15 * Each party who has received a FINISHED message can trust that the other |
15 * Each party who has received a FINISHED message can trust that the other |
16 party agrees on all message components, including PA and PB (thus foiling |
16 party agrees on all message components, including PA and PB (thus foiling |
17 rollback attacks). |
17 rollback attacks). |
18 *) |
18 *) |
19 |
19 |
20 |
|
21 open TLS; |
20 open TLS; |
|
21 |
|
22 val if_distrib_parts = |
|
23 read_instantiate_sg (sign_of Message.thy) [("f", "parts")] if_distrib; |
|
24 |
|
25 val if_distrib_analz = |
|
26 read_instantiate_sg (sign_of Message.thy) [("f", "analz")] if_distrib; |
22 |
27 |
23 proof_timing:=true; |
28 proof_timing:=true; |
24 HOL_quantifiers := false; |
29 HOL_quantifiers := false; |
25 |
30 |
26 (*Automatically unfold the definition of "certificate"*) |
31 (*Automatically unfold the definition of "certificate"*) |
196 fun analz_induct_tac i = |
201 fun analz_induct_tac i = |
197 etac tls.induct i THEN |
202 etac tls.induct i THEN |
198 ClientKeyExch_tac (i+6) THEN (*ClientKeyExch*) |
203 ClientKeyExch_tac (i+6) THEN (*ClientKeyExch*) |
199 ALLGOALS (asm_simp_tac |
204 ALLGOALS (asm_simp_tac |
200 (!simpset addcongs [if_weak_cong] |
205 (!simpset addcongs [if_weak_cong] |
|
206 addsimps (expand_ifs@pushes) |
201 addsplits [expand_if])) THEN |
207 addsplits [expand_if])) THEN |
202 (*Remove instances of pubK B: the Spy already knows all public keys. |
208 (*Remove instances of pubK B: the Spy already knows all public keys. |
203 Combining the two simplifier calls makes them run extremely slowly.*) |
209 Combining the two simplifier calls makes them run extremely slowly.*) |
204 ALLGOALS (asm_simp_tac |
210 ALLGOALS (asm_simp_tac |
205 (!simpset addcongs [if_weak_cong] |
211 (!simpset addcongs [if_weak_cong] |
394 (*Lemma for the trivial direction of the if-and-only-if*) |
400 (*Lemma for the trivial direction of the if-and-only-if*) |
395 goal thy |
401 goal thy |
396 "!!evs. (X : analz (G Un H)) --> (X : analz H) ==> \ |
402 "!!evs. (X : analz (G Un H)) --> (X : analz H) ==> \ |
397 \ (X : analz (G Un H)) = (X : analz H)"; |
403 \ (X : analz (G Un H)) = (X : analz H)"; |
398 by (blast_tac (!claset addIs [impOfSubs analz_mono]) 1); |
404 by (blast_tac (!claset addIs [impOfSubs analz_mono]) 1); |
399 val lemma = result(); |
405 val analz_image_keys_lemma = result(); |
400 |
406 |
401 (** Strangely, the following version doesn't work: |
407 (** Strangely, the following version doesn't work: |
402 \ ALL Z. (Nonce N : analz (Key``(sessionK``Z) Un (spies evs))) = \ |
408 \ ALL Z. (Nonce N : analz (Key``(sessionK``Z) Un (spies evs))) = \ |
403 \ (Nonce N : analz (spies evs))"; |
409 \ (Nonce N : analz (spies evs))"; |
404 **) |
410 **) |
409 \ (Nonce N : analz (Key``KK Un (spies evs))) = \ |
415 \ (Nonce N : analz (Key``KK Un (spies evs))) = \ |
410 \ (Nonce N : analz (spies evs))"; |
416 \ (Nonce N : analz (spies evs))"; |
411 by (etac tls.induct 1); |
417 by (etac tls.induct 1); |
412 by (ClientKeyExch_tac 7); |
418 by (ClientKeyExch_tac 7); |
413 by (REPEAT_FIRST (resolve_tac [allI, impI])); |
419 by (REPEAT_FIRST (resolve_tac [allI, impI])); |
414 by (REPEAT_FIRST (rtac lemma)); |
420 by (REPEAT_FIRST (rtac analz_image_keys_lemma)); |
415 by (ALLGOALS (*24 seconds*) |
421 by (ALLGOALS (*15 seconds*) |
416 (asm_simp_tac (analz_image_keys_ss |
422 (asm_simp_tac (analz_image_keys_ss |
|
423 addsimps (expand_ifs@pushes) |
417 addsimps [range_sessionkeys_not_priK, |
424 addsimps [range_sessionkeys_not_priK, |
418 analz_image_priK, certificate_def]))); |
425 analz_image_priK, certificate_def]))); |
419 by (ALLGOALS (asm_simp_tac (!simpset addsimps [insert_absorb]))); |
426 by (ALLGOALS (asm_simp_tac (!simpset addsimps [insert_absorb]))); |
420 (*Fake*) |
427 (*Fake*) |
421 by (spy_analz_tac 2); |
428 by (spy_analz_tac 2); |