isabelle: comparison src/HOL/Auth/Recur.thy

equal deleted inserted replaced

-:0c723635b9e6
+:8d8344bcf98a
 Cons "[| (PA, RA, KAB) : respond evs;
 Key KBC ~: used evs;  Key KBC ~: parts {RA};
 PA = Hash[Key(shrK A)] {|Agent A, Agent B, Nonce NA, P|};
 B ~= Server |]
 ==> (Hash[Key(shrK B)] {|Agent B, Agent C, Nonce NB, PA|},
-{|Crypt (shrK B) {|Key KAB, Agent A, Nonce NB|},
+{|Crypt (shrK B) {|Key KBC, Agent C, Nonce NB|},
-Crypt (shrK B) {|Key KBC, Agent C, Nonce NB|},
+Crypt (shrK B) {|Key KAB, Agent A, Nonce NB|},
 RA|},
 KBC)
 : respond evs"
 Says A' B PA : set_of_list evs;
 PA = {|XA, Agent A, Agent B, Nonce NA, P|} |]
 ==> Says B C (Hash[Key(shrK B)] {|Agent B, Agent C, Nonce NB, PA|})
 # evs : recur lost"
-(*The Server receives and decodes Bob's message.  Then he generates
+(*The Server receives Bob's message and prepares a response.*)
-a new session key and a response.*)
 RA3  "[| evs: recur lost;  B ~= Server;
 Says B' Server PB : set_of_list evs;
 (PB,RB,K) : respond evs |]
 ==> Says Server B RB # evs : recur lost"
 (*Bob receives the returned message and compares the Nonces with
 those in the message he previously sent the Server.*)
 RA4  "[| evs: recur lost;  A ~= B;
-Says C' B {|Crypt (shrK B) {|Key KAB, Agent A, Nonce NB|},
-Crypt (shrK B) {|Key KBC, Agent C, Nonce NB|}, RA|}
-: set_of_list evs;
 Says B  C {|XH, Agent B, Agent C, Nonce NB,
 XA, Agent A, Agent B, Nonce NA, P|}
+: set_of_list evs;
+Says C' B {|Crypt (shrK B) {|Key KBC, Agent C, Nonce NB|},
+Crypt (shrK B) {|Key KAB, Agent A, Nonce NB|},
+RA|}
 : set_of_list evs |]
 ==> Says B A RA # evs : recur lost"
 (**No "oops" message can readily be expressed, since each session key is
 associated--in two separate messages--with two nonces.

changeset 2550	8d8344bcf98a
parent 2532	cde25bf71cc1
child 3465	e85c24717cad