65 goalw thy [keysFor_def] |
65 goalw thy [keysFor_def] |
66 "keysFor (insert (Crypt K X) H) = insert (invKey K) (keysFor H)"; |
66 "keysFor (insert (Crypt K X) H) = insert (invKey K) (keysFor H)"; |
67 by (Auto_tac()); |
67 by (Auto_tac()); |
68 qed "keysFor_insert_Crypt"; |
68 qed "keysFor_insert_Crypt"; |
69 |
69 |
70 Addsimps [keysFor_empty, keysFor_Un, keysFor_UN, |
70 Addsimps [keysFor_empty, keysFor_Un, keysFor_UN1, |
71 keysFor_insert_Agent, keysFor_insert_Nonce, keysFor_insert_Key, |
71 keysFor_insert_Agent, keysFor_insert_Nonce, keysFor_insert_Key, |
72 keysFor_insert_Hash, keysFor_insert_MPair, keysFor_insert_Crypt]; |
72 keysFor_insert_Hash, keysFor_insert_MPair, keysFor_insert_Crypt]; |
|
73 AddSEs [keysFor_Un RS equalityD1 RS subsetD RS UnE, |
|
74 keysFor_UN1 RS equalityD1 RS subsetD RS UN1_E]; |
73 |
75 |
74 goalw thy [keysFor_def] "!!H. Crypt K X : H ==> invKey K : keysFor H"; |
76 goalw thy [keysFor_def] "!!H. Crypt K X : H ==> invKey K : keysFor H"; |
75 by (Blast_tac 1); |
77 by (Blast_tac 1); |
76 qed "Crypt_imp_invKey_keysFor"; |
78 qed "Crypt_imp_invKey_keysFor"; |
77 |
79 |
171 |
173 |
172 goal thy "parts(UN x. H x) = (UN x. parts(H x))"; |
174 goal thy "parts(UN x. H x) = (UN x. parts(H x))"; |
173 by (simp_tac (!simpset addsimps [UNION1_def, parts_UN]) 1); |
175 by (simp_tac (!simpset addsimps [UNION1_def, parts_UN]) 1); |
174 qed "parts_UN1"; |
176 qed "parts_UN1"; |
175 |
177 |
176 (*Added to simplify arguments to parts, analz and synth*) |
178 (*Added to simplify arguments to parts, analz and synth. |
|
179 NOTE: the UN versions are no longer used!*) |
177 Addsimps [parts_Un, parts_UN, parts_UN1]; |
180 Addsimps [parts_Un, parts_UN, parts_UN1]; |
|
181 AddSEs [parts_Un RS equalityD1 RS subsetD RS UnE, |
|
182 parts_UN RS equalityD1 RS subsetD RS UN_E, |
|
183 parts_UN1 RS equalityD1 RS subsetD RS UN1_E]; |
178 |
184 |
179 goal thy "insert X (parts H) <= parts(insert X H)"; |
185 goal thy "insert X (parts H) <= parts(insert X H)"; |
180 by (blast_tac (!claset addIs [impOfSubs parts_mono]) 1); |
186 by (blast_tac (!claset addIs [impOfSubs parts_mono]) 1); |
181 qed "parts_insert_subset"; |
187 qed "parts_insert_subset"; |
182 |
188 |
807 ["Agent ?C", "Nonce ?N", "Hash ?X'", "MPair ?X' ?Y"]; |
813 ["Agent ?C", "Nonce ?N", "Hash ?X'", "MPair ?X' ?Y"]; |
808 |
814 |
809 (*Cannot be added with Addsimps -- we don't always want to re-order messages*) |
815 (*Cannot be added with Addsimps -- we don't always want to re-order messages*) |
810 val pushes = pushKeys@pushCrypts; |
816 val pushes = pushKeys@pushCrypts; |
811 |
817 |
|
818 |
|
819 (*** Tactics useful for many protocol proofs ***) |
|
820 |
|
821 (*Prove base case (subgoal i) and simplify others*) |
|
822 fun prove_simple_subgoals_tac i = |
|
823 fast_tac (!claset addss (!simpset)) i THEN |
|
824 ALLGOALS Asm_simp_tac; |
|
825 |
|
826 fun Fake_parts_insert_tac i = |
|
827 blast_tac (!claset addDs [impOfSubs analz_subset_parts, |
|
828 impOfSubs Fake_parts_insert]) i; |
|
829 |
|
830 (*Apply rules to break down assumptions of the form |
|
831 Y : parts(insert X H) and Y : analz(insert X H) |
|
832 *) |
812 val Fake_insert_tac = |
833 val Fake_insert_tac = |
813 dresolve_tac [impOfSubs Fake_analz_insert, |
834 dresolve_tac [impOfSubs Fake_analz_insert, |
814 impOfSubs Fake_parts_insert] THEN' |
835 impOfSubs Fake_parts_insert] THEN' |
815 eresolve_tac [asm_rl, synth.Inj]; |
836 eresolve_tac [asm_rl, synth.Inj]; |
816 |
837 |