59 lines
1.1 KiB
Plaintext
59 lines
1.1 KiB
Plaintext
free C,S.
|
|
free c.
|
|
|
|
free hello,ack.
|
|
|
|
private free m.
|
|
|
|
fun vk/1.
|
|
fun ek/1.
|
|
fun h/1.
|
|
|
|
fun sign/2.
|
|
reduc checksign(sign(m,k),vk(k)) = m.
|
|
|
|
fun aenc/2.
|
|
reduc adec(aenc(m,ek(k)),k) = m.
|
|
|
|
fun senc/2.
|
|
reduc sdec(senc(m,k),k) = m.
|
|
|
|
query ev:endServerAuth(x,y) ==> ev:beginServerAuth(x,y).
|
|
query ev:endClientAuth(x,y,z) ==> ev:beginClientAuth(x,y,z).
|
|
|
|
let client =
|
|
in(d,(idC,idS));
|
|
new nC;
|
|
out(c,(hello,nC));
|
|
in(c,(=hello,nS));
|
|
in(c,(cert,vkS));
|
|
let (=vkS,ekS)=checksign(cert,vkS) in
|
|
new secret;
|
|
out(c,aenc(secret,ekS));
|
|
event beginClientAuth(nC,nS,secret);
|
|
let k=h((secret,nC,nS)) in
|
|
out(c,senc((m),k));
|
|
in(c,x);
|
|
let (=ack)=sdec(x,k) in
|
|
event endServerAuth(nC,nS).
|
|
|
|
let server =
|
|
in(d,(idC,idS));
|
|
new dkS;
|
|
in(c,(hello,nC));
|
|
new nS;
|
|
event beginServerAuth(nC,nS);
|
|
out(c,(hello,nS));
|
|
out(c,(sign((vk(dkS),ek(dkS)),dkS),vk(dkS)));
|
|
in(c,x);
|
|
let secret=adec(x,dkS) in
|
|
let k=h((secret,nC,nS)) in
|
|
in(c,y);
|
|
let (=m)=sdec(y,k) in
|
|
event endClientAuth(nC,nS,secret);
|
|
out(c,senc((ack),k)).
|
|
|
|
process
|
|
new d;
|
|
! (out(d,(C,S)) | client | server)
|