162 \<and> apm' s R \<in> guard n Ks)" |
162 \<and> apm' s R \<in> guard n Ks)" |
163 |
163 |
164 lemma freshD: "fresh p R s n Ks evs \<Longrightarrow> (\<exists>evs1 evs2. |
164 lemma freshD: "fresh p R s n Ks evs \<Longrightarrow> (\<exists>evs1 evs2. |
165 evs = evs2 @ ap' s R # evs1 \<and> Nonce n \<notin> used evs1 \<and> R \<in> p \<and> ok evs1 R s |
165 evs = evs2 @ ap' s R # evs1 \<and> Nonce n \<notin> used evs1 \<and> R \<in> p \<and> ok evs1 R s |
166 \<and> Nonce n \<in> parts {apm' s R} \<and> apm' s R \<in> guard n Ks)" |
166 \<and> Nonce n \<in> parts {apm' s R} \<and> apm' s R \<in> guard n Ks)" |
167 by (unfold fresh_def, blast) |
167 unfolding fresh_def by (blast) |
168 |
168 |
169 lemma freshI [intro]: "\<lbrakk>Nonce n \<notin> used evs1; R \<in> p; Nonce n \<in> parts {apm' s R}; |
169 lemma freshI [intro]: "\<lbrakk>Nonce n \<notin> used evs1; R \<in> p; Nonce n \<in> parts {apm' s R}; |
170 ok evs1 R s; apm' s R \<in> guard n Ks\<rbrakk> |
170 ok evs1 R s; apm' s R \<in> guard n Ks\<rbrakk> |
171 \<Longrightarrow> fresh p R s n Ks (list @ ap' s R # evs1)" |
171 \<Longrightarrow> fresh p R s n Ks (list @ ap' s R # evs1)" |
172 by (unfold fresh_def, blast) |
172 unfolding fresh_def by (blast) |
173 |
173 |
174 lemma freshI': "\<lbrakk>Nonce n \<notin> used evs1; (l,r) \<in> p; |
174 lemma freshI': "\<lbrakk>Nonce n \<notin> used evs1; (l,r) \<in> p; |
175 Nonce n \<in> parts {apm s (msg r)}; ok evs1 (l,r) s; apm s (msg r) \<in> guard n Ks\<rbrakk> |
175 Nonce n \<in> parts {apm s (msg r)}; ok evs1 (l,r) s; apm s (msg r) \<in> guard n Ks\<rbrakk> |
176 \<Longrightarrow> fresh p (l,r) s n Ks (evs2 @ ap s r # evs1)" |
176 \<Longrightarrow> fresh p (l,r) s n Ks (evs2 @ ap s r # evs1)" |
177 by (drule freshI, simp+) |
177 by (drule freshI, simp+) |
218 |
218 |
219 definition safe :: "key set \<Rightarrow> msg set \<Rightarrow> bool" where |
219 definition safe :: "key set \<Rightarrow> msg set \<Rightarrow> bool" where |
220 "safe Ks G \<equiv> \<forall>K. K \<in> Ks \<longrightarrow> Key K \<notin> analz G" |
220 "safe Ks G \<equiv> \<forall>K. K \<in> Ks \<longrightarrow> Key K \<notin> analz G" |
221 |
221 |
222 lemma safeD [dest]: "\<lbrakk>safe Ks G; K \<in> Ks\<rbrakk> \<Longrightarrow> Key K \<notin> analz G" |
222 lemma safeD [dest]: "\<lbrakk>safe Ks G; K \<in> Ks\<rbrakk> \<Longrightarrow> Key K \<notin> analz G" |
223 by (unfold safe_def, blast) |
223 unfolding safe_def by (blast) |
224 |
224 |
225 lemma safe_insert: "safe Ks (insert X G) \<Longrightarrow> safe Ks G" |
225 lemma safe_insert: "safe Ks (insert X G) \<Longrightarrow> safe Ks G" |
226 by (unfold safe_def, blast) |
226 unfolding safe_def by (blast) |
227 |
227 |
228 lemma Guard_safe: "\<lbrakk>Guard n Ks G; safe Ks G\<rbrakk> \<Longrightarrow> Nonce n \<notin> analz G" |
228 lemma Guard_safe: "\<lbrakk>Guard n Ks G; safe Ks G\<rbrakk> \<Longrightarrow> Nonce n \<notin> analz G" |
229 by (blast dest: Guard_invKey) |
229 by (blast dest: Guard_invKey) |
230 |
230 |
231 subsection\<open>guardedness preservation\<close> |
231 subsection\<open>guardedness preservation\<close> |
236 keys R' s' n evs \<subseteq> Ks \<longrightarrow> R \<in> p \<longrightarrow> ok evs R s \<longrightarrow> apm' s R \<in> guard n Ks)" |
236 keys R' s' n evs \<subseteq> Ks \<longrightarrow> R \<in> p \<longrightarrow> ok evs R s \<longrightarrow> apm' s R \<in> guard n Ks)" |
237 |
237 |
238 lemma preservD: "\<lbrakk>preserv p keys n Ks; evs \<in> tr p; Guard n Ks (spies evs); |
238 lemma preservD: "\<lbrakk>preserv p keys n Ks; evs \<in> tr p; Guard n Ks (spies evs); |
239 safe Ks (spies evs); fresh p R' s' n Ks evs; R \<in> p; ok evs R s; |
239 safe Ks (spies evs); fresh p R' s' n Ks evs; R \<in> p; ok evs R s; |
240 keys R' s' n evs \<subseteq> Ks\<rbrakk> \<Longrightarrow> apm' s R \<in> guard n Ks" |
240 keys R' s' n evs \<subseteq> Ks\<rbrakk> \<Longrightarrow> apm' s R \<in> guard n Ks" |
241 by (unfold preserv_def, blast) |
241 unfolding preserv_def by (blast) |
242 |
242 |
243 lemma preservD': "\<lbrakk>preserv p keys n Ks; evs \<in> tr p; Guard n Ks (spies evs); |
243 lemma preservD': "\<lbrakk>preserv p keys n Ks; evs \<in> tr p; Guard n Ks (spies evs); |
244 safe Ks (spies evs); fresh p R' s' n Ks evs; (l,Says A B X) \<in> p; |
244 safe Ks (spies evs); fresh p R' s' n Ks evs; (l,Says A B X) \<in> p; |
245 ok evs (l,Says A B X) s; keys R' s' n evs \<subseteq> Ks\<rbrakk> \<Longrightarrow> apm s X \<in> guard n Ks" |
245 ok evs (l,Says A B X) s; keys R' s' n evs \<subseteq> Ks\<rbrakk> \<Longrightarrow> apm s X \<in> guard n Ks" |
246 by (drule preservD, simp+) |
246 by (drule preservD, simp+) |
251 "monoton p keys \<equiv> \<forall>R' s' n ev evs. ev # evs \<in> tr p \<longrightarrow> |
251 "monoton p keys \<equiv> \<forall>R' s' n ev evs. ev # evs \<in> tr p \<longrightarrow> |
252 keys R' s' n evs \<subseteq> keys R' s' n (ev # evs)" |
252 keys R' s' n evs \<subseteq> keys R' s' n (ev # evs)" |
253 |
253 |
254 lemma monotonD [dest]: "\<lbrakk>keys R' s' n (ev # evs) \<subseteq> Ks; monoton p keys; |
254 lemma monotonD [dest]: "\<lbrakk>keys R' s' n (ev # evs) \<subseteq> Ks; monoton p keys; |
255 ev # evs \<in> tr p\<rbrakk> \<Longrightarrow> keys R' s' n evs \<subseteq> Ks" |
255 ev # evs \<in> tr p\<rbrakk> \<Longrightarrow> keys R' s' n evs \<subseteq> Ks" |
256 by (unfold monoton_def, blast) |
256 unfolding monoton_def by (blast) |
257 |
257 |
258 subsection\<open>guardedness theorem\<close> |
258 subsection\<open>guardedness theorem\<close> |
259 |
259 |
260 lemma Guard_tr [rule_format]: "\<lbrakk>evs \<in> tr p; has_only_Says' p; |
260 lemma Guard_tr [rule_format]: "\<lbrakk>evs \<in> tr p; has_only_Says' p; |
261 preserv p keys n Ks; monoton p keys; Guard n Ks (initState Spy)\<rbrakk> \<Longrightarrow> |
261 preserv p keys n Ks; monoton p keys; Guard n Ks (initState Spy)\<rbrakk> \<Longrightarrow> |
326 nonce s n = nonce s' n'; Nonce (nonce s n) \<notin> analz (spies evs); |
326 nonce s n = nonce s' n'; Nonce (nonce s n) \<notin> analz (spies evs); |
327 Nonce (nonce s n) \<in> parts {apm' s R}; Nonce (nonce s n) \<in> parts {apm' s' R'}; |
327 Nonce (nonce s n) \<in> parts {apm' s R}; Nonce (nonce s n) \<in> parts {apm' s' R'}; |
328 secret R n s Ks \<in> parts (spies evs); secret R' n' s' Ks \<in> parts (spies evs); |
328 secret R n s Ks \<in> parts (spies evs); secret R' n' s' Ks \<in> parts (spies evs); |
329 apm' s R \<in> guard (nonce s n) Ks; apm' s' R' \<in> guard (nonce s n) Ks\<rbrakk> \<Longrightarrow> |
329 apm' s R \<in> guard (nonce s n) Ks; apm' s' R' \<in> guard (nonce s n) Ks\<rbrakk> \<Longrightarrow> |
330 secret R n s Ks = secret R' n' s' Ks" |
330 secret R n s Ks = secret R' n' s' Ks" |
331 by (unfold uniq_def, blast) |
331 unfolding uniq_def by (blast) |
332 |
332 |
333 definition ord :: "proto \<Rightarrow> (rule \<Rightarrow> rule \<Rightarrow> bool) \<Rightarrow> bool" where |
333 definition ord :: "proto \<Rightarrow> (rule \<Rightarrow> rule \<Rightarrow> bool) \<Rightarrow> bool" where |
334 "ord p inff \<equiv> \<forall>R R'. R \<in> p \<longrightarrow> R' \<in> p \<longrightarrow> \<not> inff R R' \<longrightarrow> inff R' R" |
334 "ord p inff \<equiv> \<forall>R R'. R \<in> p \<longrightarrow> R' \<in> p \<longrightarrow> \<not> inff R R' \<longrightarrow> inff R' R" |
335 |
335 |
336 lemma ordD: "\<lbrakk>ord p inff; \<not> inff R R'; R \<in> p; R' \<in> p\<rbrakk> \<Longrightarrow> inff R' R" |
336 lemma ordD: "\<lbrakk>ord p inff; \<not> inff R R'; R \<in> p; R' \<in> p\<rbrakk> \<Longrightarrow> inff R' R" |
337 by (unfold ord_def, blast) |
337 unfolding ord_def by (blast) |
338 |
338 |
339 definition uniq' :: "proto \<Rightarrow> (rule \<Rightarrow> rule \<Rightarrow> bool) \<Rightarrow> secfun \<Rightarrow> bool" where |
339 definition uniq' :: "proto \<Rightarrow> (rule \<Rightarrow> rule \<Rightarrow> bool) \<Rightarrow> secfun \<Rightarrow> bool" where |
340 "uniq' p inff secret \<equiv> \<forall>evs R R' n n' Ks s s'. R \<in> p \<longrightarrow> R' \<in> p \<longrightarrow> |
340 "uniq' p inff secret \<equiv> \<forall>evs R R' n n' Ks s s'. R \<in> p \<longrightarrow> R' \<in> p \<longrightarrow> |
341 inff R R' \<longrightarrow> n \<in> newn R \<longrightarrow> n' \<in> newn R' \<longrightarrow> nonce s n = nonce s' n' \<longrightarrow> |
341 inff R R' \<longrightarrow> n \<in> newn R \<longrightarrow> n' \<in> newn R' \<longrightarrow> nonce s n = nonce s' n' \<longrightarrow> |
342 Nonce (nonce s n) \<in> parts {apm' s R} \<longrightarrow> Nonce (nonce s n) \<in> parts {apm' s' R'} \<longrightarrow> |
342 Nonce (nonce s n) \<in> parts {apm' s R} \<longrightarrow> Nonce (nonce s n) \<in> parts {apm' s' R'} \<longrightarrow> |