54 lemma Nonce_in_chain [iff]: "Nonce ofr:parts {chain B ofr A L C}" |
54 lemma Nonce_in_chain [iff]: "Nonce ofr:parts {chain B ofr A L C}" |
55 by (auto simp: chain_def sign_def) |
55 by (auto simp: chain_def sign_def) |
56 |
56 |
57 subsubsection{*agent whose key is used to sign an offer*} |
57 subsubsection{*agent whose key is used to sign an offer*} |
58 |
58 |
59 consts shop :: "msg => msg" |
59 fun shop :: "msg => msg" where |
60 |
|
61 recdef shop "measure size" |
|
62 "shop {|B,X,Crypt K H|} = Agent (agt K)" |
60 "shop {|B,X,Crypt K H|} = Agent (agt K)" |
63 |
61 |
64 lemma shop_chain [simp]: "shop (chain B ofr A L C) = Agent B" |
62 lemma shop_chain [simp]: "shop (chain B ofr A L C) = Agent B" |
65 by (simp add: chain_def sign_def) |
63 by (simp add: chain_def sign_def) |
66 |
64 |
67 subsubsection{*nonce used in an offer*} |
65 subsubsection{*nonce used in an offer*} |
68 |
66 |
69 consts nonce :: "msg => msg" |
67 fun nonce :: "msg => msg" where |
70 |
|
71 recdef nonce "measure size" |
|
72 "nonce {|B,{|Crypt K ofr,m2|},CryptH|} = ofr" |
68 "nonce {|B,{|Crypt K ofr,m2|},CryptH|} = ofr" |
73 |
69 |
74 lemma nonce_chain [simp]: "nonce (chain B ofr A L C) = Nonce ofr" |
70 lemma nonce_chain [simp]: "nonce (chain B ofr A L C) = Nonce ofr" |
75 by (simp add: chain_def sign_def) |
71 by (simp add: chain_def sign_def) |
76 |
72 |
77 subsubsection{*next shop*} |
73 subsubsection{*next shop*} |
78 |
74 |
79 consts next_shop :: "msg => agent" |
75 fun next_shop :: "msg => agent" where |
80 |
|
81 recdef next_shop "measure size" |
|
82 "next_shop {|B,{|m1,Hash{|headL,Agent C|}|},CryptH|} = C" |
76 "next_shop {|B,{|m1,Hash{|headL,Agent C|}|},CryptH|} = C" |
83 |
77 |
84 lemma next_shop_chain [iff]: "next_shop (chain B ofr A L C) = C" |
78 lemma next_shop_chain [iff]: "next_shop (chain B ofr A L C) = C" |
85 by (simp add: chain_def sign_def) |
79 by (simp add: chain_def sign_def) |
86 |
80 |
207 by (erule valid.induct, auto simp: anchor_def chain_def sign_def |
201 by (erule valid.induct, auto simp: anchor_def chain_def sign_def |
208 offer_nonces_def initState.simps) |
202 offer_nonces_def initState.simps) |
209 |
203 |
210 subsubsection{*list of offers*} |
204 subsubsection{*list of offers*} |
211 |
205 |
212 consts offers :: "msg => msg" |
206 fun offers :: "msg => msg" where |
213 |
207 "offers (cons M L) = cons {|shop M, nonce M|} (offers L)" | |
214 recdef offers "measure size" |
|
215 "offers (cons M L) = cons {|shop M, nonce M|} (offers L)" |
|
216 "offers other = nil" |
208 "offers other = nil" |
217 |
209 |
218 subsubsection{*list of agents whose keys are used to sign a list of offers*} |
210 subsubsection{*list of agents whose keys are used to sign a list of offers*} |
219 |
211 |
220 consts shops :: "msg => msg" |
212 fun shops :: "msg => msg" where |
221 |
213 "shops (cons M L) = cons (shop M) (shops L)" | |
222 recdef shops "measure size" |
|
223 "shops (cons M L) = cons (shop M) (shops L)" |
|
224 "shops other = other" |
214 "shops other = other" |
225 |
215 |
226 lemma shops_in_agl: "L:valid A n B ==> shops L:agl" |
216 lemma shops_in_agl: "L:valid A n B ==> shops L:agl" |
227 by (erule valid.induct, auto simp: anchor_def chain_def sign_def) |
217 by (erule valid.induct, auto simp: anchor_def chain_def sign_def) |
228 |
218 |
229 subsubsection{*builds a trace from an itinerary*} |
219 subsubsection{*builds a trace from an itinerary*} |
230 |
220 |
231 consts offer_list :: "agent * nat * agent * msg * nat => msg" |
221 fun offer_list :: "agent * nat * agent * msg * nat => msg" where |
232 |
222 "offer_list (A,n,B,nil,ofr) = cons (anchor A n B) nil" | |
233 recdef offer_list "measure (%(A,n,B,I,ofr). size I)" |
|
234 "offer_list (A,n,B,nil,ofr) = cons (anchor A n B) nil" |
|
235 "offer_list (A,n,B,cons (Agent C) I,ofr) = ( |
223 "offer_list (A,n,B,cons (Agent C) I,ofr) = ( |
236 let L = offer_list (A,n,B,I,Suc ofr) in |
224 let L = offer_list (A,n,B,I,Suc ofr) in |
237 cons (chain (next_shop (head L)) ofr A L C) L)" |
225 cons (chain (next_shop (head L)) ofr A L C) L)" |
238 |
226 |
239 lemma "I:agl ==> ALL ofr. offer_list (A,n,B,I,ofr):valid A n B" |
227 lemma "I:agl ==> ALL ofr. offer_list (A,n,B,I,ofr):valid A n B" |
240 by (erule agl.induct, auto) |
228 by (erule agl.induct, auto) |
241 |
229 |
242 consts trace :: "agent * nat * agent * nat * msg * msg * msg |
230 fun trace :: "agent * nat * agent * nat * msg * msg * msg |
243 => event list" |
231 => event list" where |
244 |
232 "trace (B,ofr,A,r,I,L,nil) = []" | |
245 recdef trace "measure (%(B,ofr,A,r,I,L,K). size K)" |
|
246 "trace (B,ofr,A,r,I,L,nil) = []" |
|
247 "trace (B,ofr,A,r,I,L,cons (Agent D) K) = ( |
233 "trace (B,ofr,A,r,I,L,cons (Agent D) K) = ( |
248 let C = (if K=nil then B else agt_nb (head K)) in |
234 let C = (if K=nil then B else agt_nb (head K)) in |
249 let I' = (if K=nil then cons (Agent A) (cons (Agent B) I) |
235 let I' = (if K=nil then cons (Agent A) (cons (Agent B) I) |
250 else cons (Agent A) (app (I, cons (head K) nil))) in |
236 else cons (Agent A) (app (I, cons (head K) nil))) in |
251 let I'' = app (I, cons (head K) nil) in |
237 let I'' = app (I, cons (head K) nil) in |