equal
deleted
inserted
replaced
11 *) |
11 *) |
12 |
12 |
13 open NS_Shared; |
13 open NS_Shared; |
14 |
14 |
15 proof_timing:=true; |
15 proof_timing:=true; |
|
16 HOL_quantifiers := false; |
|
17 |
|
18 (** Weak liveness: there are traces that reach the end **) |
|
19 |
|
20 goal thy |
|
21 "!!A B. [| A ~= B; A ~= Server; B ~= Server |] \ |
|
22 \ ==> EX N K. EX evs: ns_shared. \ |
|
23 \ Says A B (Crypt {|Nonce N, Nonce N|} K) : set_of_list evs"; |
|
24 by (REPEAT (resolve_tac [exI,bexI] 1)); |
|
25 br (ns_shared.Nil RS ns_shared.NS1 RS ns_shared.NS2 RS ns_shared.NS3 RS ns_shared.NS4 RS ns_shared.NS5) 2; |
|
26 by (ALLGOALS (simp_tac (!simpset setsolver safe_solver))); |
|
27 by (REPEAT_FIRST (resolve_tac [refl, conjI])); |
|
28 by (ALLGOALS (fast_tac (!claset addss (!simpset setsolver safe_solver)))); |
|
29 qed "weak_liveness"; |
16 |
30 |
17 (**** Inductive proofs about ns_shared ****) |
31 (**** Inductive proofs about ns_shared ****) |
18 |
32 |
19 (*The Enemy can see more than anybody else, except for their initial state*) |
33 (*The Enemy can see more than anybody else, except for their initial state*) |
20 goal thy |
34 goal thy |
150 by (ALLGOALS Asm_simp_tac); |
164 by (ALLGOALS Asm_simp_tac); |
151 (*NS1 and NS2*) |
165 (*NS1 and NS2*) |
152 map (by o fast_tac (!claset addDs [Suc_leD] addss (!simpset))) [3,2]; |
166 map (by o fast_tac (!claset addDs [Suc_leD] addss (!simpset))) [3,2]; |
153 (*Fake and NS3*) |
167 (*Fake and NS3*) |
154 map (by o best_tac |
168 map (by o best_tac |
155 (!claset addSDs [newK_invKey] |
169 (!claset addDs [impOfSubs (analz_subset_parts RS keysFor_mono), |
156 addDs [impOfSubs (analz_subset_parts RS keysFor_mono), |
|
157 impOfSubs (parts_insert_subset_Un RS keysFor_mono), |
170 impOfSubs (parts_insert_subset_Un RS keysFor_mono), |
158 Suc_leD] |
171 Suc_leD] |
159 addEs [new_keys_not_seen RS not_parts_not_analz RSN (2,rev_notE)] |
172 addEs [new_keys_not_seen RS not_parts_not_analz RSN (2,rev_notE)] |
160 addss (!simpset))) |
173 addss (!simpset))) |
161 [2,1]; |
174 [2,1]; |
162 (*NS4 and NS5: nonce exchange*) |
175 (*NS4 and NS5: nonce exchange*) |
163 by (ALLGOALS (deepen_tac (!claset addSDs [newK_invKey, Says_imp_old_keys] |
176 by (ALLGOALS (deepen_tac (!claset addSDs [Says_imp_old_keys] |
164 addIs [less_SucI, impOfSubs keysFor_mono] |
177 addIs [less_SucI, impOfSubs keysFor_mono] |
165 addss (!simpset addsimps [le_def])) 0)); |
178 addss (!simpset addsimps [le_def])) 0)); |
166 val lemma = result(); |
179 val lemma = result(); |
167 |
180 |
168 goal thy |
181 goal thy |
308 "!!evs. (Key K : analz (Key``nE Un sEe)) --> \ |
321 "!!evs. (Key K : analz (Key``nE Un sEe)) --> \ |
309 \ (K : nE | Key K : analz sEe) ==> \ |
322 \ (K : nE | Key K : analz sEe) ==> \ |
310 \ (Key K : analz (Key``nE Un sEe)) = (K : nE | Key K : analz sEe)"; |
323 \ (Key K : analz (Key``nE Un sEe)) = (K : nE | Key K : analz sEe)"; |
311 by (fast_tac (!claset addSEs [impOfSubs analz_mono]) 1); |
324 by (fast_tac (!claset addSEs [impOfSubs analz_mono]) 1); |
312 val lemma = result(); |
325 val lemma = result(); |
313 |
|
314 (*Copied from OtwayRees.ML*) |
|
315 val enemy_analz_tac = |
|
316 SELECT_GOAL |
|
317 (EVERY [REPEAT (resolve_tac [impI,notI] 1), |
|
318 dtac (impOfSubs Fake_analz_insert) 1, |
|
319 eresolve_tac [asm_rl, synth.Inj] 1, |
|
320 Fast_tac 1, |
|
321 Asm_full_simp_tac 1, |
|
322 IF_UNSOLVED (deepen_tac (!claset addIs [impOfSubs analz_mono]) 0 1) |
|
323 ]); |
|
324 |
326 |
325 goal thy |
327 goal thy |
326 "!!evs. evs : ns_shared ==> \ |
328 "!!evs. evs : ns_shared ==> \ |
327 \ ALL K E. (Key K : analz (Key``(newK``E) Un (sees Enemy evs))) = \ |
329 \ ALL K E. (Key K : analz (Key``(newK``E) Un (sees Enemy evs))) = \ |
328 \ (K : newK``E | Key K : analz (sees Enemy evs))"; |
330 \ (K : newK``E | Key K : analz (sees Enemy evs))"; |
339 (*NS3, Fake subcase*) |
341 (*NS3, Fake subcase*) |
340 by (enemy_analz_tac 5); |
342 by (enemy_analz_tac 5); |
341 (*Cases NS2 and NS3!! Simple, thanks to auto case splits*) |
343 (*Cases NS2 and NS3!! Simple, thanks to auto case splits*) |
342 by (REPEAT (Fast_tac 3)); |
344 by (REPEAT (Fast_tac 3)); |
343 (*Fake case*) (** LEVEL 7 **) |
345 (*Fake case*) (** LEVEL 7 **) |
344 by (res_inst_tac [("y1","X"), ("A1", "?G Un (?H::msg set)")] |
|
345 (insert_commute RS ssubst) 2); |
|
346 by (enemy_analz_tac 2); |
346 by (enemy_analz_tac 2); |
347 (*Base case*) |
347 (*Base case*) |
348 by (fast_tac (!claset addIs [image_eqI] addss (!simpset)) 1); |
348 by (fast_tac (!claset addIs [image_eqI] addss (!simpset)) 1); |
349 qed_spec_mp "analz_image_newK"; |
349 qed_spec_mp "analz_image_newK"; |
350 |
350 |
467 by (enemy_analz_tac 2); (*Prove the Fake subcase*) |
467 by (enemy_analz_tac 2); (*Prove the Fake subcase*) |
468 by (asm_full_simp_tac |
468 by (asm_full_simp_tac |
469 (!simpset addsimps (mem_if::analz_insert_Key_newK::pushes)) 1); |
469 (!simpset addsimps (mem_if::analz_insert_Key_newK::pushes)) 1); |
470 by (Step_tac 1); |
470 by (Step_tac 1); |
471 (**LEVEL 15 **) |
471 (**LEVEL 15 **) |
472 by (excluded_middle_tac "Friend i : bad" 1); |
472 by (excluded_middle_tac "Aa : bad" 1); |
473 (*But this contradicts Key (newK evta) ~: analz (sees Enemy evsa) *) |
473 (*But this contradicts Key (newK evta) ~: analz (sees Enemy evsa) *) |
474 bd (Says_imp_sees_Enemy RS analz.Inj) 2; |
474 bd (Says_imp_sees_Enemy RS analz.Inj) 2; |
475 bd analz.Decrypt 2; |
475 bd analz.Decrypt 2; |
476 by (Asm_full_simp_tac 2); |
476 by (Asm_full_simp_tac 2); |
477 by (Fast_tac 2); |
477 by (Fast_tac 2); |
478 (*So now we know that (Friend i) is a good agent*) |
478 (*So now we know that (Friend i) is a good agent*) |
479 bd unique_session_keys 1; |
479 bd unique_session_keys 1; |
480 by (REPEAT_FIRST assume_tac); |
480 by (REPEAT_FIRST assume_tac); |
481 by (Auto_tac ()); |
481 by (Auto_tac ()); |
482 qed "Enemy_not_see_encrypted_key"; |
482 qed "Enemy_not_see_encrypted_key"; |
483 |
|