equal
deleted
inserted
replaced
46 PRF :: "nat*nat*nat => nat" |
46 PRF :: "nat*nat*nat => nat" |
47 |
47 |
48 (*Client, server write keys generated uniformly by function sessionK |
48 (*Client, server write keys generated uniformly by function sessionK |
49 to avoid duplicating their properties. |
49 to avoid duplicating their properties. |
50 Theyimplicitly include the MAC secrets.*) |
50 Theyimplicitly include the MAC secrets.*) |
51 sessionK :: "bool*nat*nat*nat => key" |
51 sessionK :: "(nat*nat*nat)*bool => key" |
52 |
52 |
53 certificate :: "[agent,key] => msg" |
53 certificate :: "[agent,key] => msg" |
54 |
54 |
55 defs |
55 defs |
56 certificate_def |
56 certificate_def |
58 |
58 |
59 syntax |
59 syntax |
60 clientK, serverK :: "nat*nat*nat => key" |
60 clientK, serverK :: "nat*nat*nat => key" |
61 |
61 |
62 translations |
62 translations |
63 "clientK (x)" == "sessionK(True,x)" |
63 "clientK (x)" == "sessionK(x,True)" |
64 "serverK (x)" == "sessionK(False,x)" |
64 "serverK (x)" == "sessionK(x,False)" |
65 |
65 |
66 rules |
66 rules |
67 inj_PRF "inj PRF" |
67 inj_PRF "inj PRF" |
68 |
68 |
69 (*sessionK is collision-free and makes symmetric keys*) |
69 (*sessionK is collision-free and makes symmetric keys*) |
250 (Hash{|Nonce M, Number SID, |
250 (Hash{|Nonce M, Number SID, |
251 Nonce NA, Number XA, Agent A, |
251 Nonce NA, Number XA, Agent A, |
252 Nonce NB, Number XB, Agent B|})) |
252 Nonce NB, Number XB, Agent B|})) |
253 # evsCR : tls" |
253 # evsCR : tls" |
254 |
254 |
255 (**Oops message??**) |
255 Oops |
|
256 (*The most plausible compromise is of an old session key. Losing |
|
257 the MASTER SECRET or PREMASTER SECRET is more serious but |
|
258 rather unlikely.*) |
|
259 "[| evso: tls; A ~= Spy; |
|
260 Says A B (Crypt (sessionK((NA,NB,M),b)) X) : set evso |] |
|
261 ==> Says A Spy (Key (sessionK((NA,NB,M),b))) # evso : tls" |
256 |
262 |
257 end |
263 end |