142 "\<lbrakk>Key K \<notin> used evs; K \<in> symKeys; evs \<in> yahalom\<rbrakk> |
142 "\<lbrakk>Key K \<notin> used evs; K \<in> symKeys; evs \<in> yahalom\<rbrakk> |
143 \<Longrightarrow> K \<notin> keysFor (parts (spies evs))" |
143 \<Longrightarrow> K \<notin> keysFor (parts (spies evs))" |
144 apply (erule rev_mp) |
144 apply (erule rev_mp) |
145 apply (erule yahalom.induct, force, |
145 apply (erule yahalom.induct, force, |
146 frule_tac [6] YM4_parts_knows_Spy, simp_all) |
146 frule_tac [6] YM4_parts_knows_Spy, simp_all) |
147 subgoal \<comment>\<open>Fake\<close> by (force dest!: keysFor_parts_insert) |
147 subgoal \<comment> \<open>Fake\<close> by (force dest!: keysFor_parts_insert) |
148 subgoal \<comment>\<open>YM3 \<close>by blast |
148 subgoal \<comment> \<open>YM3\<close>by blast |
149 subgoal \<comment>\<open>YM4\<close> by (fastforce dest!: Gets_imp_knows_Spy [THEN parts.Inj]) |
149 subgoal \<comment> \<open>YM4\<close> by (fastforce dest!: Gets_imp_knows_Spy [THEN parts.Inj]) |
150 done |
150 done |
151 |
151 |
152 |
152 |
153 text\<open>Describes the form of K when the Server sends this message. Useful for |
153 text\<open>Describes the form of K when the Server sends this message. Useful for |
154 Oops as well as main secrecy property.\<close> |
154 Oops as well as main secrecy property.\<close> |
398 B \<notin> bad --> |
398 B \<notin> bad --> |
399 (\<exists>X. Says A B \<lbrace>X, Crypt K (Nonce NB)\<rbrace> \<in> set evs)" |
399 (\<exists>X. Says A B \<lbrace>X, Crypt K (Nonce NB)\<rbrace> \<in> set evs)" |
400 apply (erule yahalom.induct, force, |
400 apply (erule yahalom.induct, force, |
401 frule_tac [6] YM4_parts_knows_Spy) |
401 frule_tac [6] YM4_parts_knows_Spy) |
402 apply (analz_mono_contra, simp_all) |
402 apply (analz_mono_contra, simp_all) |
403 subgoal \<comment>\<open>Fake\<close> by blast |
403 subgoal \<comment> \<open>Fake\<close> by blast |
404 subgoal \<comment>\<open>YM3 because the message @{term "Crypt K (Nonce NB)"} could not exist\<close> |
404 subgoal \<comment> \<open>YM3 because the message @{term "Crypt K (Nonce NB)"} could not exist\<close> |
405 by (force dest!: Crypt_imp_keysFor) |
405 by (force dest!: Crypt_imp_keysFor) |
406 subgoal \<comment>\<open>YM4: was @{term "Crypt K (Nonce NB)"} the very last message? If not, use the induction hypothesis, |
406 subgoal \<comment> \<open>YM4: was @{term "Crypt K (Nonce NB)"} the very last message? If not, use the induction hypothesis, |
407 otherwise by unicity of session keys\<close> |
407 otherwise by unicity of session keys\<close> |
408 by (blast dest!: B_trusts_YM4_shrK dest: secure_unique_session_keys) |
408 by (blast dest!: B_trusts_YM4_shrK dest: secure_unique_session_keys) |
409 done |
409 done |
410 |
410 |
411 |
411 |