gitea-mirror/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2026-02-28 06:23:08 -08:00
Code Issues Packages Projects Releases Wiki Activity

fixed issues with identity hiding proverif code

Browse Source
This commit is contained in:
James Brownlee
2023-12-14 21:02:39 -05:00
parent 2c4ab16eb7
commit df8990f4f8
2 changed files with 34 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
analysis/03_identity_hiding.entry.mpv
View File

@@ -17,72 +17,37 @@
new MCAT(name, _secret_seed):seed_prec; \
name <- make_trusted_seed(MCAT(name, _secret_seed)); \
free C2:channel.
free D:channel [private].
free secure_biscuit_no:Atom [private].
free secure_sidi,secure_sidr:SessionId [private].
free secure_psk:key [private].
free secure_septi_trusted_prec: seed_prec [private].
free secure_sspti_trusted_prec: seed_prec [private].
free secure_seski_trusted_prec: seed_prec [private].
free secure_ssptr_trusted_prec: seed_prec [private].
free initiator1, initiator2:kem_sk_prec[private].
free responder1, responder2:kem_sk_prec[private].
free initiator1, initiator2:kem_sk_prec.
free responder1, responder2:kem_sk_prec.
let secure_init_hello2(initiator: kem_sk_tmpl, sidi : SessionId, psk: key_tmpl, responder: kem_sk_tmpl, C:channel) =
let secure_init_hello(initiator: kem_sk_tmpl, sidi : SessionId, psk: key_tmpl, responder: kem_sk_tmpl) =
NEW_TRUSTED_SEED(seski_trusted_seed)
NEW_TRUSTED_SEED(ssptr_trusted_seed)
Oinitiator_inner(sidi, initiator, psk, responder, seski_trusted_seed, ssptr_trusted_seed, C).
Oinitiator_inner(sidi, initiator, psk, responder, seski_trusted_seed, ssptr_trusted_seed, D).
let secure_resp_hello2(initiator: kem_sk_tmpl, responder: kem_sk_tmpl, sidr:SessionId, sidi:SessionId, biscuit_no:Atom, psk:key_tmpl, C_in:channel) =
in(C_in, Envelope(k, IH2b(InitHello(=sidi, epki, sctr, pidiC, auth))));
let secure_resp_hello(initiator: kem_sk_tmpl, responder: kem_sk_tmpl, sidr:SessionId, sidi:SessionId, biscuit_no:Atom, psk:key_tmpl) =
in(D, Envelope(k, IH2b(InitHello(=sidi, epki, sctr, pidiC, auth))));
ih <- InitHello(sidi, epki, sctr, pidiC, auth);
NEW_TRUSTED_SEED(septi_trusted_seed)
NEW_TRUSTED_SEED(sspti_trusted_seed)
Oinit_hello_inner(sidr, biscuit_no, responder, psk, initiator, septi_trusted_seed, sspti_trusted_seed, ih, C).
Oinit_hello_inner(sidr, biscuit_no, responder, psk, initiator, septi_trusted_seed, sspti_trusted_seed, ih, D).
let secure_init_conf2(initiator: kem_sk_tmpl, responder: kem_sk_tmpl, psk:key_tmpl, sidi:SessionId, sidr:SessionId, C_in:channel) =
in(C_in, Envelope(k3, IC2b(InitConf(=sidi, =sidr, biscuit, auth3))));
let secure_init_conf(initiator: kem_sk_tmpl, responder: kem_sk_tmpl, psk:key_tmpl, sidi:SessionId, sidr:SessionId) =
in(D, Envelope(k3, IC2b(InitConf(=sidi, =sidr, biscuit, auth3))));
ic <- InitConf(sidi,sidr,biscuit, auth3);
NEW_TRUSTED_SEED(seski_trusted_seed)
NEW_TRUSTED_SEED(ssptr_trusted_seed)
Oinit_conf_inner(initiator, psk, responder, ic, C).
Oinit_conf_inner(initiator, psk, responder, ic).
fun Csecure_init_hello(SessionId, key_tmpl, kem_sk_tmpl): Atom[data].
let secure_init_hello(initiator: kem_sk_tmpl) =
NEW_TRUSTED_SEED(seski_trusted_seed)
NEW_TRUSTED_SEED(ssptr_trusted_seed)
in(C, Csecure_init_hello(sidi, psk, responder));
Oinitiator_inner(sidi, initiator, psk, responder, seski_trusted_seed, ssptr_trusted_seed, C).
fun Csecure_resp_hello(SessionId, SessionId, Atom, key_tmpl, kem_sk_tmpl, InitHello_t): Atom[data].
let secure_resp_hello(initiator: kem_sk_tmpl) =
NEW_TRUSTED_SEED(septi_trusted_seed)
NEW_TRUSTED_SEED(sspti_trusted_seed)
in(C, Csecure_resp_hello(sidr, sidi, biscuit_no, psk, responder, ih));
Oinit_hello_inner(sidr, biscuit_no, responder, psk, initiator, septi_trusted_seed, sspti_trusted_seed, ih, C).
fun Csecure_init_conf(key_tmpl, kem_sk_tmpl, InitConf_t): Atom[data].
let secure_init_conf(initiator: kem_sk_tmpl) =
NEW_TRUSTED_SEED(seski_trusted_seed)
NEW_TRUSTED_SEED(ssptr_trusted_seed)
in(C, Csecure_init_conf(psk, responder, ic));
Oinit_conf_inner(initiator, psk, responder, ic, C).
let secure_communication(initiator: kem_sk_tmpl, responder:kem_sk_tmpl, C:channel) =
let secure_communication(initiator: kem_sk_tmpl, responder:kem_sk_tmpl) =
secure_key <- prepare_key(secure_psk);
(!secure_init_hello2(initiator, secure_sidi, secure_key, responder, C))
| !secure_resp_hello2(initiator, responder, secure_sidr, secure_sidi, secure_biscuit_no, secure_key, C)
| !(secure_init_conf2(initiator, responder, secure_key, secure_sidi, secure_sidr, C)).
let run_secure_protocols(participant:kem_sk_tmpl) =
!(secure_init_hello(participant))
| !(secure_resp_hello(participant))
| !(secure_init_conf(participant)).
let secure_particpant_communication() = 0
| !run_secure_protocols(make_trusted_kem_sk(responder1)) | !run_secure_protocols(make_trusted_kem_sk(responder2))
| !run_secure_protocols(make_trusted_kem_sk(initiator1)) | !run_secure_protocols(make_trusted_kem_sk(initiator2)).
(!secure_init_hello(initiator, secure_sidi, secure_key, responder))
| !secure_resp_hello(initiator, responder, secure_sidr, secure_sidi, secure_biscuit_no, secure_key)
| !(secure_init_conf(initiator, responder, secure_key, secure_sidi, secure_sidr)).
let pipeChannel(D:channel, C:channel) =
in(D, b:bits);
@@ -93,13 +58,13 @@ fun kem_private(kem_pk): kem_sk
kem_private(kem_pub(sk_tmpl)) = sk_tmpl[private].
let secretCommunication() =
// initiator_pk <- choice[setup_kem_pk(make_trusted_kem_sk(initiator1)), setup_kem_pk(make_trusted_kem_sk(initiator2))];
// initiator_seed <- prepare_kem_sk(kem_private(initiator_pk));
initiator_seed <- prepare_kem_sk(trusted_kem_sk(initiator1));
responder_pk <- choice[setup_kem_pk(make_trusted_kem_sk(responder1)), setup_kem_pk(make_trusted_kem_sk(responder2))];
responder_seed <- prepare_kem_sk(kem_private(responder_pk));
secure_communication(initiator_seed, responder_seed, D) | !pipeChannel(D, C2).
initiator_pk <- choice[setup_kem_pk(make_trusted_kem_sk(initiator1)), setup_kem_pk(make_trusted_kem_sk(initiator2))];
initiator_seed <- prepare_kem_sk(kem_private(initiator_pk));
responder_seed <- prepare_kem_sk(trusted_kem_sk(responder1));
// initiator_seed <- prepare_kem_sk(trusted_kem_sk(initiator1));
// responder_pk <- choice[setup_kem_pk(make_trusted_kem_sk(responder1)), setup_kem_pk(make_trusted_kem_sk(responder2))];
// responder_seed <- prepare_kem_sk(kem_private(responder_pk));
secure_communication(initiator_seed, responder_seed) | !pipeChannel(D, C).
let reveal_pks() =
out(C, setup_kem_pk(make_trusted_kem_sk(responder1)));
@@ -107,8 +72,12 @@ let reveal_pks() =
out(C, setup_kem_pk(make_trusted_kem_sk(initiator1)));
out(C, setup_kem_pk(make_trusted_kem_sk(initiator2))).
let identity_hiding_main() =
0 | reveal_pks() | secure_particpant_communication() | phase 1; secretCommunication().
let rosenpass_main2() =
REP(INITIATOR_BOUND, Oinitiator)
| REP(RESPONDER_BOUND, Oinit_hello)
| REP(RESPONDER_BOUND, Oinit_conf).
let identity_hiding_main() =
0 | reveal_pks() | rosenpass_main2() | phase 1; secretCommunication().
let main = identity_hiding_main.