1 (* Title: HOL/Auth/Guard/Guard_Yahalom.thy |
1 (* Title: HOL/Auth/Guard/Guard_Yahalom.thy |
2 Author: Frederic Blanqui, University of Cambridge Computer Laboratory |
2 Author: Frederic Blanqui, University of Cambridge Computer Laboratory |
3 Copyright 2002 University of Cambridge |
3 Copyright 2002 University of Cambridge |
4 *) |
4 *) |
5 |
5 |
6 section{*Yahalom Protocol*} |
6 section\<open>Yahalom Protocol\<close> |
7 |
7 |
8 theory Guard_Yahalom imports "../Shared" Guard_Shared begin |
8 theory Guard_Yahalom imports "../Shared" Guard_Shared begin |
9 |
9 |
10 subsection{*messages used in the protocol*} |
10 subsection\<open>messages used in the protocol\<close> |
11 |
11 |
12 abbreviation (input) |
12 abbreviation (input) |
13 ya1 :: "agent => agent => nat => event" where |
13 ya1 :: "agent => agent => nat => event" where |
14 "ya1 A B NA == Says A B {|Agent A, Nonce NA|}" |
14 "ya1 A B NA == Says A B {|Agent A, Nonce NA|}" |
15 |
15 |
43 abbreviation (input) |
43 abbreviation (input) |
44 ya4' :: "agent => agent => nat => nat => msg => event" where |
44 ya4' :: "agent => agent => nat => nat => msg => event" where |
45 "ya4' A' B K NB Y == Says A' B {|Y, Crypt K (Nonce NB)|}" |
45 "ya4' A' B K NB Y == Says A' B {|Y, Crypt K (Nonce NB)|}" |
46 |
46 |
47 |
47 |
48 subsection{*definition of the protocol*} |
48 subsection\<open>definition of the protocol\<close> |
49 |
49 |
50 inductive_set ya :: "event list set" |
50 inductive_set ya :: "event list set" |
51 where |
51 where |
52 |
52 |
53 Nil: "[]:ya" |
53 Nil: "[]:ya" |
63 ==> ya3 A B NA NB K # evs3:ya" |
63 ==> ya3 A B NA NB K # evs3:ya" |
64 |
64 |
65 | YA4: "[| evs4:ya; ya1 A B NA:set evs4; ya3' S Y A B NA NB K:set evs4 |] |
65 | YA4: "[| evs4:ya; ya1 A B NA:set evs4; ya3' S Y A B NA NB K:set evs4 |] |
66 ==> ya4 A B K NB Y # evs4:ya" |
66 ==> ya4 A B K NB Y # evs4:ya" |
67 |
67 |
68 subsection{*declarations for tactics*} |
68 subsection\<open>declarations for tactics\<close> |
69 |
69 |
70 declare knows_Spy_partsEs [elim] |
70 declare knows_Spy_partsEs [elim] |
71 declare Fake_parts_insert [THEN subsetD, dest] |
71 declare Fake_parts_insert [THEN subsetD, dest] |
72 declare initState.simps [simp del] |
72 declare initState.simps [simp del] |
73 |
73 |
74 subsection{*general properties of ya*} |
74 subsection\<open>general properties of ya\<close> |
75 |
75 |
76 lemma ya_has_no_Gets: "evs:ya ==> ALL A X. Gets A X ~:set evs" |
76 lemma ya_has_no_Gets: "evs:ya ==> ALL A X. Gets A X ~:set evs" |
77 by (erule ya.induct, auto) |
77 by (erule ya.induct, auto) |
78 |
78 |
79 lemma ya_is_Gets_correct [iff]: "Gets_correct ya" |
79 lemma ya_is_Gets_correct [iff]: "Gets_correct ya" |
92 lemma ya_is_regular [iff]: "regular ya" |
92 lemma ya_is_regular [iff]: "regular ya" |
93 apply (simp only: regular_def, clarify) |
93 apply (simp only: regular_def, clarify) |
94 apply (erule ya.induct, simp_all add: initState.simps knows.simps) |
94 apply (erule ya.induct, simp_all add: initState.simps knows.simps) |
95 by (auto dest: parts_sub) |
95 by (auto dest: parts_sub) |
96 |
96 |
97 subsection{*guardedness of KAB*} |
97 subsection\<open>guardedness of KAB\<close> |
98 |
98 |
99 lemma Guard_KAB [rule_format]: "[| evs:ya; A ~:bad; B ~:bad |] ==> |
99 lemma Guard_KAB [rule_format]: "[| evs:ya; A ~:bad; B ~:bad |] ==> |
100 ya3 A B NA NB K:set evs --> GuardK K {shrK A,shrK B} (spies evs)" |
100 ya3 A B NA NB K:set evs --> GuardK K {shrK A,shrK B} (spies evs)" |
101 apply (erule ya.induct) |
101 apply (erule ya.induct) |
102 (* Nil *) |
102 (* Nil *) |
113 apply (drule_tac A=Server in Key_neq, simp+, rule No_Key, simp) |
113 apply (drule_tac A=Server in Key_neq, simp+, rule No_Key, simp) |
114 (* YA4 *) |
114 (* YA4 *) |
115 apply (blast dest: Says_imp_spies in_GuardK_kparts) |
115 apply (blast dest: Says_imp_spies in_GuardK_kparts) |
116 by blast |
116 by blast |
117 |
117 |
118 subsection{*session keys are not symmetric keys*} |
118 subsection\<open>session keys are not symmetric keys\<close> |
119 |
119 |
120 lemma KAB_isnt_shrK [rule_format]: "evs:ya ==> |
120 lemma KAB_isnt_shrK [rule_format]: "evs:ya ==> |
121 ya3 A B NA NB K:set evs --> K ~:range shrK" |
121 ya3 A B NA NB K:set evs --> K ~:range shrK" |
122 by (erule ya.induct, auto) |
122 by (erule ya.induct, auto) |
123 |
123 |
124 lemma ya3_shrK: "evs:ya ==> ya3 A B NA NB (shrK C) ~:set evs" |
124 lemma ya3_shrK: "evs:ya ==> ya3 A B NA NB (shrK C) ~:set evs" |
125 by (blast dest: KAB_isnt_shrK) |
125 by (blast dest: KAB_isnt_shrK) |
126 |
126 |
127 subsection{*ya2' implies ya1'*} |
127 subsection\<open>ya2' implies ya1'\<close> |
128 |
128 |
129 lemma ya2'_parts_imp_ya1'_parts [rule_format]: |
129 lemma ya2'_parts_imp_ya1'_parts [rule_format]: |
130 "[| evs:ya; B ~:bad |] ==> |
130 "[| evs:ya; B ~:bad |] ==> |
131 Ciph B {|Agent A, Nonce NA, Nonce NB|}:parts (spies evs) --> |
131 Ciph B {|Agent A, Nonce NA, Nonce NB|}:parts (spies evs) --> |
132 {|Agent A, Nonce NA|}:spies evs" |
132 {|Agent A, Nonce NA|}:spies evs" |
134 |
134 |
135 lemma ya2'_imp_ya1'_parts: "[| ya2' B' A B NA NB:set evs; evs:ya; B ~:bad |] |
135 lemma ya2'_imp_ya1'_parts: "[| ya2' B' A B NA NB:set evs; evs:ya; B ~:bad |] |
136 ==> {|Agent A, Nonce NA|}:spies evs" |
136 ==> {|Agent A, Nonce NA|}:spies evs" |
137 by (blast dest: Says_imp_spies ya2'_parts_imp_ya1'_parts) |
137 by (blast dest: Says_imp_spies ya2'_parts_imp_ya1'_parts) |
138 |
138 |
139 subsection{*uniqueness of NB*} |
139 subsection\<open>uniqueness of NB\<close> |
140 |
140 |
141 lemma NB_is_uniq_in_ya2'_parts [rule_format]: "[| evs:ya; B ~:bad; B' ~:bad |] ==> |
141 lemma NB_is_uniq_in_ya2'_parts [rule_format]: "[| evs:ya; B ~:bad; B' ~:bad |] ==> |
142 Ciph B {|Agent A, Nonce NA, Nonce NB|}:parts (spies evs) --> |
142 Ciph B {|Agent A, Nonce NA, Nonce NB|}:parts (spies evs) --> |
143 Ciph B' {|Agent A', Nonce NA', Nonce NB|}:parts (spies evs) --> |
143 Ciph B' {|Agent A', Nonce NA', Nonce NB|}:parts (spies evs) --> |
144 A=A' & B=B' & NA=NA'" |
144 A=A' & B=B' & NA=NA'" |
151 lemma NB_is_uniq_in_ya2': "[| ya2' C A B NA NB:set evs; |
151 lemma NB_is_uniq_in_ya2': "[| ya2' C A B NA NB:set evs; |
152 ya2' C' A' B' NA' NB:set evs; evs:ya; B ~:bad; B' ~:bad |] |
152 ya2' C' A' B' NA' NB:set evs; evs:ya; B ~:bad; B' ~:bad |] |
153 ==> A=A' & B=B' & NA=NA'" |
153 ==> A=A' & B=B' & NA=NA'" |
154 by (drule NB_is_uniq_in_ya2'_parts, auto dest: Says_imp_spies) |
154 by (drule NB_is_uniq_in_ya2'_parts, auto dest: Says_imp_spies) |
155 |
155 |
156 subsection{*ya3' implies ya2'*} |
156 subsection\<open>ya3' implies ya2'\<close> |
157 |
157 |
158 lemma ya3'_parts_imp_ya2'_parts [rule_format]: "[| evs:ya; A ~:bad |] ==> |
158 lemma ya3'_parts_imp_ya2'_parts [rule_format]: "[| evs:ya; A ~:bad |] ==> |
159 Ciph A {|Agent B, Key K, Nonce NA, Nonce NB|}:parts (spies evs) |
159 Ciph A {|Agent B, Key K, Nonce NA, Nonce NB|}:parts (spies evs) |
160 --> Ciph B {|Agent A, Nonce NA, Nonce NB|}:parts (spies evs)" |
160 --> Ciph B {|Agent A, Nonce NA, Nonce NB|}:parts (spies evs)" |
161 apply (erule ya.induct, simp_all) |
161 apply (erule ya.induct, simp_all) |
175 |
175 |
176 lemma ya3'_imp_ya2': "[| ya3' S Y A B NA NB K:set evs; evs:ya; A ~:bad |] |
176 lemma ya3'_imp_ya2': "[| ya3' S Y A B NA NB K:set evs; evs:ya; A ~:bad |] |
177 ==> (EX B'. ya2' B' A B NA NB:set evs)" |
177 ==> (EX B'. ya2' B' A B NA NB:set evs)" |
178 by (drule ya3'_parts_imp_ya2', auto dest: Says_imp_spies) |
178 by (drule ya3'_parts_imp_ya2', auto dest: Says_imp_spies) |
179 |
179 |
180 subsection{*ya3' implies ya3*} |
180 subsection\<open>ya3' implies ya3\<close> |
181 |
181 |
182 lemma ya3'_parts_imp_ya3 [rule_format]: "[| evs:ya; A ~:bad |] ==> |
182 lemma ya3'_parts_imp_ya3 [rule_format]: "[| evs:ya; A ~:bad |] ==> |
183 Ciph A {|Agent B, Key K, Nonce NA, Nonce NB|}:parts(spies evs) |
183 Ciph A {|Agent B, Key K, Nonce NA, Nonce NB|}:parts(spies evs) |
184 --> ya3 A B NA NB K:set evs" |
184 --> ya3 A B NA NB K:set evs" |
185 apply (erule ya.induct, simp_all, safe) |
185 apply (erule ya.induct, simp_all, safe) |
188 |
188 |
189 lemma ya3'_imp_ya3: "[| ya3' S Y A B NA NB K:set evs; evs:ya; A ~:bad |] |
189 lemma ya3'_imp_ya3: "[| ya3' S Y A B NA NB K:set evs; evs:ya; A ~:bad |] |
190 ==> ya3 A B NA NB K:set evs" |
190 ==> ya3 A B NA NB K:set evs" |
191 by (blast dest: Says_imp_spies ya3'_parts_imp_ya3) |
191 by (blast dest: Says_imp_spies ya3'_parts_imp_ya3) |
192 |
192 |
193 subsection{*guardedness of NB*} |
193 subsection\<open>guardedness of NB\<close> |
194 |
194 |
195 definition ya_keys :: "agent => agent => nat => nat => event list => key set" where |
195 definition ya_keys :: "agent => agent => nat => nat => event list => key set" where |
196 "ya_keys A B NA NB evs == {shrK A,shrK B} Un {K. ya3 A B NA NB K:set evs}" |
196 "ya_keys A B NA NB evs == {shrK A,shrK B} Un {K. ya3 A B NA NB K:set evs}" |
197 |
197 |
198 lemma Guard_NB [rule_format]: "[| evs:ya; A ~:bad; B ~:bad |] ==> |
198 lemma Guard_NB [rule_format]: "[| evs:ya; A ~:bad; B ~:bad |] ==> |