|
@@ -15,19 +15,21 @@
|
|
--
|
|
--
|
|
--------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
+
|
|
--------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------
|
|
-- Declarations
|
|
-- Declarations
|
|
--------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------
|
|
|
|
|
|
const
|
|
const
|
|
- NumParticipants: 2; -- number of participants in the system
|
|
|
|
- NetworkSize: 1; -- max. number of outstanding messages in network
|
|
|
|
- MaxKnowledge: 10; -- max. number of messages intruder can remember
|
|
|
|
|
|
+ NumClients: 2; -- number of clients in the system
|
|
|
|
+ NetworkSize: 1; -- maximum number of in-flight messages in network
|
|
|
|
+ MaxMessages: 10; -- maximum number of messages sent in a conversation
|
|
|
|
+ MaxKnowledge: 10; -- maximum number of messages intruder can remember
|
|
|
|
|
|
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
|
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
|
|
|
|
|
type
|
|
type
|
|
- ParticipantId: scalarset (NumParticipants);
|
|
|
|
|
|
+ InstanceTag: scalarset (NumClients);
|
|
|
|
|
|
MessageType : enum { -- Types of messages that can be sent
|
|
MessageType : enum { -- Types of messages that can be sent
|
|
M_Plaintext, -- Ordinary plaintext without special values
|
|
M_Plaintext, -- Ordinary plaintext without special values
|
|
@@ -54,9 +56,17 @@ type
|
|
};
|
|
};
|
|
|
|
|
|
Message : record
|
|
Message : record
|
|
- src, dst: ParticipantId;
|
|
|
|
msgType: MessageType;
|
|
msgType: MessageType;
|
|
|
|
+
|
|
|
|
+ src, dst: InstanceTag; -- The actual sender & receiver clients
|
|
|
|
+ -- TODO
|
|
|
|
+ endrecord;
|
|
|
|
+
|
|
|
|
+ ClientProfile : record
|
|
|
|
+ owner: InstanceTag; -- Instance tag of creating client
|
|
-- TODO
|
|
-- TODO
|
|
|
|
+
|
|
|
|
+ expired: boolean;
|
|
endrecord;
|
|
endrecord;
|
|
|
|
|
|
-- Not modeled: fragmented messages
|
|
-- Not modeled: fragmented messages
|
|
@@ -78,22 +88,102 @@ type
|
|
SMP_Expect4 -- Waiting for a T_SMP4 TLV
|
|
SMP_Expect4 -- Waiting for a T_SMP4 TLV
|
|
};
|
|
};
|
|
|
|
|
|
- Participant : record
|
|
|
|
|
|
+ Conversation : record
|
|
protoState: ProtocolState; -- Overall protocol state machine
|
|
protoState: ProtocolState; -- Overall protocol state machine
|
|
smpState: SMPState; -- SMP state machine
|
|
smpState: SMPState; -- SMP state machine
|
|
-- TODO
|
|
-- TODO
|
|
endrecord;
|
|
endrecord;
|
|
|
|
+
|
|
|
|
+ msgCount: 0 .. MaxMessages;
|
|
|
|
+
|
|
|
|
+ Client : record
|
|
|
|
+ conv: array[InstanceTag] of Conversation;
|
|
|
|
+ msgCount: msgCount
|
|
|
|
+ endrecord;
|
|
|
|
|
|
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
|
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
|
|
|
|
|
-- The global state of the system
|
|
-- The global state of the system
|
|
var
|
|
var
|
|
- net: multiset[NetworkSize] of Message; -- In-flight messages
|
|
|
|
- agents: array[ParticipantId] of Participant; -- Honest clients
|
|
|
|
|
|
+ net: multiset[NetworkSize] of Message; -- In-flight messages
|
|
|
|
+ clients: array[InstanceTag] of Client; -- Honest clients
|
|
|
|
|
|
-- Adversarial knowledge:
|
|
-- Adversarial knowledge:
|
|
-- TODO
|
|
-- TODO
|
|
|
|
|
|
|
|
+
|
|
--------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------
|
|
--- Rules
|
|
|
|
|
|
+-- Helper procedures and functions
|
|
--------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------
|
|
|
|
+
|
|
|
|
+function transmittable(src, dst: InstanceTag) : boolean;
|
|
|
|
+begin
|
|
|
|
+ return src != dst
|
|
|
|
+ & multisetcount(l:net, true) < NetworkSize
|
|
|
|
+ & clients[src].msgCount < MaxMessages;
|
|
|
|
+endfunction;
|
|
|
|
+
|
|
|
|
+procedure transmitMessage(src, dst: InstanceTag; var msg: Message);
|
|
|
|
+begin
|
|
|
|
+ msg.src := src;
|
|
|
|
+ msg.dst := dst;
|
|
|
|
+ multisetadd(msg, net);
|
|
|
|
+ clients[src].msgCount := clients[src].msgCount + 1
|
|
|
|
+endprocedure;
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+--------------------------------------------------------------------------------
|
|
|
|
+-- Client and user rules
|
|
|
|
+--------------------------------------------------------------------------------
|
|
|
|
+
|
|
|
|
+ruleset a : InstanceTag; b : InstanceTag do
|
|
|
|
+ rule "User requests a new OTR conversation with a query message"
|
|
|
|
+ transmittable(a, b)
|
|
|
|
+ & clients[a].conv[b].protoState != S_EncryptedMessages
|
|
|
|
+ ==>
|
|
|
|
+ var msg: Message;
|
|
|
|
+ begin
|
|
|
|
+ undefine msg;
|
|
|
|
+ msg.msgType := M_QueryMessage;
|
|
|
|
+ transmitMessage(a, b, msg)
|
|
|
|
+ endrule;
|
|
|
|
+endruleset;
|
|
|
|
+
|
|
|
|
+ruleset a : InstanceTag; b : InstanceTag do
|
|
|
|
+ rule "User requests a new OTR conversation with a whitespace tag"
|
|
|
|
+ transmittable(a, b)
|
|
|
|
+ & clients[a].conv[b].protoState != S_EncryptedMessages
|
|
|
|
+ ==>
|
|
|
|
+ var msg: Message;
|
|
|
|
+ begin
|
|
|
|
+ undefine msg;
|
|
|
|
+ msg.msgType := M_WSpTaggedPlaintext;
|
|
|
|
+ transmitMessage(a, b, msg)
|
|
|
|
+ endrule;
|
|
|
|
+endruleset;
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+--------------------------------------------------------------------------------
|
|
|
|
+-- Starting state
|
|
|
|
+--------------------------------------------------------------------------------
|
|
|
|
+
|
|
|
|
+startstate
|
|
|
|
+ undefine net;
|
|
|
|
+
|
|
|
|
+ undefine clients;
|
|
|
|
+
|
|
|
|
+ for i : InstanceTag do
|
|
|
|
+ clients[i].msgCount := 0;
|
|
|
|
+
|
|
|
|
+ for j : InstanceTag do
|
|
|
|
+ alias
|
|
|
|
+ c : clients[i].conv[j]
|
|
|
|
+ do
|
|
|
|
+ c.protoState := S_Start;
|
|
|
|
+ c.smpState := SMP_Expect1
|
|
|
|
+ endalias;
|
|
|
|
+ endfor;
|
|
|
|
+ endfor;
|
|
|
|
+endstartstate;
|