Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Verifpal
Verifpal
Commits
fe9a9e18
Commit
fe9a9e18
authored
Jan 07, 2021
by
Nadim Kobeissi
💾
Browse files
Tidy up examples folder
parent
1557f8e7
Pipeline
#819
passed with stages
in 2 minutes and 13 seconds
Changes
14
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
examples/blind.vp
deleted
100644 → 0
View file @
1557f8e7
// SPDX-FileCopyrightText: © 2019-2021 Nadim Kobeissi <nadim@symbolic.software>
// SPDX-License-Identifier: GPL-3.0-only
attacker[active]
principal Alice[
generates k
knows private m
b = BLIND(k, m)
]
Alice -> Sarah: b
principal Sarah[
knows private s
gs = G^s
blindsig = SIGN(s, b)
]
Sarah -> Alice: blindsig, gs
principal Alice[
unblindedsig = UNBLIND(k, m, blindsig)
_ = SIGNVERIF(gs, m, unblindedsig)?
]
queries[
confidentiality? m
]
examples/cen.vp
→
examples/
contact-tracing/
cen.vp
View file @
fe9a9e18
File moved
examples/lc-dp-3t.vp
→
examples/
contact-tracing/
lc-dp-3t.vp
View file @
fe9a9e18
File moved
examples/protonmail.vp
→
examples/
messaging/
protonmail.vp
View file @
fe9a9e18
File moved
examples/scuttlebutt.vp
→
examples/
messaging/
scuttlebutt.vp
View file @
fe9a9e18
File moved
examples/scuttlebutt_simple.vp
→
examples/
messaging/
scuttlebutt_simple.vp
View file @
fe9a9e18
File moved
examples/signal.vp
→
examples/
messaging/
signal.vp
View file @
fe9a9e18
File moved
examples/signal_small.vp
→
examples/
messaging/
signal_small.vp
View file @
fe9a9e18
File moved
examples/userbase.vp
→
examples/
messaging/
userbase.vp
View file @
fe9a9e18
File moved
examples/proverif/ffgg.pv
deleted
100644 → 0
View file @
1557f8e7
type skey.
type pkey.
type nonce.
fun pk(skey): pkey.
fun encrypt(bitstring, pkey): bitstring.
reduc forall x: bitstring, y: skey; decrypt(encrypt(x,pk(y)),y) = x.
free c: channel.
free M: nonce [private].
query attacker(M).
let processA(pkB: pkey) =
in(c,(n1: nonce, n2: nonce));
out(c, encrypt((n1, n2, M ), pkB)).
let processB(skB: skey, pkB: pkey) =
new n1: nonce; new n2: nonce;
out(c, (n1, n2));
in(c, mes: bitstring);
let (=n1, x1: nonce, x2: nonce) = decrypt(mes, skB) in
out(c, (x1, encrypt((x1, x2, n1), pkB))).
process
new skB: skey; let pkB = pk(skB) in
out(c, pkB);
((!processA(pkB)) | (!processB(skB, pkB)))
examples/tls13.vp
deleted
100644 → 0
View file @
1557f8e7
// SPDX-FileCopyrightText: © 2019-2021 Nadim Kobeissi <nadim@symbolic.software>
// SPDX-License-Identifier: GPL-3.0-only
attacker[active]
principal Client[
generates clientRandom
generates c
gc = G^c
]
principal Server[
knows private certificateKey
knows public hostname
generates serverRandom
generates s
gs = G^s
certificate = HASH(certificateKey, hostname)
gCertificate = G^certificateKey
]
Client -> Server: clientRandom, [gc]
Server -> Client: serverRandom, [gs]
principal Server[
knows public derived
knows public c_hs_traffic
knows public s_hs_traffic
knows public key
knows public iv
sharedSecretServer = gc^s
helloHashServer = HASH(clientRandom, gc, serverRandom, gs)
earlySecretServer = HKDF(nil, nil, nil)
emptyHashServer = HASH(nil)
derivedSecretServer = HKDF(earlySecretServer, derived, emptyHashServer)
handshakeSecretServer = HKDF(derivedSecretServer, sharedSecretServer, nil)
clientHandshakeTrafficSecretServer = HKDF(handshakeSecretServer, c_hs_traffic, helloHashServer)
serverHandshakeTrafficSecretServer = HKDF(handshakeSecretServer, s_hs_traffic, helloHashServer)
clientHandshakeKeyServer = HKDF(clientHandshakeTrafficSecretServer, key, nil)
serverHandshakeKeyServer = HKDF(serverHandshakeTrafficSecretServer, key, nil)
clientHandshakeIVServer = HKDF(clientHandshakeTrafficSecretServer, iv, nil)
serverHandshakeIVServer = HKDF(serverHandshakeTrafficSecretServer, iv, nil)
]
principal Client[
knows public derived
knows public c_hs_traffic
knows public s_hs_traffic
knows public key
knows public iv
sharedSecretClient = gs^c
helloHashClient = HASH(clientRandom, gc, serverRandom, gs)
earlySecretClient = HKDF(nil, nil, nil)
emptyHashClient = HASH(nil)
derivedSecretClient = HKDF(earlySecretClient, derived, emptyHashClient)
handshakeSecretClient = HKDF(derivedSecretClient, sharedSecretClient, nil)
clientHandshakeTrafficSecretClient = HKDF(handshakeSecretClient, c_hs_traffic, helloHashClient)
serverHandshakeTrafficSecretClient = HKDF(handshakeSecretClient, s_hs_traffic, helloHashClient)
clientHandshakeKeyClient = HKDF(clientHandshakeTrafficSecretClient, key, nil)
serverHandshakeKeyClient = HKDF(serverHandshakeTrafficSecretClient, key, nil)
clientHandshakeIVClient = HKDF(clientHandshakeTrafficSecretClient, iv, nil)
serverHandshakeIVClient = HKDF(serverHandshakeTrafficSecretClient, iv, nil)
]
principal Server[
e1 = AEAD_ENC(serverHandshakeKeyServer, certificate, nil)
certVerifyServer = SIGN(certificateKey, HASH(helloHashServer, e1))
e2 = AEAD_ENC(serverHandshakeKeyServer, certVerifyServer, nil)
e3 = AEAD_ENC(serverHandshakeKeyServer, gCertificate, nil)
]
Server -> Client: e1, e2, e3
principal Client[
d1 = AEAD_DEC(serverHandshakeKeyClient, e1, nil)?
d2 = AEAD_DEC(serverHandshakeKeyClient, e2, nil)?
d3 = AEAD_DEC(serverHandshakeKeyClient, e3, nil)?
_ = SIGNVERIF(d3, HASH(helloHashClient, e1), d2)?
]
principal Server[
]
queries[
confidentiality? certificate
]
examples/firefoxsync.vp
→
examples/
transport-layer/
firefoxsync.vp
View file @
fe9a9e18
File moved
examples/needham-schroeder.vp
→
examples/
transport-layer/
needham-schroeder.vp
View file @
fe9a9e18
File moved
examples/piknik.vp
→
examples/
transport-layer/
piknik.vp
View file @
fe9a9e18
File moved
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
