equal
deleted
inserted
replaced
6 Inductive relation "recur" for the Recursive Authentication protocol. |
6 Inductive relation "recur" for the Recursive Authentication protocol. |
7 *) |
7 *) |
8 |
8 |
9 Pretty.setdepth 30; |
9 Pretty.setdepth 30; |
10 |
10 |
11 AddEs spies_partsEs; |
11 AddDs [Says_imp_knows_Spy RS parts.Inj, parts.Body]; |
12 AddDs [impOfSubs analz_subset_parts]; |
12 AddDs [impOfSubs analz_subset_parts, impOfSubs Fake_parts_insert]; |
13 AddDs [impOfSubs Fake_parts_insert]; |
|
14 |
13 |
15 |
14 |
16 (** Possibility properties: traces that reach the end |
15 (** Possibility properties: traces that reach the end |
17 ONE theorem would be more elegant and faster! |
16 ONE theorem would be more elegant and faster! |
18 By induction on a list of agents (no repetitions) |
17 By induction on a list of agents (no repetitions) |
341 by (blast_tac (claset() addSDs [resp_analz_insert]) 3); |
340 by (blast_tac (claset() addSDs [resp_analz_insert]) 3); |
342 by (blast_tac (claset() addSDs [respond_certificate]) 2); |
341 by (blast_tac (claset() addSDs [respond_certificate]) 2); |
343 by (Asm_full_simp_tac 1); |
342 by (Asm_full_simp_tac 1); |
344 (*by unicity, either B=Aa or B=A', a contradiction if B \\<in> bad*) |
343 (*by unicity, either B=Aa or B=A', a contradiction if B \\<in> bad*) |
345 by (blast_tac |
344 by (blast_tac |
346 (claset() addSEs [MPair_parts] |
345 (claset() addDs [respond_certificate RSN (2, unique_session_keys)]) 1); |
347 addDs [parts.Body, |
|
348 respond_certificate RSN (2, unique_session_keys)]) 1); |
|
349 qed_spec_mp "respond_Spy_not_see_session_key"; |
346 qed_spec_mp "respond_Spy_not_see_session_key"; |
350 |
347 |
351 |
348 |
352 Goal "[| Crypt (shrK A) {|Key K, Agent A', N|} \\<in> parts (spies evs); \ |
349 Goal "[| Crypt (shrK A) {|Key K, Agent A', N|} \\<in> parts (spies evs); \ |
353 \ A \\<notin> bad; A' \\<notin> bad; evs \\<in> recur |] \ |
350 \ A \\<notin> bad; A' \\<notin> bad; evs \\<in> recur |] \ |
369 (*RA3 remains*) |
366 (*RA3 remains*) |
370 by (simp_tac (simpset() addsimps [parts_insert_spies]) 1); |
367 by (simp_tac (simpset() addsimps [parts_insert_spies]) 1); |
371 by (safe_tac (claset() delrules [impCE])); |
368 by (safe_tac (claset() delrules [impCE])); |
372 (*RA3, case 2: K is an old key*) |
369 (*RA3, case 2: K is an old key*) |
373 by (blast_tac (claset() addSDs [resp_analz_insert] |
370 by (blast_tac (claset() addSDs [resp_analz_insert] |
374 addSEs partsEs |
|
375 addDs [Key_in_parts_respond]) 2); |
371 addDs [Key_in_parts_respond]) 2); |
376 (*RA3, case 1: use lemma previously proved by induction*) |
372 (*RA3, case 1: use lemma previously proved by induction*) |
377 by (blast_tac (claset() addSEs [respond_Spy_not_see_session_key RSN |
373 by (blast_tac (claset() addSEs [respond_Spy_not_see_session_key RSN |
378 (2,rev_notE)]) 1); |
374 (2,rev_notE)]) 1); |
379 qed "Spy_not_see_session_key"; |
375 qed "Spy_not_see_session_key"; |