equal
deleted
inserted
replaced
62 qed "YM4_Key_parts_knows_Spy"; |
62 qed "YM4_Key_parts_knows_Spy"; |
63 |
63 |
64 (*For proving the easier theorems about X ~: parts (knows Spy evs).*) |
64 (*For proving the easier theorems about X ~: parts (knows Spy evs).*) |
65 fun parts_knows_Spy_tac i = |
65 fun parts_knows_Spy_tac i = |
66 EVERY |
66 EVERY |
67 [forward_tac [YM4_Key_parts_knows_Spy] (i+7), |
67 [ftac YM4_Key_parts_knows_Spy (i+7), |
68 forward_tac [YM4_parts_knows_Spy] (i+6), assume_tac (i+6), |
68 ftac YM4_parts_knows_Spy (i+6), assume_tac (i+6), |
69 prove_simple_subgoals_tac i]; |
69 prove_simple_subgoals_tac i]; |
70 |
70 |
71 (*Induction for regularity theorems. If induction formula has the form |
71 (*Induction for regularity theorems. If induction formula has the form |
72 X ~: analz (knows Spy evs) --> ... then it shortens the proof by discarding |
72 X ~: analz (knows Spy evs) --> ... then it shortens the proof by discarding |
73 needless information about analz (insert X (knows Spy evs)) *) |
73 needless information about analz (insert X (knows Spy evs)) *) |
128 |
128 |
129 |
129 |
130 (*For proofs involving analz.*) |
130 (*For proofs involving analz.*) |
131 val analz_knows_Spy_tac = |
131 val analz_knows_Spy_tac = |
132 dtac YM4_analz_knows_Spy 7 THEN assume_tac 7 THEN |
132 dtac YM4_analz_knows_Spy 7 THEN assume_tac 7 THEN |
133 forward_tac [Says_Server_message_form] 8 THEN |
133 ftac Says_Server_message_form 8 THEN |
134 assume_tac 8 THEN |
134 assume_tac 8 THEN |
135 REPEAT ((etac conjE ORELSE' hyp_subst_tac) 8); |
135 REPEAT ((etac conjE ORELSE' hyp_subst_tac) 8); |
136 |
136 |
137 |
137 |
138 (**** |
138 (**** |
226 \ Crypt (shrK B) {|Agent A, Agent B, Key K, nb|}|} \ |
226 \ Crypt (shrK B) {|Agent A, Agent B, Key K, nb|}|} \ |
227 \ : set evs; \ |
227 \ : set evs; \ |
228 \ Notes Spy {|na, nb, Key K|} ~: set evs; \ |
228 \ Notes Spy {|na, nb, Key K|} ~: set evs; \ |
229 \ A ~: bad; B ~: bad; evs : yahalom |] \ |
229 \ A ~: bad; B ~: bad; evs : yahalom |] \ |
230 \ ==> Key K ~: analz (knows Spy evs)"; |
230 \ ==> Key K ~: analz (knows Spy evs)"; |
231 by (forward_tac [Says_Server_message_form] 1 THEN assume_tac 1); |
231 by (ftac Says_Server_message_form 1 THEN assume_tac 1); |
232 by (blast_tac (claset() addSEs [lemma]) 1); |
232 by (blast_tac (claset() addSEs [lemma]) 1); |
233 qed "Spy_not_see_encrypted_key"; |
233 qed "Spy_not_see_encrypted_key"; |
234 |
234 |
235 |
235 |
236 (** Security Guarantee for A upon receiving YM3 **) |
236 (** Security Guarantee for A upon receiving YM3 **) |
370 by (force_tac (claset() addSDs [Crypt_imp_keysFor], simpset()) 1); |
370 by (force_tac (claset() addSDs [Crypt_imp_keysFor], simpset()) 1); |
371 (*YM4: was Crypt K (Nonce NB) the very last message? If not, use ind. hyp.*) |
371 (*YM4: was Crypt K (Nonce NB) the very last message? If not, use ind. hyp.*) |
372 by (asm_simp_tac (simpset() addsimps [ex_disj_distrib]) 1); |
372 by (asm_simp_tac (simpset() addsimps [ex_disj_distrib]) 1); |
373 (*yes: delete a useless induction hypothesis; apply unicity of session keys*) |
373 (*yes: delete a useless induction hypothesis; apply unicity of session keys*) |
374 by (thin_tac "?P-->?Q" 1); |
374 by (thin_tac "?P-->?Q" 1); |
375 by (forward_tac [Gets_imp_Says] 1 THEN assume_tac 1); |
375 by (ftac Gets_imp_Says 1 THEN assume_tac 1); |
376 by (not_bad_tac "Aa" 1); |
376 by (not_bad_tac "Aa" 1); |
377 by (blast_tac (claset() addSDs [A_trusts_YM3, B_trusts_YM4_shrK] |
377 by (blast_tac (claset() addSDs [A_trusts_YM3, B_trusts_YM4_shrK] |
378 addDs [unique_session_keys]) 1); |
378 addDs [unique_session_keys]) 1); |
379 qed_spec_mp "Auth_A_to_B_lemma"; |
379 qed_spec_mp "Auth_A_to_B_lemma"; |
380 |
380 |