src/HOL/Auth/Message.thy
author paulson
Fri Jan 17 12:49:31 1997 +0100 (1997-01-17)
changeset 2516 4d68fbe6378b
parent 2484 596a5b5a68ff
child 3668 a39baf59ea47
permissions -rw-r--r--
Now with Andy Gordon's treatment of freshness to replace newN/K
     1 (*  Title:      HOL/Auth/Message
     2     ID:         $Id$
     3     Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
     4     Copyright   1996  University of Cambridge
     5 
     6 Datatypes of agents and messages;
     7 Inductive relations "parts", "analz" and "synth"
     8 *)
     9 
    10 Message = Arith +
    11 
    12 (*Is there a difference between a nonce and arbitrary numerical data?
    13   Do we need a type of nonces?*)
    14 
    15 types 
    16   key = nat
    17 
    18 consts
    19   invKey :: key=>key
    20 
    21 rules
    22   invKey "invKey (invKey K) = K"
    23 
    24   (*The inverse of a symmetric key is itself;
    25     that of a public key is the private key and vice versa*)
    26 
    27 constdefs
    28   isSymKey :: key=>bool
    29   "isSymKey K == (invKey K = K)"
    30 
    31 datatype  (*We allow any number of friendly agents*)
    32   agent = Server | Friend nat | Spy
    33 
    34 datatype  (*Messages are agent names, nonces, keys, pairs and encryptions*)
    35   msg = Agent agent
    36       | Nonce nat
    37       | Key   key
    38       | Hash  msg
    39       | MPair msg msg
    40       | Crypt key msg
    41 
    42 (*Allows messages of the form {|A,B,NA|}, etc...*)
    43 syntax
    44   "@MTuple"      :: "['a, args] => 'a * 'b"       ("(2{|_,/ _|})")
    45 
    46 translations
    47   "{|x, y, z|}"   == "{|x, {|y, z|}|}"
    48   "{|x, y|}"      == "MPair x y"
    49 
    50 
    51 constdefs
    52   (*Message Y, paired with a MAC computed with the help of X*)
    53   HPair :: "[msg,msg]=>msg"                       ("(4Hash[_] /_)" [0, 1000])
    54     "Hash[X] Y == {| Hash{|X,Y|}, Y|}"
    55 
    56   (*Keys useful to decrypt elements of a message set*)
    57   keysFor :: msg set => key set
    58   "keysFor H == invKey `` {K. EX X. Crypt K X : H}"
    59 
    60 (** Inductive definition of all "parts" of a message.  **)
    61 
    62 consts  parts   :: msg set => msg set
    63 inductive "parts H"
    64   intrs 
    65     Inj     "X: H  ==>  X: parts H"
    66     Fst     "{|X,Y|}   : parts H ==> X : parts H"
    67     Snd     "{|X,Y|}   : parts H ==> Y : parts H"
    68     Body    "Crypt K X : parts H ==> X : parts H"
    69 
    70 
    71 (** Inductive definition of "analz" -- what can be broken down from a set of
    72     messages, including keys.  A form of downward closure.  Pairs can
    73     be taken apart; messages decrypted with known keys.  **)
    74 
    75 consts  analz   :: msg set => msg set
    76 inductive "analz H"
    77   intrs 
    78     Inj     "X: H ==> X: analz H"
    79     Fst     "{|X,Y|} : analz H ==> X : analz H"
    80     Snd     "{|X,Y|} : analz H ==> Y : analz H"
    81     Decrypt "[| Crypt K X : analz H; Key(invKey K): analz H |] ==> X : analz H"
    82 
    83 
    84 (** Inductive definition of "synth" -- what can be built up from a set of
    85     messages.  A form of upward closure.  Pairs can be built, messages
    86     encrypted with known keys.  Agent names may be quoted.  **)
    87 
    88 consts  synth   :: msg set => msg set
    89 inductive "synth H"
    90   intrs 
    91     Inj     "X: H ==> X: synth H"
    92     Agent   "Agent agt : synth H"
    93     Hash    "X: synth H ==> Hash X : synth H"
    94     MPair   "[| X: synth H;  Y: synth H |] ==> {|X,Y|} : synth H"
    95     Crypt   "[| X: synth H;  Key(K) : H |] ==> Crypt K X : synth H"
    96 
    97 end