36 |
36 |
37 (** Rewrites should not refer to initState(Friend i) |
37 (** Rewrites should not refer to initState(Friend i) |
38 -- not in normal form! **) |
38 -- not in normal form! **) |
39 |
39 |
40 goalw thy [keysFor_def] "keysFor (parts (initState C)) = {}"; |
40 goalw thy [keysFor_def] "keysFor (parts (initState C)) = {}"; |
41 by (agent.induct_tac "C" 1); |
41 by (induct_tac "C" 1); |
42 by (auto_tac (!claset addIs [range_eqI], !simpset)); |
42 by (auto_tac (!claset addIs [range_eqI], !simpset)); |
43 qed "keysFor_parts_initState"; |
43 qed "keysFor_parts_initState"; |
44 Addsimps [keysFor_parts_initState]; |
44 Addsimps [keysFor_parts_initState]; |
45 |
45 |
46 |
46 |
47 (*** Function "sees" ***) |
47 (*** Function "sees" ***) |
48 |
48 |
49 (*Agents see their own private keys!*) |
49 (*Agents see their own private keys!*) |
50 goal thy "A ~= Spy --> Key (priK A) : sees A evs"; |
50 goal thy "A ~= Spy --> Key (priK A) : sees A evs"; |
51 by (list.induct_tac "evs" 1); |
51 by (induct_tac "evs" 1); |
52 by (agent.induct_tac "A" 1); |
52 by (induct_tac "A" 1); |
53 by (ALLGOALS (asm_simp_tac (!simpset addsimps [sees_Cons]))); |
53 by (ALLGOALS (asm_simp_tac (!simpset addsimps [sees_Cons]))); |
54 qed_spec_mp "sees_own_priK"; |
54 qed_spec_mp "sees_own_priK"; |
55 |
55 |
56 (*All public keys are visible to all*) |
56 (*All public keys are visible to all*) |
57 goal thy "Key (pubK A) : sees B evs"; |
57 goal thy "Key (pubK A) : sees B evs"; |
58 by (list.induct_tac "evs" 1); |
58 by (induct_tac "evs" 1); |
59 by (agent.induct_tac "B" 1); |
59 by (induct_tac "B" 1); |
60 by (ALLGOALS (asm_simp_tac (!simpset addsimps [sees_Cons]))); |
60 by (ALLGOALS (asm_simp_tac (!simpset addsimps [sees_Cons]))); |
61 by (Auto_tac ()); |
61 by (Auto_tac ()); |
62 qed_spec_mp "sees_pubK"; |
62 qed_spec_mp "sees_pubK"; |
63 |
63 |
64 (*Spy sees private keys of agents!*) |
64 (*Spy sees private keys of agents!*) |
65 goal thy "!!A. A: lost ==> Key (priK A) : sees Spy evs"; |
65 goal thy "!!A. A: lost ==> Key (priK A) : sees Spy evs"; |
66 by (list.induct_tac "evs" 1); |
66 by (induct_tac "evs" 1); |
67 by (ALLGOALS (asm_simp_tac (!simpset addsimps [sees_Cons]))); |
67 by (ALLGOALS (asm_simp_tac (!simpset addsimps [sees_Cons]))); |
68 by (Blast_tac 1); |
68 by (Blast_tac 1); |
69 qed "Spy_sees_lost"; |
69 qed "Spy_sees_lost"; |
70 |
70 |
71 AddIffs [sees_pubK, sees_pubK RS analz.Inj]; |
71 AddIffs [sees_pubK, sees_pubK RS analz.Inj]; |
92 |
92 |
93 |
93 |
94 (*** Fresh nonces ***) |
94 (*** Fresh nonces ***) |
95 |
95 |
96 goal thy "Nonce N ~: parts (initState B)"; |
96 goal thy "Nonce N ~: parts (initState B)"; |
97 by (agent.induct_tac "B" 1); |
97 by (induct_tac "B" 1); |
98 by (Auto_tac ()); |
98 by (Auto_tac ()); |
99 qed "Nonce_notin_initState"; |
99 qed "Nonce_notin_initState"; |
100 AddIffs [Nonce_notin_initState]; |
100 AddIffs [Nonce_notin_initState]; |
101 |
101 |
102 goal thy "Nonce N ~: used []"; |
102 goal thy "Nonce N ~: used []"; |
106 |
106 |
107 |
107 |
108 (*** Supply fresh nonces for possibility theorems. ***) |
108 (*** Supply fresh nonces for possibility theorems. ***) |
109 |
109 |
110 goalw thy [used_def] "EX N. ALL n. N<=n --> Nonce n ~: used evs"; |
110 goalw thy [used_def] "EX N. ALL n. N<=n --> Nonce n ~: used evs"; |
111 by (list.induct_tac "evs" 1); |
111 by (induct_tac "evs" 1); |
112 by (res_inst_tac [("x","0")] exI 1); |
112 by (res_inst_tac [("x","0")] exI 1); |
113 by (Step_tac 1); |
113 by (Step_tac 1); |
114 by (Full_simp_tac 1); |
114 by (Full_simp_tac 1); |
115 (*Inductive step*) |
115 (*Inductive step*) |
116 by (event.induct_tac "a" 1); |
116 by (induct_tac "a" 1); |
117 by (ALLGOALS (full_simp_tac |
117 by (ALLGOALS (full_simp_tac |
118 (!simpset delsimps [sees_Notes] |
118 (!simpset delsimps [sees_Notes] |
119 addsimps [UN_parts_sees_Says, |
119 addsimps [UN_parts_sees_Says, |
120 UN_parts_sees_Notes]))); |
120 UN_parts_sees_Notes]))); |
121 by (ALLGOALS (rtac (msg_Nonce_supply RS exE))); |
121 by (ALLGOALS (rtac (msg_Nonce_supply RS exE))); |