src/HOL/Auth/OtwayRees_AN.thy
changeset 3519 ab0a9fbed4c0
parent 3466 30791e5a69c4
child 3659 eddedfe2f3f8
     1.1 --- a/src/HOL/Auth/OtwayRees_AN.thy	Mon Jul 14 12:44:09 1997 +0200
     1.2 +++ b/src/HOL/Auth/OtwayRees_AN.thy	Mon Jul 14 12:47:21 1997 +0200
     1.3 @@ -19,55 +19,55 @@
     1.4  
     1.5  OtwayRees_AN = Shared + 
     1.6  
     1.7 -consts  otway   :: agent set => event list set
     1.8 -inductive "otway lost"
     1.9 +consts  otway   :: event list set
    1.10 +inductive "otway"
    1.11    intrs 
    1.12           (*Initial trace is empty*)
    1.13 -    Nil  "[]: otway lost"
    1.14 +    Nil  "[]: otway"
    1.15  
    1.16           (*The spy MAY say anything he CAN say.  We do not expect him to
    1.17             invent new nonces here, but he can also use NS1.  Common to
    1.18             all similar protocols.*)
    1.19 -    Fake "[| evs: otway lost;  B ~= Spy;  
    1.20 -             X: synth (analz (sees lost Spy evs)) |]
    1.21 -          ==> Says Spy B X  # evs : otway lost"
    1.22 +    Fake "[| evs: otway;  B ~= Spy;  
    1.23 +             X: synth (analz (sees Spy evs)) |]
    1.24 +          ==> Says Spy B X  # evs : otway"
    1.25  
    1.26           (*Alice initiates a protocol run*)
    1.27 -    OR1  "[| evs: otway lost;  A ~= B;  B ~= Server |]
    1.28 -          ==> Says A B {|Agent A, Agent B, Nonce NA|} # evs : otway lost"
    1.29 +    OR1  "[| evs: otway;  A ~= B;  B ~= Server |]
    1.30 +          ==> Says A B {|Agent A, Agent B, Nonce NA|} # evs : otway"
    1.31  
    1.32           (*Bob's response to Alice's message.  Bob doesn't know who 
    1.33  	   the sender is, hence the A' in the sender field.*)
    1.34 -    OR2  "[| evs: otway lost;  B ~= Server;
    1.35 +    OR2  "[| evs: otway;  B ~= Server;
    1.36               Says A' B {|Agent A, Agent B, Nonce NA|} : set evs |]
    1.37            ==> Says B Server {|Agent A, Agent B, Nonce NA, Nonce NB|}
    1.38 -                 # evs : otway lost"
    1.39 +                 # evs : otway"
    1.40  
    1.41           (*The Server receives Bob's message.  Then he sends a new
    1.42             session key to Bob with a packet for forwarding to Alice.*)
    1.43 -    OR3  "[| evs: otway lost;  B ~= Server;  A ~= B;  Key KAB ~: used evs;
    1.44 +    OR3  "[| evs: otway;  B ~= Server;  A ~= B;  Key KAB ~: used evs;
    1.45               Says B' Server {|Agent A, Agent B, Nonce NA, Nonce NB|}
    1.46                 : set evs |]
    1.47            ==> Says Server B 
    1.48                 {|Crypt (shrK A) {|Nonce NA, Agent A, Agent B, Key KAB|},
    1.49                   Crypt (shrK B) {|Nonce NB, Agent A, Agent B, Key KAB|}|}
    1.50 -              # evs : otway lost"
    1.51 +              # evs : otway"
    1.52  
    1.53           (*Bob receives the Server's (?) message and compares the Nonces with
    1.54  	   those in the message he previously sent the Server.*)
    1.55 -    OR4  "[| evs: otway lost;  A ~= B;
    1.56 +    OR4  "[| evs: otway;  A ~= B;
    1.57               Says B Server {|Agent A, Agent B, Nonce NA, Nonce NB|} : set evs;
    1.58               Says S' B {|X, Crypt(shrK B){|Nonce NB,Agent A,Agent B,Key K|}|}
    1.59                 : set evs |]
    1.60 -          ==> Says B A X # evs : otway lost"
    1.61 +          ==> Says B A X # evs : otway"
    1.62  
    1.63           (*This message models possible leaks of session keys.  The nonces
    1.64             identify the protocol run.  B is not assumed to know shrK A.*)
    1.65 -    Oops "[| evs: otway lost;  B ~= Spy;
    1.66 +    Oops "[| evs: otway;  B ~= Spy;
    1.67               Says Server B 
    1.68                        {|Crypt (shrK A) {|Nonce NA, Agent A, Agent B, Key K|}, 
    1.69                          Crypt (shrK B) {|Nonce NB, Agent A, Agent B, Key K|}|}
    1.70                 : set evs |]
    1.71 -          ==> Says B Spy {|Nonce NA, Nonce NB, Key K|} # evs : otway lost"
    1.72 +          ==> Says B Spy {|Nonce NA, Nonce NB, Key K|} # evs : otway"
    1.73  
    1.74  end