A Python wrapper for Tamarin Prover that enables batch execution of protocol verification tasks with JSON configuration files, comprehensive reporting, and validation tools.
- Batch Execution: Run multiple Tamarin models across different Tamarin binary versions
- JSON Configuration: Define execution recipes using simple JSON configuration files
- Interactive Configuration: Generate JSON configurations from spthy files with guided prompts
- Resource Management: Intelligent CPU and memory allocation for parallel task execution
- Progress Tracking: Real-time progress updates with Rich-formatted output
- Output Processing: Reformat the different Tamarin output to give a detailed summary of execution
- CLI Interface: Easy-to-use command-line interface with
run,check,init, andreportcommands - Configuration Validation: Validate JSON recipes and preview tasks before execution
- Wellformedness Checking: Check theory files for syntax errors and warnings
- Comprehensive Reporting: Generate detailed reports in multiple formats (Markdown, HTML, LaTeX, Typst)
- Result Caching: Intelligent caching system to avoid re-executing identical tasks
- Trace Visualization: Automatic generation of attack trace visualizations in SVG format
- Features
- Installation
- Usage
- Development
- Packaging/Publishing
- License
- Implementation Details
- Acknowledgments
- Final Note
- Python 3.9+
- Tamarin Prover binaries (installed separately)
pip install batch-tamarinGet the latest release from this github repo.
pip install pip install ./batch_tamarin-0.1.1-py3-none-any.whl# Show version
batch-tamarin --version
# Show help
batch-tamarin --help
# Run tasks with configuration file
batch-tamarin run recipe.json
# Run with debug output
batch-tamarin run recipe.json --debug
# Check configuration and preview tasks
batch-tamarin check recipe.json
# Check with detailed wellformedness report
batch-tamarin check recipe.json --report
# Check with debug output
batch-tamarin check recipe.json --debug
# Generate configuration interactively from spthy files
batch-tamarin init protocol.spthy
# Generate configuration with multiple files and custom output
batch-tamarin init protocol1.spthy protocol2.spthy --output my_recipe.json
# Generate comprehensive reports from execution results
batch-tamarin report ./results report.md --format md
# Generate HTML report with interactive visualizations
batch-tamarin report ./results report.html --format html
# Generate LaTeX report for academic publications
batch-tamarin report ./results report.tex --format latex
# Clear cached results
batch-tamarin --rm-cacheCreate a JSON configuration file based on the WPA2 example:
{
"config": {
"global_max_cores": 10,
"global_max_memory": "max",
"default_timeout": 7200,
"output_directory": "./results"
},
"tamarin_versions": {
"stable": {
"path": "tamarin-binaries/tamarin-prover-1.10/1.10.0/bin/tamarin-prover"
},
"legacy": {
"path": "tamarin-binaries/tamarin-prover-1.8/1.8.0/bin/tamarin-prover"
}
},
"tasks": {
"wpa2": {
"theory_file": "protocols/wpa2_four_way_handshake_unpatched.spthy",
"tamarin_versions": ["stable", "legacy"],
"output_file": "wpa2.txt",
"preprocess_flags": ["yes"],
"tamarin_options": ["-v"],
"resources": {
"max_cores": 2,
"max_memory": 8,
"timeout": 3600
},
"lemmas": [
{
"name": "nonce_reuse_key_type",
"resources": {
"max_cores": 1
}
},
{
"name": "authenticator_rcv_m2_must_be_preceded_by_snd_m1",
"tamarin_versions": ["stable"],
"resources": {
"max_cores": 4,
"max_memory": 16,
"timeout": 30
}
}
]
}
}
}Read the configuration guide to understand how to write a JSON recipe : JSON Guide
The wrapper will output the results of all analysis in the output_file specified in the recipe.
It will follow this pattern :
output_directory/
├── failed/
│ ├── output_prefix[\_lemma]\_tamarin_alias.json
│ └── ...
├── proofs/
│ ├── output_prefix[\_lemma]\_tamarin_alias.spthy
│ └── ...
├── success/
│ ├── output_prefix[\_lemma]\_tamarin_alias.json
│ └── ...
└── traces/
├── output_prefix[\_lemma]\_tamarin_alias.json
├── output_prefix[\_lemma]\_tamarin_alias.dot
├── output_prefix[\_lemma]\_tamarin_alias.svg
└── ...
As the name of each directory and file describe, you will find:
success/: JSON results for successful task executions with detailed timing and lemma verification informationfailed/: JSON results for failed tasks with error descriptions and diagnosticsproofs/: Generated.spthymodel files from successful Tamarin runs (not generated for failed tasks)traces/: Attack trace visualizations in JSON, DOT, and SVG formats when available
Here is an example for each result json :
success/
{
"task_id": "wpa2_authenticator_installed_is_unique_for_anonce_dev",
"warnings": ["1 wellformedness check failed!"],
"tamarin_timing": 12.27,
"wrapper_measures": {
"time": 12.385284208023222,
"avg_memory": 200.17067307692307,
"peak_memory": 358.34375
},
"output_spthy": "results/models/wpa2_authenticator_installed_is_unique_for_anonce_dev.spthy",
"verified_lemma": {
"authenticator_installed_is_unique_for_anonce": {
"steps": 102,
"analysis_type": "all-traces"
}
},
"falsified_lemma": {},
"unterminated_lemma": ["nonce_reuse_key_type", "...", "krack_attack_ptk"]
}failed/
{
"task_id": "wpa2_authenticator_rcv_m2_must_be_preceded_by_snd_m1_dev",
"error_description": "The task exceeded its memory limit. Review the memory limit setting for this task.",
"wrapper_measures": {
"time": 30.274985666008433,
"avg_memory": 566.9329637096774,
"peak_memory": 1059.609375
},
"return_code": -2,
"last_stderr_lines": ["Process exceeded memory limit"]
}After running batch execution, you can generate comprehensive reports using the report command:
# Generate a Markdown report with statistics and charts
batch-tamarin report ./results execution_report.md --format md
# Generate an interactive HTML report
batch-tamarin report ./results execution_report.html --format html
# Generate a LaTeX report for academic publications
batch-tamarin report ./results execution_report.tex --format latex
# Generate a modern Typst report
batch-tamarin report ./results execution_report.typ --format typstReport Features:
- Execution Statistics: Success/failure rates, timing analysis, resource utilization
- Visual Charts: Pie charts for error types, bar charts for execution times, Gantt charts for timelines
- Trace Visualization: Embedded attack trace diagrams when available
- Multiple Formats: Choose the format that best fits your needs (presentations, publications, web)
The report command automatically validates the results directory structure and generates comprehensive analytics from your batch execution results.
A macOS or Linux environment is highly recommended, as tamarin-prover is only running on these OS. You can use WSL2 on Windows hosts.
-
Fork the repository and create a feature branch:
git checkout -b feature/my-awesome-feature
-
Set up development environment (see options below)
-
Install pre-commit hooks:
./setup-hooks.sh
-
Make your changes and commit them
-
Push to your branch and open a pull request
# Enter development environment with all dependencies
nix develop
# Install the package in editable mode (required once per environment)
pip install -e .
# The batch-tamarin command is now available
batch-tamarin --version# Create and activate virtual environment
python -m venv venv
source venv/bin/activate
# Install development dependencies
pip install -r requirements.txt
# The package is installed in editable mode automatically
batch-tamarin --versionThe project uses pytest for testing. To run the test suite:
# Run all tests
pytest
# Run with verbose output
pytest -v
# Run specific test file
pytest tests/test_config_manager.py
# Run with coverage report
pytest --cov=src/batch_tamarinSince the package uses proper Python packaging structure, you cannot run python src/batch_tamarin/main.py directly. Use one of these methods:
# Method 1 (Recommended): Use the CLI command (after pip install -e .)
batch-tamarin --help
# Method 2: Test built package (Useful before publishing)
python -m build
pip install dist/batch_tamarin-*.whl# Clean previous builds
rm -rf dist/ build/ **/*.egg-info/ # Be careful, it's still a rm -rf command
# Might fail because of *.egg-info pattern, you might want to remove it
# Build wheel and source distribution
python -m buildpython -m twine upload --repository testpypi dist/*python -m twine upload dist/*For detailed packaging instructions, see PACKAGING.md.
This project is licensed under the GNU General Public License v3.0 or later (GPL-3.0-or-later).
See the LICENSE file for the full license text.
- ✅ Use: Commercial and private use allowed
- ✅ Modify: Modifications and derivatives allowed
- ✅ Distribute: Distribution allowed
- ❗ Share Alike: Derivatives must be licensed under GPL-3.0+
- ❗ Disclose Source: Source code must be made available
- ❗ Include License: License and copyright notice must be included
For detailed architecture, module overview, and workflow documentation, see ARCHITECTURE.md.
This project has been done during an internship at CISPA. It was made with the help of the Cas Cremers research group, a particular thanks should go to :
- Cas Cremers, as the supervisor of this internship but also for all his support and guidance.
- Maïwenn Racouchot and Aleksi Peltonen for their close collaboration, feedback, and, most importantly, the logo.
- Esra Günsay, Erik Pallas, Niklas Medinger, Aurora Naska and Alexander Dax for their valuable support and development ideas.
As this package need to directly use tamarin-prover commands, you can visit the Tamarin Prover website for installation instructions.