src/HOL/Auth/Message.thy
author paulson
Wed Jul 21 15:22:11 1999 +0200 (1999-07-21)
changeset 7057 b9ddbb925939
parent 6807 6737af18317e
child 9686 87b460d72e80
permissions -rw-r--r--
tweaked proofs to handle new freeness reasoning for data c onstructors
paulson@1839
     1
(*  Title:      HOL/Auth/Message
paulson@1839
     2
    ID:         $Id$
paulson@1839
     3
    Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
paulson@1839
     4
    Copyright   1996  University of Cambridge
paulson@1839
     5
paulson@1839
     6
Datatypes of agents and messages;
paulson@1913
     7
Inductive relations "parts", "analz" and "synth"
paulson@1839
     8
*)
paulson@1839
     9
paulson@5652
    10
Message = Main +
paulson@1839
    11
paulson@1839
    12
types 
paulson@1839
    13
  key = nat
paulson@1839
    14
paulson@1839
    15
consts
paulson@1839
    16
  invKey :: key=>key
paulson@1839
    17
paulson@1839
    18
rules
paulson@1839
    19
  invKey "invKey (invKey K) = K"
paulson@1839
    20
paulson@1839
    21
  (*The inverse of a symmetric key is itself;
paulson@1839
    22
    that of a public key is the private key and vice versa*)
paulson@1839
    23
paulson@1839
    24
constdefs
paulson@1839
    25
  isSymKey :: key=>bool
paulson@1839
    26
  "isSymKey K == (invKey K = K)"
paulson@1839
    27
paulson@1839
    28
datatype  (*We allow any number of friendly agents*)
paulson@2032
    29
  agent = Server | Friend nat | Spy
paulson@1839
    30
paulson@3668
    31
datatype
paulson@7057
    32
     msg = Agent  agent	    (*Agent names*)
paulson@7057
    33
         | Number nat       (*Ordinary integers, timestamps, ...*)
paulson@7057
    34
         | Nonce  nat       (*Unguessable nonces*)
paulson@7057
    35
         | Key    key       (*Crypto keys*)
paulson@5234
    36
	 | Hash   msg       (*Hashing*)
paulson@5234
    37
	 | MPair  msg msg   (*Compound messages*)
paulson@5234
    38
	 | Crypt  key msg   (*Encryption, public- or shared-key*)
paulson@1839
    39
paulson@5234
    40
paulson@5234
    41
(*Concrete syntax: messages appear as {|A,B,NA|}, etc...*)
paulson@5234
    42
syntax
paulson@2516
    43
  "@MTuple"      :: "['a, args] => 'a * 'b"       ("(2{|_,/ _|})")
paulson@1839
    44
paulson@1839
    45
translations
paulson@1839
    46
  "{|x, y, z|}"   == "{|x, {|y, z|}|}"
paulson@1839
    47
  "{|x, y|}"      == "MPair x y"
paulson@1839
    48
paulson@1839
    49
paulson@2484
    50
constdefs
paulson@2484
    51
  (*Message Y, paired with a MAC computed with the help of X*)
paulson@2516
    52
  HPair :: "[msg,msg]=>msg"                       ("(4Hash[_] /_)" [0, 1000])
paulson@2516
    53
    "Hash[X] Y == {| Hash{|X,Y|}, Y|}"
paulson@2484
    54
paulson@2484
    55
  (*Keys useful to decrypt elements of a message set*)
paulson@1839
    56
  keysFor :: msg set => key set
paulson@2284
    57
  "keysFor H == invKey `` {K. EX X. Crypt K X : H}"
paulson@1839
    58
paulson@1839
    59
(** Inductive definition of all "parts" of a message.  **)
paulson@1839
    60
paulson@1839
    61
consts  parts   :: msg set => msg set
paulson@1839
    62
inductive "parts H"
paulson@1839
    63
  intrs 
paulson@2373
    64
    Inj     "X: H  ==>  X: parts H"
paulson@2373
    65
    Fst     "{|X,Y|}   : parts H ==> X : parts H"
paulson@2373
    66
    Snd     "{|X,Y|}   : parts H ==> Y : parts H"
paulson@2284
    67
    Body    "Crypt K X : parts H ==> X : parts H"
paulson@1839
    68
paulson@1839
    69
paulson@1913
    70
(** Inductive definition of "analz" -- what can be broken down from a set of
paulson@1839
    71
    messages, including keys.  A form of downward closure.  Pairs can
paulson@1839
    72
    be taken apart; messages decrypted with known keys.  **)
paulson@1839
    73
paulson@1913
    74
consts  analz   :: msg set => msg set
paulson@1913
    75
inductive "analz H"
paulson@1839
    76
  intrs 
paulson@1913
    77
    Inj     "X: H ==> X: analz H"
paulson@1913
    78
    Fst     "{|X,Y|} : analz H ==> X : analz H"
paulson@1913
    79
    Snd     "{|X,Y|} : analz H ==> Y : analz H"
paulson@2284
    80
    Decrypt "[| Crypt K X : analz H; Key(invKey K): analz H |] ==> X : analz H"
paulson@1839
    81
paulson@1839
    82
paulson@1913
    83
(** Inductive definition of "synth" -- what can be built up from a set of
paulson@1839
    84
    messages.  A form of upward closure.  Pairs can be built, messages
paulson@3668
    85
    encrypted with known keys.  Agent names are public domain.
paulson@3668
    86
    Numbers can be guessed, but Nonces cannot be.  **)
paulson@1839
    87
paulson@1913
    88
consts  synth   :: msg set => msg set
paulson@1913
    89
inductive "synth H"
paulson@1839
    90
  intrs 
paulson@1913
    91
    Inj     "X: H ==> X: synth H"
paulson@1913
    92
    Agent   "Agent agt : synth H"
paulson@3668
    93
    Number  "Number n  : synth H"
paulson@2373
    94
    Hash    "X: synth H ==> Hash X : synth H"
paulson@1913
    95
    MPair   "[| X: synth H;  Y: synth H |] ==> {|X,Y|} : synth H"
paulson@2373
    96
    Crypt   "[| X: synth H;  Key(K) : H |] ==> Crypt K X : synth H"
paulson@1839
    97
paulson@1839
    98
end