183 (*Others*) |
183 (*Others*) |
184 by (ALLGOALS (blast_tac (claset() addSEs spies_partsEs))); |
184 by (ALLGOALS (blast_tac (claset() addSEs spies_partsEs))); |
185 qed_spec_mp "new_keys_not_used"; |
185 qed_spec_mp "new_keys_not_used"; |
186 Addsimps [new_keys_not_used]; |
186 Addsimps [new_keys_not_used]; |
187 |
187 |
188 (*Earlier, \\<forall>protocol proofs declared this theorem. |
188 (*Earlier, all protocol proofs declared this theorem. |
189 But Yahalom and Kerberos IV are the only ones that need it!*) |
189 But few of them actually need it! (Another is Yahalom) *) |
190 bind_thm ("new_keys_not_analzd", |
190 bind_thm ("new_keys_not_analzd", |
191 [analz_subset_parts RS keysFor_mono, |
191 [analz_subset_parts RS keysFor_mono, |
192 new_keys_not_used] MRS contra_subsetD); |
192 new_keys_not_used] MRS contra_subsetD); |
193 |
193 |
194 |
194 |
490 Goalw [KeyCryptKey_def] |
490 Goalw [KeyCryptKey_def] |
491 "Key ServKey \\<notin> used evs ==> ~ KeyCryptKey AuthKey ServKey evs"; |
491 "Key ServKey \\<notin> used evs ==> ~ KeyCryptKey AuthKey ServKey evs"; |
492 by (blast_tac (claset() addSEs spies_partsEs) 1); |
492 by (blast_tac (claset() addSEs spies_partsEs) 1); |
493 qed "Serv_fresh_not_KeyCryptKey"; |
493 qed "Serv_fresh_not_KeyCryptKey"; |
494 |
494 |
495 Goalw [KeyCryptKey_def] |
495 Goal |
496 "[| Crypt (shrK Tgs) {|Agent A, Agent Tgs, Key AuthKey, tk|}\ |
496 "[| Crypt (shrK Tgs) {|Agent A, Agent Tgs, Key AuthKey, tk|}\ |
497 \ \\<in> parts (spies evs); evs \\<in> kerberos |] \ |
497 \ \\<in> parts (spies evs); evs \\<in> kerberos |] \ |
498 \ ==> ~ KeyCryptKey K AuthKey evs"; |
498 \ ==> ~ KeyCryptKey K AuthKey evs"; |
499 by (etac rev_mp 1); |
499 by (etac rev_mp 1); |
500 by (parts_induct_tac 1); |
500 by (parts_induct_tac 1); |
501 (*K4*) |
501 (*K4*) |
502 by (blast_tac (claset() addEs spies_partsEs) 3); |
502 by (blast_tac (claset() addEs spies_partsEs) 3); |
503 (*K2: by freshness*) |
503 (*K2: by freshness*) |
|
504 by (asm_full_simp_tac (simpset() addsimps [KeyCryptKey_def]) 2); |
504 by (blast_tac (claset() addEs spies_partsEs) 2); |
505 by (blast_tac (claset() addEs spies_partsEs) 2); |
505 by (Fake_parts_insert_tac 1); |
506 by (Fake_parts_insert_tac 1); |
506 qed "AuthKey_not_KeyCryptKey"; |
507 qed "AuthKey_not_KeyCryptKey"; |
507 |
508 |
508 (*A secure serverkey cannot have been used to encrypt others*) |
509 (*A secure serverkey cannot have been used to encrypt others*) |
509 Goalw [KeyCryptKey_def] |
510 Goal |
510 "[| Crypt (shrK B) {|Agent A, Agent B, Key ServKey, tt|} \ |
511 "[| Crypt (shrK B) {|Agent A, Agent B, Key SK, tt|} \\<in> parts (spies evs); \ |
511 \ \\<in> parts (spies evs); \ |
512 \ Key SK \\<notin> analz (spies evs); \ |
512 \ Key ServKey \\<notin> analz (spies evs); \ |
513 \ B \\<noteq> Tgs; evs \\<in> kerberos |] \ |
513 \ B \\<noteq> Tgs; evs \\<in> kerberos |] \ |
514 \ ==> ~ KeyCryptKey SK K evs"; |
514 \ ==> ~ KeyCryptKey ServKey K evs"; |
|
515 by (etac rev_mp 1); |
515 by (etac rev_mp 1); |
516 by (etac rev_mp 1); |
516 by (etac rev_mp 1); |
517 by (parts_induct_tac 1); |
517 by (parts_induct_tac 1); |
518 by (Fake_parts_insert_tac 1); |
518 by (Fake_parts_insert_tac 1); |
519 (*K4 splits into distinct subcases*) |
519 (*K4 splits into distinct subcases*) |
520 by (Step_tac 1); |
520 by Auto_tac; |
521 by (ALLGOALS Asm_full_simp_tac); |
|
522 (*ServKey can't have been enclosed in two certificates*) |
521 (*ServKey can't have been enclosed in two certificates*) |
523 by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj] |
522 by (blast_tac (claset() addSDs [Says_imp_spies RS parts.Inj] |
524 addSEs [MPair_parts] |
523 addSEs [MPair_parts] |
525 addDs [unique_CryptKey]) 4); |
524 addDs [unique_CryptKey]) 4); |
526 (*ServKey is fresh and so could not have been used, by new_keys_not_used*) |
525 (*ServKey is fresh and so could not have been used, by new_keys_not_used*) |
527 by (force_tac (claset() addSDs [Says_imp_spies RS parts.Inj, |
526 by (force_tac (claset() addSDs [Says_imp_spies RS parts.Inj, |
528 Crypt_imp_invKey_keysFor], |
527 Crypt_imp_invKey_keysFor], |
529 simpset()) 2); |
528 simpset() addsimps [KeyCryptKey_def]) 2); |
530 (*Others by freshness*) |
529 (*Others by freshness*) |
531 by (REPEAT (blast_tac (claset() addSEs spies_partsEs) 1)); |
530 by (REPEAT (blast_tac (claset() addSEs spies_partsEs) 1)); |
532 qed "ServKey_not_KeyCryptKey"; |
531 qed "ServKey_not_KeyCryptKey"; |
533 |
532 |
534 (*Long term keys are not issued as ServKeys*) |
533 (*Long term keys are not issued as ServKeys*) |
607 ftac Oops_range_spies1 9, |
606 ftac Oops_range_spies1 9, |
608 ftac Says_tgs_message_form 7, |
607 ftac Says_tgs_message_form 7, |
609 ftac Says_kas_message_form 5, |
608 ftac Says_kas_message_form 5, |
610 REPEAT_FIRST (eresolve_tac [asm_rl, conjE, disjE, exE] |
609 REPEAT_FIRST (eresolve_tac [asm_rl, conjE, disjE, exE] |
611 ORELSE' hyp_subst_tac)]; |
610 ORELSE' hyp_subst_tac)]; |
612 |
|
613 Goal "[| KK <= -(range shrK); Key K \\<in> analz (spies evs); evs \\<in> kerberos |] \ |
|
614 \ ==> Key K \\<in> analz (Key ` KK Un spies evs)"; |
|
615 by (blast_tac (claset() addDs [impOfSubs analz_mono]) 1); |
|
616 qed "analz_mono_KK"; |
|
617 |
611 |
618 (*For the Oops2 case of the next theorem*) |
612 (*For the Oops2 case of the next theorem*) |
619 Goal "[| evs \\<in> kerberos; \ |
613 Goal "[| evs \\<in> kerberos; \ |
620 \ Says Tgs A (Crypt AuthKey \ |
614 \ Says Tgs A (Crypt AuthKey \ |
621 \ {|Key ServKey, Agent B, Number Tt, ServTicket|}) \ |
615 \ {|Key ServKey, Agent B, Number Tt, ServTicket|}) \ |