equal
deleted
inserted
replaced
7 Inductive relations "parts", "analz" and "synth" |
7 Inductive relations "parts", "analz" and "synth" |
8 *) |
8 *) |
9 |
9 |
10 open Message; |
10 open Message; |
11 |
11 |
12 AddIffs (msg.inject); |
12 AddIffs atomic.inject; |
|
13 AddIffs msg.inject; |
13 |
14 |
14 (*Holds because Friend is injective: thus cannot prove for all f*) |
15 (*Holds because Friend is injective: thus cannot prove for all f*) |
15 goal thy "(Friend x : Friend``A) = (x:A)"; |
16 goal thy "(Friend x : Friend``A) = (x:A)"; |
16 by (Auto_tac()); |
17 by (Auto_tac()); |
17 qed "Friend_image_eq"; |
18 qed "Friend_image_eq"; |
55 |
56 |
56 goalw thy [keysFor_def] "keysFor (insert (Nonce N) H) = keysFor H"; |
57 goalw thy [keysFor_def] "keysFor (insert (Nonce N) H) = keysFor H"; |
57 by (Blast_tac 1); |
58 by (Blast_tac 1); |
58 qed "keysFor_insert_Nonce"; |
59 qed "keysFor_insert_Nonce"; |
59 |
60 |
|
61 goalw thy [keysFor_def] "keysFor (insert (Number N) H) = keysFor H"; |
|
62 by (Blast_tac 1); |
|
63 qed "keysFor_insert_Number"; |
|
64 |
60 goalw thy [keysFor_def] "keysFor (insert (Key K) H) = keysFor H"; |
65 goalw thy [keysFor_def] "keysFor (insert (Key K) H) = keysFor H"; |
61 by (Blast_tac 1); |
66 by (Blast_tac 1); |
62 qed "keysFor_insert_Key"; |
67 qed "keysFor_insert_Key"; |
63 |
68 |
64 goalw thy [keysFor_def] "keysFor (insert (Hash X) H) = keysFor H"; |
69 goalw thy [keysFor_def] "keysFor (insert (Hash X) H) = keysFor H"; |
73 "keysFor (insert (Crypt K X) H) = insert (invKey K) (keysFor H)"; |
78 "keysFor (insert (Crypt K X) H) = insert (invKey K) (keysFor H)"; |
74 by (Auto_tac()); |
79 by (Auto_tac()); |
75 qed "keysFor_insert_Crypt"; |
80 qed "keysFor_insert_Crypt"; |
76 |
81 |
77 Addsimps [keysFor_empty, keysFor_Un, keysFor_UN1, |
82 Addsimps [keysFor_empty, keysFor_Un, keysFor_UN1, |
78 keysFor_insert_Agent, keysFor_insert_Nonce, keysFor_insert_Key, |
83 keysFor_insert_Agent, keysFor_insert_Nonce, |
|
84 keysFor_insert_Number, keysFor_insert_Key, |
79 keysFor_insert_Hash, keysFor_insert_MPair, keysFor_insert_Crypt]; |
85 keysFor_insert_Hash, keysFor_insert_MPair, keysFor_insert_Crypt]; |
80 AddSEs [keysFor_Un RS equalityD1 RS subsetD RS UnE, |
86 AddSEs [keysFor_Un RS equalityD1 RS subsetD RS UnE, |
81 keysFor_UN1 RS equalityD1 RS subsetD RS UN1_E]; |
87 keysFor_UN1 RS equalityD1 RS subsetD RS UN1_E]; |
82 |
88 |
83 goalw thy [keysFor_def] "keysFor (Key``E) = {}"; |
89 goalw thy [keysFor_def] "keysFor (Key``E) = {}"; |
245 |
251 |
246 goal thy "parts (insert (Nonce N) H) = insert (Nonce N) (parts H)"; |
252 goal thy "parts (insert (Nonce N) H) = insert (Nonce N) (parts H)"; |
247 by (parts_tac 1); |
253 by (parts_tac 1); |
248 qed "parts_insert_Nonce"; |
254 qed "parts_insert_Nonce"; |
249 |
255 |
|
256 goal thy "parts (insert (Number N) H) = insert (Number N) (parts H)"; |
|
257 by (parts_tac 1); |
|
258 qed "parts_insert_Number"; |
|
259 |
250 goal thy "parts (insert (Key K) H) = insert (Key K) (parts H)"; |
260 goal thy "parts (insert (Key K) H) = insert (Key K) (parts H)"; |
251 by (parts_tac 1); |
261 by (parts_tac 1); |
252 qed "parts_insert_Key"; |
262 qed "parts_insert_Key"; |
253 |
263 |
254 goal thy "parts (insert (Hash X) H) = insert (Hash X) (parts H)"; |
264 goal thy "parts (insert (Hash X) H) = insert (Hash X) (parts H)"; |
273 by (Auto_tac()); |
283 by (Auto_tac()); |
274 by (etac parts.induct 1); |
284 by (etac parts.induct 1); |
275 by (ALLGOALS (blast_tac (!claset addIs [parts.Fst, parts.Snd]))); |
285 by (ALLGOALS (blast_tac (!claset addIs [parts.Fst, parts.Snd]))); |
276 qed "parts_insert_MPair"; |
286 qed "parts_insert_MPair"; |
277 |
287 |
278 Addsimps [parts_insert_Agent, parts_insert_Nonce, parts_insert_Key, |
288 Addsimps [parts_insert_Agent, parts_insert_Nonce, |
|
289 parts_insert_Number, parts_insert_Key, |
279 parts_insert_Hash, parts_insert_Crypt, parts_insert_MPair]; |
290 parts_insert_Hash, parts_insert_Crypt, parts_insert_MPair]; |
280 |
291 |
281 |
292 |
282 goal thy "parts (Key``N) = Key``N"; |
293 goal thy "parts (Key``N) = Key``N"; |
283 by (Auto_tac()); |
294 by (Auto_tac()); |
287 Addsimps [parts_image_Key]; |
298 Addsimps [parts_image_Key]; |
288 |
299 |
289 |
300 |
290 (*In any message, there is an upper bound N on its greatest nonce.*) |
301 (*In any message, there is an upper bound N on its greatest nonce.*) |
291 goal thy "EX N. ALL n. N<=n --> Nonce n ~: parts {msg}"; |
302 goal thy "EX N. ALL n. N<=n --> Nonce n ~: parts {msg}"; |
292 by (msg.induct_tac "msg" 1); |
303 by (induct_tac "msg" 1); |
|
304 by (induct_tac "atomic" 1); |
293 by (ALLGOALS (asm_simp_tac (!simpset addsimps [exI, parts_insert2]))); |
305 by (ALLGOALS (asm_simp_tac (!simpset addsimps [exI, parts_insert2]))); |
294 (*MPair case: blast_tac works out the necessary sum itself!*) |
306 (*MPair case: blast_tac works out the necessary sum itself!*) |
295 by (blast_tac (!claset addSEs [add_leE]) 2); |
307 by (blast_tac (!claset addSEs [add_leE]) 2); |
296 (*Nonce case*) |
308 (*Nonce case*) |
297 by (res_inst_tac [("x","N + Suc nat")] exI 1); |
309 by (res_inst_tac [("x","N + Suc nat")] exI 1); |
383 qed "analz_insert_Agent"; |
395 qed "analz_insert_Agent"; |
384 |
396 |
385 goal thy "analz (insert (Nonce N) H) = insert (Nonce N) (analz H)"; |
397 goal thy "analz (insert (Nonce N) H) = insert (Nonce N) (analz H)"; |
386 by (analz_tac 1); |
398 by (analz_tac 1); |
387 qed "analz_insert_Nonce"; |
399 qed "analz_insert_Nonce"; |
|
400 |
|
401 goal thy "analz (insert (Number N) H) = insert (Number N) (analz H)"; |
|
402 by (analz_tac 1); |
|
403 qed "analz_insert_Number"; |
388 |
404 |
389 goal thy "analz (insert (Hash X) H) = insert (Hash X) (analz H)"; |
405 goal thy "analz (insert (Hash X) H) = insert (Hash X) (analz H)"; |
390 by (analz_tac 1); |
406 by (analz_tac 1); |
391 qed "analz_insert_Hash"; |
407 qed "analz_insert_Hash"; |
392 |
408 |
448 by (case_tac "Key (invKey K) : analz H " 1); |
464 by (case_tac "Key (invKey K) : analz H " 1); |
449 by (ALLGOALS (asm_simp_tac (!simpset addsimps [analz_insert_Crypt, |
465 by (ALLGOALS (asm_simp_tac (!simpset addsimps [analz_insert_Crypt, |
450 analz_insert_Decrypt]))); |
466 analz_insert_Decrypt]))); |
451 qed "analz_Crypt_if"; |
467 qed "analz_Crypt_if"; |
452 |
468 |
453 Addsimps [analz_insert_Agent, analz_insert_Nonce, analz_insert_Key, |
469 Addsimps [analz_insert_Agent, analz_insert_Nonce, |
|
470 analz_insert_Number, analz_insert_Key, |
454 analz_insert_Hash, analz_insert_MPair, analz_Crypt_if]; |
471 analz_insert_Hash, analz_insert_MPair, analz_Crypt_if]; |
455 |
472 |
456 (*This rule supposes "for the sake of argument" that we have the key.*) |
473 (*This rule supposes "for the sake of argument" that we have the key.*) |
457 goal thy "analz (insert (Crypt K X) H) <= \ |
474 goal thy "analz (insert (Crypt K X) H) <= \ |
458 \ insert (Crypt K X) (analz (insert X H))"; |
475 \ insert (Crypt K X) (analz (insert X H))"; |
552 |
569 |
553 AddIs synth.intrs; |
570 AddIs synth.intrs; |
554 |
571 |
555 (*Can only produce a nonce or key if it is already known, |
572 (*Can only produce a nonce or key if it is already known, |
556 but can synth a pair or encryption from its components...*) |
573 but can synth a pair or encryption from its components...*) |
557 val mk_cases = synth.mk_cases msg.simps; |
574 val mk_cases = synth.mk_cases (atomic.simps @ msg.simps); |
558 |
575 |
559 (*NO Agent_synth, as any Agent name can be synthesized*) |
576 (*NO Agent_synth, as any Agent name can be synthesized. Ditto for Number*) |
560 val Nonce_synth = mk_cases "Nonce n : synth H"; |
577 val Nonce_synth = mk_cases "Nonce n : synth H"; |
561 val Key_synth = mk_cases "Key K : synth H"; |
578 val Key_synth = mk_cases "Key K : synth H"; |
562 val Hash_synth = mk_cases "Hash X : synth H"; |
579 val Hash_synth = mk_cases "Hash X : synth H"; |
563 val MPair_synth = mk_cases "{|X,Y|} : synth H"; |
580 val MPair_synth = mk_cases "{|X,Y|} : synth H"; |
564 val Crypt_synth = mk_cases "Crypt K X : synth H"; |
581 val Crypt_synth = mk_cases "Crypt K X : synth H"; |
612 |
629 |
613 goal thy "Agent A : synth H"; |
630 goal thy "Agent A : synth H"; |
614 by (Blast_tac 1); |
631 by (Blast_tac 1); |
615 qed "Agent_synth"; |
632 qed "Agent_synth"; |
616 |
633 |
|
634 goal thy "Number n : synth H"; |
|
635 by (Blast_tac 1); |
|
636 qed "Number_synth"; |
|
637 |
617 goal thy "(Nonce N : synth H) = (Nonce N : H)"; |
638 goal thy "(Nonce N : synth H) = (Nonce N : H)"; |
618 by (Blast_tac 1); |
639 by (Blast_tac 1); |
619 qed "Nonce_synth_eq"; |
640 qed "Nonce_synth_eq"; |
620 |
641 |
621 goal thy "(Key K : synth H) = (Key K : H)"; |
642 goal thy "(Key K : synth H) = (Key K : H)"; |
624 |
645 |
625 goal thy "!!K. Key K ~: H ==> (Crypt K X : synth H) = (Crypt K X : H)"; |
646 goal thy "!!K. Key K ~: H ==> (Crypt K X : synth H) = (Crypt K X : H)"; |
626 by (Blast_tac 1); |
647 by (Blast_tac 1); |
627 qed "Crypt_synth_eq"; |
648 qed "Crypt_synth_eq"; |
628 |
649 |
629 Addsimps [Agent_synth, Nonce_synth_eq, Key_synth_eq, Crypt_synth_eq]; |
650 Addsimps [Agent_synth, Number_synth, |
|
651 Nonce_synth_eq, Key_synth_eq, Crypt_synth_eq]; |
630 |
652 |
631 |
653 |
632 goalw thy [keysFor_def] |
654 goalw thy [keysFor_def] |
633 "keysFor (synth H) = keysFor H Un invKey``{K. Key K : H}"; |
655 "keysFor (synth H) = keysFor H Un invKey``{K. Key K : H}"; |
634 by (Blast_tac 1); |
656 by (Blast_tac 1); |
760 |
782 |
761 goalw thy [HPair_def] "Nonce N ~= Hash[X] Y"; |
783 goalw thy [HPair_def] "Nonce N ~= Hash[X] Y"; |
762 by (Simp_tac 1); |
784 by (Simp_tac 1); |
763 qed "Nonce_neq_HPair"; |
785 qed "Nonce_neq_HPair"; |
764 |
786 |
|
787 goalw thy [HPair_def] "Number N ~= Hash[X] Y"; |
|
788 by (Simp_tac 1); |
|
789 qed "Number_neq_HPair"; |
|
790 |
765 goalw thy [HPair_def] "Key K ~= Hash[X] Y"; |
791 goalw thy [HPair_def] "Key K ~= Hash[X] Y"; |
766 by (Simp_tac 1); |
792 by (Simp_tac 1); |
767 qed "Key_neq_HPair"; |
793 qed "Key_neq_HPair"; |
768 |
794 |
769 goalw thy [HPair_def] "Hash Z ~= Hash[X] Y"; |
795 goalw thy [HPair_def] "Hash Z ~= Hash[X] Y"; |
772 |
798 |
773 goalw thy [HPair_def] "Crypt K X' ~= Hash[X] Y"; |
799 goalw thy [HPair_def] "Crypt K X' ~= Hash[X] Y"; |
774 by (Simp_tac 1); |
800 by (Simp_tac 1); |
775 qed "Crypt_neq_HPair"; |
801 qed "Crypt_neq_HPair"; |
776 |
802 |
777 val HPair_neqs = [Agent_neq_HPair, Nonce_neq_HPair, |
803 val HPair_neqs = [Agent_neq_HPair, Nonce_neq_HPair, Number_neq_HPair, |
778 Key_neq_HPair, Hash_neq_HPair, Crypt_neq_HPair]; |
804 Key_neq_HPair, Hash_neq_HPair, Crypt_neq_HPair]; |
779 |
805 |
780 AddIffs HPair_neqs; |
806 AddIffs HPair_neqs; |
781 AddIffs (HPair_neqs RL [not_sym]); |
807 AddIffs (HPair_neqs RL [not_sym]); |
782 |
808 |
833 |
859 |
834 fun insComm thy x y = read_instantiate_sg (sign_of thy) [("x",x), ("y",y)] |
860 fun insComm thy x y = read_instantiate_sg (sign_of thy) [("x",x), ("y",y)] |
835 insert_commute; |
861 insert_commute; |
836 |
862 |
837 val pushKeys = map (insComm thy "Key ?K") |
863 val pushKeys = map (insComm thy "Key ?K") |
838 ["Agent ?C", "Nonce ?N", "Hash ?X", |
864 ["Agent ?C", "Nonce ?N", "Number ?N", |
839 "MPair ?X ?Y", "Crypt ?X ?K'"]; |
865 "Hash ?X", "MPair ?X ?Y", "Crypt ?X ?K'"]; |
840 |
866 |
841 val pushCrypts = map (insComm thy "Crypt ?X ?K") |
867 val pushCrypts = map (insComm thy "Crypt ?X ?K") |
842 ["Agent ?C", "Nonce ?N", "Hash ?X'", "MPair ?X' ?Y"]; |
868 ["Agent ?C", "Nonce ?N", "Number ?N", |
|
869 "Hash ?X'", "MPair ?X' ?Y"]; |
843 |
870 |
844 (*Cannot be added with Addsimps -- we don't always want to re-order messages*) |
871 (*Cannot be added with Addsimps -- we don't always want to re-order messages*) |
845 val pushes = pushKeys@pushCrypts; |
872 val pushes = pushKeys@pushCrypts; |
846 |
873 |
847 |
874 |
883 DEPTH_SOLVE |
910 DEPTH_SOLVE |
884 (REPEAT (Fake_insert_tac 1) THEN Asm_full_simp_tac 1 |
911 (REPEAT (Fake_insert_tac 1) THEN Asm_full_simp_tac 1 |
885 THEN |
912 THEN |
886 IF_UNSOLVED (Blast.depth_tac |
913 IF_UNSOLVED (Blast.depth_tac |
887 (!claset addIs [analz_insertI, |
914 (!claset addIs [analz_insertI, |
888 impOfSubs analz_subset_parts]) 2 1)) |
915 impOfSubs analz_subset_parts]) 4 1)) |
889 ]) i); |
916 ]) i); |
890 |
917 |
891 (** Useful in many uniqueness proofs **) |
918 (** Useful in many uniqueness proofs **) |
892 fun ex_strip_tac i = REPEAT (swap_res_tac [exI, conjI] i) THEN |
919 fun ex_strip_tac i = REPEAT (swap_res_tac [exI, conjI] i) THEN |
893 assume_tac (i+1); |
920 assume_tac (i+1); |