59 inductive_set |
61 inductive_set |
60 set_pur :: "event list set" |
62 set_pur :: "event list set" |
61 where |
63 where |
62 |
64 |
63 Nil: --{*Initial trace is empty*} |
65 Nil: --{*Initial trace is empty*} |
64 "[] \<in> set_pur" |
66 "[] \<in> set_pur" |
65 |
67 |
66 | Fake: --{*The spy MAY say anything he CAN say.*} |
68 | Fake: --{*The spy MAY say anything he CAN say.*} |
67 "[| evsf \<in> set_pur; X \<in> synth(analz(knows Spy evsf)) |] |
69 "[| evsf \<in> set_pur; X \<in> synth(analz(knows Spy evsf)) |] |
68 ==> Says Spy B X # evsf \<in> set_pur" |
70 ==> Says Spy B X # evsf \<in> set_pur" |
69 |
71 |
70 |
72 |
71 | Reception: --{*If A sends a message X to B, then B might receive it*} |
73 | Reception: --{*If A sends a message X to B, then B might receive it*} |
72 "[| evsr \<in> set_pur; Says A B X \<in> set evsr |] |
74 "[| evsr \<in> set_pur; Says A B X \<in> set evsr |] |
73 ==> Gets B X # evsr \<in> set_pur" |
75 ==> Gets B X # evsr \<in> set_pur" |
74 |
76 |
75 | Start: |
77 | Start: |
76 --{*Added start event which is out-of-band for SET: the Cardholder and |
78 --{*Added start event which is out-of-band for SET: the Cardholder and |
77 the merchant agree on the amounts and uses @{text LID_M} as an |
79 the merchant agree on the amounts and uses @{text LID_M} as an |
78 identifier. |
80 identifier. |
79 This is suggested by the External Interface Guide. The Programmer's |
81 This is suggested by the External Interface Guide. The Programmer's |
80 Guide, in absence of @{text LID_M}, states that the merchant uniquely |
82 Guide, in absence of @{text LID_M}, states that the merchant uniquely |
81 identifies the order out of some data contained in OrderDesc.*} |
83 identifies the order out of some data contained in OrderDesc.*} |
82 "[|evsStart \<in> set_pur; |
84 "[|evsStart \<in> set_pur; |
83 Number LID_M \<notin> used evsStart; |
85 Number LID_M \<notin> used evsStart; |
84 C = Cardholder k; M = Merchant i; P = PG j; |
86 C = Cardholder k; M = Merchant i; P = PG j; |
85 Transaction = {|Agent M, Agent C, Number OrderDesc, Number PurchAmt|}; |
87 Transaction = {|Agent M, Agent C, Number OrderDesc, Number PurchAmt|}; |
86 LID_M \<notin> range CardSecret; |
88 LID_M \<notin> range CardSecret; |
98 Notes C {|Number LID_M, Transaction |} \<in> set evsPIReq |] |
100 Notes C {|Number LID_M, Transaction |} \<in> set evsPIReq |] |
99 ==> Says C M {|Number LID_M, Nonce Chall_C|} # evsPIReq \<in> set_pur" |
101 ==> Says C M {|Number LID_M, Nonce Chall_C|} # evsPIReq \<in> set_pur" |
100 |
102 |
101 | PInitRes: |
103 | PInitRes: |
102 --{*Merchant replies with his own label XID and the encryption |
104 --{*Merchant replies with his own label XID and the encryption |
103 key certificate of his chosen Payment Gateway. Page 74 of Formal |
105 key certificate of his chosen Payment Gateway. Page 74 of Formal |
104 Protocol Desc. We use @{text LID_M} to identify Cardholder*} |
106 Protocol Desc. We use @{text LID_M} to identify Cardholder*} |
105 "[|evsPIRes \<in> set_pur; |
107 "[|evsPIRes \<in> set_pur; |
106 Gets M {|Number LID_M, Nonce Chall_C|} \<in> set evsPIRes; |
108 Gets M {|Number LID_M, Nonce Chall_C|} \<in> set evsPIRes; |
107 Transaction = {|Agent M, Agent C, Number OrderDesc, Number PurchAmt|}; |
109 Transaction = {|Agent M, Agent C, Number OrderDesc, Number PurchAmt|}; |
108 Notes M {|Number LID_M, Agent P, Transaction|} \<in> set evsPIRes; |
110 Notes M {|Number LID_M, Agent P, Transaction|} \<in> set evsPIRes; |
109 Nonce Chall_M \<notin> used evsPIRes; |
111 Nonce Chall_M \<notin> used evsPIRes; |
110 Chall_M \<notin> range CardSecret; Chall_M \<notin> range PANSecret; |
112 Chall_M \<notin> range CardSecret; Chall_M \<notin> range PANSecret; |
111 Number XID \<notin> used evsPIRes; |
113 Number XID \<notin> used evsPIRes; |
112 XID \<notin> range CardSecret; XID \<notin> range PANSecret|] |
114 XID \<notin> range CardSecret; XID \<notin> range PANSecret|] |
113 ==> Says M C (sign (priSK M) |
115 ==> Says M C (sign (priSK M) |
114 {|Number LID_M, Number XID, |
116 {|Number LID_M, Number XID, |
115 Nonce Chall_C, Nonce Chall_M, |
117 Nonce Chall_C, Nonce Chall_M, |
116 cert P (pubEK P) onlyEnc (priSK RCA)|}) |
118 cert P (pubEK P) onlyEnc (priSK RCA)|}) |
117 # evsPIRes \<in> set_pur" |
119 # evsPIRes \<in> set_pur" |
118 |
120 |
119 | PReqUns: |
121 | PReqUns: |
120 --{*UNSIGNED Purchase request (CardSecret = 0). |
122 --{*UNSIGNED Purchase request (CardSecret = 0). |
121 Page 79 of Formal Protocol Desc. |
123 Page 79 of Formal Protocol Desc. |
122 Merchant never sees the amount in clear. This holds of the real |
124 Merchant never sees the amount in clear. This holds of the real |
123 protocol, where XID identifies the transaction. We omit |
125 protocol, where XID identifies the transaction. We omit |
124 Hash{|Number XID, Nonce (CardSecret k)|} from PIHead because |
126 Hash{|Number XID, Nonce (CardSecret k)|} from PIHead because |
125 the CardSecret is 0 and because AuthReq treated the unsigned case |
127 the CardSecret is 0 and because AuthReq treated the unsigned case |
126 very differently from the signed one anyway.*} |
128 very differently from the signed one anyway.*} |
127 "!!Chall_C Chall_M OrderDesc P PurchAmt XID evsPReqU. |
129 "!!Chall_C Chall_M OrderDesc P PurchAmt XID evsPReqU. |
128 [|evsPReqU \<in> set_pur; |
130 [|evsPReqU \<in> set_pur; |
129 C = Cardholder k; CardSecret k = 0; |
131 C = Cardholder k; CardSecret k = 0; |
130 Key KC1 \<notin> used evsPReqU; KC1 \<in> symKeys; |
132 Key KC1 \<notin> used evsPReqU; KC1 \<in> symKeys; |
131 Transaction = {|Agent M, Agent C, Number OrderDesc, Number PurchAmt|}; |
133 Transaction = {|Agent M, Agent C, Number OrderDesc, Number PurchAmt|}; |
132 HOD = Hash{|Number OrderDesc, Number PurchAmt|}; |
134 HOD = Hash{|Number OrderDesc, Number PurchAmt|}; |
133 OIData = {|Number LID_M, Number XID, Nonce Chall_C, HOD,Nonce Chall_M|}; |
135 OIData = {|Number LID_M, Number XID, Nonce Chall_C, HOD,Nonce Chall_M|}; |
134 PIHead = {|Number LID_M, Number XID, HOD, Number PurchAmt, Agent M|}; |
136 PIHead = {|Number LID_M, Number XID, HOD, Number PurchAmt, Agent M|}; |
135 Gets C (sign (priSK M) |
137 Gets C (sign (priSK M) |
136 {|Number LID_M, Number XID, |
138 {|Number LID_M, Number XID, |
137 Nonce Chall_C, Nonce Chall_M, |
139 Nonce Chall_C, Nonce Chall_M, |
138 cert P EKj onlyEnc (priSK RCA)|}) |
140 cert P EKj onlyEnc (priSK RCA)|}) |
139 \<in> set evsPReqU; |
141 \<in> set evsPReqU; |
140 Says C M {|Number LID_M, Nonce Chall_C|} \<in> set evsPReqU; |
142 Says C M {|Number LID_M, Nonce Chall_C|} \<in> set evsPReqU; |
141 Notes C {|Number LID_M, Transaction|} \<in> set evsPReqU |] |
143 Notes C {|Number LID_M, Transaction|} \<in> set evsPReqU |] |
142 ==> Says C M |
144 ==> Says C M |
143 {|EXHcrypt KC1 EKj {|PIHead, Hash OIData|} (Pan (pan C)), |
145 {|EXHcrypt KC1 EKj {|PIHead, Hash OIData|} (Pan (pan C)), |
144 OIData, Hash{|PIHead, Pan (pan C)|} |} |
146 OIData, Hash{|PIHead, Pan (pan C)|} |} |
145 # Notes C {|Key KC1, Agent M|} |
147 # Notes C {|Key KC1, Agent M|} |
146 # evsPReqU \<in> set_pur" |
148 # evsPReqU \<in> set_pur" |
147 |
149 |
148 | PReqS: |
150 | PReqS: |
149 --{*SIGNED Purchase request. Page 77 of Formal Protocol Desc. |
151 --{*SIGNED Purchase request. Page 77 of Formal Protocol Desc. |
150 We could specify the equation |
152 We could specify the equation |
151 @{term "PIReqSigned = {| PIDualSigned, OIDualSigned |}"}, since the |
153 @{term "PIReqSigned = {| PIDualSigned, OIDualSigned |}"}, since the |
152 Formal Desc. gives PIHead the same format in the unsigned case. |
154 Formal Desc. gives PIHead the same format in the unsigned case. |
153 However, there's little point, as P treats the signed and |
155 However, there's little point, as P treats the signed and |
154 unsigned cases differently.*} |
156 unsigned cases differently.*} |
155 "!!C Chall_C Chall_M EKj HOD KC2 LID_M M OIData |
157 "!!C Chall_C Chall_M EKj HOD KC2 LID_M M OIData |
156 OIDualSigned OrderDesc P PANData PIData PIDualSigned |
158 OIDualSigned OrderDesc P PANData PIData PIDualSigned |
157 PIHead PurchAmt Transaction XID evsPReqS k. |
159 PIHead PurchAmt Transaction XID evsPReqS k. |
158 [|evsPReqS \<in> set_pur; |
160 [|evsPReqS \<in> set_pur; |
160 CardSecret k \<noteq> 0; Key KC2 \<notin> used evsPReqS; KC2 \<in> symKeys; |
162 CardSecret k \<noteq> 0; Key KC2 \<notin> used evsPReqS; KC2 \<in> symKeys; |
161 Transaction = {|Agent M, Agent C, Number OrderDesc, Number PurchAmt|}; |
163 Transaction = {|Agent M, Agent C, Number OrderDesc, Number PurchAmt|}; |
162 HOD = Hash{|Number OrderDesc, Number PurchAmt|}; |
164 HOD = Hash{|Number OrderDesc, Number PurchAmt|}; |
163 OIData = {|Number LID_M, Number XID, Nonce Chall_C, HOD, Nonce Chall_M|}; |
165 OIData = {|Number LID_M, Number XID, Nonce Chall_C, HOD, Nonce Chall_M|}; |
164 PIHead = {|Number LID_M, Number XID, HOD, Number PurchAmt, Agent M, |
166 PIHead = {|Number LID_M, Number XID, HOD, Number PurchAmt, Agent M, |
165 Hash{|Number XID, Nonce (CardSecret k)|}|}; |
167 Hash{|Number XID, Nonce (CardSecret k)|}|}; |
166 PANData = {|Pan (pan C), Nonce (PANSecret k)|}; |
168 PANData = {|Pan (pan C), Nonce (PANSecret k)|}; |
167 PIData = {|PIHead, PANData|}; |
169 PIData = {|PIHead, PANData|}; |
168 PIDualSigned = {|sign (priSK C) {|Hash PIData, Hash OIData|}, |
170 PIDualSigned = {|sign (priSK C) {|Hash PIData, Hash OIData|}, |
169 EXcrypt KC2 EKj {|PIHead, Hash OIData|} PANData|}; |
171 EXcrypt KC2 EKj {|PIHead, Hash OIData|} PANData|}; |
170 OIDualSigned = {|OIData, Hash PIData|}; |
172 OIDualSigned = {|OIData, Hash PIData|}; |
171 Gets C (sign (priSK M) |
173 Gets C (sign (priSK M) |
172 {|Number LID_M, Number XID, |
174 {|Number LID_M, Number XID, |
173 Nonce Chall_C, Nonce Chall_M, |
175 Nonce Chall_C, Nonce Chall_M, |
174 cert P EKj onlyEnc (priSK RCA)|}) |
176 cert P EKj onlyEnc (priSK RCA)|}) |
175 \<in> set evsPReqS; |
177 \<in> set evsPReqS; |
176 Says C M {|Number LID_M, Nonce Chall_C|} \<in> set evsPReqS; |
178 Says C M {|Number LID_M, Nonce Chall_C|} \<in> set evsPReqS; |
177 Notes C {|Number LID_M, Transaction|} \<in> set evsPReqS |] |
179 Notes C {|Number LID_M, Transaction|} \<in> set evsPReqS |] |
178 ==> Says C M {|PIDualSigned, OIDualSigned|} |
180 ==> Says C M {|PIDualSigned, OIDualSigned|} |
179 # Notes C {|Key KC2, Agent M|} |
181 # Notes C {|Key KC2, Agent M|} |
180 # evsPReqS \<in> set_pur" |
182 # evsPReqS \<in> set_pur" |
181 |
183 |
182 --{*Authorization Request. Page 92 of Formal Protocol Desc. |
184 --{*Authorization Request. Page 92 of Formal Protocol Desc. |
183 Sent in response to Purchase Request.*} |
185 Sent in response to Purchase Request.*} |
184 | AuthReq: |
186 | AuthReq: |
185 "[| evsAReq \<in> set_pur; |
187 "[| evsAReq \<in> set_pur; |
186 Key KM \<notin> used evsAReq; KM \<in> symKeys; |
188 Key KM \<notin> used evsAReq; KM \<in> symKeys; |
187 Transaction = {|Agent M, Agent C, Number OrderDesc, Number PurchAmt|}; |
189 Transaction = {|Agent M, Agent C, Number OrderDesc, Number PurchAmt|}; |
188 HOD = Hash{|Number OrderDesc, Number PurchAmt|}; |
190 HOD = Hash{|Number OrderDesc, Number PurchAmt|}; |
189 OIData = {|Number LID_M, Number XID, Nonce Chall_C, HOD, |
191 OIData = {|Number LID_M, Number XID, Nonce Chall_C, HOD, |
190 Nonce Chall_M|}; |
192 Nonce Chall_M|}; |
191 CardSecret k \<noteq> 0 --> |
193 CardSecret k \<noteq> 0 --> |
192 P_I = {|sign (priSK C) {|HPIData, Hash OIData|}, encPANData|}; |
194 P_I = {|sign (priSK C) {|HPIData, Hash OIData|}, encPANData|}; |
193 Gets M {|P_I, OIData, HPIData|} \<in> set evsAReq; |
195 Gets M {|P_I, OIData, HPIData|} \<in> set evsAReq; |
194 Says M C (sign (priSK M) {|Number LID_M, Number XID, |
196 Says M C (sign (priSK M) {|Number LID_M, Number XID, |
195 Nonce Chall_C, Nonce Chall_M, |
197 Nonce Chall_C, Nonce Chall_M, |
196 cert P EKj onlyEnc (priSK RCA)|}) |
198 cert P EKj onlyEnc (priSK RCA)|}) |
197 \<in> set evsAReq; |
199 \<in> set evsAReq; |
198 Notes M {|Number LID_M, Agent P, Transaction|} |
200 Notes M {|Number LID_M, Agent P, Transaction|} |
199 \<in> set evsAReq |] |
201 \<in> set evsAReq |] |
200 ==> Says M P |
202 ==> Says M P |
201 (EncB (priSK M) KM (pubEK P) |
203 (EncB (priSK M) KM (pubEK P) |
202 {|Number LID_M, Number XID, Hash OIData, HOD|} P_I) |
204 {|Number LID_M, Number XID, Hash OIData, HOD|} P_I) |
203 # evsAReq \<in> set_pur" |
205 # evsAReq \<in> set_pur" |
204 |
206 |
205 --{*Authorization Response has two forms: for UNSIGNED and SIGNED PIs. |
207 --{*Authorization Response has two forms: for UNSIGNED and SIGNED PIs. |
206 Page 99 of Formal Protocol Desc. |
208 Page 99 of Formal Protocol Desc. |
207 PI is a keyword (product!), so we call it @{text P_I}. The hashes HOD and |
209 PI is a keyword (product!), so we call it @{text P_I}. The hashes HOD and |
208 HOIData occur independently in @{text P_I} and in M's message. |
210 HOIData occur independently in @{text P_I} and in M's message. |
217 Key KP \<notin> used evsAResU; KP \<in> symKeys; |
219 Key KP \<notin> used evsAResU; KP \<in> symKeys; |
218 CardSecret k = 0; KC1 \<in> symKeys; KM \<in> symKeys; |
220 CardSecret k = 0; KC1 \<in> symKeys; KM \<in> symKeys; |
219 PIHead = {|Number LID_M, Number XID, HOD, Number PurchAmt, Agent M|}; |
221 PIHead = {|Number LID_M, Number XID, HOD, Number PurchAmt, Agent M|}; |
220 P_I = EXHcrypt KC1 EKj {|PIHead, HOIData|} (Pan (pan C)); |
222 P_I = EXHcrypt KC1 EKj {|PIHead, HOIData|} (Pan (pan C)); |
221 Gets P (EncB (priSK M) KM (pubEK P) |
223 Gets P (EncB (priSK M) KM (pubEK P) |
222 {|Number LID_M, Number XID, HOIData, HOD|} P_I) |
224 {|Number LID_M, Number XID, HOIData, HOD|} P_I) |
223 \<in> set evsAResU |] |
225 \<in> set evsAResU |] |
224 ==> Says P M |
226 ==> Says P M |
225 (EncB (priSK P) KP (pubEK M) |
227 (EncB (priSK P) KP (pubEK M) |
226 {|Number LID_M, Number XID, Number PurchAmt|} |
228 {|Number LID_M, Number XID, Number PurchAmt|} |
227 authCode) |
229 authCode) |
228 # evsAResU \<in> set_pur" |
230 # evsAResU \<in> set_pur" |
229 |
231 |
230 | AuthResS: |
232 | AuthResS: |
231 --{*Authorization Response, SIGNED*} |
233 --{*Authorization Response, SIGNED*} |
232 "[| evsAResS \<in> set_pur; |
234 "[| evsAResS \<in> set_pur; |
233 C = Cardholder k; |
235 C = Cardholder k; |
234 Key KP \<notin> used evsAResS; KP \<in> symKeys; |
236 Key KP \<notin> used evsAResS; KP \<in> symKeys; |
235 CardSecret k \<noteq> 0; KC2 \<in> symKeys; KM \<in> symKeys; |
237 CardSecret k \<noteq> 0; KC2 \<in> symKeys; KM \<in> symKeys; |
236 P_I = {|sign (priSK C) {|Hash PIData, HOIData|}, |
238 P_I = {|sign (priSK C) {|Hash PIData, HOIData|}, |
237 EXcrypt KC2 (pubEK P) {|PIHead, HOIData|} PANData|}; |
239 EXcrypt KC2 (pubEK P) {|PIHead, HOIData|} PANData|}; |
238 PANData = {|Pan (pan C), Nonce (PANSecret k)|}; |
240 PANData = {|Pan (pan C), Nonce (PANSecret k)|}; |
239 PIData = {|PIHead, PANData|}; |
241 PIData = {|PIHead, PANData|}; |
240 PIHead = {|Number LID_M, Number XID, HOD, Number PurchAmt, Agent M, |
242 PIHead = {|Number LID_M, Number XID, HOD, Number PurchAmt, Agent M, |
241 Hash{|Number XID, Nonce (CardSecret k)|}|}; |
243 Hash{|Number XID, Nonce (CardSecret k)|}|}; |
242 Gets P (EncB (priSK M) KM (pubEK P) |
244 Gets P (EncB (priSK M) KM (pubEK P) |
243 {|Number LID_M, Number XID, HOIData, HOD|} |
245 {|Number LID_M, Number XID, HOIData, HOD|} |
244 P_I) |
246 P_I) |
245 \<in> set evsAResS |] |
247 \<in> set evsAResS |] |
246 ==> Says P M |
248 ==> Says P M |
247 (EncB (priSK P) KP (pubEK M) |
249 (EncB (priSK P) KP (pubEK M) |
248 {|Number LID_M, Number XID, Number PurchAmt|} |
250 {|Number LID_M, Number XID, Number PurchAmt|} |
249 authCode) |
251 authCode) |
250 # evsAResS \<in> set_pur" |
252 # evsAResS \<in> set_pur" |
251 |
253 |
252 | PRes: |
254 | PRes: |
253 --{*Purchase response.*} |
255 --{*Purchase response.*} |
254 "[| evsPRes \<in> set_pur; KP \<in> symKeys; M = Merchant i; |
256 "[| evsPRes \<in> set_pur; KP \<in> symKeys; M = Merchant i; |
255 Transaction = {|Agent M, Agent C, Number OrderDesc, Number PurchAmt|}; |
257 Transaction = {|Agent M, Agent C, Number OrderDesc, Number PurchAmt|}; |
256 Gets M (EncB (priSK P) KP (pubEK M) |
258 Gets M (EncB (priSK P) KP (pubEK M) |
257 {|Number LID_M, Number XID, Number PurchAmt|} |
259 {|Number LID_M, Number XID, Number PurchAmt|} |
258 authCode) |
260 authCode) |
259 \<in> set evsPRes; |
261 \<in> set evsPRes; |
260 Gets M {|Number LID_M, Nonce Chall_C|} \<in> set evsPRes; |
262 Gets M {|Number LID_M, Nonce Chall_C|} \<in> set evsPRes; |
261 Says M P |
263 Says M P |
262 (EncB (priSK M) KM (pubEK P) |
264 (EncB (priSK M) KM (pubEK P) |
263 {|Number LID_M, Number XID, Hash OIData, HOD|} P_I) |
265 {|Number LID_M, Number XID, Hash OIData, HOD|} P_I) |
264 \<in> set evsPRes; |
266 \<in> set evsPRes; |
265 Notes M {|Number LID_M, Agent P, Transaction|} |
267 Notes M {|Number LID_M, Agent P, Transaction|} |
266 \<in> set evsPRes |
268 \<in> set evsPRes |
267 |] |
269 |] |
268 ==> Says M C |
270 ==> Says M C |
269 (sign (priSK M) {|Number LID_M, Number XID, Nonce Chall_C, |
271 (sign (priSK M) {|Number LID_M, Number XID, Nonce Chall_C, |
270 Hash (Number PurchAmt)|}) |
272 Hash (Number PurchAmt)|}) |
271 # evsPRes \<in> set_pur" |
273 # evsPRes \<in> set_pur" |
272 |
274 |
273 |
275 |
274 specification (CardSecret PANSecret) |
276 specification (CardSecret PANSecret) |
275 inj_CardSecret: "inj CardSecret" |
277 inj_CardSecret: "inj CardSecret" |
276 inj_PANSecret: "inj PANSecret" |
278 inj_PANSecret: "inj PANSecret" |
319 {|Number LID_M, Number XID, Nonce Chall_C, |
321 {|Number LID_M, Number XID, Nonce Chall_C, |
320 Hash (Number PurchAmt)|}) |
322 Hash (Number PurchAmt)|}) |
321 \<in> set evs" |
323 \<in> set evs" |
322 apply (intro exI bexI) |
324 apply (intro exI bexI) |
323 apply (rule_tac [2] |
325 apply (rule_tac [2] |
324 set_pur.Nil |
326 set_pur.Nil |
325 [THEN set_pur.Start [of _ LID_M C k M i _ _ _ OrderDesc PurchAmt], |
327 [THEN set_pur.Start [of _ LID_M C k M i _ _ _ OrderDesc PurchAmt], |
326 THEN set_pur.PInitReq [of concl: C M LID_M Chall_C], |
328 THEN set_pur.PInitReq [of concl: C M LID_M Chall_C], |
327 THEN Says_to_Gets, |
329 THEN Says_to_Gets, |
328 THEN set_pur.PInitRes [of concl: M C LID_M XID Chall_C Chall_M], |
330 THEN set_pur.PInitRes [of concl: M C LID_M XID Chall_C Chall_M], |
329 THEN Says_to_Gets, |
331 THEN Says_to_Gets, |
330 THEN set_pur.PReqUns [of concl: C M KC], |
332 THEN set_pur.PReqUns [of concl: C M KC], |
331 THEN Says_to_Gets, |
333 THEN Says_to_Gets, |
332 THEN set_pur.AuthReq [of concl: M "PG j" KM LID_M XID], |
334 THEN set_pur.AuthReq [of concl: M "PG j" KM LID_M XID], |
333 THEN Says_to_Gets, |
335 THEN Says_to_Gets, |
334 THEN set_pur.AuthResUns [of concl: "PG j" M KP LID_M XID], |
336 THEN set_pur.AuthResUns [of concl: "PG j" M KP LID_M XID], |
335 THEN Says_to_Gets, |
337 THEN Says_to_Gets, |
336 THEN set_pur.PRes]) |
338 THEN set_pur.PRes]) |
337 apply basic_possibility |
339 apply basic_possibility |
338 apply (simp_all add: used_Cons symKeys_neq_imp_neq) |
340 apply (simp_all add: used_Cons symKeys_neq_imp_neq) |
339 done |
341 done |
340 |
342 |
341 lemma possibility_S: |
343 lemma possibility_S: |
342 "[| CardSecret k \<noteq> 0; |
344 "[| CardSecret k \<noteq> 0; |
343 C = Cardholder k; M = Merchant i; |
345 C = Cardholder k; M = Merchant i; |
344 Key KC \<notin> used []; Key KM \<notin> used []; Key KP \<notin> used []; |
346 Key KC \<notin> used []; Key KM \<notin> used []; Key KP \<notin> used []; |
345 KC \<in> symKeys; KM \<in> symKeys; KP \<in> symKeys; |
347 KC \<in> symKeys; KM \<in> symKeys; KP \<in> symKeys; |
346 KC < KM; KM < KP; |
348 KC < KM; KM < KP; |
347 Nonce Chall_C \<notin> used []; Chall_C \<notin> range CardSecret \<union> range PANSecret; |
349 Nonce Chall_C \<notin> used []; Chall_C \<notin> range CardSecret \<union> range PANSecret; |
348 Nonce Chall_M \<notin> used []; Chall_M \<notin> range CardSecret \<union> range PANSecret; |
350 Nonce Chall_M \<notin> used []; Chall_M \<notin> range CardSecret \<union> range PANSecret; |
349 Chall_C < Chall_M; |
351 Chall_C < Chall_M; |
350 Number LID_M \<notin> used []; LID_M \<notin> range CardSecret \<union> range PANSecret; |
352 Number LID_M \<notin> used []; LID_M \<notin> range CardSecret \<union> range PANSecret; |
351 Number XID \<notin> used []; XID \<notin> range CardSecret \<union> range PANSecret; |
353 Number XID \<notin> used []; XID \<notin> range CardSecret \<union> range PANSecret; |
352 LID_M < XID; XID < OrderDesc; OrderDesc < PurchAmt |] |
354 LID_M < XID; XID < OrderDesc; OrderDesc < PurchAmt |] |
353 ==> \<exists>evs \<in> set_pur. |
355 ==> \<exists>evs \<in> set_pur. |
354 Says M C |
356 Says M C |
355 (sign (priSK M) {|Number LID_M, Number XID, Nonce Chall_C, |
357 (sign (priSK M) {|Number LID_M, Number XID, Nonce Chall_C, |
356 Hash (Number PurchAmt)|}) |
358 Hash (Number PurchAmt)|}) |
357 \<in> set evs" |
359 \<in> set evs" |
358 apply (intro exI bexI) |
360 apply (intro exI bexI) |
359 apply (rule_tac [2] |
361 apply (rule_tac [2] |
360 set_pur.Nil |
362 set_pur.Nil |
361 [THEN set_pur.Start [of _ LID_M C k M i _ _ _ OrderDesc PurchAmt], |
363 [THEN set_pur.Start [of _ LID_M C k M i _ _ _ OrderDesc PurchAmt], |
362 THEN set_pur.PInitReq [of concl: C M LID_M Chall_C], |
364 THEN set_pur.PInitReq [of concl: C M LID_M Chall_C], |
363 THEN Says_to_Gets, |
365 THEN Says_to_Gets, |
364 THEN set_pur.PInitRes [of concl: M C LID_M XID Chall_C Chall_M], |
366 THEN set_pur.PInitRes [of concl: M C LID_M XID Chall_C Chall_M], |
365 THEN Says_to_Gets, |
367 THEN Says_to_Gets, |
366 THEN set_pur.PReqS [of concl: C M _ _ KC], |
368 THEN set_pur.PReqS [of concl: C M _ _ KC], |
367 THEN Says_to_Gets, |
369 THEN Says_to_Gets, |
368 THEN set_pur.AuthReq [of concl: M "PG j" KM LID_M XID], |
370 THEN set_pur.AuthReq [of concl: M "PG j" KM LID_M XID], |
369 THEN Says_to_Gets, |
371 THEN Says_to_Gets, |
370 THEN set_pur.AuthResS [of concl: "PG j" M KP LID_M XID], |
372 THEN set_pur.AuthResS [of concl: "PG j" M KP LID_M XID], |
371 THEN Says_to_Gets, |
373 THEN Says_to_Gets, |
372 THEN set_pur.PRes]) |
374 THEN set_pur.PRes]) |
373 apply basic_possibility |
375 apply basic_possibility |
374 apply (auto simp add: used_Cons symKeys_neq_imp_neq) |
376 apply (auto simp add: used_Cons symKeys_neq_imp_neq) |
375 done |
377 done |
376 |
378 |
377 text{*General facts about message reception*} |
379 text{*General facts about message reception*} |