Mercurialisabelle / file revision
summary | shortlog | changelog | graph | tags | branches | files | changeset | file | revisions | annotate | diff | raw
src/HOL/Auth/Message.thy
author paulson
Fri Jan 17 12:49:31 1997 +0100 (1997-01-17)
changeset 2516 4d68fbe6378b
parent 2484 596a5b5a68ff
child 3668 a39baf59ea47
permissions -rw-r--r--
Now with Andy Gordon's treatment of freshness to replace newN/K 
     1 (*  Title:      HOL/Auth/Message

     2     ID:         $Id$

     3     Author:     Lawrence C Paulson, Cambridge University Computer Laboratory

     4     Copyright   1996  University of Cambridge

     5 

     6 Datatypes of agents and messages;

     7 Inductive relations "parts", "analz" and "synth"

     8 *)

     9 

    10 Message = Arith +

    11 

    12 (*Is there a difference between a nonce and arbitrary numerical data?

    13   Do we need a type of nonces?*)

    14 

    15 types 

    16   key = nat

    17 

    18 consts

    19   invKey :: key=>key

    20 

    21 rules

    22   invKey "invKey (invKey K) = K"

    23 

    24   (*The inverse of a symmetric key is itself;

    25     that of a public key is the private key and vice versa*)

    26 

    27 constdefs

    28   isSymKey :: key=>bool

    29   "isSymKey K == (invKey K = K)"

    30 

    31 datatype  (*We allow any number of friendly agents*)

    32   agent = Server | Friend nat | Spy

    33 

    34 datatype  (*Messages are agent names, nonces, keys, pairs and encryptions*)

    35   msg = Agent agent

    36       | Nonce nat

    37       | Key   key

    38       | Hash  msg

    39       | MPair msg msg

    40       | Crypt key msg

    41 

    42 (*Allows messages of the form {|A,B,NA|}, etc...*)

    43 syntax

    44   "@MTuple"      :: "['a, args] => 'a * 'b"       ("(2{|_,/ _|})")

    45 

    46 translations

    47   "{|x, y, z|}"   == "{|x, {|y, z|}|}"

    48   "{|x, y|}"      == "MPair x y"

    49 

    50 

    51 constdefs

    52   (*Message Y, paired with a MAC computed with the help of X*)

    53   HPair :: "[msg,msg]=>msg"                       ("(4Hash[_] /_)" [0, 1000])

    54     "Hash[X] Y == {| Hash{|X,Y|}, Y|}"

    55 

    56   (*Keys useful to decrypt elements of a message set*)

    57   keysFor :: msg set => key set

    58   "keysFor H == invKey `` {K. EX X. Crypt K X : H}"

    59 

    60 (** Inductive definition of all "parts" of a message.  **)

    61 

    62 consts  parts   :: msg set => msg set

    63 inductive "parts H"

    64   intrs 

    65     Inj     "X: H  ==>  X: parts H"

    66     Fst     "{|X,Y|}   : parts H ==> X : parts H"

    67     Snd     "{|X,Y|}   : parts H ==> Y : parts H"

    68     Body    "Crypt K X : parts H ==> X : parts H"

    69 

    70 

    71 (** Inductive definition of "analz" -- what can be broken down from a set of

    72     messages, including keys.  A form of downward closure.  Pairs can

    73     be taken apart; messages decrypted with known keys.  **)

    74 

    75 consts  analz   :: msg set => msg set

    76 inductive "analz H"

    77   intrs 

    78     Inj     "X: H ==> X: analz H"

    79     Fst     "{|X,Y|} : analz H ==> X : analz H"

    80     Snd     "{|X,Y|} : analz H ==> Y : analz H"

    81     Decrypt "[| Crypt K X : analz H; Key(invKey K): analz H |] ==> X : analz H"

    82 

    83 

    84 (** Inductive definition of "synth" -- what can be built up from a set of

    85     messages.  A form of upward closure.  Pairs can be built, messages

    86     encrypted with known keys.  Agent names may be quoted.  **)

    87 

    88 consts  synth   :: msg set => msg set

    89 inductive "synth H"

    90   intrs 

    91     Inj     "X: H ==> X: synth H"

    92     Agent   "Agent agt : synth H"

    93     Hash    "X: synth H ==> Hash X : synth H"

    94     MPair   "[| X: synth H;  Y: synth H |] ==> {|X,Y|} : synth H"

    95     Crypt   "[| X: synth H;  Key(K) : H |] ==> Crypt K X : synth H"

    96 

    97 end
isabelle