27 by Auto_tac; |
27 by Auto_tac; |
28 qed "keysFor_parts_initState"; |
28 qed "keysFor_parts_initState"; |
29 Addsimps [keysFor_parts_initState]; |
29 Addsimps [keysFor_parts_initState]; |
30 |
30 |
31 (*Specialized to shared-key model: no need for addss in protocol proofs*) |
31 (*Specialized to shared-key model: no need for addss in protocol proofs*) |
32 Goal "!!X. [| K: keysFor (parts (insert X H)); X : synth (analz H) |] \ |
32 Goal "[| K: keysFor (parts (insert X H)); X : synth (analz H) |] \ |
33 \ ==> K : keysFor (parts H) | Key K : parts H"; |
33 \ ==> K : keysFor (parts H) | Key K : parts H"; |
34 by (fast_tac |
34 by (fast_tac |
35 (claset() addSDs [impOfSubs (parts_insert_subset_Un RS keysFor_mono), |
35 (claset() addSDs [impOfSubs (parts_insert_subset_Un RS keysFor_mono), |
36 impOfSubs (analz_subset_parts RS keysFor_mono)] |
36 impOfSubs (analz_subset_parts RS keysFor_mono)] |
37 addIs [impOfSubs analz_subset_parts] |
37 addIs [impOfSubs analz_subset_parts] |
38 addss (simpset())) 1); |
38 addss (simpset())) 1); |
39 qed "keysFor_parts_insert"; |
39 qed "keysFor_parts_insert"; |
40 |
40 |
41 Goal "!!H. Crypt K X : H ==> K : keysFor H"; |
41 Goal "Crypt K X : H ==> K : keysFor H"; |
42 by (dtac Crypt_imp_invKey_keysFor 1); |
42 by (dtac Crypt_imp_invKey_keysFor 1); |
43 by (Asm_full_simp_tac 1); |
43 by (Asm_full_simp_tac 1); |
44 qed "Crypt_imp_keysFor"; |
44 qed "Crypt_imp_keysFor"; |
45 |
45 |
46 |
46 |
47 (*** Function "spies" ***) |
47 (*** Function "spies" ***) |
48 |
48 |
49 (*Spy sees shared keys of agents!*) |
49 (*Spy sees shared keys of agents!*) |
50 Goal "!!A. A: bad ==> Key (shrK A) : spies evs"; |
50 Goal "A: bad ==> Key (shrK A) : spies evs"; |
51 by (induct_tac "evs" 1); |
51 by (induct_tac "evs" 1); |
52 by (ALLGOALS (asm_simp_tac |
52 by (ALLGOALS (asm_simp_tac |
53 (simpset() addsimps [imageI, spies_Cons] |
53 (simpset() addsimps [imageI, spies_Cons] |
54 addsplits [expand_event_case]))); |
54 addsplits [expand_event_case]))); |
55 qed "Spy_spies_bad"; |
55 qed "Spy_spies_bad"; |
56 |
56 |
57 AddSIs [Spy_spies_bad]; |
57 AddSIs [Spy_spies_bad]; |
58 |
58 |
59 (*For not_bad_tac*) |
59 (*For not_bad_tac*) |
60 Goal "!!A. [| Crypt (shrK A) X : analz (spies evs); A: bad |] \ |
60 Goal "[| Crypt (shrK A) X : analz (spies evs); A: bad |] \ |
61 \ ==> X : analz (spies evs)"; |
61 \ ==> X : analz (spies evs)"; |
62 by (fast_tac (claset() addSDs [analz.Decrypt] addss (simpset())) 1); |
62 by (fast_tac (claset() addSDs [analz.Decrypt] addss (simpset())) 1); |
63 qed "Crypt_Spy_analz_bad"; |
63 qed "Crypt_Spy_analz_bad"; |
64 |
64 |
65 (*Prove that the agent is uncompromised by the confidentiality of |
65 (*Prove that the agent is uncompromised by the confidentiality of |
90 qed "shrK_in_used"; |
90 qed "shrK_in_used"; |
91 AddIffs [shrK_in_used]; |
91 AddIffs [shrK_in_used]; |
92 |
92 |
93 (*Used in parts_induct_tac and analz_Fake_tac to distinguish session keys |
93 (*Used in parts_induct_tac and analz_Fake_tac to distinguish session keys |
94 from long-term shared keys*) |
94 from long-term shared keys*) |
95 Goal "!!K. Key K ~: used evs ==> K ~: range shrK"; |
95 Goal "Key K ~: used evs ==> K ~: range shrK"; |
96 by (Blast_tac 1); |
96 by (Blast_tac 1); |
97 qed "Key_not_used"; |
97 qed "Key_not_used"; |
98 |
98 |
99 Goal "!!K. Key K ~: used evs ==> shrK B ~= K"; |
99 Goal "Key K ~: used evs ==> shrK B ~= K"; |
100 by (Blast_tac 1); |
100 by (Blast_tac 1); |
101 qed "shrK_neq"; |
101 qed "shrK_neq"; |
102 |
102 |
103 Addsimps [Key_not_used, shrK_neq, shrK_neq RS not_sym]; |
103 Addsimps [Key_not_used, shrK_neq, shrK_neq RS not_sym]; |
104 |
104 |
248 Key_not_used, insert_Key_image, Un_assoc RS sym] |
248 Key_not_used, insert_Key_image, Un_assoc RS sym] |
249 @disj_comms); |
249 @disj_comms); |
250 |
250 |
251 (*Lemma for the trivial direction of the if-and-only-if*) |
251 (*Lemma for the trivial direction of the if-and-only-if*) |
252 Goal |
252 Goal |
253 "!!evs. (Key K : analz (Key``nE Un H)) --> (K : nE | Key K : analz H) ==> \ |
253 "(Key K : analz (Key``nE Un H)) --> (K : nE | Key K : analz H) ==> \ |
254 \ (Key K : analz (Key``nE Un H)) = (K : nE | Key K : analz H)"; |
254 \ (Key K : analz (Key``nE Un H)) = (K : nE | Key K : analz H)"; |
255 by (blast_tac (claset() addIs [impOfSubs analz_mono]) 1); |
255 by (blast_tac (claset() addIs [impOfSubs analz_mono]) 1); |
256 qed "analz_image_freshK_lemma"; |
256 qed "analz_image_freshK_lemma"; |