | { 9 | role I 10 | { 11 | fresh ni: Nonce; 12 | var nr: Nonce; 13 | 14 | send_1(I,R, {I,ni}pk(R) ); 15 | recv_2(R,I, {ni,nr,R}pk(I) ); 16 | send_3(I,R, {nr}pk(R) ); 17 | 18 | claim_i1(I,Secret,ni); 19 | claim_i2(I,Secret,nr); 20 | claim_i3(I,Niagree); 21 | claim_i4(I,Nisynch); 22 | } 23 | 24 | role R 25 | { 26 | var ni: Nonce; 27 | fresh nr: Nonce; 28 | 29 | recv_1(I,R, {I,ni}pk(R) ); 30 | send_2(R,I, {ni,nr,R}pk(I) ); 31 | recv_3(I,R, {nr}pk(R) ); 32 | 33 | claim_r1(R,Secret,ni); 34 | claim_r2(R,Secret,nr); 35 | claim_r3(R,Niagree); 36 | claim_r4(R,Nisynch); 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /gui/Protocols/Demo/ns3.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Needham-Schroeder protocol 3 | */ 4 | 5 | // The protocol description 6 | 7 | protocol ns3(I,R) 8 | { 9 | role I 10 | { 11 | fresh ni: Nonce; 12 | var nr: Nonce; 13 | 14 | send_1(I,R, {I,ni}pk(R) ); 15 | recv_2(R,I, {ni,nr}pk(I) ); 16 | send_3(I,R, {nr}pk(R) ); 17 | 18 | claim_i1(I,Secret,ni); 19 | claim_i2(I,Secret,nr); 20 | claim_i3(I,Niagree); 21 | claim_i4(I,Nisynch); 22 | } 23 | 24 | role R 25 | { 26 | var ni: Nonce; 27 | fresh nr: Nonce; 28 | 29 | recv_1(I,R, {I,ni}pk(R) ); 30 | send_2(R,I, {ni,nr}pk(I) ); 31 | recv_3(I,R, {nr}pk(R) ); 32 | 33 | claim_r1(R,Secret,ni); 34 | claim_r2(R,Secret,nr); 35 | claim_r3(R,Niagree); 36 | claim_r4(R,Nisynch); 37 | } 38 | } 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /testing/spdl-intruder.inc: -------------------------------------------------------------------------------- 1 | 2 | 3 | protocol myintruder (encr,decr,tupl,proj,m0) 4 | { 5 | role encr 6 | { 7 | var R,X,Y: Ticket; 8 | 9 | read_e1 (R,encr, X); 10 | read_e2 (R,encr, Y); 11 | send_e3 (encr,R, {X}Y ); 12 | } 13 | 14 | role decr 15 | { 16 | var R,X: Ticket; 17 | 18 | read_d1 (R,decr, {X}pk(E)); 19 | send_d2 (decr,R, X ); 20 | } 21 | 22 | role tupl 23 | { 24 | var R,X,Y: Ticket; 25 | 26 | read_t1 (R,tupl, X); 27 | read_t2 (R,tupl, Y); 28 | send_t3 (tupl,R, X,Y ); 29 | } 30 | 31 | role proj 32 | { 33 | var R,X,Y: Ticket; 34 | 35 | read_p1 (R,proj, X,Y ); 36 | send_p2 (proj,R, X ); 37 | send_p3 (proj,R, Y ); 38 | } 39 | 40 | singular role m0 41 | { 42 | send_m0 (m0,m0, pk, pk(A), pk(B), nE, sk(E), E); 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /gui/Protocols/MultiProtocolAttacks/nsl3.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Needham-Schroeder-Lowe protocol 3 | */ 4 | 5 | // The protocol description 6 | 7 | protocol nsl3(I,R) 8 | { 9 | role I 10 | { 11 | fresh ni: Nonce; 12 | var nr: Nonce; 13 | 14 | send_1(I,R, {ni,I}pk(R) ); 15 | recv_2(R,I, {ni,nr,R}pk(I) ); 16 | send_3(I,R, {nr}pk(R) ); 17 | 18 | claim_i1(I,Secret,ni); 19 | claim_i2(I,Secret,nr); 20 | claim_i3(I,Niagree); 21 | claim_i4(I,Nisynch); 22 | } 23 | 24 | role R 25 | { 26 | var ni: Nonce; 27 | fresh nr: Nonce; 28 | 29 | recv_1(I,R, {ni,I}pk(R) ); 30 | send_2(R,I, {ni,nr,R}pk(I) ); 31 | recv_3(I,R, {nr}pk(R) ); 32 | 33 | claim_r1(R,Secret,ni); 34 | claim_r2(R,Secret,nr); 35 | claim_r3(R,Niagree); 36 | claim_r4(R,Nisynch); 37 | } 38 | } 39 | 40 | -------------------------------------------------------------------------------- /testing/2r890-ex3-b.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Course 2r890 3 | * 4 | * Assignment 0405-3 5 | * 6 | * Protocol b 7 | * 8 | * not nisynch, but still niagree 9 | */ 10 | const pk: Function; 11 | secret sk: Function; 12 | inversekeys (pk,sk); 13 | 14 | protocol course2r890year0405ex3(X,Y,I) 15 | { 16 | role I 17 | { 18 | fresh ni: Nonce; 19 | 20 | send_1(I,X, ni ); 21 | recv_2(X,I, { I,ni }sk(X) ); 22 | send_3(I,Y, ni ); 23 | recv_4(Y,I, { ni,I }sk(Y) ); 24 | 25 | claim_i1(I,Niagree); 26 | claim_i2(I,Nisynch); 27 | } 28 | 29 | role X 30 | { 31 | var nx: Nonce; 32 | 33 | recv_1(I,X, nx ); 34 | send_2(X,I, { I,nx }sk(X) ); 35 | } 36 | 37 | role Y 38 | { 39 | var ny: Nonce; 40 | 41 | recv_3(I,Y, ny ); 42 | send_4(Y,I, { ny,I }sk(Y) ); 43 | } 44 | } 45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /testing/tmn.spdl: -------------------------------------------------------------------------------- 1 | usertype Key; 2 | 3 | const pk: Function; 4 | secret sk: Function; 5 | inversekeys(pk,sk); 6 | 7 | protocol tmn(A,B,S) 8 | { 9 | role A 10 | { 11 | fresh Ka: Key; 12 | var Kb: Key; 13 | 14 | send_1(A,S, B,{Ka}pk(S) ); 15 | recv_4(S,A, B,{Kb}Ka ); 16 | 17 | claim_5(A,Secret,Ka); 18 | claim_8(A,Secret,Kb); 19 | } 20 | 21 | role B 22 | { 23 | fresh Kb: Key; 24 | 25 | recv_2(S,B, A ); 26 | send_3(B,S, A, { Kb }pk(S) ); 27 | 28 | claim_6(B,Secret,Kb); 29 | } 30 | 31 | role S 32 | { 33 | var Ka,Kb: Key; 34 | 35 | recv_1(A,S, B,{Ka}pk(S) ); 36 | send_2(S,B, A ); 37 | recv_3(B,S, A, { Kb }pk(S) ); 38 | send_4(S,A, B,{Kb}Ka ); 39 | 40 | claim_7(S,Secret,Ka); 41 | } 42 | } 43 | 44 | const Alice,Bob,Eve,Simon: Agent; 45 | 46 | 47 | 48 | 49 | -------------------------------------------------------------------------------- /testing/2r890-ex3-a.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Course 2r890 3 | * 4 | * Assignment 0405-3 5 | * 6 | * Protocol a 7 | * 8 | * nisynch, niagree 9 | */ 10 | const pk: Function; 11 | secret sk: Function; 12 | inversekeys (pk,sk); 13 | 14 | protocol course2r890year0405ex3(X,Y,I) 15 | { 16 | role I 17 | { 18 | fresh nx: Nonce; 19 | fresh ny: Nonce; 20 | 21 | send_1(I,X, nx ); 22 | recv_2(X,I, { I,nx }sk(X) ); 23 | send_3(I,Y, ny ); 24 | recv_4(Y,I, { ny,I }sk(Y) ); 25 | 26 | claim_i1(I,Niagree); 27 | claim_i2(I,Nisynch); 28 | } 29 | 30 | role X 31 | { 32 | var nx: Nonce; 33 | 34 | recv_1(I,X, nx ); 35 | send_2(X,I, { I,nx }sk(X) ); 36 | } 37 | 38 | role Y 39 | { 40 | var ny: Nonce; 41 | 42 | recv_3(I,Y, ny ); 43 | send_4(Y,I, { ny,I }sk(Y) ); 44 | } 45 | } 46 | 47 | 48 | 49 | -------------------------------------------------------------------------------- /gui/Protocols/ISO-9798/isoiec-9798-2-1-udkey.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Modeled from ISO/IEC 9798 3 | * Modeler: Cas Cremers, Dec. 2010 4 | * 5 | * symmetric 6 | * one-pass 7 | * unilateral 8 | * 9 | * Note: the identity B may be ommitted, if 10 | * (a) the environment disallows such attacks, or 11 | * (b) a unidirectional key is used 12 | */ 13 | protocol isoiec-9798-2-1-udkey(A,B) 14 | { 15 | role A 16 | { 17 | fresh TNA: Nonce; 18 | fresh Text1,Text2: Ticket; 19 | 20 | claim(A,Running,B,TNA,Text1); 21 | send_1(A,B, Text2, { TNA, Text1 }k(A,B) ); 22 | } 23 | role B 24 | { 25 | var TNA: Nonce; 26 | var Text1,Text2: Ticket; 27 | 28 | recv_1(A,B, Text2, { TNA, Text1 }k(A,B) ); 29 | 30 | claim(B,Commit,A,TNA,Text1); 31 | claim(B,Alive); 32 | claim(B,Weakagree); 33 | } 34 | } 35 | 36 | -------------------------------------------------------------------------------- /gui/Protocols/ISO-9798/isoiec-9798-4-1-udkey.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Modeled from ISO/IEC 9798 3 | * Modeler: Cas Cremers, Dec. 2010 4 | * 5 | * ccf 6 | * one-pass 7 | * unilateral 8 | * 9 | * Unidirectional key version. 10 | * 11 | * Modeling notes: 12 | * 13 | * - The keyed CCF (f_kab(x)) is modeled as f(x,kab) 14 | */ 15 | hashfunction f; 16 | 17 | protocol isoiec-9798-4-1-udkey(A,B) 18 | { 19 | role A 20 | { 21 | fresh Text1,Text2: Ticket; 22 | fresh TNA: Nonce; 23 | 24 | claim(A,Running,B,TNA,Text1); 25 | send_1(A,B, TNA, Text2, f( TNA, Text1 ,k(A,B) ) ); 26 | } 27 | role B 28 | { 29 | var TNA: Nonce; 30 | var Text1,Text2: Ticket; 31 | 32 | recv_1(A,B, TNA, Text2, f( TNA, Text1 ,k(A,B) ) ); 33 | 34 | claim(B,Commit,A,TNA,Text1); 35 | claim(B,Alive); 36 | claim(B,Weakagree); 37 | } 38 | } 39 | 40 | -------------------------------------------------------------------------------- /gui/Protocols/MultiProtocolAttacks/ns3.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Needham-Schroeder protocol 3 | */ 4 | 5 | // The protocol description 6 | 7 | protocol ns3(I,R) 8 | { 9 | role I 10 | { 11 | fresh ni: Nonce; 12 | var nr: Nonce; 13 | 14 | send_1(I,R, {ni,I}pk(R) ); 15 | recv_2(R,I, {ni,nr}pk(I) ); 16 | send_3(I,R, {nr}pk(R) ); 17 | 18 | claim_i1(I,Secret,ni); 19 | claim_i2(I,Secret,nr); 20 | //claim_i3(I,Alive); 21 | claim_i4(I,Niagree); 22 | claim_i5(I,Nisynch); 23 | } 24 | 25 | role R 26 | { 27 | var ni: Nonce; 28 | fresh nr: Nonce; 29 | 30 | recv_1(I,R, {ni,I}pk(R) ); 31 | send_2(R,I, {ni,nr}pk(I) ); 32 | recv_3(I,R, {nr}pk(R) ); 33 | 34 | claim_r1(R,Secret,ni); 35 | claim_r2(R,Secret,nr); 36 | //claim_r3(R,Alive); 37 | claim_r4(R,Niagree); 38 | claim_r5(R,Nisynch); 39 | } 40 | } 41 | 42 | -------------------------------------------------------------------------------- /gui/nsl3-broken.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Needham-Schroeder-Lowe protocol, 3 | * broken version (wrong role name in first message) 4 | */ 5 | 6 | // The protocol description 7 | 8 | protocol nsl3-broken(I,R) 9 | { 10 | role I 11 | { 12 | fresh ni: Nonce; 13 | var nr: Nonce; 14 | 15 | send_1(I,R, {ni,R}pk(R) ); 16 | recv_2(R,I, {ni,nr,R}pk(I) ); 17 | send_3(I,R, {nr}pk(R) ); 18 | 19 | claim_i1(I,Secret,ni); 20 | claim_i2(I,Secret,nr); 21 | claim_i3(I,Niagree); 22 | claim_i4(I,Nisynch); 23 | } 24 | 25 | role R 26 | { 27 | var ni: Nonce; 28 | fresh nr: Nonce; 29 | 30 | recv_1(I,R, {ni,R}pk(R) ); 31 | send_2(R,I, {ni,nr,R}pk(I) ); 32 | recv_3(I,R, {nr}pk(R) ); 33 | 34 | claim_r1(R,Secret,ni); 35 | claim_r2(R,Secret,nr); 36 | claim_r3(R,Niagree); 37 | claim_r4(R,Nisynch); 38 | } 39 | } 40 | 41 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-src-ns3.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim ns3,I Secret_I2 ni Ok [proof of correctness] 2 | claim ns3,I Secret_I3 nr Ok [proof of correctness] 3 | claim ns3,I Alive_I4 - Ok [proof of correctness] 4 | claim ns3,I Weakagree_I5 - Ok [proof of correctness] 5 | claim ns3,I Commit_I6 (R,ni,nr) Ok [proof of correctness] 6 | claim ns3,I Niagree_I7 - Ok [proof of correctness] 7 | claim ns3,I Nisynch_I8 - Ok [proof of correctness] 8 | claim ns3,R Secret_R2 ni Fail [at least 1 attack] 9 | claim ns3,R Secret_R3 nr Fail [at least 1 attack] 10 | claim ns3,R Alive_R4 - Ok [proof of correctness] 11 | claim ns3,R Weakagree_R5 - Fail [at least 1 attack] 12 | claim ns3,R Commit_R6 (I,ni,nr) Fail [at least 1 attack] 13 | claim ns3,R Niagree_R7 - Fail [at least 1 attack] 14 | claim ns3,R Nisynch_R8 - Fail [at least 1 attack] 15 | -------------------------------------------------------------------------------- /gui/Protocols/Demo/nsl3-broken.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Needham-Schroeder-Lowe protocol, 3 | * broken version (wrong role name in first message) 4 | */ 5 | 6 | // The protocol description 7 | 8 | protocol nsl3-broken(I,R) 9 | { 10 | role I 11 | { 12 | fresh ni: Nonce; 13 | var nr: Nonce; 14 | 15 | send_1(I,R, {R,ni}pk(R) ); 16 | recv_2(R,I, {ni,nr,R}pk(I) ); 17 | send_3(I,R, {nr}pk(R) ); 18 | 19 | claim_i1(I,Secret,ni); 20 | claim_i2(I,Secret,nr); 21 | claim_i3(I,Niagree); 22 | claim_i4(I,Nisynch); 23 | } 24 | 25 | role R 26 | { 27 | var ni: Nonce; 28 | fresh nr: Nonce; 29 | 30 | recv_1(I,R, {R,ni}pk(R) ); 31 | send_2(R,I, {ni,nr,R}pk(I) ); 32 | recv_3(I,R, {nr}pk(R) ); 33 | 34 | claim_r1(R,Secret,ni); 35 | claim_r2(R,Secret,nr); 36 | claim_r3(R,Niagree); 37 | claim_r4(R,Nisynch); 38 | } 39 | } 40 | 41 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-nsl3.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim nsl3,I Secret_I2 ni Ok [proof of correctness] 2 | claim nsl3,I Secret_I3 nr Ok [proof of correctness] 3 | claim nsl3,I Alive_I4 - Ok [proof of correctness] 4 | claim nsl3,I Weakagree_I5 - Ok [proof of correctness] 5 | claim nsl3,I Commit_I6 (R,ni,nr) Ok [proof of correctness] 6 | claim nsl3,I Niagree_I7 - Ok [proof of correctness] 7 | claim nsl3,I Nisynch_I8 - Ok [proof of correctness] 8 | claim nsl3,R Secret_R2 ni Ok [proof of correctness] 9 | claim nsl3,R Secret_R3 nr Ok [proof of correctness] 10 | claim nsl3,R Alive_R4 - Ok [proof of correctness] 11 | claim nsl3,R Weakagree_R5 - Ok [proof of correctness] 12 | claim nsl3,R Commit_R6 (I,ni,nr) Ok [proof of correctness] 13 | claim nsl3,R Niagree_R7 - Ok [proof of correctness] 14 | claim nsl3,R Nisynch_R8 - Ok [proof of correctness] 15 | -------------------------------------------------------------------------------- /gui/Protocols/MultiProtocolAttacks/isoiec11770-2-13.spdl: -------------------------------------------------------------------------------- 1 | usertype Sessionkey; 2 | usertype Ticket; 3 | 4 | protocol isoiec11770213(I,R,S) 5 | { 6 | role I 7 | { 8 | fresh ni: Nonce; 9 | var nr: Nonce; 10 | var kir: Sessionkey; 11 | 12 | send_1 (I,R, ni); 13 | recv_4 (R,I, { ni,kir,R }k(I,S) ); 14 | 15 | claim_5 (I, Secret, kir); 16 | } 17 | 18 | role R 19 | { 20 | var ni: Nonce; 21 | fresh nr: Nonce; 22 | fresh kir: Sessionkey; 23 | var T; 24 | 25 | recv_1 (I,R, ni); 26 | send_2 (R,S, { nr,ni,I,kir }k(R,S) ); 27 | recv_3 (S,R, { nr, I }k(R,S), T ); 28 | send_4 (R,I, T ); 29 | 30 | claim_6 (R, Secret, kir); 31 | } 32 | 33 | role S 34 | { 35 | var ni,nr: Nonce; 36 | var kir: Sessionkey; 37 | 38 | recv_2 (R,S, { nr,ni,I,kir }k(R,S) ); 39 | send_3 (S,R, { nr, I }k(R,S), { ni,kir,R }k(I,S) ); 40 | } 41 | } 42 | 43 | -------------------------------------------------------------------------------- /testing/andrew-lowe-ban.spdl: -------------------------------------------------------------------------------- 1 | usertype SessionKey; 2 | secret k: Function; 3 | 4 | protocol andrewLoweBan(I,R) 5 | { 6 | role I 7 | { 8 | fresh ni: Nonce; 9 | var nr: Nonce; 10 | var kir: SessionKey; 11 | 12 | send_1(I,R, I,ni ); 13 | recv_2(R,I, {ni,kir,I}k(I,R) ); 14 | send_3(I,R, {ni}kir ); 15 | recv_4(R,I, nr ); 16 | claim_5(I,Nisynch); 17 | claim_5b(I,Niagree); 18 | claim_6(I,Secret, kir); 19 | claim_7(I,Secret, k(I,R)); 20 | } 21 | 22 | role R 23 | { 24 | var ni: Nonce; 25 | fresh nr: Nonce; 26 | fresh kir: SessionKey; 27 | 28 | recv_1(I,R, I,ni ); 29 | send_2(R,I, {ni,kir,I}k(I,R) ); 30 | recv_3(I,R, {ni}kir ); 31 | send_4(R,I, nr ); 32 | claim_8(R,Nisynch); 33 | claim_8b(R,Niagree); 34 | claim_9(R,Secret, kir); 35 | claim_10(R,Secret, k(I,R)); 36 | } 37 | } 38 | 39 | 40 | const kee: SessionKey; 41 | 42 | -------------------------------------------------------------------------------- /gui/Protocols/ISO-9798/isoiec-9798-3-2.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Modeled from ISO/IEC 9798 3 | * Modeler: Cas Cremers, Dec. 2010 4 | * 5 | * signature 6 | * two-pass 7 | * unilateral 8 | */ 9 | const Cert: Function; 10 | 11 | protocol isoiec-9798-3-2(A,B) 12 | { 13 | role A 14 | { 15 | var Rb: Nonce; 16 | fresh Ra: Nonce; 17 | var Text1: Ticket; 18 | fresh Text2,Text3: Ticket; 19 | 20 | recv_1(B,A, Rb,Text1 ); 21 | claim(A,Running,B,Ra,Rb,Text2); 22 | send_2(A,B, Cert(A),Ra,Rb,B,Text3, { Ra, Rb, B, Text2 }sk(A) ); 23 | } 24 | role B 25 | { 26 | fresh Rb: Nonce; 27 | var Ra: Nonce; 28 | fresh Text1: Ticket; 29 | var Text2,Text3: Ticket; 30 | 31 | send_1(B,A, Rb,Text1 ); 32 | recv_2(A,B, Cert(A),Ra,Rb,B,Text3, { Ra, Rb, B, Text2 }sk(A) ); 33 | 34 | claim(B,Commit,A,Ra,Rb,Text2); 35 | claim(B,Alive); 36 | claim(B,Weakagree); 37 | } 38 | } 39 | 40 | -------------------------------------------------------------------------------- /src/Build-Win32.cmake: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # Name: BuildUnix-Win32.cmake 3 | # Purpose: Build Win32 binary on Unix 4 | # Author: Cas Cremers 5 | ################################################################ 6 | 7 | message (STATUS "Building W32 version") 8 | 9 | # This should work on win32 platform, but also when the compiler 10 | # is available anyway under linux 11 | set (CMAKE_C_COMPILER "i686-w64-mingw32-gcc") 12 | set (CMAKE_CXX_COMPILER "i686-w64-mingw32-g++") 13 | set (CMAKE_SHARED_LIBRARY_LINK_C_FLAGS) # to get rid of -rdynamic 14 | # Signal for windows 15 | set (CMAKE_C_FLAGS "-DFORWINDOWS") 16 | 17 | # Static where possible (i.e. only not on the APPLE) 18 | set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -static -m32") 19 | 20 | set (scythername "scyther-w32.exe") 21 | add_executable (${scythername} ${Scyther_sources}) 22 | 23 | -------------------------------------------------------------------------------- /gui/Gui/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | Scyther : An automatic verifier for security protocols. 3 | Copyright (C) 2007-2025 Cas Cremers 4 | 5 | This program is free software; you can redistribute it and/or 6 | modify it under the terms of the GNU General Public License 7 | as published by the Free Software Foundation; either version 2 8 | of the License, or (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program; if not, write to the Free Software 17 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | """ 19 | 20 | -------------------------------------------------------------------------------- /src/BuildUnix-Win32.cmake: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # Name: BuildUnix-Win32.cmake 3 | # Purpose: Build Win32 binary on Unix 4 | # Author: Cas Cremers 5 | ################################################################ 6 | 7 | message (STATUS "Building W32 version") 8 | 9 | # This should work on win32 platform, but also when the compiler 10 | # is available anyway under linux 11 | set (CMAKE_C_COMPILER "i686-w64-mingw32-gcc") 12 | set (CMAKE_CXX_COMPILER "i686-w64-mingw32-g++") 13 | set (CMAKE_SHARED_LIBRARY_LINK_C_FLAGS) # to get rid of -rdynamic 14 | # Signal for windows 15 | set (CMAKE_C_FLAGS "-DFORWINDOWS") 16 | 17 | # Static where possible (i.e. only not on the APPLE) 18 | set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -static -m32") 19 | 20 | set (scythername "scyther-w32.exe") 21 | add_executable (${scythername} ${Scyther_sources}) 22 | 23 | -------------------------------------------------------------------------------- /testing/tmn-Gijs.spdl: -------------------------------------------------------------------------------- 1 | 2 | usertype Key; 3 | 4 | const pk: Function; 5 | secret sk: Function; 6 | inversekeys(pk,sk); 7 | 8 | protocol tmn(A,B,S) 9 | { 10 | role A 11 | { 12 | fresh Ka: Key; 13 | var Kb: Key; 14 | 15 | send_1(A,S, B,{Ka}pk(S) ); 16 | recv_4(S,A, B,{Kb}Ka ); 17 | 18 | #claim_5(A,Secret,Ka); 19 | #claim_8(A,Secret,Kb); 20 | } 21 | 22 | role B 23 | { 24 | fresh Kb: Key; 25 | 26 | recv_2(S,B, A ); 27 | send_3(B,S, A, { Kb }pk(S) ); 28 | 29 | claim_6(B,Secret,Kb); 30 | } 31 | 32 | role S 33 | { 34 | var Ka,Kb: Key; 35 | 36 | recv_1(A,S, B,{Ka}pk(S) ); 37 | send_2(S,B, A ); 38 | recv_3(B,S, A, { Kb }pk(S) ); 39 | send_4(S,A, B,{Kb}Ka ); 40 | 41 | #claim_7(S,Secret,Ka); 42 | } 43 | } 44 | 45 | const Alice,Bob,Eve,Simon: Agent; 46 | const Ke: Key; 47 | 48 | 49 | 50 | # Scenario to recreate an attack in SPORE 51 | 52 | 53 | -------------------------------------------------------------------------------- /gui/Protocols/MultiProtocolAttacks/BKE.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | Bilateral Key Exchange with Public Key protocol (BKEPK) 3 | */ 4 | 5 | usertype SessionKey; 6 | 7 | hashfunction hash; 8 | 9 | protocol bke(I,R) 10 | { 11 | role I 12 | { 13 | fresh ni: Nonce; 14 | var nr: Nonce; 15 | var kir: SessionKey; 16 | 17 | send_1 (I,R, { ni,I }pk(R) ); 18 | recv_2 (R,I, { hash(ni),nr,R,kir }pk(I) ); 19 | send_3 (I,R, { hash(nr) }kir ); 20 | claim_4 (I, Secret, kir ); 21 | //claim_5 (I, Niagree ); 22 | //claim_6 (I, Nisynch ); 23 | } 24 | 25 | role R 26 | { 27 | var ni: Nonce; 28 | fresh nr: Nonce; 29 | fresh kir: SessionKey; 30 | 31 | recv_1 (I,R, { ni,I }pk(R) ); 32 | send_2 (R,I, { hash(ni),nr,R,kir }pk(I) ); 33 | recv_3 (I,R, { hash(nr) }kir ); 34 | claim_7 (R, Secret, kir ); 35 | //claim_8 (R, Niagree ); 36 | //claim_9 (R, Nisynch ); 37 | } 38 | } 39 | 40 | 41 | -------------------------------------------------------------------------------- /testing/bke-one.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | Bilateral Key Exchange with Public Key protocol (bkeONE) 3 | */ 4 | 5 | usertype Key; 6 | 7 | const pk,hash: Function; 8 | secret sk,unhash: Function; 9 | 10 | inversekeys (pk,sk); 11 | inversekeys (hash,unhash); 12 | 13 | protocol bkeONE(I,R) 14 | { 15 | role I 16 | { 17 | fresh ni: Nonce; 18 | var nr: Nonce; 19 | var kir: Key; 20 | 21 | send_1 (I,R, { ni,I }pk(R) ); 22 | recv_2 (R,I, { hash(ni),nr,R,kir }pk(I) ); 23 | send_3 (I,R, { hash(nr) }kir ); 24 | claim_4 (I, Secret, kir ); 25 | } 26 | 27 | role R 28 | { 29 | var ni: Nonce; 30 | fresh nr: Nonce; 31 | fresh kir: Key; 32 | 33 | recv_1 (I,R, { ni,I }pk(R) ); 34 | send_2 (R,I, { hash(ni),nr,R,kir }pk(I) ); 35 | recv_3 (I,R, { hash(nr) }kir ); 36 | claim_5 (R, Secret, kir ); 37 | } 38 | } 39 | 40 | 41 | untrusted e; 42 | compromised sk(e); 43 | 44 | 45 | 46 | 47 | -------------------------------------------------------------------------------- /testing/broken1.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * A broken protocol 3 | * 4 | * Cas Cremers 5 | * Visualization challenge of the week. 6 | * Can be checked withouth CL, please do so. 7 | */ 8 | 9 | usertype String, Key; 10 | const PlainSight: String; 11 | secret HelloWorld, HelloServer: String; 12 | secret k: Key; 13 | 14 | protocol broken1(I,R,S) 15 | { 16 | role I 17 | { 18 | send_1(I, R, PlainSight, {HelloWorld, I, R}k ); 19 | send_2(I, S, {HelloServer, I, S}k ); 20 | } 21 | role R 22 | { 23 | recv_3(S, R, {HelloWorld, S, I, R}k ); 24 | recv_1(I, R, PlainSight, {HelloWorld, I, R}k ); 25 | claim_4(R, Secret, PlainSight); 26 | } 27 | role S 28 | { 29 | recv_2(I, S, {HelloServer, I, S}k ); 30 | send_3(S, R, {HelloWorld, S, I, R}k ); 31 | } 32 | } 33 | 34 | const a, b, S: Agent; 35 | 36 | run broken1.I(a, b, S); 37 | run broken1.R(a, b, S); 38 | run broken1.S(a, b, S); 39 | 40 | -------------------------------------------------------------------------------- /testing/bke.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | Bilateral Key Exchange with Public Key protocol (BKEPK) 3 | */ 4 | 5 | usertype Key; 6 | 7 | hashfunction hash; 8 | 9 | protocol bke(I,R) 10 | { 11 | role I 12 | { 13 | fresh ni: Nonce; 14 | var nr: Nonce; 15 | var kir: Key; 16 | 17 | send_1 (I,R, { ni,I }pk(R) ); 18 | recv_2 (R,I, { hash(ni),nr,R,kir }pk(I) ); 19 | send_3 (I,R, { hash(nr) }kir ); 20 | claim_4 (I, Secret, kir ); 21 | claim_5 (I, Niagree ); 22 | claim_6 (I, Nisynch ); 23 | } 24 | 25 | role R 26 | { 27 | var ni: Nonce; 28 | fresh nr: Nonce; 29 | fresh kir: Key; 30 | 31 | recv_1 (I,R, { ni,I }pk(R) ); 32 | send_2 (R,I, { hash(ni),nr,R,kir }pk(I) ); 33 | recv_3 (I,R, { hash(nr) }kir ); 34 | claim_7 (R, Secret, kir ); 35 | claim_8 (R, Niagree ); 36 | claim_9 (R, Nisynch ); 37 | } 38 | } 39 | 40 | 41 | untrusted e; 42 | compromised sk(e); 43 | 44 | 45 | 46 | 47 | -------------------------------------------------------------------------------- /gui/Protocols/woo-lam-pi-2.spdl: -------------------------------------------------------------------------------- 1 | # Woo and Lam Pi 2 2 | # 3 | # Modelled after the description in the SPORE library 4 | # http://www.lsv.ens-cachan.fr/spore/wooLamPi2.html 5 | # 6 | 7 | protocol woolamPi-2(I,R,S) 8 | { 9 | role I 10 | { 11 | var Nr: Nonce; 12 | 13 | send_1(I,R, I); 14 | recv_2(R,I, Nr); 15 | send_3(I,R, {I,Nr}k(I,S)); 16 | 17 | } 18 | 19 | role R 20 | { 21 | fresh Nr: Nonce; 22 | var T: Ticket; 23 | 24 | recv_1(I,R, I); 25 | send_2(R,I, Nr); 26 | recv_3(I,R, T); 27 | send_4(R,S, {I, T}k(R,S)); 28 | recv_5(S,R, {I, Nr}k(R,S)); 29 | 30 | claim_R1(R,Nisynch); 31 | } 32 | 33 | role S 34 | { 35 | var Nr: Nonce; 36 | 37 | recv_4(R,S, {I, {I,Nr}k(I,S)}k(R,S)); 38 | send_5(S,R, {I,Nr}k(R,S)); 39 | } 40 | } 41 | 42 | -------------------------------------------------------------------------------- /gui/Protocols/woo-lam-pi-3.spdl: -------------------------------------------------------------------------------- 1 | # Woo and Lam Pi 2 2 | # 3 | # Modelled after the description in the SPORE library 4 | # http://www.lsv.ens-cachan.fr/spore/wooLamPi3.html 5 | # 6 | 7 | protocol woolamPi-3(I,R,S) 8 | { 9 | role I 10 | { 11 | var Nr: Nonce; 12 | 13 | send_1(I,R, I); 14 | recv_2(R,I, Nr); 15 | send_3(I,R, {Nr}k(I,S)); 16 | 17 | } 18 | 19 | role R 20 | { 21 | fresh Nr: Nonce; 22 | var T: Ticket; 23 | 24 | recv_1(I,R, I); 25 | send_2(R,I, Nr); 26 | recv_3(I,R, T); 27 | send_4(R,S, {I, T}k(R,S)); 28 | recv_5(S,R, {I, Nr}k(R,S)); 29 | 30 | claim_R1(R,Nisynch); 31 | } 32 | 33 | role S 34 | { 35 | var Nr: Nonce; 36 | 37 | recv_4(R,S, {I, {Nr}k(I,S)}k(R,S)); 38 | send_5(S,R, {I,Nr}k(R,S)); 39 | } 40 | } 41 | 42 | -------------------------------------------------------------------------------- /testing/andrew-ban.spdl: -------------------------------------------------------------------------------- 1 | usertype SessionKey; 2 | secret k: Function; 3 | 4 | protocol andrewBan(I,R) 5 | { 6 | role I 7 | { 8 | fresh ni: Nonce; 9 | var nr,nr2: Nonce; 10 | var kir: SessionKey; 11 | 12 | send_1(I,R, I,{ni}k(I,R) ); 13 | recv_2(R,I, {ni,nr}k(I,R) ); 14 | send_3(I,R, {nr}k(I,R) ); 15 | recv_4(R,I, {kir,nr2,ni}k(I,R) ); 16 | claim_5(I,Nisynch); 17 | claim_5b(I,Niagree); 18 | claim_6(I,Secret, kir); 19 | claim_7(I,Secret, k(I,R)); 20 | } 21 | 22 | role R 23 | { 24 | var ni: Nonce; 25 | fresh nr,nr2: Nonce; 26 | fresh kir: SessionKey; 27 | 28 | recv_1(I,R, I,{ni}k(I,R) ); 29 | send_2(R,I, {ni,nr}k(I,R) ); 30 | recv_3(I,R, {nr}k(I,R) ); 31 | send_4(R,I, {kir,nr2,ni}k(I,R) ); 32 | claim_8(R,Nisynch); 33 | claim_8b(R,Niagree); 34 | claim_9(R,Secret, kir); 35 | claim_10(R,Secret, k(I,R)); 36 | } 37 | } 38 | 39 | 40 | const kee: SessionKey; 41 | 42 | -------------------------------------------------------------------------------- /testing/speedtest.spdl: -------------------------------------------------------------------------------- 1 | const pk: Function; 2 | secret sk: Function; 3 | inversekeys (pk,sk); 4 | 5 | protocol ns3speedtest(I,R) 6 | { 7 | role I 8 | { 9 | fresh ni: Nonce; 10 | var nr: Nonce; 11 | 12 | send_1(I,R, {I,ni}pk(R) ); 13 | recv_2(R,I, {ni,nr}pk(I) ); 14 | send_3(I,R, {nr}pk(R) ); 15 | claim_4(I,Secret,nr); 16 | } 17 | 18 | role R 19 | { 20 | var ni: Nonce; 21 | fresh nr: Nonce; 22 | 23 | recv_1(I,R, {I,ni}pk(R) ); 24 | send_2(R,I, {ni,nr}pk(I) ); 25 | recv_3(I,R, {nr}pk(R) ); 26 | claim_5(R,Secret,ni); 27 | } 28 | } 29 | 30 | 31 | /* something like this will later on all be implied by 'untrusted Eve' */ 32 | 33 | 34 | /* pre-defined 10 runs, limit using --max-runs parameters */ 35 | 36 | run ns3speedtest.R(Alice,Bob); 37 | run ns3speedtest.R(Eve,Bob); 38 | run ns3speedtest.R(Bob,Alice); 39 | run ns3speedtest.R(Eve,Alice); 40 | run ns3speedtest.R(Bob,Bob); 41 | -------------------------------------------------------------------------------- /testing/woolam-pi-f.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Woo-lam version from Spore, Pi f 3 | * 4 | * Only one-way verification version 5 | */ 6 | 7 | usertype Server, SessionKey, Ticket; 8 | secret k: Function; 9 | 10 | const Simon: Server; 11 | 12 | const ke: SessionKey; 13 | 14 | protocol woolampif(A,B,S) 15 | { 16 | role A 17 | { 18 | var Nb: Nonce; 19 | 20 | send_1(A,B, A); 21 | recv_2(B,A, Nb); 22 | send_3(A,B, { A,B,Nb }k(A,S) ); 23 | } 24 | 25 | role B 26 | { 27 | fresh Nb: Nonce; 28 | var T: Ticket; 29 | 30 | recv_1(A,B, A); 31 | send_2(B,A, Nb); 32 | recv_3(A,B, T); 33 | send_4(B,S, { A,B,Nb, T }k(B,S) ); 34 | recv_5(S,B, { A,B,Nb }k(B,S) ); 35 | 36 | claim_6(B,Niagree); 37 | claim_7(B,Nisynch); 38 | } 39 | 40 | role S 41 | { 42 | var Nb: Nonce; 43 | 44 | recv_4(B,S, { A,B,Nb, { A,B,Nb }k(A,S) }k(B,S) ); 45 | send_5(S,B, { A,B,Nb }k(B,S) ); 46 | } 47 | } 48 | 49 | 50 | -------------------------------------------------------------------------------- /dist/releasescript: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | BUILDER=./build-arch-tag 4 | 5 | # Current 6 | DESCR=`git describe --tags` 7 | 8 | # Check whether the tag exists 9 | TAG=$1 10 | if [ "x$TAG" != "x" ] 11 | then 12 | FOUND=`git rev-parse $TAG` 13 | if [ "$?" -eq 0 ] 14 | then 15 | echo "Tag $TAG found." 16 | else 17 | TAG="" 18 | fi 19 | fi 20 | 21 | if [ "x$TAG" = "x" ] 22 | then 23 | echo 24 | echo "Scyther binary distribution generator." 25 | echo 26 | echo " Usage: $0 " 27 | echo 28 | echo "Don't know tag $TAG, please select one from below:" 29 | git tag -l 30 | echo $DESCR 31 | exit 32 | fi 33 | 34 | # Determine system and build accordingly 35 | OS=`uname -s` 36 | if [ "x$OS" = "xDarwin" ] 37 | then 38 | $BUILDER mac $TAG 39 | elif [ "x$OS" = "xLinux" ] 40 | then 41 | $BUILDER linux $TAG 42 | $BUILDER w32 $TAG 43 | else 44 | echo "Don't know architecture $OS, where am I?" 45 | exit 46 | fi 47 | 48 | -------------------------------------------------------------------------------- /gui/Gui/Version.py: -------------------------------------------------------------------------------- 1 | """ 2 | Scyther : An automatic verifier for security protocols. 3 | Copyright (C) 2007-2025 Cas Cremers 4 | 5 | This program is free software; you can redistribute it and/or 6 | modify it under the terms of the GNU General Public License 7 | as published by the Free Software Foundation; either version 2 8 | of the License, or (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program; if not, write to the Free Software 17 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | """ 19 | 20 | SCYTHER_GUI_VERSION = "Unknown" 21 | -------------------------------------------------------------------------------- /gui/Protocols/woo-lam-pi-1.spdl: -------------------------------------------------------------------------------- 1 | # Woo and Lam Pi 1 2 | # 3 | # Modelled after the description in the SPORE library 4 | # http://www.lsv.ens-cachan.fr/spore/wooLamPi1.html 5 | # 6 | 7 | protocol woolamPi-1(I,R,S) 8 | { 9 | role I 10 | { 11 | var Nr: Nonce; 12 | 13 | send_1(I,R, I); 14 | recv_2(R,I, Nr); 15 | send_3(I,R, {I,R,Nr}k(I,S)); 16 | 17 | } 18 | 19 | role R 20 | { 21 | fresh Nr: Nonce; 22 | var T: Ticket; 23 | 24 | recv_1(I,R, I); 25 | send_2(R,I, Nr); 26 | recv_3(I,R, T); 27 | send_4(R,S, {I,R, T}k(R,S)); 28 | recv_5(S,R, {I,R, Nr}k(R,S)); 29 | 30 | claim_R1(R,Nisynch); 31 | } 32 | 33 | role S 34 | { 35 | var Nr: Nonce; 36 | 37 | recv_4(R,S, {I,R, {I,R,Nr}k(I,S)}k(R,S)); 38 | send_5(S,R, {I,R,Nr}k(R,S)); 39 | } 40 | } 41 | 42 | -------------------------------------------------------------------------------- /testing/bke-broken.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | Bilateral Key Exchange with Public Key protocol (bkebroken) 3 | Broken version with man in the middle attack. 4 | */ 5 | 6 | usertype Key; 7 | 8 | const pk,h: Function; 9 | secret sk,hinv: Function; 10 | 11 | inversekeys (pk,sk); 12 | inversekeys (h,hinv); 13 | 14 | protocol bkebroken(I,R) 15 | { 16 | role I 17 | { 18 | fresh ni: Nonce; 19 | var nr: Nonce; 20 | var kir: Key; 21 | 22 | send_1 (I,R, { ni,I }pk(R) ); 23 | recv_2 (R,I, { h(ni),nr,kir }pk(I) ); 24 | send_3 (I,R, { h(nr),kir }pk(R) ); 25 | claim_4 (I, Secret, kir ); 26 | } 27 | 28 | role R 29 | { 30 | var ni: Nonce; 31 | fresh nr: Nonce; 32 | fresh kir: Key; 33 | 34 | recv_1 (I,R, { ni,I }pk(R) ); 35 | send_2 (R,I, { h(ni),nr,kir }pk(I) ); 36 | recv_3 (I,R, { h(nr),kir }pk(R) ); 37 | claim_5 (R, Secret, kir ); 38 | } 39 | } 40 | 41 | 42 | untrusted e; 43 | compromised sk(e); 44 | 45 | -------------------------------------------------------------------------------- /gui/Protocols/ISO-9798/isoiec-9798-2-2-udkey.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Modeled from ISO/IEC 9798 3 | * Modeler: Cas Cremers, Dec. 2010 4 | * 5 | * symmetric 6 | * two-pass 7 | * unilateral 8 | * 9 | * Note: the identity A may be ommitted, if 10 | * (a) the environment disallows such attacks, or 11 | * (b) a unidirectional key is used 12 | * 13 | */ 14 | protocol isoiec-9798-2-2-udkey(A,B) 15 | { 16 | role A 17 | { 18 | var RB: Nonce; 19 | var Text1: Ticket; 20 | fresh Text2,Text3: Ticket; 21 | 22 | recv_1(B,A, RB,Text1 ); 23 | claim(A,Running,B,RB,Text2); 24 | send_2(A,B, Text3, { RB, Text2 }k(B,A) ); 25 | } 26 | role B 27 | { 28 | fresh RB: Nonce; 29 | fresh Text1: Ticket; 30 | var Text2,Text3: Ticket; 31 | 32 | send_1(B,A, RB,Text1 ); 33 | recv_2(A,B, Text3, { RB, Text2 }k(B,A) ); 34 | 35 | claim(B,Commit,A,RB,Text2); 36 | claim(B,Alive); 37 | claim(B,Weakagree); 38 | } 39 | } 40 | 41 | -------------------------------------------------------------------------------- /gui/Protocols/MultiProtocolAttacks/woo-lam-pi-3.spdl: -------------------------------------------------------------------------------- 1 | # Woo and Lam Pi 2 2 | # 3 | # Modelled after the description in the SPORE library 4 | # http://www.lsv.ens-cachan.fr/spore/wooLamPi3.html 5 | # 6 | 7 | protocol woolamPi-3(I,R,S) 8 | { 9 | role I 10 | { 11 | var Nr: Nonce; 12 | 13 | send_1(I,R, I); 14 | recv_2(R,I, Nr); 15 | send_3(I,R, {Nr}k(I,S)); 16 | 17 | } 18 | 19 | role R 20 | { 21 | fresh Nr: Nonce; 22 | var T: Ticket; 23 | 24 | recv_1(I,R, I); 25 | send_2(R,I, Nr); 26 | recv_3(I,R, T); 27 | send_4(R,S, {I, T}k(R,S)); 28 | recv_5(S,R, {I, Nr}k(R,S)); 29 | 30 | claim_R1(R,Nisynch); 31 | } 32 | 33 | role S 34 | { 35 | var Nr: Nonce; 36 | 37 | recv_4(R,S, {I, {Nr}k(I,S)}k(R,S)); 38 | send_5(S,R, {I,Nr}k(R,S)); 39 | } 40 | } 41 | 42 | -------------------------------------------------------------------------------- /testing/isoiec11770-2-13.spdl: -------------------------------------------------------------------------------- 1 | usertype Sessionkey; 2 | usertype Ticket; 3 | secret k: Function; 4 | 5 | protocol isoiec11770213(I,R,S) 6 | { 7 | role I 8 | { 9 | fresh ni: Nonce; 10 | var nr: Nonce; 11 | var kir: Sessionkey; 12 | 13 | send_1 (I,R, ni); 14 | recv_4 (R,I, { ni,kir,R }k(I,S) ); 15 | 16 | claim_5 (I, Secret, kir); 17 | } 18 | 19 | role R 20 | { 21 | var ni: Nonce; 22 | fresh nr: Nonce; 23 | fresh kir: Sessionkey; 24 | var T; 25 | 26 | recv_1 (I,R, ni); 27 | send_2 (R,S, { nr,ni,I,kir }k(R,S) ); 28 | recv_3 (S,R, { nr, I }k(R,S), T ); 29 | send_4 (R,I, T ); 30 | 31 | claim_6 (R, Secret, kir); 32 | } 33 | 34 | role S 35 | { 36 | var ni,nr: Nonce; 37 | var kir: Sessionkey; 38 | 39 | recv_2 (R,S, { nr,ni,I,kir }k(R,S) ); 40 | send_3 (S,R, { nr, I }k(R,S), { ni,kir,R }k(I,S) ); 41 | } 42 | } 43 | 44 | 45 | const te: Ticket; 46 | const ke: Sessionkey; 47 | 48 | -------------------------------------------------------------------------------- /gui/Protocols/ISO-9798/isoiec-9798-4-2-udkey.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Modeled from ISO/IEC 9798 3 | * Modeler: Cas Cremers, Dec. 2010 4 | * 5 | * ccf 6 | * unilateral 7 | * two-pass 8 | * 9 | * Unidirectional key version. 10 | * 11 | * Modeling notes: 12 | * 13 | * - The keyed CCF (f_kab(x)) is modeled as f(x,kab) 14 | */ 15 | hashfunction f; 16 | 17 | protocol isoiec-9798-4-2-udkey(A,B) 18 | { 19 | role A 20 | { 21 | var Rb: Nonce; 22 | var Text1: Ticket; 23 | fresh Text2,Text3: Ticket; 24 | 25 | recv_1(B,A, Rb,Text1 ); 26 | claim(A,Running,B,Rb,Text2); 27 | send_2(A,B, Text3, f( Rb, Text2, k(A,B)) ); 28 | } 29 | role B 30 | { 31 | fresh Rb: Nonce; 32 | fresh Text1: Ticket; 33 | var Text2,Text3: Ticket; 34 | 35 | send_1(B,A, Rb,Text1 ); 36 | recv_2(A,B, Text3, f( Rb, Text2, k(A,B)) ); 37 | 38 | claim(B,Commit,A,Rb,Text2); 39 | claim(B,Alive); 40 | claim(B,Weakagree); 41 | } 42 | } 43 | 44 | -------------------------------------------------------------------------------- /gui/Protocols/MultiProtocolAttacks/woo-lam-pi-2.spdl: -------------------------------------------------------------------------------- 1 | # Woo and Lam Pi 2 2 | # 3 | # Modelled after the description in the SPORE library 4 | # http://www.lsv.ens-cachan.fr/spore/wooLamPi2.html 5 | # 6 | 7 | protocol woolamPi-2(I,R,S) 8 | { 9 | role I 10 | { 11 | var Nr: Nonce; 12 | 13 | send_1(I,R, I); 14 | recv_2(R,I, Nr); 15 | send_3(I,R, {I,Nr}k(I,S)); 16 | 17 | } 18 | 19 | role R 20 | { 21 | fresh Nr: Nonce; 22 | var T: Ticket; 23 | 24 | recv_1(I,R, I); 25 | send_2(R,I, Nr); 26 | recv_3(I,R, T); 27 | send_4(R,S, {I, T}k(R,S)); 28 | recv_5(S,R, {I, Nr}k(R,S)); 29 | 30 | claim_R1(R,Nisynch); 31 | } 32 | 33 | role S 34 | { 35 | var Nr: Nonce; 36 | 37 | recv_4(R,S, {I, {I,Nr}k(I,S)}k(R,S)); 38 | send_5(S,R, {I,Nr}k(R,S)); 39 | } 40 | } 41 | 42 | -------------------------------------------------------------------------------- /gui/Protocols/woo-lam-pi-f.spdl: -------------------------------------------------------------------------------- 1 | # Woo and Lam Pi f 2 | # 3 | # Modelled after the description in the SPORE library 4 | # http://www.lsv.ens-cachan.fr/spore/wooLamPif.html 5 | # 6 | 7 | protocol woolamPi-f(I,R,S) 8 | { 9 | role I 10 | { 11 | var Nr: Nonce; 12 | 13 | send_1(I,R, I); 14 | recv_2(R,I, Nr); 15 | send_3(I,R, {I,R,Nr}k(I,S)); 16 | 17 | } 18 | 19 | role R 20 | { 21 | fresh Nr: Nonce; 22 | var T: Ticket; 23 | 24 | recv_1(I,R, I); 25 | send_2(R,I, Nr); 26 | recv_3(I,R, T); 27 | send_4(R,S, {I, R, Nr, T}k(R,S)); 28 | recv_5(S,R, {I, R, Nr}k(R,S)); 29 | 30 | claim_R1(R,Nisynch); 31 | } 32 | 33 | role S 34 | { 35 | var Nr: Nonce; 36 | 37 | recv_4(R,S, {I, R, Nr,{I,R,Nr}k(I,S)}k(R,S)); 38 | send_5(S,R, {I, R, Nr}k(R,S)); 39 | } 40 | } 41 | 42 | -------------------------------------------------------------------------------- /gui/Protocols/MultiProtocolAttacks/woo-lam-pi-1.spdl: -------------------------------------------------------------------------------- 1 | # Woo and Lam Pi 1 2 | # 3 | # Modelled after the description in the SPORE library 4 | # http://www.lsv.ens-cachan.fr/spore/wooLamPi1.html 5 | # 6 | 7 | protocol woolamPi-1(I,R,S) 8 | { 9 | role I 10 | { 11 | var Nr: Nonce; 12 | 13 | send_1(I,R, I); 14 | recv_2(R,I, Nr); 15 | send_3(I,R, {I,R,Nr}k(I,S)); 16 | 17 | } 18 | 19 | role R 20 | { 21 | fresh Nr: Nonce; 22 | var T: Ticket; 23 | 24 | recv_1(I,R, I); 25 | send_2(R,I, Nr); 26 | recv_3(I,R, T); 27 | send_4(R,S, {I,R, T}k(R,S)); 28 | recv_5(S,R, {I,R, Nr}k(R,S)); 29 | 30 | claim_R1(R,Nisynch); 31 | } 32 | 33 | role S 34 | { 35 | var Nr: Nonce; 36 | 37 | recv_4(R,S, {I,R, {I,R,Nr}k(I,S)}k(R,S)); 38 | send_5(S,R, {I,R,Nr}k(R,S)); 39 | } 40 | } 41 | 42 | -------------------------------------------------------------------------------- /gui/Protocols/MultiProtocolAttacks/woo-lam-pi-f.spdl: -------------------------------------------------------------------------------- 1 | # Woo and Lam Pi f 2 | # 3 | # Modelled after the description in the SPORE library 4 | # http://www.lsv.ens-cachan.fr/spore/wooLamPif.html 5 | # 6 | 7 | protocol woolamPi-f(I,R,S) 8 | { 9 | role I 10 | { 11 | var Nr: Nonce; 12 | 13 | send_1(I,R, I); 14 | recv_2(R,I, Nr); 15 | send_3(I,R, {I,R,Nr}k(I,S)); 16 | 17 | } 18 | 19 | role R 20 | { 21 | fresh Nr: Nonce; 22 | var T: Ticket; 23 | 24 | recv_1(I,R, I); 25 | send_2(R,I, Nr); 26 | recv_3(I,R, T); 27 | send_4(R,S, {I, R, Nr, T}k(R,S)); 28 | recv_5(S,R, {I, R, Nr}k(R,S)); 29 | 30 | claim_R1(R,Nisynch); 31 | } 32 | 33 | role S 34 | { 35 | var Nr: Nonce; 36 | 37 | recv_4(R,S, {I, R, Nr,{I,R,Nr}k(I,S)}k(R,S)); 38 | send_5(S,R, {I, R, Nr}k(R,S)); 39 | } 40 | } 41 | 42 | -------------------------------------------------------------------------------- /gui/ns3.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Needham-Schroeder protocol 3 | */ 4 | 5 | // The protocol description 6 | 7 | protocol ns3(I,R) 8 | { 9 | role I 10 | { 11 | fresh ni: Nonce; 12 | var nr: Nonce; 13 | 14 | send_1(I,R, {ni,I}pk(R) ); 15 | recv_2(R,I, {ni,nr}pk(I) ); 16 | claim(I,Running,R,ni,nr); 17 | send_3(I,R, {nr}pk(R) ); 18 | 19 | claim(I,Secret,ni); 20 | claim(I,Secret,nr); 21 | claim(I,Alive); 22 | claim(I,Weakagree); 23 | claim(I,Commit,R,ni,nr); 24 | claim(I,Niagree); 25 | claim(I,Nisynch); 26 | } 27 | 28 | role R 29 | { 30 | var ni: Nonce; 31 | fresh nr: Nonce; 32 | 33 | recv_1(I,R, {ni,I}pk(R) ); 34 | claim(R,Running,I,ni,nr); 35 | send_2(R,I, {ni,nr}pk(I) ); 36 | recv_3(I,R, {nr}pk(R) ); 37 | 38 | claim(R,Secret,ni); 39 | claim(R,Secret,nr); 40 | claim(R,Alive); 41 | claim(R,Weakagree); 42 | claim(R,Commit,I,ni,nr); 43 | claim(R,Niagree); 44 | claim(R,Nisynch); 45 | } 46 | } 47 | 48 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-5.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-2-5,A Commit_A2 (B,Kab,Text5,Text7) Fail [at least 3 attacks] 2 | claim isoiec-9798-2-5,A Secret_A3 Kab Ok [no attack within bounds] 3 | claim isoiec-9798-2-5,A Secret_A4 Text5 Ok [no attack within bounds] 4 | claim isoiec-9798-2-5,A Secret_A5 Text7 Ok [no attack within bounds] 5 | claim isoiec-9798-2-5,A Alive_A6 - Fail [at least 3 attacks] 6 | claim isoiec-9798-2-5,A Weakagree_A7 - Fail [at least 3 attacks] 7 | claim isoiec-9798-2-5,B Commit_B2 (A,Kab,Text5) Fail [at least 5 attacks] 8 | claim isoiec-9798-2-5,B Secret_B3 Kab Ok [no attack within bounds] 9 | claim isoiec-9798-2-5,B Secret_B4 Text5 Ok [no attack within bounds] 10 | claim isoiec-9798-2-5,B Secret_B5 Text7 Ok [no attack within bounds] 11 | claim isoiec-9798-2-5,B Alive_B6 - Fail [at least 3 attacks] 12 | claim isoiec-9798-2-5,B Weakagree_B7 - Fail [at least 2 attacks] 13 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-isoiec-9798-2-6.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-2-6,A Commit_A2 (B,Kab,Text6,Text8) Fail [at least 2 attacks] 2 | claim isoiec-9798-2-6,A Secret_A3 Kab Ok [no attack within bounds] 3 | claim isoiec-9798-2-6,A Secret_A4 Text6 Ok [no attack within bounds] 4 | claim isoiec-9798-2-6,A Secret_A5 Text8 Ok [no attack within bounds] 5 | claim isoiec-9798-2-6,A Alive_A6 - Fail [at least 2 attacks] 6 | claim isoiec-9798-2-6,A Weakagree_A7 - Fail [at least 2 attacks] 7 | claim isoiec-9798-2-6,B Commit_B2 (A,Kab,Text6) Fail [at least 2 attacks] 8 | claim isoiec-9798-2-6,B Secret_B3 Kab Ok [no attack within bounds] 9 | claim isoiec-9798-2-6,B Secret_B4 Text6 Ok [no attack within bounds] 10 | claim isoiec-9798-2-6,B Secret_B5 Text8 Ok [no attack within bounds] 11 | claim isoiec-9798-2-6,B Alive_B6 - Fail [at least 2 attacks] 12 | claim isoiec-9798-2-6,B Weakagree_B7 - Fail [at least 2 attacks] 13 | -------------------------------------------------------------------------------- /manual/flow.dot: -------------------------------------------------------------------------------- 1 | digraph scytherflow { 2 | 3 | subgraph normal { 4 | 5 | spdl [label="protocol description",shape=box,]; 6 | scyther [shape=box,label="Scyther",style=bold,fontsize=18]; 7 | summary [label="text summary\nof the results",shape=box]; 8 | spdl -> scyther [style=bold,weight=10.0]; 9 | scyther -> summary [style=bold,weight=10.0]; 10 | 11 | } 12 | 13 | environment [label="environment\nvariables"]; 14 | commandline [label="command-line\nswitches"]; 15 | switches [label="switches"]; 16 | graphical [label="graphical representation of\nattacks for human inspection\n(dot format)"]; 17 | xml [label="state representation\nfor further processing\n(xml format)"]; 18 | 19 | commandline -> switches [style=dotted]; 20 | environment -> switches [style=dotted]; 21 | switches -> scyther; 22 | scyther -> xml [style=dotted,label="--xml-output"]; 23 | scyther -> graphical [style=dotted,label="--dot-output"]; 24 | } 25 | -------------------------------------------------------------------------------- /gui/nsl3.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Needham-Schroeder-Lowe protocol 3 | */ 4 | 5 | // The protocol description 6 | 7 | protocol nsl3(I,R) 8 | { 9 | role I 10 | { 11 | fresh ni: Nonce; 12 | var nr: Nonce; 13 | 14 | send_1(I,R, {ni,I}pk(R) ); 15 | recv_2(R,I, {ni,nr,R}pk(I) ); 16 | claim(I,Running,R,ni,nr); 17 | send_3(I,R, {nr}pk(R) ); 18 | 19 | claim(I,Secret,ni); 20 | claim(I,Secret,nr); 21 | claim(I,Alive); 22 | claim(I,Weakagree); 23 | claim(I,Commit,R,ni,nr); 24 | claim(I,Niagree); 25 | claim(I,Nisynch); 26 | } 27 | 28 | role R 29 | { 30 | var ni: Nonce; 31 | fresh nr: Nonce; 32 | 33 | recv_1(I,R, {ni,I}pk(R) ); 34 | claim(R,Running,I,ni,nr); 35 | send_2(R,I, {ni,nr,R}pk(I) ); 36 | recv_3(I,R, {nr}pk(R) ); 37 | 38 | claim(R,Secret,ni); 39 | claim(R,Secret,nr); 40 | claim(R,Alive); 41 | claim(R,Weakagree); 42 | claim(R,Commit,I,ni,nr); 43 | claim(R,Niagree); 44 | claim(R,Nisynch); 45 | } 46 | } 47 | 48 | -------------------------------------------------------------------------------- /gui/Protocols/ccitt509-1c.spdl: -------------------------------------------------------------------------------- 1 | # CCITT X.509 (1c) 2 | # 3 | # Modelled after the description in the SPORE library 4 | # http://www.lsv.ens-cachan.fr/spore/ccittx509_1c.html 5 | # 6 | # Note: 7 | # According to SPORE there are no known attacks on this protocol 8 | # 9 | 10 | hashfunction hash; 11 | usertype Timestamp; 12 | 13 | protocol ccitt509-1c(I,R) 14 | { 15 | role I 16 | { 17 | fresh Ta: Timestamp; 18 | fresh Na,Xa,Ya: Nonce; 19 | send_1(I,R, I,{Ta, Na, R, Xa,{Ya,{hash(Ya)}sk(I)}pk(R)}sk(I)); 20 | # claim_2(I,Nisynch); 21 | # This claim is useless as there are no preceding receive events 22 | } 23 | 24 | role R 25 | { 26 | var Ta: Timestamp; 27 | var Na,Xa,Ya: Nonce; 28 | 29 | recv_1(I,R, I,{Ta, Na, R, Xa,{Ya,{hash(Ya)}sk(I)}pk(R)}sk(I)); 30 | claim_3(R,Nisynch); 31 | # There should also be Fresh Xa and Fresh Ya claims here 32 | } 33 | } 34 | 35 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-iso25-tag.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-2-5,A Commit_A2 (B,Kab,Text5,Text7) Ok [no attack within bounds] 2 | claim isoiec-9798-2-5,A Secret_A3 Kab Ok [no attack within bounds] 3 | claim isoiec-9798-2-5,A Secret_A4 Text5 Ok [no attack within bounds] 4 | claim isoiec-9798-2-5,A Secret_A5 Text7 Ok [no attack within bounds] 5 | claim isoiec-9798-2-5,A Alive_A6 - Ok [no attack within bounds] 6 | claim isoiec-9798-2-5,A Weakagree_A7 - Ok [no attack within bounds] 7 | claim isoiec-9798-2-5,B Commit_B2 (A,Kab,Text5) Ok [no attack within bounds] 8 | claim isoiec-9798-2-5,B Secret_B3 Kab Ok [no attack within bounds] 9 | claim isoiec-9798-2-5,B Secret_B4 Text5 Ok [no attack within bounds] 10 | claim isoiec-9798-2-5,B Secret_B5 Text7 Ok [no attack within bounds] 11 | claim isoiec-9798-2-5,B Alive_B6 - Ok [no attack within bounds] 12 | claim isoiec-9798-2-5,B Weakagree_B7 - Ok [no attack within bounds] 13 | -------------------------------------------------------------------------------- /gui/Protocols/IKE/verify_all.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -n "$*" ]; then 4 | FILES="$*" 5 | ./verify.sh -i -r 4 -l 1 -u 3 -e remote $FILES 6 | ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m int $FILES 7 | ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m ca $FILES 8 | ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m afc $FILES 9 | ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m af $FILES 10 | ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m br $FILES 11 | ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m bri $FILES 12 | ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m ckw $FILES 13 | ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m ckwi $FILES 14 | ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m ck $FILES 15 | ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m cki $FILES 16 | ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m eck1 $FILES 17 | ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m eck1i $FILES 18 | ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m eck2 $FILES 19 | ./verify.sh -i -r 4 -l 1 -u 3 -e remote -m eck2i $FILES 20 | fi 21 | -------------------------------------------------------------------------------- /src/FindFLEX.cmake: -------------------------------------------------------------------------------- 1 | # - Try to find Flex 2 | # Once done this will define 3 | # 4 | # FLEX_FOUND - system has Flex 5 | # FLEX_EXECUTABLE - path of the flex executable 6 | # FLEX_VERSION - the version string, like "2.5.31" 7 | # 8 | 9 | 10 | FIND_PROGRAM(FLEX_EXECUTABLE NAMES flex) 11 | mark_as_advanced(FLEX_DIR Flex_DIR) 12 | 13 | #INCLUDE(MacroEnsureVersion) 14 | 15 | IF(FLEX_EXECUTABLE) 16 | SET(FLEX_FOUND TRUE) 17 | 18 | EXECUTE_PROCESS(COMMAND ${FLEX_EXECUTABLE} --version 19 | OUTPUT_VARIABLE _FLEX_VERSION 20 | ) 21 | string (REGEX MATCH "[0-9]+\\.[0-9]+\\.[0-9]+" FLEX_VERSION "${_FLEX_VERSION}") 22 | ENDIF(FLEX_EXECUTABLE) 23 | 24 | IF(FLEX_FOUND) 25 | IF(NOT Flex_FIND_QUIETLY) 26 | MESSAGE(STATUS "Found Flex: ${FLEX_EXECUTABLE}") 27 | ENDIF(NOT Flex_FIND_QUIETLY) 28 | ELSE(FLEX_FOUND) 29 | IF(Flex_FIND_REQUIRED) 30 | MESSAGE(FATAL_ERROR "Could not find Flex") 31 | ENDIF(Flex_FIND_REQUIRED) 32 | ENDIF(FLEX_FOUND) 33 | 34 | -------------------------------------------------------------------------------- /testing/yahalom-ban.spdl: -------------------------------------------------------------------------------- 1 | // BAN modified version of the yahalom protocol 2 | // Type flaw 3 | // This version actually works! 4 | 5 | usertype Server; 6 | 7 | const a,b,c : Agent; 8 | const s : Server; 9 | secret k : Function; 10 | 11 | 12 | 13 | 14 | protocol yahalomBan(A,B,S) 15 | { 16 | role A 17 | { 18 | fresh na; 19 | var nb; 20 | var ticket; 21 | var kab; 22 | 23 | send_1(A,B, A,na); 24 | recv_3(S,A, nb, {B,kab,na}k(A,S), ticket ); 25 | send_4(A,B, ticket, {nb}kab ); 26 | claim_5(A, Secret,kab); 27 | } 28 | 29 | role B 30 | { 31 | fresh nb; 32 | var na; 33 | var ticket; 34 | var kab; 35 | 36 | recv_1(A,B, A,na); 37 | send_2(B,S, B,nb, {A,na}k(B,S) ); 38 | recv_4(A,B, {A,kab,nb}k(B,S) , {nb}kab ); 39 | claim_6(B, Secret,kab); 40 | } 41 | 42 | role S 43 | { 44 | fresh kab; 45 | var na,nb; 46 | 47 | recv_2(B,S, B,nb, {A,na}k(B,S) ); 48 | send_3(S,A, nb, {B,kab,na}k(A,S), {A,kab,nb}k(B,S) ); 49 | } 50 | } 51 | 52 | -------------------------------------------------------------------------------- /testing/ccitt509-ban.spdl: -------------------------------------------------------------------------------- 1 | usertype Data; 2 | const pk: Function; 3 | secret sk: Function; 4 | inversekeys (pk,sk); 5 | 6 | protocol ccitt509(I,R) 7 | { 8 | role I 9 | { 10 | fresh xi,yi: Data; 11 | fresh ni: Nonce; 12 | var nr: Nonce; 13 | var yr,xr: Data; 14 | 15 | send_1(I,R, I,{ni, R, xi, {yi}pk(R) }sk(I) ); 16 | recv_2(R,I, R,{nr, I, ni, xr, {yr}pk(I) }sk(R) ); 17 | send_3(I,R, I,{R,nr}sk(I) ); 18 | 19 | claim_4(I,Secret,yi); 20 | claim_5(I,Secret,yr); 21 | claim_6(I,Nisynch); 22 | claim_7(I,Niagree); 23 | } 24 | 25 | role R 26 | { 27 | var xi,yi: Data; 28 | var ni: Nonce; 29 | fresh nr: Nonce; 30 | fresh yr,xr: Data; 31 | 32 | recv_1(I,R, I,{ni, R, xi, {yi}pk(R) }sk(I) ); 33 | send_2(R,I, R,{nr, I, ni, xr, {yr}pk(I) }sk(R) ); 34 | recv_3(I,R, I,{R,nr}sk(I) ); 35 | 36 | claim_8(R,Secret,yi); 37 | claim_9(R,Secret,yr); 38 | claim_10(R,Nisynch); 39 | claim_11(R,Niagree); 40 | } 41 | } 42 | 43 | 44 | const de: Data; 45 | 46 | -------------------------------------------------------------------------------- /src/ns3.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Needham-Schroeder protocol 3 | */ 4 | 5 | // The protocol description 6 | 7 | macro m1 = {ni,I}pk(R); 8 | macro m2 = {ni,nr}pk(I); 9 | macro m3 = {nr}pk(R); 10 | 11 | protocol ns3(I,R) 12 | { 13 | role I 14 | { 15 | fresh ni: Nonce; 16 | var nr: Nonce; 17 | 18 | send_1(I,R, m1 ); 19 | recv_2(R,I, m2 ); 20 | claim(I,Running,R,ni,nr); 21 | send_3(I,R, m3 ); 22 | 23 | claim(I,Secret,ni); 24 | claim(I,Secret,nr); 25 | claim(I,Alive); 26 | claim(I,Weakagree); 27 | claim(I,Commit,R,ni,nr); 28 | claim(I,Niagree); 29 | claim(I,Nisynch); 30 | } 31 | 32 | role R 33 | { 34 | var ni: Nonce; 35 | fresh nr: Nonce; 36 | 37 | recv_1(I,R, m1 ); 38 | claim(R,Running,I,ni,nr); 39 | send_2(R,I, m2 ); 40 | recv_3(I,R, m3 ); 41 | 42 | claim(R,Secret,ni); 43 | claim(R,Secret,nr); 44 | claim(R,Alive); 45 | claim(R,Weakagree); 46 | claim(R,Commit,I,ni,nr); 47 | claim(R,Niagree); 48 | claim(R,Nisynch); 49 | } 50 | } 51 | 52 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-ISO-9798-iso26-tag.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim isoiec-9798-2-6-tag,A Commit_A2 (B,Kab,Text6,Text8) Fail [at least 2 attacks] 2 | claim isoiec-9798-2-6-tag,A Secret_A3 Kab Ok [no attack within bounds] 3 | claim isoiec-9798-2-6-tag,A Secret_A4 Text6 Ok [no attack within bounds] 4 | claim isoiec-9798-2-6-tag,A Secret_A5 Text8 Ok [no attack within bounds] 5 | claim isoiec-9798-2-6-tag,A Alive_A6 - Fail [at least 2 attacks] 6 | claim isoiec-9798-2-6-tag,A Weakagree_A7 - Fail [at least 2 attacks] 7 | claim isoiec-9798-2-6-tag,B Commit_B2 (A,Kab,Text6) Fail [at least 2 attacks] 8 | claim isoiec-9798-2-6-tag,B Secret_B3 Kab Ok [no attack within bounds] 9 | claim isoiec-9798-2-6-tag,B Secret_B4 Text6 Ok [no attack within bounds] 10 | claim isoiec-9798-2-6-tag,B Secret_B5 Text8 Ok [no attack within bounds] 11 | claim isoiec-9798-2-6-tag,B Alive_B6 - Fail [at least 2 attacks] 12 | claim isoiec-9798-2-6-tag,B Weakagree_B7 - Fail [at least 2 attacks] 13 | -------------------------------------------------------------------------------- /src/FindBISON.cmake: -------------------------------------------------------------------------------- 1 | # - Try to find Bison 2 | # Once done this will define 3 | # 4 | # BISON_FOUND - system has Bison 5 | # BISON_EXECUTABLE - path of the bison executable 6 | # BISON_VERSION - the version string, like "2.5.31" 7 | # 8 | 9 | 10 | FIND_PROGRAM(BISON_EXECUTABLE NAMES bison) 11 | mark_as_advanced(BISON_DIR Bison_DIR) 12 | 13 | #INCLUDE(MacroEnsureVersion) 14 | 15 | IF(BISON_EXECUTABLE) 16 | SET(BISON_FOUND TRUE) 17 | 18 | EXECUTE_PROCESS(COMMAND ${BISON_EXECUTABLE} --version 19 | OUTPUT_VARIABLE _BISON_VERSION 20 | ) 21 | string (REGEX MATCH "[0-9]+\\.[0-9]+\\.[0-9]+" BISON_VERSION "${_bison_VERSION}") 22 | ENDIF(BISON_EXECUTABLE) 23 | 24 | IF(BISON_FOUND) 25 | IF(NOT Bison_FIND_QUIETLY) 26 | MESSAGE(STATUS "Found Bison: ${BISON_EXECUTABLE}") 27 | ENDIF(NOT Bison_FIND_QUIETLY) 28 | ELSE(BISON_FOUND) 29 | IF(Bison_FIND_REQUIRED) 30 | MESSAGE(FATAL_ERROR "Could not find Bison") 31 | ENDIF(Bison_FIND_REQUIRED) 32 | ENDIF(BISON_FOUND) 33 | 34 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-mpa.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim nsl3,I Secret_i1 ni Fail [at least 2 attacks] 2 | claim nsl3,I Secret_i2 nr Fail [at least 1 attack] 3 | claim nsl3,I Niagree_i3 - Fail [at least 1 attack] 4 | claim nsl3,I Nisynch_i4 - Fail [at least 1 attack] 5 | claim nsl3,R Secret_r1 ni Fail [at least 2 attacks] 6 | claim nsl3,R Secret_r2 nr Ok [proof of correctness] 7 | claim nsl3,R Niagree_r3 - Fail [at least 1 attack] 8 | claim nsl3,R Nisynch_r4 - Fail [at least 1 attack] 9 | claim nsl3-broken,I Secret_i1 ni Fail [at least 1 attack] 10 | claim nsl3-broken,I Secret_i2 nr Fail [at least 1 attack] 11 | claim nsl3-broken,I Niagree_i3 - Fail [at least 1 attack] 12 | claim nsl3-broken,I Nisynch_i4 - Fail [at least 1 attack] 13 | claim nsl3-broken,R Secret_r1 ni Fail [at least 1 attack] 14 | claim nsl3-broken,R Secret_r2 nr Ok [proof of correctness] 15 | claim nsl3-broken,R Niagree_r3 - Fail [at least 1 attack] 16 | claim nsl3-broken,R Nisynch_r4 - Fail [at least 1 attack] 17 | -------------------------------------------------------------------------------- /gui/Protocols/woo-lam-pi.spdl: -------------------------------------------------------------------------------- 1 | # Woo and Lam Pi 2 | # 3 | # Modelled after the description in the SPORE library 4 | # http://www.lsv.ens-cachan.fr/spore/wooLamPi.html 5 | # 6 | # Note: 7 | # Scyther finds an attack that appears to be legit, but is not present in 8 | # SPORE. 9 | # 10 | 11 | protocol woolamPi(I,R,S) 12 | { 13 | role I 14 | { 15 | var Nr: Nonce; 16 | 17 | send_1(I,R, I); 18 | recv_2(R,I, Nr); 19 | send_3(I,R, {Nr}k(I,S)); 20 | 21 | } 22 | 23 | role R 24 | { 25 | fresh Nr: Nonce; 26 | var T: Ticket; 27 | 28 | recv_1(I,R, I); 29 | send_2(R,I, Nr); 30 | recv_3(I,R, T); 31 | send_4(R,S, {I, T}k(R,S)); 32 | recv_5(S,R, {Nr}k(R,S)); 33 | 34 | claim_R1(R,Nisynch); 35 | } 36 | 37 | role S 38 | { 39 | var Nr: Nonce; 40 | 41 | recv_4(R,S, {I,{Nr}k(I,S)}k(R,S)); 42 | send_5(S,R, {Nr}k(R,S)); 43 | } 44 | } 45 | 46 | -------------------------------------------------------------------------------- /src/bool.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Scyther : An automatic verifier for security protocols. 3 | * Copyright (C) 2007-2025 Cas Cremers 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #ifndef BOOL 21 | #define BOOL 22 | 23 | #define false 0 24 | #define true 1 25 | 26 | #endif 27 | -------------------------------------------------------------------------------- /gui/Protocols/NotModelled.txt: -------------------------------------------------------------------------------- 1 | The following protocols have not been modelled for use in Scyther: 2 | 3 | - CAM http://www.lsv.ens-cachan.fr/spore/cam.html 4 | This protocol only consists of one message and corresponding database actions. 5 | The description given in SPORE is unsuitable for formalisation. 6 | 7 | - Diffie Helman http://www.lsv.ens-cachan.fr/spore/diffieHelman.html 8 | This protocol relies on algebraic properties that can not be modelled in 9 | scyther. 10 | 11 | - GJM http://www.lsv.ens-cachan.fr/spore/gjm.html 12 | This protocol contains complicated if-then-else constructions that can 13 | not be modelled in scyther. 14 | 15 | - Gong http://www.lsv.ens-cachan.fr/spore/gong.html 16 | This protocol relies on algebraic properties that can not be modelled in 17 | scyther. 18 | 19 | - SK3 20 | This protocol relies on algebraic properties that can not be modelled in 21 | scyther. It also has the notion of channels that can not be attacked, 22 | which can not be modelled in scyther either. 23 | 24 | -------------------------------------------------------------------------------- /src/dotout.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Scyther : An automatic verifier for security protocols. 3 | * Copyright (C) 2007-2025 Cas Cremers 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #ifndef DOTOUTPUT 21 | #define DOTOUTPUT 22 | 23 | void dotSemiState (const System sys); 24 | 25 | #endif 26 | -------------------------------------------------------------------------------- /gui/Protocols/ccitt509-1.spdl: -------------------------------------------------------------------------------- 1 | # CCITT X.509 (1) 2 | # 3 | # Modelled after the description in the SPORE library 4 | # http://www.lsv.ens-cachan.fr/spore/ccittx509_1.html 5 | # 6 | # Note: 7 | # The attack in SPORE is not found as this is not an attack against 8 | # synchronisation, but an attack against the freshness of Xa and Ya 9 | # which can currently not be modelled in scyther 10 | # 11 | 12 | usertype Timestamp; 13 | 14 | protocol ccitt509-1(I,R) 15 | { 16 | role I 17 | { 18 | fresh Ta: Timestamp; 19 | fresh Na,Xa,Ya: Nonce; 20 | send_1(I,R, I,{Ta, Na, R, Xa,{Ya}pk(R)}sk(I)); 21 | # claim_2(I,Nisynch); 22 | # This claim is useless as there are no preceding recv events 23 | } 24 | 25 | role R 26 | { 27 | var Ta: Timestamp; 28 | var Na,Xa,Ya: Nonce; 29 | 30 | recv_1(I,R, I,{Ta, Na, R, Xa,{Ya}pk(R)}sk(I)); 31 | claim_3(R,Nisynch); 32 | # There should also be Fresh Xa and Fresh Ya claims here 33 | } 34 | } 35 | 36 | -------------------------------------------------------------------------------- /src/regression-tests/results/test-gui-Protocols-Demo-nsl3-updated-both.spdl --timer=60 --plain.out: -------------------------------------------------------------------------------- 1 | claim nsl3-broken,I Secret_i1 ni Fail [at least 3 attacks] 2 | claim nsl3-broken,I Secret_i2 nr Fail [at least 1 attack] 3 | claim nsl3-broken,I Niagree_i3 - Fail [at least 1 attack] 4 | claim nsl3-broken,I Nisynch_i4 - Fail [at least 1 attack] 5 | claim nsl3-broken,R Secret_r1 ni Fail [at least 2 attacks] 6 | claim nsl3-broken,R Secret_r2 nr Ok [proof of correctness] 7 | claim nsl3-broken,R Niagree_r3 - Fail [at least 1 attack] 8 | claim nsl3-broken,R Nisynch_r4 - Fail [at least 1 attack] 9 | claim nsl3,I Secret_i1 ni Fail [at least 2 attacks] 10 | claim nsl3,I Secret_i2 nr Fail [at least 1 attack] 11 | claim nsl3,I Niagree_i3 - Fail [at least 1 attack] 12 | claim nsl3,I Nisynch_i4 - Fail [at least 1 attack] 13 | claim nsl3,R Secret_r1 ni Fail [at least 2 attacks] 14 | claim nsl3,R Secret_r2 nr Ok [proof of correctness] 15 | claim nsl3,R Niagree_r3 - Fail [at least 1 attack] 16 | claim nsl3,R Nisynch_r4 - Fail [at least 1 attack] 17 | -------------------------------------------------------------------------------- /testing/ns3-brutus.spdl: -------------------------------------------------------------------------------- 1 | const pk: Function; 2 | secret sk: Function; 3 | inversekeys (pk,sk); 4 | 5 | protocol ns3brutus(I,R) 6 | { 7 | role I 8 | { 9 | fresh ni: Nonce; 10 | var nr: Nonce; 11 | 12 | send_1(I,R, {I,ni}pk(R) ); 13 | recv_2(R,I, {ni,nr}pk(I) ); 14 | send_3(I,R, {nr}pk(R) ); 15 | claim_4(I,Secret,nr); 16 | } 17 | 18 | role R 19 | { 20 | var ni: Nonce; 21 | fresh nr: Nonce; 22 | 23 | recv_1(I,R, {I,ni}pk(R) ); 24 | send_2(R,I, {ni,nr}pk(I) ); 25 | recv_3(I,R, {nr}pk(R) ); 26 | claim_5(R,Secret,ni); 27 | } 28 | } 29 | 30 | const Alice,Bob,Eve : Agent; 31 | 32 | /* something like this will later on all be implied by 'untrusted Eve' */ 33 | 34 | /* fresh nc: Nonce; */ 35 | 36 | /* pre-defined 10 runs, limit using --max-runs parameters */ 37 | /* to be nice to brutus, stupid scenario :( */ 38 | 39 | run ns3brutus.I(Alice,Agent); 40 | run ns3brutus.I(Alice,Agent); 41 | run ns3brutus.I(Alice,Agent); 42 | run ns3brutus.I(Alice,Agent); 43 | run ns3brutus.I(Alice,Agent); 44 | -------------------------------------------------------------------------------- /gui/scyther-gui-venv.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | """ 3 | Scyther : An automatic verifier for security protocols. 4 | Copyright (C) 2007-2025 Cas Cremers 5 | 6 | This program is free software; you can redistribute it and/or 7 | modify it under the terms of the GNU General Public License 8 | as published by the Free Software Foundation; either version 2 9 | of the License, or (at your option) any later version. 10 | 11 | This program is distributed in the hope that it will be useful, 12 | but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | GNU General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program; if not, write to the Free Software 18 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | """ 20 | 21 | python3 -m venv .venv 22 | source .venv/bin/activate 23 | pip3 install wxpython 24 | ./scyther-gui.py $* 25 | deactivate -------------------------------------------------------------------------------- /src/prune_bounds.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Scyther : An automatic verifier for security protocols. 3 | * Copyright (C) 2007-2025 Cas Cremers 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #ifndef PRUNEBOUNDS 21 | #define PRUNEBOUNDS 22 | 23 | int prune_bounds (const System sys); 24 | 25 | #endif 26 | -------------------------------------------------------------------------------- /testing/ns3.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Needham-Schroeder protocol 3 | */ 4 | 5 | // PKI infrastructure 6 | 7 | const pk: Function; 8 | secret sk: Function; 9 | inversekeys (pk,sk); 10 | 11 | // The protocol description 12 | 13 | protocol ns3(I,R) 14 | { 15 | role I 16 | { 17 | fresh ni: Nonce; 18 | var nr: Nonce; 19 | 20 | send_1(I,R, {I,ni}pk(R) ); 21 | recv_2(R,I, {ni,nr}pk(I) ); 22 | send_3(I,R, {nr}pk(R) ); 23 | claim_i1(I,Secret,ni); 24 | claim_i2(I,Secret,nr); 25 | claim_i3(I,Niagree); 26 | claim_i4(I,Nisynch); 27 | } 28 | 29 | role R 30 | { 31 | var ni: Nonce; 32 | fresh nr: Nonce; 33 | 34 | recv_1(I,R, {I,ni}pk(R) ); 35 | send_2(R,I, {ni,nr}pk(I) ); 36 | recv_3(I,R, {nr}pk(R) ); 37 | claim_r1(R,Secret,ni); 38 | claim_r2(R,Secret,nr); 39 | claim_r3(R,Niagree); 40 | claim_r4(R,Nisynch); 41 | } 42 | } 43 | 44 | // The agents in the system 45 | 46 | 47 | // An untrusted agent, with leaked information 48 | 49 | 50 | // The runs (only needed for the modelchecker algorithm) 51 | 52 | 53 | -------------------------------------------------------------------------------- /testing/bke-variation.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | Bilateral Key Exchange with Public Key protocol (BKEPK) 3 | Variation for exercise 2r890 4 | */ 5 | 6 | usertype Key; 7 | 8 | const pk,hash: Function; 9 | secret sk,unhash: Function; 10 | 11 | inversekeys (pk,sk); 12 | inversekeys (hash,unhash); 13 | 14 | protocol bkevariation(I,R) 15 | { 16 | role I 17 | { 18 | fresh ni: Nonce; 19 | var nr: Nonce; 20 | var kir: Key; 21 | 22 | send_1 (I,R, { ni,I }pk(R) ); 23 | recv_2 (R,I, { hash(ni),nr,kir }pk(I) ); 24 | send_3 (I,R, { hash(nr) }kir ); 25 | claim_4 (I, Secret, kir ); 26 | claim_5 (I, Niagree ); 27 | claim_6 (I, Nisynch ); 28 | } 29 | 30 | role R 31 | { 32 | var ni: Nonce; 33 | fresh nr: Nonce; 34 | fresh kir: Key; 35 | 36 | recv_1 (I,R, { ni,I }pk(R) ); 37 | send_2 (R,I, { hash(ni),nr,kir }pk(I) ); 38 | recv_3 (I,R, { hash(nr) }kir ); 39 | claim_7 (R, Secret, kir ); 40 | claim_8 (R, Niagree ); 41 | claim_9 (R, Nisynch ); 42 | } 43 | } 44 | 45 | 46 | untrusted e; 47 | compromised sk(e); 48 | 49 | 50 | -------------------------------------------------------------------------------- /testing/kaochow.spdl: -------------------------------------------------------------------------------- 1 | usertype Sessionkey; 2 | usertype Ticket; 3 | secret k: Function; 4 | 5 | protocol kaochow(I,R,S) 6 | { 7 | role I 8 | { 9 | fresh ni: Nonce; 10 | var nr: Nonce; 11 | var kir: Sessionkey; 12 | 13 | send_1 (I,S, I,R,ni); 14 | recv_3 (R,I, {I,R,ni,kir}k(I,S), {ni}kir, nr ); 15 | send_4 (I,R, {nr}kir ); 16 | 17 | claim_5 (I, Nisynch); 18 | claim_6 (I, Niagree); 19 | claim_7 (I, Secret, kir); 20 | } 21 | 22 | role R 23 | { 24 | var ni: Nonce; 25 | fresh nr: Nonce; 26 | var kir: Sessionkey; 27 | var T; 28 | 29 | recv_2 (S,R, T, { I,R,ni,kir }k(R,S) ); 30 | send_3 (R,I, T, {ni}kir, nr ); 31 | recv_4 (I,R, {nr}kir ); 32 | 33 | claim_8 (R, Nisynch); 34 | claim_9 (R, Niagree); 35 | claim_10 (R, Secret, kir); 36 | } 37 | 38 | role S 39 | { 40 | var ni: Nonce; 41 | fresh kir: Sessionkey; 42 | 43 | recv_1 (I,S, I,R,ni); 44 | send_2 (S,R, {I,R,ni,kir}k(I,S), { I,R,ni,kir }k(R,S) ); 45 | } 46 | } 47 | 48 | 49 | const te: Ticket; 50 | const ke: Sessionkey; 51 | 52 | -------------------------------------------------------------------------------- /src/prune_theorems.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Scyther : An automatic verifier for security protocols. 3 | * Copyright (C) 2007-2025 Cas Cremers 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #ifndef PRUNETHEOREMS 21 | #define PRUNETHEOREMS 22 | 23 | int prune_theorems (const System sys); 24 | 25 | #endif 26 | -------------------------------------------------------------------------------- /src/tempfile.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Scyther : An automatic verifier for security protocols. 3 | * Copyright (C) 2007-2025 Cas Cremers 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #ifndef TEMPFILES 21 | #define TEMPFILES 22 | 23 | #include 24 | 25 | FILE *scyther_tempfile (void); 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /testing/ibe.spdl: -------------------------------------------------------------------------------- 1 | // 12/05/06 2 | // S. Mauw 3 | // Modeling of Identity Based Encryption primitive. 4 | 5 | const pk: Function; 6 | secret sk: Function; 7 | const ibepublic: Function; 8 | secret ibesecret: Function; 9 | const param: Function; 10 | inversekeys (pk,sk); 11 | inversekeys (ibepublic,ibesecret); 12 | 13 | protocol ibe(I,R,S) 14 | { 15 | role I 16 | { 17 | fresh ni: Nonce; 18 | 19 | recv_1(S,I, param(S) ); 20 | send_3(I,R, {ni}ibepublic(param(S),R) ); 21 | 22 | claim_i1(I,Secret,ni); 23 | } 24 | 25 | role R 26 | { 27 | var ni: Nonce; 28 | 29 | recv_2(S,R, {ibesecret(param(S),R)}pk(R) ); 30 | recv_3(I,R, {ni}ibepublic(param(S),R) ); 31 | 32 | claim_r1(R,Secret,ni); 33 | //of course this claim is invalid 34 | } 35 | 36 | role S 37 | { 38 | send_1(S,I, param(S) ); 39 | send_2(S,R, {ibesecret(param(S),R)}pk(R) ); 40 | } 41 | } 42 | 43 | 44 | compromised ibesecret(param(Eve),Alice); 45 | compromised ibesecret(param(Eve),Bob); 46 | compromised ibesecret(param(Eve),Carol); 47 | -------------------------------------------------------------------------------- /testing/boyd-nsl-fix.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Boyd fix for NS(L) 3 | * 4 | * From the paper "Towards Extensional Goals in Authentication 5 | * Protocols" 6 | * 7 | * Broken. Best shown by attack id 4. 8 | */ 9 | 10 | const pk: Function; 11 | secret sk: Function; 12 | inversekeys (pk,sk); 13 | const hash: Function; 14 | secret unhash: Function; 15 | inversekeys (hash,unhash); 16 | 17 | protocol boydNS(I,R) 18 | { 19 | role I 20 | { 21 | fresh ni: Nonce; 22 | var nr: Nonce; 23 | 24 | send_1(I,R, {ni}pk(R),I ); 25 | recv_2(R,I, {nr}pk(I),hash(ni,R) ); 26 | send_3(I,R, hash(nr, I,R) ); 27 | claim_i1(I,Secret,ni); 28 | claim_i2(I,Secret,nr); 29 | claim_i3(I,Niagree); 30 | claim_i4(I,Nisynch); 31 | } 32 | 33 | role R 34 | { 35 | var ni: Nonce; 36 | fresh nr: Nonce; 37 | 38 | recv_1(I,R, {ni}pk(R),I ); 39 | send_2(R,I, {nr}pk(I),hash(ni,R) ); 40 | recv_3(I,R, hash(nr, I,R) ); 41 | claim_r1(R,Secret,ni); 42 | claim_r2(R,Secret,nr); 43 | claim_r3(R,Niagree); 44 | claim_r4(R,Nisynch); 45 | } 46 | } 47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /gui/Scyther/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | Scyther : An automatic verifier for security protocols. 3 | Copyright (C) 2007-2025 Cas Cremers 4 | 5 | This program is free software; you can redistribute it and/or 6 | modify it under the terms of the GNU General Public License 7 | as published by the Free Software Foundation; either version 2 8 | of the License, or (at your option) any later version. 9 | 10 | This program is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with this program; if not, write to the Free Software 17 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | """ 19 | 20 | # 21 | # Init this module 22 | # 23 | # Set prefix for __all__ 24 | # 25 | from . import Scyther 26 | 27 | # Provide scope 28 | __all__ = ["Scyther"] 29 | 30 | -------------------------------------------------------------------------------- /src/cost.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Scyther : An automatic verifier for security protocols. 3 | * Copyright (C) 2007-2025 Cas Cremers 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #ifndef COST 21 | #define COST 22 | 23 | int computeAttackCost (const System sys); 24 | int attackCost (const System sys); 25 | 26 | #endif 27 | -------------------------------------------------------------------------------- /testing/kaochow-palm.spdl: -------------------------------------------------------------------------------- 1 | usertype Sessionkey; 2 | usertype Ticket; 3 | secret k: Function; 4 | 5 | protocol kaochowPalm(I,R,S) 6 | { 7 | role I 8 | { 9 | fresh ni: Nonce; 10 | var nr: Nonce; 11 | var kir: Sessionkey; 12 | 13 | send_1 (I,S, I,R,ni); 14 | recv_3 (R,I, {I,R,ni,kir}k(I,S), {ni}kir, nr ); 15 | send_4 (I,R, {nr}kir ); 16 | 17 | claim_5 (I, Nisynch); 18 | claim_6 (I, Niagree); 19 | claim_7 (I, Secret, kir); 20 | } 21 | 22 | role R 23 | { 24 | var ni: Nonce; 25 | fresh nr: Nonce; 26 | var kir: Sessionkey; 27 | var T; 28 | 29 | recv_2 (S,R, { T, { I,R,ni,kir }k(R,S) }k(R,S) ); 30 | send_3 (R,I, T, {ni}kir, nr ); 31 | recv_4 (I,R, {nr}kir ); 32 | 33 | claim_8 (R, Nisynch); 34 | claim_9 (R, Niagree); 35 | claim_10 (R, Secret, kir); 36 | } 37 | 38 | role S 39 | { 40 | var ni: Nonce; 41 | fresh kir: Sessionkey; 42 | 43 | recv_1 (I,S, I,R,ni); 44 | send_2 (S,R, { {I,R,ni,kir}k(I,S), { I,R,ni,kir }k(R,S) }k(R,S) ); 45 | } 46 | } 47 | 48 | 49 | const te: Ticket; 50 | const ke: Sessionkey; 51 | 52 | -------------------------------------------------------------------------------- /src/compile.txt: -------------------------------------------------------------------------------- 1 | How to compile Scyther 2 | 3 | Requirements expressed as Ubuntu packages where [name][location] 4 | 5 | Needed: 6 | 7 | [gcc] 8 | The C compiler. 9 | Note that the current default C compiler on Mac OS X, "clang", 10 | will not work. The reason is that Scyther uses nested function 11 | definitions, which are not supported by clang. 12 | 13 | [flex] 14 | [bison] 15 | Two tools for the generation of parsers. 16 | 17 | [build-essential] 18 | This meta-package includes several development tools used by 19 | Scyther. 20 | 21 | [cmake] 22 | A Makefile generator, available on almost any platform. 23 | 24 | [gcc-multilib] 25 | Some 64-bit platforms need this to enable 32-bit compilation. 26 | 27 | 28 | For cross-compilation (Windows): 29 | 30 | [mingw32][universe] 31 | GCC variant to compile for windows + w32 binutils. 32 | 33 | 34 | The best is to simply execute: 35 | 36 | ./build.sh 37 | 38 | This should compile everything for your platform and will copy the 39 | binaries into the correct location. 40 | 41 | -------------------------------------------------------------------------------- /src/timer.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Scyther : An automatic verifier for security protocols. 3 | * Copyright (C) 2007-2025 Cas Cremers 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #ifndef TIMER 21 | #define TIMER 22 | 23 | void set_time_limit (int seconds); 24 | int get_time_limit (); 25 | int passed_time_limit (); 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /testing/bkepk-ce2.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | Bilateral Key Exchange with Public Key protocol (bkepkCE2) 3 | 4 | Version from Corin/Etalle: An Improved Constraint-Based System for the Verification of Security Protocols. 5 | Tried to stay as close as possible to compare timing results. 6 | */ 7 | 8 | usertype Key; 9 | 10 | const pk,hash: Function; 11 | secret sk: Function; 12 | 13 | inversekeys (pk,sk); 14 | 15 | protocol bkepkCE2(A,B,testnonce) 16 | { 17 | role B 18 | { 19 | fresh nb: Nonce; 20 | var na: Nonce; 21 | var kab: Key; 22 | 23 | send_1 (B,A, B,{ nb,B }pk(A) ); 24 | recv_2 (A,B, { hash(nb),na,A,kab }pk(B) ); 25 | send_3 (B,A, { hash(na) }kab ); 26 | } 27 | 28 | role A 29 | { 30 | var nb: Nonce; 31 | fresh na: Nonce; 32 | fresh kab: Key; 33 | 34 | recv_1 (B,A, B,{ nb,B }pk(A) ); 35 | send_2 (A,B, { hash(nb),na,A,kab }pk(B) ); 36 | recv_3 (B,A, { hash(na) }kab ); 37 | } 38 | 39 | role testnonce 40 | { 41 | var n: Nonce; 42 | 43 | recv_!4 (testnonce,testnonce, n); 44 | } 45 | } 46 | 47 | const Alice,Bob,Eve; 48 | 49 | 50 | 51 | 52 | -------------------------------------------------------------------------------- /gui/Protocols/ISO-9798/isoiec-9798-3-3.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Modeled from ISO/IEC 9798 3 | * Modeler: Cas Cremers, Dec. 2010 4 | * 5 | * signature 6 | * two-pass 7 | * mutual 8 | */ 9 | const Cert: Function; 10 | 11 | protocol isoiec-9798-3-3(A,B) 12 | { 13 | role A 14 | { 15 | fresh TNA: Nonce; 16 | var TNB: Nonce; 17 | fresh Text1,Text2: Ticket; 18 | var Text3,Text4: Ticket; 19 | 20 | claim(A,Running,B,TNA,Text1); 21 | send_1(A,B, Cert(A), TNA, B,Text2, { TNA, B, Text1 }sk(A) ); 22 | recv_2(B,A, Cert(B), TNB, A,Text4, { TNB, A, Text3 }sk(B) ); 23 | 24 | claim(A,Commit,B,TNB,Text3); 25 | claim(A,Alive); 26 | claim(A,Weakagree); 27 | } 28 | role B 29 | { 30 | var TNA: Nonce; 31 | fresh TNB: Nonce; 32 | var Text1,Text2: Ticket; 33 | fresh Text3,Text4: Ticket; 34 | 35 | recv_1(A,B, Cert(A), TNA, B,Text2, { TNA, B, Text1 }sk(A) ); 36 | claim(B,Running,A,TNB,Text3); 37 | send_2(B,A, Cert(B), TNB, A,Text4, { TNB, A, Text3 }sk(B) ); 38 | 39 | claim(B,Commit,A,TNA,Text1); 40 | claim(B,Alive); 41 | claim(B,Weakagree); 42 | } 43 | } 44 | 45 | -------------------------------------------------------------------------------- /gui/todo.txt: -------------------------------------------------------------------------------- 1 | URGENT 2 | 3 | - 4 | 5 | TO BE DONE 6 | 7 | - Config file should use Python's confParse module. 8 | - Save preferences in local file on close. 9 | 10 | WOULD LIKE TO HAVE 11 | 12 | - Font selector for graphs. 13 | - Nice graph scaling for all platforms (now only supported under Linux 14 | using the Python Imaging Library through postscript; currently 15 | wxPython does not support any cross-platform vector format out of the 16 | box, as SVG is still only a non-default build option.) 17 | - Support for using an external editor. 18 | - toggle for 'watch file'. 19 | - toggle for 'auto-verify on change' or something like that. 20 | - Ideally we somehow color the correct/incorrect tags in the editor. 21 | - Line numbering is needed for the editor window otherwise you cannot 22 | interpret attacks. Probably use wx.Py editor things. 23 | - Scyther executable should be able to be set by means of preferences. 24 | 25 | IN AN IDEAL WORLD... 26 | 27 | - Use Python modules to generate the attack graphs from the XML, also 28 | allow for eg. ASCII output. 29 | 30 | -------------------------------------------------------------------------------- /src/heuristic.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Scyther : An automatic verifier for security protocols. 3 | * Copyright (C) 2007-2025 Cas Cremers 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #ifndef HEURISTIC 21 | #define HEURISTIC 22 | 23 | #include "system.h" 24 | #include "binding.h" 25 | 26 | Binding select_goal (const System sys); 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /testing/kaochow-v2.spdl: -------------------------------------------------------------------------------- 1 | usertype Sessionkey; 2 | usertype Ticket; 3 | secret k: Function; 4 | 5 | protocol kaochow2(I,R,S) 6 | { 7 | role I 8 | { 9 | fresh ni: Nonce; 10 | var nr: Nonce; 11 | var kir,kt: Sessionkey; 12 | 13 | send_1 (I,S, I,R,ni); 14 | recv_3 (R,I, R, {I,R,ni,kir,kt}k(I,S), {ni, kir}kt, nr ); 15 | send_4 (I,R, {nr,kir}kt ); 16 | 17 | claim_5 (I, Nisynch); 18 | claim_6 (I, Niagree); 19 | claim_7 (I, Secret, kir); 20 | } 21 | 22 | role R 23 | { 24 | var ni: Nonce; 25 | fresh nr: Nonce; 26 | var kir,kt: Sessionkey; 27 | var T: Ticket; 28 | 29 | recv_2 (S,R, T, { I,R,ni,kir,kt }k(R,S) ); 30 | send_3 (R,I, R, T, {ni, kir}kt, nr ); 31 | recv_4 (I,R, {nr,kir}kt ); 32 | 33 | claim_8 (R, Nisynch); 34 | claim_9 (R, Niagree); 35 | claim_10 (R, Secret, kir); 36 | } 37 | 38 | role S 39 | { 40 | var ni: Nonce; 41 | fresh kir, kt: Sessionkey; 42 | 43 | recv_1 (I,S, I,R,ni); 44 | send_2 (S,R, {I,R,ni,kir,kt}k(I,S), { I,R,ni,kir,kt }k(R,S) ); 45 | } 46 | } 47 | 48 | 49 | const te: Ticket; 50 | const ke: Sessionkey; 51 | 52 | -------------------------------------------------------------------------------- /testing/yahalom-lowe.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Yahalom Lowe 3 | * As in Sjouke's list 4 | */ 5 | 6 | usertype Sessionkey; 7 | 8 | secret k : Function; 9 | 10 | const kee: Sessionkey; 11 | 12 | protocol yahalomlowe(I,R,S) 13 | { 14 | role I 15 | { 16 | fresh ni: Nonce; 17 | var nr: Nonce; 18 | var kir: Sessionkey; 19 | 20 | send_1(I,R, I,ni); 21 | recv_3(S,I, {R,kir,ni,nr}k(I,S) ); 22 | send_5(I,R, {I,R,S,nr}kir ); 23 | 24 | claim_8(I, Secret,kir); 25 | claim_9(I, Niagree); 26 | claim_10(I, Nisynch); 27 | } 28 | 29 | role R 30 | { 31 | fresh nr: Nonce; 32 | var ni: Nonce; 33 | var kir: Sessionkey; 34 | 35 | recv_1(I,R, I,ni); 36 | send_2(R,S, {I,ni,nr}k(R,S) ); 37 | recv_4(S,R, {I,kir}k(R,S) ); 38 | recv_5(I,R, {I,R,S,nr}kir ); 39 | claim_11(R, Secret,kir); 40 | claim_12(R, Nisynch); 41 | claim_13(R, Niagree); 42 | } 43 | 44 | role S 45 | { 46 | fresh kir: Sessionkey; 47 | var ni,nr: Nonce; 48 | 49 | recv_2(R,S, {I,ni,nr}k(R,S) ); 50 | send_3(S,I, {R,kir,ni,nr}k(I,S) ); 51 | send_4(S,R, {I,kir}k(R,S) ); 52 | } 53 | } 54 | 55 | 56 | 57 | -------------------------------------------------------------------------------- /gui/Protocols/MultiProtocolAttacks/yahalom-ban-paulson.spdl: -------------------------------------------------------------------------------- 1 | // BAN modified version of the yahalom protocol 2 | // 3 | // Modeled as version in Paulson's paper: 4 | // "Relations Between Secrets: Two Formal Analyses of the Yahalom 5 | // Protocol" 6 | 7 | usertype Server; 8 | usertype SessionKey; 9 | 10 | protocol yahalom-BAN-Paulson(A,B,S) 11 | { 12 | role A 13 | { 14 | fresh na: Nonce; 15 | var nb: Nonce; 16 | var ticket: Ticket; 17 | var kab: SessionKey; 18 | 19 | send_1(A,B, A,na); 20 | recv_3(S,A, {B,kab,na,nb}k(A,S), ticket ); 21 | send_4(A,B, ticket, {nb}kab ); 22 | claim_5(A, Secret,kab); 23 | } 24 | 25 | role B 26 | { 27 | fresh nb: Nonce; 28 | var na: Nonce; 29 | var ticket: Ticket; 30 | var kab: SessionKey; 31 | 32 | recv_1(A,B, A,na); 33 | send_2(B,S, B, {A,na,nb}k(B,S) ); 34 | recv_4(A,B, {A,kab}k(B,S) , {nb}kab ); 35 | claim_6(B, Secret,kab); 36 | } 37 | 38 | role S 39 | { 40 | fresh kab: SessionKey; 41 | var na,nb: Nonce; 42 | 43 | recv_2(B,S, B, {A,na,nb}k(B,S) ); 44 | send_3(S,A, {B,kab,na,nb}k(A,S), {A,kab}k(B,S) ); 45 | } 46 | } 47 | 48 | -------------------------------------------------------------------------------- /testing/protocol-list.txt: -------------------------------------------------------------------------------- 1 | # List of protocols to test 2 | # 3 | andrew-ban.spdl 4 | andrew-lowe-ban.spdl 5 | #bke-broken.spdl 6 | #bke-one.spdl 7 | #bkepk-ce2.spdl 8 | #bkepk-ce.spdl 9 | #bkepk.spdl 10 | bke.spdl 11 | #boyd.spdl 12 | broken1.spdl 13 | #carkey-broken-limited.spdl 14 | #carkey-broken.spdl 15 | carkey-ni2.spdl 16 | carkey-ni.spdl 17 | ccitt509-ban.spdl 18 | denning-sacco-shared.spdl 19 | five-run-bound.spdl 20 | #gong-nonce-b.spdl 21 | #gong-nonce.spdl 22 | helloworld.spdl 23 | isoiec11770-2-13.spdl 24 | #kaochow-palm.spdl 25 | kaochow.spdl 26 | ns-symmetric.spdl 27 | ns-symmetric-amended.spdl 28 | ns3-brutus.spdl 29 | ns3.spdl 30 | nsl3-nisynch-rep.spdl 31 | nsl3.spdl 32 | nsl7.spdl 33 | #onetrace.spdl 34 | otwayrees.spdl 35 | #samasc-broken.spdl 36 | #simplest.spdl 37 | #soph-keyexch.spdl 38 | #soph.spdl 39 | #speedtest.spdl 40 | splice-as-hc-cj.spdl 41 | #splice-as-hc.spdl 42 | splice-as.spdl 43 | #tls-paulson.spdl 44 | tmn.spdl 45 | #unknown2.spdl 46 | wmf-brutus.spdl 47 | woolam-ce.spdl 48 | woolam-cmv.spdl 49 | yahalom-ban.spdl 50 | yahalom-lowe.spdl 51 | yahalom-paulson.spdl 52 | yahalom.spdl 53 | -------------------------------------------------------------------------------- /testing/unknown2.spdl: -------------------------------------------------------------------------------- 1 | usertype SessionKey; 2 | secret k: Function; 3 | 4 | protocol unknown2(I,R,S) 5 | { 6 | role I 7 | { 8 | fresh ni: Nonce; 9 | var nr: Nonce; 10 | var kir: SessionKey; 11 | var T; 12 | 13 | send_1(I,R, ni ); 14 | recv_3(S,I, { I,R,kir,ni,nr }k(I,S), T ); 15 | send_4(I,R, T, {nr}kir ); 16 | 17 | claim_i1(I,Nisynch); 18 | claim_i2(I,Niagree); 19 | claim_i3(I,Secret, kir); 20 | } 21 | 22 | role R 23 | { 24 | fresh nr: Nonce; 25 | var ni: Nonce; 26 | var kir: SessionKey; 27 | 28 | recv_1(I,R, ni ); 29 | send_2(R,S, { I,R,ni,nr }k(R,S) ); 30 | recv_4(I,R, { I,R,kir,ni,nr }k(R,S), {nr}kir ); 31 | 32 | claim_r1(R,Nisynch); 33 | claim_r2(R,Niagree); 34 | claim_r3(R,Secret, kir); 35 | } 36 | 37 | role S 38 | { 39 | fresh kir: SessionKey; 40 | var ni,nr: Nonce; 41 | 42 | recv_2(R,S, { I,R,ni,nr }k(R,S) ); 43 | send_3(S,I, { I,R,kir,ni,nr }k(I,S), { I,R,kir,ni,nr }k(R,S) ); 44 | 45 | /* 46 | claim_s1(S,Nisynch); 47 | claim_s2(S,Niagree); 48 | claim_s3(S,Secret, kir); 49 | */ 50 | } 51 | } 52 | 53 | 54 | const kee: SessionKey; 55 | 56 | -------------------------------------------------------------------------------- /src/debug.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Scyther : An automatic verifier for security protocols. 3 | * Copyright (C) 2007-2025 Cas Cremers 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #ifndef DEBUG_H 21 | #define DEBUG_H 22 | 23 | void debugSet (int level); 24 | int debugCond (int level); 25 | void debug (int level, char *string); 26 | 27 | #define DEBUGL(a) debugCond(a) 28 | 29 | #endif 30 | -------------------------------------------------------------------------------- /src/intruderknowledge.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Scyther : An automatic verifier for security protocols. 3 | * Copyright (C) 2007-2025 Cas Cremers 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #ifndef INTRUDERKNOWLEDGE 21 | #define INTRUDERKNOWLEDGE 22 | 23 | #include "system.h" 24 | #include "switches.h" 25 | 26 | void initialIntruderKnowledge (const System sys); 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /testing/yahalom-paulson.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Yahalom Paulson-strengthened 3 | * As in Sjouke's list 4 | */ 5 | 6 | usertype Sessionkey, Ticket; 7 | 8 | secret k : Function; 9 | 10 | const kee: Sessionkey; 11 | 12 | protocol yahalompaulson(I,R,S) 13 | { 14 | role I 15 | { 16 | fresh ni: Nonce; 17 | var nr: Nonce; 18 | var kir: Sessionkey; 19 | var T: Ticket; 20 | 21 | send_1(I,R, I,ni); 22 | recv_3(S,I, nr, {R,kir,ni}k(I,S), T ); 23 | send_4(I,R, T, {nr}kir ); 24 | 25 | claim_8(I, Secret,kir); 26 | claim_9(I, Nisynch); 27 | claim_10(I, Niagree); 28 | } 29 | 30 | role R 31 | { 32 | fresh nr: Nonce; 33 | var ni: Nonce; 34 | var kir: Sessionkey; 35 | 36 | recv_1(I,R, I,ni); 37 | send_2(R,S, R,nr,{I,ni}k(R,S) ); 38 | recv_4(I,R, {I,R,kir,nr}k(R,S), {nr}kir ); 39 | 40 | claim_11(R, Secret,kir); 41 | claim_12(R, Nisynch); 42 | claim_13(R, Niagree); 43 | } 44 | 45 | role S 46 | { 47 | fresh kir: Sessionkey; 48 | var ni,nr: Nonce; 49 | 50 | recv_2(R,S, R,nr, {I,ni}k(R,S) ); 51 | send_3(S,I, nr, { R,kir,ni }k(I,S), {I,R,kir,nr}k(R,S) ); 52 | } 53 | } 54 | 55 | 56 | 57 | -------------------------------------------------------------------------------- /testing/bkepk-ce.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | Bilateral Key Exchange with Public Key protocol (bkeCE) 3 | 4 | Version from Corin/Etalle: An Improved Constraint-Based System for the Verification of Security Protocols. 5 | Tried to stay as close as possible to compare timing results. 6 | */ 7 | 8 | usertype Key; 9 | 10 | const pk,hash: Function; 11 | secret sk,unhash: Function; 12 | 13 | inversekeys (pk,sk); 14 | inversekeys (hash,unhash); 15 | 16 | protocol bkeCE(A,B) 17 | { 18 | role A 19 | { 20 | var nb: Nonce; 21 | fresh na: Nonce; 22 | fresh kab: Key; 23 | 24 | recv_1 (B,A, B,{ nb,B }pk(A) ); 25 | send_2 (A,B, { hash(nb),na,A,kab }pk(B) ); 26 | recv_3 (B,A, { hash(na) }kab ); 27 | 28 | claim_A1 (A, Secret, na); 29 | claim_A2 (A, Secret, nb); 30 | } 31 | 32 | role B 33 | { 34 | fresh nb: Nonce; 35 | var na: Nonce; 36 | var kab: Key; 37 | 38 | send_1 (B,A, B,{ nb,B }pk(A) ); 39 | recv_2 (A,B, { hash(nb),na,A,kab }pk(B) ); 40 | send_3 (B,A, { hash(na) }kab ); 41 | 42 | claim_B1 (B, Secret, na); 43 | claim_B2 (B, Secret, nb); 44 | } 45 | 46 | } 47 | 48 | const Alice,Bob,Eve; 49 | 50 | 51 | 52 | -------------------------------------------------------------------------------- /testing/compositionality-examples/th-1seq2.spdl: -------------------------------------------------------------------------------- 1 | const pk: Function; 2 | secret sk: Function; 3 | inversekeys (pk,sk); 4 | const P1; 5 | const P2; 6 | 7 | protocol nsl3th3(I,R) 8 | { 9 | role I 10 | { 11 | fresh ni,ni2: Nonce; 12 | var nr,nr2: Nonce; 13 | 14 | send_1(I,R, {P1,I,ni}pk(R) ); 15 | recv_1b(R,I, {nr}pk(I) ); 16 | recv_2(R,I, {P1,ni,nr,R}pk(I) ); 17 | send_3(I,R, {P1,nr}pk(R) ); 18 | 19 | //claim_i(I,Nisynch); 20 | 21 | send_21(I,R, {P2,I,ni2}pk(R) ); 22 | recv_21b(R,I, {nr2}pk(I) ); 23 | recv_22(R,I, {P2,ni2,nr2,R}pk(I) ); 24 | send_23(I,R, {P2,nr2}pk(R) ); 25 | 26 | claim_i2(I,Nisynch); 27 | } 28 | 29 | role R 30 | { 31 | var ni,ni2: Nonce; 32 | fresh nr,nr2: Nonce; 33 | 34 | recv_1(I,R, {P1,I,ni}pk(R) ); 35 | send_1b(R,I, {nr}pk(I) ); 36 | send_2(R,I, {P1,ni,nr,R}pk(I) ); 37 | recv_3(I,R, {P1,nr}pk(R) ); 38 | 39 | //claim_r(R,Nisynch); 40 | 41 | recv_21(I,R, {P2,I,ni2}pk(R) ); 42 | send_21b(R,I, {nr2}pk(I) ); 43 | send_22(R,I, {P2,ni2,nr2,R}pk(I) ); 44 | recv_23(I,R, {P2,nr2}pk(R) ); 45 | 46 | claim_r2(R,Nisynch); 47 | } 48 | } 49 | 50 | 51 | 52 | 53 | -------------------------------------------------------------------------------- /testing/localclaims-breaker.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Breaker for localclaims protocol 3 | * 4 | * Starts out as NSL3; last message (label3) has added name to avoid 5 | * confusion with the later messages. 6 | * 7 | * Added messages labeled with x1 and x2 to allow for breaking the other 8 | * protocol. 9 | */ 10 | const pk: Function; 11 | secret sk: Function; 12 | inversekeys (pk,sk); 13 | 14 | protocol lcbreaker(I,R) 15 | { 16 | role I 17 | { 18 | fresh ni: Nonce; 19 | var nr: Nonce; 20 | var x: Nonce; 21 | 22 | send_1(I,R, {I,ni}pk(R) ); 23 | recv_2(R,I, {ni,nr,R}pk(I) ); 24 | send_3(I,R, {nr,I}pk(R) ); 25 | 26 | recv_x1(R,I, { x }pk(I) ); 27 | send_x2(I,R, { x }ni ); 28 | 29 | claim_i1(I,Secret,ni); 30 | claim_i2(I,Secret,nr); 31 | } 32 | 33 | role R 34 | { 35 | var ni: Nonce; 36 | fresh nr: Nonce; 37 | fresh x: Nonce; 38 | 39 | recv_1(I,R, {I,ni}pk(R) ); 40 | send_2(R,I, {ni,nr,R}pk(I) ); 41 | recv_3(I,R, {nr,I}pk(R) ); 42 | 43 | send_x1(R,I, { x }pk(I) ); 44 | recv_x2(I,R, { x }ni ); 45 | 46 | claim_r1(R,Secret,ni); 47 | claim_r2(R,Secret,nr); 48 | } 49 | } 50 | 51 | 52 | 53 | -------------------------------------------------------------------------------- /testing/compositionality-examples/th-1seq2-rename-ni.spdl: -------------------------------------------------------------------------------- 1 | const pk: Function; 2 | secret sk: Function; 3 | inversekeys (pk,sk); 4 | const P1; 5 | const P2; 6 | 7 | protocol nsl3th3ni(I,R) 8 | { 9 | role I 10 | { 11 | fresh ni,ni: Nonce; 12 | var nr,nr2: Nonce; 13 | 14 | send_1(I,R, {P1,I,ni}pk(R) ); 15 | recv_1b(R,I, {nr}pk(I) ); 16 | recv_2(R,I, {P1,ni,nr,R}pk(I) ); 17 | send_3(I,R, {P1,nr}pk(R) ); 18 | 19 | //claim_i(I,Nisynch); 20 | 21 | send_21(I,R, {P2,I,ni}pk(R) ); 22 | recv_21b(R,I, {nr2}pk(I) ); 23 | recv_22(R,I, {P2,ni,nr2,R}pk(I) ); 24 | send_23(I,R, {P2,nr2}pk(R) ); 25 | 26 | claim_i2(I,Nisynch); 27 | } 28 | 29 | role R 30 | { 31 | var ni,ni: Nonce; 32 | fresh nr,nr2: Nonce; 33 | 34 | recv_1(I,R, {P1,I,ni}pk(R) ); 35 | send_1b(R,I, {nr}pk(I) ); 36 | send_2(R,I, {P1,ni,nr,R}pk(I) ); 37 | recv_3(I,R, {P1,nr}pk(R) ); 38 | 39 | //claim_r(R,Nisynch); 40 | 41 | recv_21(I,R, {P2,I,ni}pk(R) ); 42 | send_21b(R,I, {nr2}pk(I) ); 43 | send_22(R,I, {P2,ni,nr2,R}pk(I) ); 44 | recv_23(I,R, {P2,nr2}pk(R) ); 45 | 46 | claim_r2(R,Nisynch); 47 | } 48 | } 49 | 50 | 51 | 52 | 53 | -------------------------------------------------------------------------------- /testing/compositionality-examples/th-1seq2-rename-nr.spdl: -------------------------------------------------------------------------------- 1 | const pk: Function; 2 | secret sk: Function; 3 | inversekeys (pk,sk); 4 | const P1; 5 | const P2; 6 | 7 | protocol nsl3th3nr(I,R) 8 | { 9 | role I 10 | { 11 | fresh ni,ni2: Nonce; 12 | var nr,nr: Nonce; 13 | 14 | send_1(I,R, {P1,I,ni}pk(R) ); 15 | recv_1b(R,I, {nr}pk(I) ); 16 | recv_2(R,I, {P1,ni,nr,R}pk(I) ); 17 | send_3(I,R, {P1,nr}pk(R) ); 18 | 19 | //claim_i(I,Nisynch); 20 | 21 | send_21(I,R, {P2,I,ni2}pk(R) ); 22 | recv_21b(R,I, {nr}pk(I) ); 23 | recv_22(R,I, {P2,ni2,nr,R}pk(I) ); 24 | send_23(I,R, {P2,nr}pk(R) ); 25 | 26 | claim_i2(I,Nisynch); 27 | } 28 | 29 | role R 30 | { 31 | var ni,ni2: Nonce; 32 | fresh nr,nr: Nonce; 33 | 34 | recv_1(I,R, {P1,I,ni}pk(R) ); 35 | send_1b(R,I, {nr}pk(I) ); 36 | send_2(R,I, {P1,ni,nr,R}pk(I) ); 37 | recv_3(I,R, {P1,nr}pk(R) ); 38 | 39 | //claim_r(R,Nisynch); 40 | 41 | recv_21(I,R, {P2,I,ni2}pk(R) ); 42 | send_21b(R,I, {nr}pk(I) ); 43 | send_22(R,I, {P2,ni2,nr,R}pk(I) ); 44 | recv_23(I,R, {P2,nr}pk(R) ); 45 | 46 | claim_r2(R,Nisynch); 47 | } 48 | } 49 | 50 | 51 | 52 | 53 | -------------------------------------------------------------------------------- /src/mymalloc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Scyther : An automatic verifier for security protocols. 3 | * Copyright (C) 2007-2025 Cas Cremers 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | /** 21 | * Malloc on all platforms except Apple ones 22 | */ 23 | 24 | #ifndef MYMALLOC 25 | #define MYMALLOC 26 | 27 | #ifndef __APPLE__ 28 | #include 29 | #else 30 | #include 31 | #endif 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | Please attach any files (with comments) needed to reproduce. 21 | 22 | **Expected behavior** 23 | A clear and concise description of what you expected to happen. 24 | 25 | **Screenshots** 26 | If applicable, add screenshots to help explain your problem. 27 | 28 | **Scyther version used:** 29 | - Version number, Scyther type [normal/compromising Adversaries/...] 30 | - Github commit id (if available) 31 | 32 | **Platform information (please complete the following information):** 33 | - OS: [e.g. iOS/MAC, Windows, Linux] 34 | - Version [e.g. Windows 10, Ubuntu 20.04, MacOS version] 35 | - If applicable, version numbers of graphviz, python, wxpython. 36 | 37 | **Additional context** 38 | Add any other context about the problem here. 39 | -------------------------------------------------------------------------------- /src/color.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Scyther : An automatic verifier for security protocols. 3 | * Copyright (C) 2007-2025 Cas Cremers 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #ifndef COLOROUTPUT 21 | #define COLOROUTPUT 22 | 23 | extern char *COLOR_Reset; 24 | extern char *COLOR_Red; 25 | extern char *COLOR_Green; 26 | extern char *COLOR_Bold; 27 | 28 | void colorInit (void); 29 | void colorDone (void); 30 | 31 | #endif 32 | -------------------------------------------------------------------------------- /gui/Protocols/ccitt509-ban3.spdl: -------------------------------------------------------------------------------- 1 | # BAN modified version of CCITT X.509 (3) 2 | # 3 | # Modelled after the description in the SPORE library 4 | # http://www.lsv.ens-cachan.fr/spore/ccittx509_3BAN.html 5 | # 6 | # Note: 7 | # The protocol description also states that Xa and Ya should be fresh 8 | # this can not be verified using scyther 9 | # 10 | # Note: 11 | # According to SPORE there are no known attacks on this protocol 12 | # 13 | 14 | protocol ccitt509-ban3(I,R) 15 | { 16 | role I 17 | { 18 | fresh Na,Xa,Ya: Nonce; 19 | var Xb,Nb,Yb: Nonce; 20 | 21 | send_1(I,R, I,{Na, R, Xa,{Ya}pk(R)}sk(I)); 22 | recv_2(R,I, R,{Nb, I, Na, Xb,{Yb}pk(I)}sk(R)); 23 | send_3(I,R, I,{R, Nb}sk(I)); 24 | claim_4(I,Nisynch); 25 | } 26 | 27 | role R 28 | { 29 | var Na,Xa,Ya: Nonce; 30 | fresh Xb,Yb,Nb: Nonce; 31 | 32 | recv_1(I,R, I,{Na, R, Xa,{Ya}pk(R)}sk(I)); 33 | send_2(R,I, R,{Nb, I, Na, Xb,{Yb}pk(I)}sk(R)); 34 | recv_3(I,R, I,{R, Nb}sk(I)); 35 | claim_5(R,Nisynch); 36 | # There should also be Fresh Xa and Fresh Ya claims here 37 | } 38 | } 39 | 40 | -------------------------------------------------------------------------------- /gui/Protocols/ISO-9798/isoiec-9798-4-3-udkey.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Modeled from ISO/IEC 9798 3 | * Modeler: Cas Cremers, Dec. 2010 4 | * 5 | * ccf 6 | * two-pass 7 | * mutual 8 | * 9 | * Unidirectional key version. 10 | * 11 | * Modeling notes: 12 | * 13 | * - The keyed CCF (f_kab(x)) is modeled as f(x,kab) 14 | */ 15 | hashfunction f; 16 | 17 | protocol isoiec-9798-4-3-udkey(A,B) 18 | { 19 | role A 20 | { 21 | fresh Text1,Text2: Ticket; 22 | var Text3,Text4: Ticket; 23 | fresh TNa: Nonce; 24 | var TNb: Nonce; 25 | 26 | claim(A,Running,B,TNa,Text1); 27 | send_1(A,B, TNa, Text2, f(TNa,Text1, k(A,B) ) ); 28 | recv_2(B,A, TNb, Text4, f(TNb,Text3, k(B,A) ) ); 29 | 30 | claim(A,Commit,B,TNb,Text3); 31 | claim(A,Alive); 32 | claim(A,Weakagree); 33 | } 34 | role B 35 | { 36 | var TNa: Nonce; 37 | fresh TNb: Nonce; 38 | var Text1,Text2: Ticket; 39 | fresh Text3,Text4: Ticket; 40 | 41 | recv_1(A,B, TNa, Text2, f(TNa,Text1, k(A,B) ) ); 42 | claim(B,Running,A,TNb,Text3); 43 | send_2(B,A, TNb, Text4, f(TNb,Text3, k(B,A) ) ); 44 | 45 | claim(B,Commit,A,TNa,Text1); 46 | claim(B,Alive); 47 | claim(B,Weakagree); 48 | } 49 | } 50 | 51 | -------------------------------------------------------------------------------- /src/pheading.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Scyther : An automatic verifier for security protocols. 3 | * Copyright (C) 2007-2025 Cas Cremers 4 | * 5 | * This program is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU General Public License 7 | * as published by the Free Software Foundation; either version 2 8 | * of the License, or (at your option) any later version. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program; if not, write to the Free Software 17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | 20 | #ifndef PHEADING 21 | #define PHEADING 22 | 23 | #define YY_NO_UNPUT 24 | 25 | #include 26 | #include 27 | #include "term.h" 28 | #include "termlist.h" 29 | #include "symbol.h" 30 | #include "system.h" 31 | #include "tac.h" 32 | #endif 33 | -------------------------------------------------------------------------------- /manual/macros.tex: -------------------------------------------------------------------------------- 1 | % Assist 2 | \newcommand{\z}[1]{\mathit{#1}} %text in math mode, keep size using amstext 3 | 4 | % For the MSC 5 | \newcommand{\synch}{\z{ni\text{-}synch}} %synchronization claim 6 | \newcommand{\isynch}{\z{i\text{-}synch}} %synchronization claim 7 | \newcommand{\agree}{\z{ni\text{-}agree}} %full agreement claim 8 | \newcommand{\iagree}{\z{i\text{-}agree}} %injective full agreement claim 9 | \newcommand{\secret}{\z{secret}} %secrecy claim 10 | \newcommand{\enc}[2]{\{{#1}\}_{#2}} %Encryption 11 | \newcommand{\nI}{ni} 12 | \newcommand{\nR}{nr} 13 | \newcommand{\nS}{ns} 14 | \newcommand{\nb}{nb} 15 | \newcommand{\pkIinv}{sk(I)} 16 | \newcommand{\pkRinv}{sk(R)} 17 | \newcommand{\pkSinv}{sk(S)} 18 | \newcommand{\pkbinv}{sk(b)} 19 | \newcommand{\pkI}{pk(I)} 20 | \newcommand{\pkR}{pk(R)} 21 | \newcommand{\pkS}{pk(S)} 22 | 23 | %%% Abbreviation macros 24 | \newcommand{\ie}{i.\@\,e.\@\xspace} 25 | \newcommand{\eg}{e.\@\,g.\@\xspace} 26 | \newcommand{\wrt}{w.\@\,r.\@\,t.\@\xspace} 27 | \newcommand{\st}{s.\@\,t.\@\xspace} 28 | \newcommand{\etc}{etc.\@\xspace} 29 | \newcommand{\etal}{et~al.\@\xspace} 30 | -------------------------------------------------------------------------------- /gui/Protocols/ISO-9798/isoiec-9798-2-1.spdl: -------------------------------------------------------------------------------- 1 | /* 2 | * Modeled from ISO/IEC 9798 3 | * Modeler: Cas Cremers, Dec. 2010 4 | * 5 | * symmetric 6 | * one-pass 7 | * unilateral 8 | * 9 | * Note: the identity B may be ommitted, if 10 | * (a) the environment disallows such attacks, or 11 | * (b) a unidirectional key is used 12 | */ 13 | protocol @keysymm-21(A,B) 14 | { 15 | role A 16 | { 17 | var T: Nonce; 18 | var Text: Ticket; 19 | 20 | recv_!1(B,A, { T, A, Text }k(A,B) ); 21 | send_!2(A,B, { T, A, Text }k(B,A) ); 22 | } 23 | role B 24 | { 25 | var T: Nonce; 26 | var Text: Ticket; 27 | 28 | recv_!3(A,B, { T, B, Text }k(A,B) ); 29 | send_!4(B,A, { T, B, Text }k(B,A) ); 30 | } 31 | } 32 | 33 | protocol isoiec-9798-2-1(A,B) 34 | { 35 | role A 36 | { 37 | fresh TNA: Nonce; 38 | fresh Text1,Text2: Ticket; 39 | 40 | claim(A,Running,B,TNA,Text1); 41 | send_1(A,B, Text2, { TNA, B, Text1 }k(A,B) ); 42 | } 43 | role B 44 | { 45 | var TNA: Nonce; 46 | var Text1,Text2: Ticket; 47 | 48 | recv_1(A,B, Text2, { TNA, B, Text1 }k(A,B) ); 49 | 50 | claim(B,Commit,A,TNA,Text1); 51 | claim(B,Alive); 52 | claim(B,Weakagree); 53 | } 54 | } 55 | 56 | --------------------------------------------------------------------------------